05-18, 10:40–11:10 (UTC), Main Hall
Have you ever been asked the question - “How do we make sure Kubernetes resources conform to our internal policies and procedures?”. In this session we introduce, how you can audit, validate and mutate Kubernetes resources based custom semantic rules during create, update, and delete operations without recompiling or reconfiguring the Kubernetes API server using Gatekeeper - a policy controller for Kubernetes.
Every organization has rules, whether it be that each resource needs to be labelled a specific way or to only use images from specific container repositories. Some of these rules or policies are essential to meet governance or legal requirements and may be based on learning from past experiences. In this session we introduce, how you can audit, validate and mutate Kubernetes resources based custom semantic rules during create, update, and delete operations without recompiling or reconfiguring the Kubernetes API server. These policies are all backed by the Open Policy Agent (OPA), which is a lightweight, general-purpose policy engine for cloud-native environments. We will also demonstrate the work that is being done in the upstream community and provide working samples to start your journey building scalable policy on Kubernetes.
Open Source Repository - https://github.com/open-policy-agent/gatekeeper
Max Smythe is a Software Engineer at Google working to make Kubernetes easier to manage at scale. He is excited about the potential Gatekeeper has to streamline compliance and make life easier on cluster admins. Previously he worked at a startup as a backend developer and in the VFX industry on films such as The Smurfs. He graduated from UC Irvine with a B.S. in Physics and a B.A. in Drama.
Rita Zhang is a software engineer at Microsoft, based in San Francisco bay area. She is on the Azure Cloud Native Compute team building features for Kubernetes upstream and for Azure Kubernetes Service. Rita is passionate about open source and running distributed workloads at scale.