helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm repo update
helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper --create-namespace

$ k get pod -n gatekeeper-system
NAME                                             READY   STATUS    RESTARTS   AGE
gatekeeper-audit-8c586559c-srgjp                 1/1     Running   0          56s
gatekeeper-controller-manager-6bcfdc9f66-2pchs   1/1     Running   0          56s
gatekeeper-controller-manager-6bcfdc9f66-cnb8m   1/1     Running   0          56s
gatekeeper-controller-manager-6bcfdc9f66-xfwf2   1/1     Running   0          56s

$ git clone https://github.com/open-policy-agent/gatekeeper.git
$ cd gatekeeper/demo/basic/
$ ./demo.sh
##############################################################
# HOLD IT!! I require pv but it's not installed.  Aborting.
##############################################################

Installing pv:

Mac: $ brew install pv

Other: http://www.ivarch.com/programs/pv.shtml

$ sudo apt install pv
$ fallocate -l 1g access.log
$ gzip -c access.log > access.log.gz
$ pv access.log | gzip > access.log.gz
1.00GiB 0:00:08 [ 127MiB/s] [=======================================================================================================================================================>] 100%

./demo.sh

$ kubectl apply -f constraints/all_ns_must_have_gatekeeper.yaml
k8srequiredlabels.constraints.gatekeeper.sh/ns-must-have-gk created
$ kubectl apply -f bad/bad_ns.yaml
Error from server (Forbidden): error when creating "bad/bad_ns.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [ns-must-have-gk] you must provide labels: {"gatekeeper"}

$ kubectl apply -f bad/no_dupe_ns_2.yaml
Error from server (Forbidden): error when creating "bad/no_dupe_ns_2.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [ns-gk-label-unique] label gatekeeper has duplicate value not_duplicated