In this step, you will update the cluster to use the newly created custom blueprint with OPA Gatekeeper and the defined policy.
Navigate to Infrastructure -> Clusters page
Click on the gear icon next to the cluster
Select Update Blueprint
Select the blueprint and the version (e.g. opa-gs-blueprint, v1)
Click Save and Publish
After the blueprint sync operation is complete, you should see the cluster is now using the "opa-gs-blueprint
Navigate to Infrastructure -> Clusters
Click on "KUBECTL" in the cluster card
Type the command below
kubectl get pods -n rafay-system
Once the custom cluster blueprint is applied to the target cluster, all configured add-ons (managed and self managed) are automatically deployed to the cluster. You should see a result like the following showing the OPA Gatekeeper pods running.
As of this step, you have created a cluster blueprint with OPA Gatekeeper and applied this blueprint to an existing cluster. You are now ready to move onto the next step where you will deploy a test workload to test the policy constraints.
In this step, you will create a custom cluster blueprint with OPA Gatekeeper. The "blueprint-v2.yaml" file contains the declarative specification for the blueprint.
Open Terminal (on macOS/Linux) or Command Prompt (Windows) and navigate to the folder where you forked the Git repository
Navigate to the folder "/getstarted/opa_gatekeeper/blueprint"
Important
Ensure you update the "project: defaultproject" with the name of the project in your Org
apiVersion:infra.k8smgmt.io/v3kind:Blueprintmetadata:name:opa-gs-blueprintproject:defaultprojectdescription:opa getting started blueprintspec:base:name:defaultversion:1.17.0defaultAddons:csiSecretStoreConfig:providers:{}enableIngress:trueenableLogging:falseenableMonitoring:trueenableVM:falsedrift:enabled:falsenetworkPolicy:{}opaPolicy:opaPolicy:-name:opa-gs-policyversion:opa-gs-policy-versionprofile:name:defaultplacement:{}sharing:enabled:falseversion:v1
Type the command below to create the blueprint
rctl apply -f blueprint-v2.yaml
If you did not encounter any errors, you can optionally verify if everything was created correctly on the controller.
Navigate to the "defaultproject" project in your Org
Select Infrastructure -> Blueprint
Click on the "opa-gs-blueprint" custom cluster blueprint
If you did not encounter any errors, you can optionally verify if everything was created correctly on the controller.
Navigate to the "defaultproject" project in your Org
Select Infrastructure -> Clusters
You should see the cluster is now using the "opa-gs-blueprint
Navigate to Infrastructure -> Clusters
Click on "KUBECTL" in the cluster card
Type the command below
kubectl get pods -n rafay-system
Once the custom cluster blueprint is applied to the target cluster, all configured add-ons (managed and self managed) are automatically deployed to the cluster. You should see a result like the following showing the OPA Gatekeeper pods running.
As of this step, you have created a cluster blueprint with OPA Gatekeeper and applied this blueprint to an existing cluster. You are now ready to move onto the next step where you will deploy a test workload to test the policy constraints.