Open Policy Agent (OPA) Intro & Deep Dive

Gatekeeper is a popular open-source tool for Kubernetes that enforces policies on resources in a cluster. The tool has undergone significant improvements, including a reduction in memory usage and the addition of external data and Gator CLI features.

• Gatekeeper is an open-source tool for Kubernetes that enforces policies on resources in a cluster
• Significant improvements have been made to Gatekeeper, including a 20x reduction in memory usage
• New features include external data and Gator CLI
• Gatekeeper is commonly used in service meshes like Istio

One of the new features of Gatekeeper is external data, which allows for communication with external systems in a more secure and constrained way than HTTP.send. This feature can be used to integrate with LDAP, limit changes to specific fields on resources, and even auto-label resources with team metadata using the mutation feature. Another improvement is the Gator CLI, which allows for unit tests on templates and constraints, as well as validation of specific messages sent by regular policies. Gatekeeper is commonly used in service meshes like Istio.

Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.Click here to view captioning/translation in the MeetingPlay platform!