gatekeeper-securitycenter allows you to use Security Command Center as a
dashboard for Kubernetes resource policy violations.
a command-line tool that creates Security Command Center sources and manages the IAM policies of the sources.
Security Command Center Standard tier.
Before installing the
gatekeeper-securitycenter controller, create all of the
- a Kubernetes cluster, for instance a Google Kubernetes Engine (GKE) cluster
- Policy Controller or OPA Gatekeeper installed in the Kubernetes cluster
- a Security Command Center source
- a Google service account with the Security Center Findings Editor role on the Security Command Center source
To create these prerequisite resources, choose one of these options:
Follow the step-by-step instructions in the accompanying tutorial.
For all options, you must have an appropriate Cloud IAM role for Security Command Center at the organization level, such as Security Center Admin Editor. Your organization administrator can grant you this role.
If your user account is not associated with an organization on Google Cloud, you can create an organization resource by signing up for either Cloud Identity or Google Workspace (formerly G Suite) using a domain you own. Cloud Identity offers a free edition.
gatekeeper-securitycenter controller in your cluster by following
the steps in the kpt package documentation.
This is not an officially supported Google product.