From kubestellar-ops
Set up and manage resource ownership tracking with OPA Gatekeeper
npx claudepluginhub kubestellar/claude-plugins --plugin kubestellar-opsThis skill is limited to using the following tools:
Help the user set up and manage resource ownership tracking using OPA Gatekeeper policies.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.
Help the user set up and manage resource ownership tracking using OPA Gatekeeper policies.
Check Gatekeeper Status
check_gatekeeper to verify OPA Gatekeeper is installedCheck/Install Ownership Policy
get_ownership_policy_status to see if the ownership policy existsinstall_ownership_policydryrun mode for safetyShow Violations
list_ownership_violations to show resources missing ownership labelsRecommend Next Steps
warn mode first, then enforce| Tool | Purpose |
|---|---|
check_gatekeeper | Check if Gatekeeper is installed |
get_ownership_policy_status | Get current policy configuration |
list_ownership_violations | List resources missing labels |
install_ownership_policy | Install the policy (dryrun/warn/enforce) |
set_ownership_policy_mode | Change enforcement mode |
uninstall_ownership_policy | Remove the policy |
find_resource_owners | Check who owns existing resources |
install_ownership_policy:
labels: Required labels (default: ["owner", "team"])mode: dryrun (default), warn, or enforceexclude_namespaces: Namespaces to skip (auto-excludes system namespaces)Policy not installed:
Gatekeeper is installed and healthy.
Ownership policy is not configured.
Would you like to install it? I recommend starting with dryrun mode
to see which resources would be affected before enforcing.
Showing violations:
Found 47 resources missing ownership labels:
By Namespace:
- default: 12 violations
- app-prod: 23 violations
- app-staging: 12 violations
Top violations:
| Namespace | Kind | Name | Missing |
|-----------|------|------|---------|
| app-prod | Deployment | api-server | owner, team |
...
dryrun modeenforce modeenforce mode will block deployments