Gatekeeper

OPA Gatekeeper is an admission controller webhook for Kubernetes that enforces Open Policy Agent (OPA) policies as Kubernetes-native constraints. Security teams define ConstraintTemplates (Rego policy logic) and Constraint resources (specific policy instances) to prevent workloads from violating security policies at admission time.

Gatekeeper enables policy-as-code for Kubernetes security, enforcing controls like disallowing privileged containers, requiring resource limits, and restricting allowed image registries.