Skip to content

Constraints

Constraints are used to notify the Gatekeeper that an admin need to enforce a ConstraintTemplate with customized constraints. Constrains passes the required parameters through the existing template on one or more resources


Create New Constraint

Perform the below steps to create a new constraint:

  • Login to the Controller and select Constraints under the OPA Gatekeeper. Users can view the list of existing constraints on the Constraints page
  • Click New Constraint
  • Provide a name for the new constraint and select an Artifact Sync
  • To upload the files from the system, select Upload files manually (or) to use the files available from the git repository, select Pull files from repository from the Artifact Sync drop-downfrom the Artifact Sync drop-down
  • Select a template through which the constraint parameters will be applied
  • Click Create to proceed or Cancel to abort the process

OPA New Constraint

Below is an example of a constraint code set to 3 minimum replicas and 50 maximum replicas. Applications that enters with less than 3 replicas and more than 50 replicas are not allowed

apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sReplicaLimits
metadata:
  name: replica-limits
spec:
  match:
    kinds:
      - apiGroups: ["apps"]
        kinds: ["Deployment"]
  parameters:
    ranges:
    - min_replicas: 3
      max_replicas: 50
  • Click Choose File and upload the Yaml file
  • Click Advanced Settings (optional) to select any of the below options. Refer Constraint Templates for more information on Advanced Settings

OPA Upload Yaml file

  • Click Save & Exit

Edit / Delete Constraints

  • Click the Delete icon to delete or Edit icon to edit the existing constraints

Edit/Delete

Constraint Types

Two types of Constraints are Custom and System

  • Constraints created by customers are listed as Custom
  • Constraints created by system for reference are listed as System. Users can edit but cannot delete the System Constraints