Kubernetes Admission Control using Vulnerability Scanning

Admission control policies in Kubernetes can be augmented with vulnerability scanning results to make more informed decisions. This integration demonstrates how to integrate CoreOS Clair with OPA and run it as an admission controller.

• https://github.com/open-policy-agent/contrib/tree/master/image_enforcer

• https://github.com/open-policy-agent/contrib/blob/master/image_enforcer/README.md

• Kubernetes in the OPA Ecosystem
  • kubernetes.io
• Clair in the OPA Ecosystem
  • github.com/coreos/clair