Securing Your Kubernetes Cluster with Admission Control + CI/CD with OPA

Dettagli

Nel prossimo meetup avremo due talk in cui tratteremo OpenPolicyAgent e il suo utilizzo in cluster Kubernetes e pipeline di CI/CD. Per l'occasione avremo come speaker Ash, Software Engineer in Styra Inc. e core contributor del progetto Open Policy Agent.

TALK 1
Title
Securing Your Kubernetes Cluster with Admission Control

Abstract: How do you make sure your Kubernetes resources conform to external regulations and internal policies? Whether you need to ensure that images are pulled from a specific repository or that all resources are labeled according to your organization's guidelines, these kinds of rules are essential to operating and securing your Kubernetes environments.

Kubernetes allows separation between the runtime-state and desired-state of your clusters, thereby allowing cluster administrators to enforce desired-state security policies via a mechanism called Admission Control.

Kubernetes Admission Controllers go well beyond RBAC/ABAC to help you put the necessary guardrails in place and in doing so, avoid runtime problems even before they happen. This talk will show how the Open Policy Agent (OPA) provides a declarative approach to Admission Control to enforce custom policies on Kubernetes objects without modifying any Kubernetes components.

Bio: Ash Narkar is the core contributor to the Open Policy Agent project. Ash has over 5 years of experience working on large-scale distributed systems. Ash is a Senior Software Engineer at Styra, Inc., working on OPA development and integrations. Previously he was a Principal Engineer at Verizon Labs, where he worked on their IoT platform. Ash also worked as a Software Engineer at Cyan, Inc., where he contributed to the core components of their SDN platform. Ash has presented the OPA project at KubeCon, Open Source Summit, Kubernetes meetups, and more.