Viktor Farcic is a Developer Advocate at Upbound, a member of the Google Developer Experts, CDF Ambassadors, and GitHub Stars groups, and a published author.
He is a host of the YouTube channel DevOps Toolkit and a co-host of DevOps Paradox.
Sometimes we make mistakes unintentionally while, at other times, bad actors try to exploit our systems. No matter the reason, misconfigurations can lead to security breaches, data loss, or even bring the whole system down. We may never be able to prevent all of these, but we can certainly minimize the risk by applying policies to infrastructure, services, and applications. The primary weapon in this fight is Policy-as-Code tools combined with Internal Developer Platforms.
In this talk, we'll build an Internal Developer Platform (IDP) and combine it with policies. As a result, we will not only enable developers to define and manage their applications and infrastructure, but we will also ensure that they are "doing the right thing" by guiding them with policies.
We'll use Crossplane to build an IDP that will allow developers to define their infrastructure and applications. We'll also use Validating Admission Policy to define policies that will guide them to define the resources they need, help them avoid making mistakes, and ensure that even malicious actors won't be able to exploit the system.