creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-16 07:53:18 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-opa-gatekeeper-for-policy-enforcement/assets/template.md
T

1.4 KiB
Raw Blame History

OPA Gatekeeper Policy Deployment Checklist

Policy Rollout Plan

Pre-Deployment

  • Policy reviewed and approved by security team
  • Rego logic tested with opa test
  • ConstraintTemplate syntax validated
  • Exempt namespaces identified

Deployment Steps

  1. Deploy ConstraintTemplate to cluster
  2. Verify CRD created: kubectl get crd
  3. Deploy Constraint in dryrun mode
  4. Wait 24 hours for audit results
  5. Review violations and remediate/exempt
  6. Switch to warn mode
  7. Wait 7 days, monitor for issues
  8. Switch to deny mode

Post-Deployment

  • Verify enforcement is active
  • Test with known-bad resource (should be denied)
  • Update documentation
  • Alert engineering teams

Policy Registry

Policy Name Kind Mode Namespaces Owner
block-privileged K8sBlockPrivileged deny all except kube-system Security
require-labels K8sRequiredLabels deny all Platform
allowed-repos K8sAllowedRepos deny production, staging Security
block-latest K8sBlockLatestTag warn production DevOps
require-limits K8sRequireLimits deny production SRE

Exemption Request Form

Field Value
Constraint Name
Resource
Namespace
Reason
Duration
Compensating Control
Approved By
Expiry Date
Reference in New Issue View Git Blame Copy Permalink