Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects - Learn more at Enforcing Standards in CI/CD Using Open Policy Agent - Gaurav Gajkumar Chaware, InfraCloud
Enforcing policies such as using labels or resource requirements after deploying in a runtime environment is costly. If these policies can be enforced in CI/CD phase on Kubernetes manifests or Terraform scripts it will be more efficient. In this talk, Gaurav covers a brief overview of OPA and demonstrates how Open Policy Agent can be used to enforce the policies in CI/CD phase and beyond. The demo consists of how OPA is used during the build phase to validate conformance to standards and security policies. Gaurav will use a Kubernetes manifest and a Terraform template as an example which will be validated by a policy for conformance. Gaurav will further demo how the same policy can be used after deployment to cluster for validating and enforcing the same policy. The in-cluster enforcement is done by a Kubernetes admission controller which is generated from the policy.
0 Comments