Unit Testing Your Kubernetes Configurations Using Open Policy Agent
Open Policy Agent provides a high-level declarative language to author and enforce policies on structured data, for instance Kubernetes configurations. OPA is typically used as a service to enforce au …
| Talk Title | Unit Testing Your Kubernetes Configurations Using Open Policy Agent |
| Speakers | Gareth Rushgrove (Director Product Management, Snyk) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Barcelona, Spain |
| Date | May 19-23, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Open Policy Agent provides a high-level declarative language to author and enforce policies on structured data, for instance Kubernetes configurations. OPA is typically used as a service to enforce authorization policy in a cluster. New configurations submitted to an API are filtered through OPA and accepted or rejected depending on the defined policy. But some types of policy violations can be caught even earlier in the development process. In this talk we’ll discuss: - Why you might benefit from writing unit tests for your Kubernetes configuration - Getting started with regol, OPAs declarative assertion language - Integrating OPA-based tests with your continuous integration system - Testing Kubernetes configurations when working with other ecosystem tools like Helm, Kustomize and Pulumi - Extending the same approach to other structured configuration files
