Applying Policy Throughout The Application Lifecycle with Open Policy Agent
Open Policy Agent is built to be used as a library in other tools and there are already several open source projects using OPA as generic policy engine. This is powerful because it allows end users to …
| Talk Title | Applying Policy Throughout The Application Lifecycle with Open Policy Agent |
| Speakers | Gareth Rushgrove (Director Product Management, Snyk) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | San Diego, CA, USA |
| Date | Nov 15-21, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Open Policy Agent is built to be used as a library in other tools and there are already several open source projects using OPA as generic policy engine. This is powerful because it allows end users to invest in one use case, and reuse some of the same knowledge and tools, especially the Rego data assertion language, to solve other adjacent problems.In this talk we will look at applying Open Policy Agent tools throughout the application lifecycle. We’ll explore:* Writing unit tests for Kubernetes configuration (and Helm charts) using Conftest* Defining a CI pipeline in code, and testing that using OPA* Gating deployments to the cluster using Gatekeeper* Auditing the cluster for security best practices, by porting the Kubesec ruleset to Rego* Porting pod security policies to OPA* Writing unit tests for the Rego policy code we wrote above
