Fine-grained Authorization in a Containerized World - Ashutosh Narkar, Styra Inc.*
Organizations use containerized workloads to build and deploy applications. Although diverse in nature these deployments must conform to company-wide constraints around cost, security, and performance …
Talk Title | Fine-grained Authorization in a Containerized World - Ashutosh Narkar, Styra Inc.* |
Speakers | Ash Narkar (Senior Software Engineer, Styra Inc) |
Conference | Open Source Summit + ELC North America |
Conf Tag | |
Location | San Diego, CA, USA |
Date | Aug 19-23, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Organizations use containerized workloads to build and deploy applications. Although diverse in nature these deployments must conform to company-wide constraints around cost, security, and performance. These evolving constraints affect the entire stack and hence enforcing them becomes difficult.In this talk, we will introduce the Open Policy Agent (OPA), an open source, general-purpose policy engine which can be used to enforce fine-grained policies in any system and at any layer of the stack.We will see examples of authoring security policies using OPA’s purpose-built, declarative language over JSON data gathered from Kubernetes.OPA not only provides the ability to enforce organization-specific policies by leveraging security extension points in Docker and Kubernetes such as admission controllers but also meets strict latency and availability requirements.We will demo how custom policies can be enforced on Kubernetes objects without modifying any Kubernetes components.