gatekeeper-securitycenter allows you to use Security Command Center as a
dashboard for Kubernetes resource policy violations.
gatekeeper-securitycenter is:
-
a Kubernetes controller that creates Security Command Center findings for violations reported by the audit controller in Policy Controller and Open Policy Agent (OPA) Gatekeeper.
-
a command-line tool that creates Security Command Center sources and manages the IAM policies of the sources.
gatekeeper-securitycenter requires
Security Command Center Standard tier.
Before installing the gatekeeper-securitycenter controller, create all of the
following resources:
- a Kubernetes cluster, for instance a Google Kubernetes Engine (GKE) cluster
- Policy Controller or OPA Gatekeeper installed in the Kubernetes cluster
- a Security Command Center source
- a Google service account with the Security Center Findings Editor role on the Security Command Center source
To create these prerequisite resources, choose one of these options:
-
Use the kpt package in the
setupdirectory. This package creates resources using Config Connector. -
Use the shell scripts in the
scriptsdirectory. These scripts create resources using thegcloudtool from the Google Cloud SDK. -
Follow the step-by-step instructions in the accompanying tutorial.
For all options, you must have an appropriate Cloud IAM role for Security Command Center at the organization level, such as Security Center Admin Editor. Your organization administrator can grant you this role.
If your user account is not associated with an organization on Google Cloud, you can create an organization resource by signing up for either Cloud Identity or Google Workspace (formerly G Suite) using a domain you own. Cloud Identity offers a free edition.
Install the gatekeeper-securitycenter controller in your cluster by following
the steps in the kpt package documentation.
This is not an officially supported Google product.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent