Conf42: Cloud Native 2021

...

Embracing change: Policy-as-code for Kubernetes with OPA and Gatekeeper

Ara Pulido
Developer Relations @ Datadog

Ara Pulido's LinkedIn account Ara Pulido's twitter account



Sometimes, RBAC is not enough: we need ways to define and enforce fine-grained policies for our clusters.

Gatekeeper and OPA make it easy to adopt policy-as-code practices in Kubernetes. You’ll learn how to adopt these techniques and how to integrate Gatekeeper with your existing tools.

Kubernetes provides a native Role based access control (RBAC) authorization scheme, allowing cluster operators to define rules to define which operations users or services can do against a particular Kubernetes object. As more enterprises migrate to cloud native environments like Kubernetes, RBAC alone presents limitations. The need for more scalable ways to define and enforce fine-grained policies increases: how can I limit the number of replicas of a pod for certain users? how can I ensure that all images come from trusted registries?

In this talk we will demo Gatekeeper for Kubernetes environments. You’ll learn how to adopt policy-as-code techniques and how you can integrate Gatekeeper with your existing tools.

Awesome tech events for

Priority access to all content

Community Discord

Exclusive promotions and giveaways