Kubernetes is a big and fast-moving project and it’s difficult to control what features or functions are available to your cluster users. Many of the managed Kubernetes offerings limit the the capability to configure the control plane, yet allow use validating and mutating admission webhooks.
When your control plane is managed by a provider, you may not have ability to turn on useful Kubernetes Controllers to improve your cluster security. Aleks and Jaime will demonstrate how to leverage Open Policy Agent (OPA) admission controller to govern those requests and enable a single configuration point to enforce and validate security posture.
This session will provide an introduction to Rego, the language used to describe OPA policies, recent updates to OPA, and break down sample policies for common use cases.