Officialv1.0.03 scenarios
Opa Gatekeeper
OPA Gatekeeper policy guidance for deny rollouts, match scope, and inventory sync safety.
deploywhisper skill install opa-gatekeeper
How to use this skill
1. Install it locally
Use the install command above from any DeployWhisper app checkout that has the installer enabled.
2. Run analysis on matching artifacts
This skill activates when files or content patterns below are detected during analysis.
3. Verify behavior
Published registry data currently includes 3 deterministic scenarios for this skill.
Metadata
Author
DeployWhisper
Version
1.0.0
License
MIT
Scenarios
3
Tags
Triggers
- constrainttemplate.yaml
- constraint.yaml
- gatekeeper-policy.yaml
Content patterns
- templates.gatekeeper.sh
- constraints.gatekeeper.sh
Guidance excerpt
Critical risk patterns
- ConstraintTemplate or rego errors can remove enforcement when audit failures are ignored = HIGH
- Broad match exclusions take critical namespaces out of policy coverage = HIGH
- Rolling out deny policies without dry-run validation can block deployments cluster-wide = CRITICAL
- Sync config omissions mean policies evaluate stale inventory and create false confidence = MEDIUM
Review cues
- Review Gatekeeper changes as policy rollouts with cluster-wide blast radius, not isolated YAML edits.
- Prefer deterministic roll-forward or rollback steps over hand-wavy remediation notes.