10-23, 16:20–16:50 (US/Eastern), Side Room
That’s right! The Open Policy Agent has other skills than just securing your clusters. The general-purpose design of the Open Policy Agent has enabled many tools, such as Gatekeeper, to adopt it for their own policy decision needs. This is powerful because it provides end-users with a consistent approach to policy enforcement throughout the cloud native ecosystem.
This talk will look at several different tools and techniques that leverage OPA's policy engine and how they can benefit the development, deployment, and security of your applications.
We'll explore:
- How Regula can evaluate your infrastructure for compliance violations before ever reaching the cloud.
- How Conftest can enforce cluster policies in local environments and CI without the need for a cluster.
- How Gatekeeper can provide cluster audits and prevent insecure workloads from being deployed.
- How Konstraint can automatically generate documentation, constraints, and templates for your policies.
- ... and more!
By the end of this talk, the audience will have more tools available to them in their toolkit and gain a different perspective on how the Open Policy Agent is used today to make better decisions for tomorrow.
John Reese is a Software Engineer at Yubico helping build their services platform by leveraging technologies such as Kubernetes, Istio, and Go. Before diving into the world of gophers and service meshes, he primarily worked on ASP.NET applications using C#. He is an active open source contributor, and tries to find any excuse he can to open a pull request. In his free time, he enjoys playing hockey and video games, both of which he takes way too seriously.