Hi brother i need some information on how can we setup opa policy for externalname services that fails if a service is created of type externalname with port name that doesn't follow the istio convention
how to clean up the OPA CRD Constraint template to get back cluster to initial state? Just want to get cluster at original state without OPA gatekeeper and constraints.
For that various options... 1st you can set resource limits in clusters and namespace level. 2nd using Admission controller - validating webhook 3rd using OPA, you need to configure configmaps in Rego language to achieve that. Also other ways aswell have to explore. 1st approach is simple and easy.
Yes need to install in each cluster, in order to automate this...its seperete topic...you can use various approaches like shell or ansible or gitops etc there are other ways too. Depends on your use case/setup
Not allowed bro...see here list of sites allowed during exam docs.linuxfoundation.org/tc-docs/certification/certification-resources-allowed#certified-kubernetes-administrator-cka-and-certified-kubernetes-application-developer-ckad-and-certified-kubernetes-security-specialist-cks
In CKS perspective this channel is one among the best so far. Am learning a lot on this channel. Bless you brother for this content.
Thank you Bro
Very userful and simply explained....good one
Thank you
Very informative and useful lecture, cheers :)
Thank you Amrita
Very much useful video,
Brother i need some information on how can we setup opa policy for creating a minimum of two pods
Yes possible, you need to setup on every deployment, should have min 2 pods. see below yaml. hope this helps
----------------------------------
apiVersion: gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
name: minimum-pods
spec:
crd:
name: minimumpods
namespace: gatekeeper-system
targets:
- target: deployment
parameters:
- name: minPods
type: integer
----------------------------------
apiVersion: gatekeeper.sh/v1beta1
kind: Constraint
metadata:
name: enforce-minimum-pods
spec:
template:
name: minimum-pods
parameters:
- name: minPods
value: 2
Hi brother i need some information on how can we setup opa policy for externalname services that fails if a service is created of type externalname with port name that doesn't follow the istio convention
Thank you so much sir once again..appreciate it.
Thank you Sathish. Pls like share and subscribe. Keep learning
nice and informational session.. keep up the good work..
Thank you
how to clean up the OPA CRD Constraint template to get back cluster to initial state? Just want to get cluster at original state without OPA gatekeeper and constraints.
first find all using k api-resources, then is remove all Constraints, ConstraintTemplates
Thank for your sharing, cheer :)
Thank you for watching
Is that any reference for container resource limit memory condition based gatekeeper policy
Like my container not exceed to 16 gb memory allocation
For that various options...
1st you can set resource limits in clusters and namespace level.
2nd using Admission controller - validating webhook
3rd using OPA, you need to configure configmaps in Rego language to achieve that.
Also other ways aswell have to explore.
1st approach is simple and easy.
do i need to install OPA gatekeeper on each and every cluster individually or is there any automated way to do that
Yes need to install in each cluster, in order to automate this...its seperete topic...you can use various approaches like shell or ansible or gitops etc there are other ways too. Depends on your use case/setup
Is OPA documentation allowed during exam?
Not allowed bro...see here list of sites allowed during exam
docs.linuxfoundation.org/tc-docs/certification/certification-resources-allowed#certified-kubernetes-administrator-cka-and-certified-kubernetes-application-developer-ckad-and-certified-kubernetes-security-specialist-cks
so brother u wanna say k jaise hi i will create constraint template it will create a custom resource rit
yes correct, try to understand the entire concept.
@@learnwithgvr yes brother as I have told u earlier tht u r making awesome videos hoping for more content like on argocd, kubernetes networking
Thank you, will try my best
ye thoda complicated hogaya
Cks has complicated topics...need efforts
@@learnwithgvr yes brother i know dats y i chose ur channel to get understand u made it smple n easy bs ye opa bhari pad gaya