add opa gatekeeper

pluralsh · Dec 11, 2024 · 9b5508e · 9b5508e
1 parent 7199384
commit 9b5508e
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 9 deletions.
diff --git a/catalogs/security/opa-gatekeeper/README.md b/catalogs/security/opa-gatekeeper/README.md
@@ -0,0 +1,7 @@
+# OPA Gatekeeper
+
+This is a baseline, prod-ready OPA Gatekeeper installation using Plural.
+
+## Contributing
+
+If there are any features or documentation you'd like to add to this setup, please feel free to contribute back at https://github.com/pluralsh/scaffolds.
diff --git a/catalogs/security/opa-gatekeeper/helmrepository.yaml b/catalogs/security/opa-gatekeeper/helmrepository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: opa-gatekeeper
+  namespace: apps
+spec:
+  interval: 5m0s
+  url: https://open-policy-agent.github.io/gatekeeper/charts
diff --git a/catalogs/security/trivy-operator/helm/values.yaml.liquid b/catalogs/security/trivy-operator/helm/values.yaml.liquid
diff --git a/setup/catalogs/security/opa-gatekeeper.yaml b/setup/catalogs/security/opa-gatekeeper.yaml
@@ -0,0 +1,33 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: PrAutomation
+metadata:
+  name: opa-gatekeeper
+spec:
+  name: opa-gatekeeper
+  icon: https://www.openpolicyagent.org/img/logos/opa-no-text-color.png
+  documentation: |
+    Sets up an OPA Gatekeeper policy controller
+  creates:
+    git:
+      ref: sebastian/prod-2981-set-up-catalog-pipeline # TODO set to main
+      folder: catalogs/security/opa-gatekeeper
+    templates:
+      - source: README.md
+        destination: documentation/opa-gatekeeper/README.md
+        external: true
+      - source: helmrepository.yaml
+        destination: "bootstrap/apps/opa-gatekeeper/{{ context.cluster }}/helmrepository.yaml"
+        external: true
+  repositoryRef:
+    name: scaffolds
+  catalogRef:
+    name: security
+  scmConnectionRef:
+    name: plural  # you'll need to add this ScmConnection manually before this is functional
+  title: "OPA Gatekeeper setup ({{ context.cluster }})"
+  message: "Sets up OPA Gatekeeper on {{ context.cluster }} cluster."
+  identifier: pluralsh/plrl-dev-aws # FIXME
+  configuration:
+  - name: cluster
+    type: STRING
+    documentation: the cluster you want to deploy to
diff --git a/setup/catalogs/security/trivy-operator.yaml b/setup/catalogs/security/trivy-operator.yaml
@@ -15,9 +15,6 @@ spec:
       - source: README.md
         destination: documentation/trivy-operator/README.md
         external: true
-      - source: helm/values.yaml.liquid
-        destination: helm/trivy-operator/{{ context.cluster }}.yaml.liquid
-        external: true
       - source: helmrepository.yaml
         destination: "bootstrap/apps/trivy-operator/{{ context.cluster }}/helmrepository.yaml"
         external: true
@@ -31,7 +28,7 @@ spec:
   scmConnectionRef:
     name: plural  # you'll need to add this ScmConnection manually before this is functional
   title: "Trivy Operator setup ({{ context.cluster }})"
-  message: "Sets up Trivy Operator on cluster {{ context.cluster }}."
+  message: "Sets up Trivy Operator on {{ context.cluster }} cluster."
   identifier: pluralsh/plrl-dev-aws # FIXME
   configuration:
   - name: cluster