MCPcopy
hub / github.com/open-policy-agent/gatekeeper

github.com/open-policy-agent/gatekeeper @v3.22.2 sqlite

repository ↗ · DeepWiki ↗ · release v3.22.2 ↗
3,890 symbols 15,540 edges 491 files 1,559 documented · 40%
README

Gatekeeper

Static Badge

How is Gatekeeper different from OPA?

Compared to using OPA with its sidecar kube-mgmt (aka Gatekeeper v1.0), Gatekeeper introduces the following functionality:

  • An extensible, parameterized policy library
  • Native Kubernetes CRDs for instantiating the policy library (aka "constraints")
  • Native Kubernetes CRDs for extending the policy library (aka "constraint templates")
  • Native Kubernetes CRDs for mutation support
  • Audit functionality
  • External data support

Getting started

Check out the installation instructions to deploy Gatekeeper components to your Kubernetes cluster.

Documentation

Please see the Gatekeeper website for more in-depth information.

Policy Library

See the Gatekeeper policy library for a collection of constraint templates and sample constraints that you can use with Gatekeeper.

Community & Contributing

Please refer to Gatekeeper's contribution guide to find out how you can help.

Code of conduct

This project is governed by the CNCF Code of conduct.

Security

For details on how to report vulnerabilities and security release process, please refer to Gatekeeper Security for more information.

Extension points exported contracts — how you extend this code

Lister (Interface)
Lister lists resources from a cache. [9 implementers]
pkg/readiness/ready_tracker.go
Mutator (Interface)
Mutator represent a mutation object. [8 implementers]
pkg/mutation/types/mutator.go
Injector (Interface)
(no doc) [14 implementers]
pkg/controller/controller.go
WatchIterator (Interface)
wraps DoForEach from a watch.Set. [3 implementers]
pkg/audit/audit_cache_lister.go
CFDataClient (Interface)
CFDataClient is an interface for caching data. [3 implementers]
pkg/cachemanager/cachemanager.go
Driver (Interface)
(no doc) [5 implementers]
pkg/export/driver/driver.go
Fetcher (Interface)
Fetcher defines the interface for fetching catalog data. [2 implementers]
pkg/gator/policy/catalog/fetch.go
RemovableCache (Interface)
RemovableCache is a subset variant of the cache.Cache interface. It supports non-blocking calls to get informers, as wel [2 …
pkg/watch/manager.go

Core symbols most depended-on inside this repo

Run
called by 419
pkg/gator/verify/runner.go
Expect
called by 230
pkg/readiness/object_tracker.go
Contains
called by 207
pkg/watch/set.go
String
called by 190
pkg/mutation/types/mutator.go
Error
called by 160
pkg/util/error.go
GetName
called by 152
pkg/mutation/types/mutator.go
GetName
called by 125
pkg/controller/constrainttemplate/constrainttemplate_controller.go
RUnlock
called by 108
pkg/watch/set.go

Shape

Function 1,822
Method 1,475
Struct 477
TypeAlias 56
Interface 45
FuncType 15

Languages

Go100%
TypeScript1%

Modules by API surface

apis/mutations/v1alpha1/zz_generated.conversion.go102 symbols
apis/mutations/v1beta1/zz_generated.conversion.go82 symbols
apis/mutations/v1/zz_generated.conversion.go82 symbols
apis/status/v1beta1/zz_generated.deepcopy.go62 symbols
apis/mutations/unversioned/zz_generated.deepcopy.go58 symbols
apis/mutations/v1alpha1/zz_generated.deepcopy.go56 symbols
pkg/audit/manager.go47 symbols
pkg/readiness/ready_tracker.go44 symbols
pkg/gator/policy/client/client_test.go44 symbols
apis/mutations/v1beta1/zz_generated.deepcopy.go44 symbols
apis/mutations/v1/zz_generated.deepcopy.go44 symbols
pkg/controller/constraint/constraint_controller_test.go43 symbols

Used by 1 indexed graphs manifest dependencies, hub-wide

Dependencies from manifests, versioned

cel.dev/exprv0.25.1 · 1×
cloud.google.com/go/authv0.7.2 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.3 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
cloud.google.com/go/monitoringv1.20.1 · 1×
cloud.google.com/go/tracev1.10.11 · 1×
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcpv1.31.0 · 1×
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metricv0.44.0 · 1×
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemappingv0.44.0 · 1×
github.com/agnivade/levenshteinv1.2.1 · 1×
github.com/antlr4-go/antlr/v4v4.13.0 · 1×
github.com/aws/aws-sdk-gov1.47.9 · 1×

For agents

$ claude mcp add gatekeeper \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact