gatekeeper-securitycenter
gatekeeper-securitycenter
allows you to use Security Command Center as a
dashboard for Kubernetes resource policy violations.
gatekeeper-securitycenter
is:
gatekeeper-securitycenter
requires
Security Command Center Standard tier.
Prerequisites
Before installing the gatekeeper-securitycenter
controller, create all of the
following resources:
- a Kubernetes cluster, for instance a Google Kubernetes Engine (GKE) cluster
- Policy Controller or OPA Gatekeeper installed in the Kubernetes cluster
- a Security Command Center source
- a Google service account with the
Security Center Findings Editor
role on the Security Command Center source
To create these prerequisite resources, choose one of these options:
-
Use the kpt package in the setup
directory.
This package creates resources using
Config Connector.
-
Use the shell scripts in the scripts
directory. These scripts
create resources using the gcloud
tool from the
Google Cloud SDK.
-
Follow the step-by-step instructions in the accompanying
tutorial.
For all options, you must have an appropriate Cloud IAM role for Security
Command Center at the organization level, such as
Security Center Admin Editor.
Your organization administrator can
grant you this role.
If your user account is not associated with an
organization
on Google Cloud, you can create an organization resource by signing up for
either Cloud Identity or
Google Workspace (formerly G Suite) using a
domain you own. Cloud Identity offers a
free edition.
Installing the gatekeeper-securitycenter
controller
Install the gatekeeper-securitycenter
controller in your cluster by following
the steps in the kpt package documentation.
Documentation
Disclaimer
This is not an officially supported Google product.