Conf42: Cloud Native 2021

Everything Cloud Native and Cloud Security. It came from the Cloud!

...

Embracing change: Policy-as-code for Kubernetes with OPA and Gatekeeper

Ara Pulido
Developer Relations @ Datadog

Ara Pulido's LinkedIn account Ara Pulido's twitter account


Sometimes, RBAC is not enough: we need ways to define and enforce fine-grained policies for our clusters.

Gatekeeper and OPA make it easy to adopt policy-as-code practices in Kubernetes. You’ll learn how to adopt these techniques and how to integrate Gatekeeper with your existing tools.

Kubernetes provides a native Role based access control (RBAC) authorization scheme, allowing cluster operators to define rules to define which operations users or services can do against a particular Kubernetes object. As more enterprises migrate to cloud native environments like Kubernetes, RBAC alone presents limitations. The need for more scalable ways to define and enforce fine-grained policies increases: how can I limit the number of replicas of a pod for certain users? how can I ensure that all images come from trusted registries?

[Gatekeeper](https://github.com/open-policy-agent/gatekeeper/) is an open source project to integrate [Open Policy Agent (OPA)](https://www.openpolicyagent.org/) in Kubernetes environments. Gatekeeper allows to define policy as Kubernetes objects, making it easier to adopt policy-as-code practices in Kubernetes environments and sharing reusable policy templates.

In this talk we will demo Gatekeeper for Kubernetes environments. You’ll learn how to adopt policy-as-code techniques and how you can integrate Gatekeeper with your existing tools.

Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways