gatekeeper-securitycenter
allows you to use Security Command Center as a
dashboard for Kubernetes resource policy violations.
gatekeeper-securitycenter
is:
-
a Kubernetes controller that creates Security Command Center findings for violations reported by the audit controller in Policy Controller and Open Policy Agent (OPA) Gatekeeper.
-
a command-line tool that creates Security Command Center sources and manages the IAM policies of the sources.
gatekeeper-securitycenter
requires
Security Command Center Standard tier.
Before installing the gatekeeper-securitycenter
controller, create all of the
following resources:
- a Kubernetes cluster, for instance a Google Kubernetes Engine (GKE) cluster
- Policy Controller or OPA Gatekeeper installed in the Kubernetes cluster
- a Security Command Center source
- a Google service account with the Security Center Findings Editor role on the Security Command Center source
To create these prerequisite resources, choose one of these options:
-
Use the kpt package in the
setup
directory. This package creates resources using Config Connector. -
Use the shell scripts in the
scripts
directory. These scripts create resources using thegcloud
tool from the Google Cloud SDK. -
Follow the step-by-step instructions in the accompanying tutorial.
For all options, you must have an appropriate Cloud IAM role for Security Command Center at the organization level, such as Security Center Admin Editor. Your organization administrator can grant you this role.
If your user account is not associated with an organization on Google Cloud, you can create an organization resource by signing up for either Cloud Identity or Google Workspace (formerly G Suite) using a domain you own. Cloud Identity offers a free edition.
Install the gatekeeper-securitycenter
controller in your cluster by following
the steps in the kpt package documentation.
This is not an officially supported Google product.