A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against
MagTape
MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations. MagTape includes variable policy enforcement, notifications, and targeted metrics.
MagTape builds on the Kubernetes Admission Webhook concept and uses Open Policy Agent (OPA) for its generic policy language and engine.
Our goal with MagTape is to show an example of wrapping additional business logic and features around OPA’s core, not to be a competitor. While MagTape is not primarily meant to be a security tool, it can easily enforce security policy.
Overview
MagTape examines kubernetes objects against a set of defined policies (best practice configurations/security concepts) and can deny/alert on objects that fail policy checks. The webhook is written in Python