The very first OPA Amsterdam meetup

Hi OPA fans! This is the first ever OPA meetup in Amsterdam. Obviously the topic of the day will be all things OPA as well as what everyone would like to get out of this meetup. Our main goal is to bring together OPA users in and around Amsterdam to exchange experience and ideas.

The meetup is organized by Styra, the creators of OPA and kindly sponsored by Deloitte (food and drinks) and Container Solutions (venue).

Schedule:
18:00 - Doors open
18:15 - Inaugural meetup discussion
18:30 - Talk #1 Attacking and defending Kubernetes
19:00 - Talk #2 OPA everywhere! Exploring new opportunities in policy evaluation
Drinks and socializing until 21:00

Talks:
#1: Attacking and defending Kubernetes
Mauricio Cano Grijalba & José Roberto Almaráz from Deloitte

This talk first discusses some common security misconfigurations for Kubernetes clusters and how attackers can exploit them via live demonstrations. Secondly, we will present a policy-based approach using the Open Policy Agent to enforce rules that will disable the most common attacks and misconfigurations. Similarly, we will open the discussion on potential design decisions that may make it possible for attackers to bypass the OPA policies.

#2: OPA everywhere! Exploring new opportunities in policy evaluation
Anders Eknert, Developer Advocate @ Styra

A key factor in the success of OPA is the versatility of the tool. As a general purpose policy engine, the number of use cases are many— whether it’s Kubernetes admission control, application authorization, guardrails around your infrastructure, or something else entirely. This requires a flexible policy engine capable of making decisions on any type of data, but just as much, it needs to operate in any type of environment — from embedded to the cloud. In this presentation, we’ll explore compiling Rego into the new, low-level Intermediate Representation (IR) format, and the opportunities (and challenges!) provided by moving the policy decision point from an external component, and into our applications. We’ll take a closer look at the format of an evaluation plan, and what a simple evaluator implementation might look like. Can we run OPA anywhere and everywhere? Let’s find out!