Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Rita Zhang, Charlie Egan, John Reese
2023-04-21
Download the code ahead of time. DCO Required.The OPA projects have the goal of standardizing policy across the stack. This is only possible with a large community of users and contributors using the projects in a variety of use cases. We hope that by making the maintainers of the main OPA contact points available (OPA, Gatekeeper and conftest) in a ContribFest session that we will attract those interested in taking the first step to contributing and be effective in helping them do so.This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Peter O'Neill
2022-10-28
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
Conference: Cloud Native SecurityCon North America 2022
Authors: Asaf Cohen
2022-10-25
tldr - powered by Generative AI
The presentation discusses best practices for managing policy in DevOps and cybersecurity, including decoupling policy from code, using GitOps for policy, and planning ahead for future demands.
- Decoupling policy from code is important for flexibility and scalability
- GitOps for policy allows for auditable and testable policy management
- Planning ahead for future demands ensures that the system can grow without needing to be rewritten from scratch
Conference: CloudOpen 2022
Authors: Tim Hinrichs
2022-06-23
tldr - powered by Generative AI
Introduction to Open Policy Agent (OPA) and its flexibility in policy language and deployment options
- OPA is a decision point for authorization decisions made by any service
- Policy queries can be any arbitrary JSON value and the policy language is purpose-built to handle deeply nested JSON data
- Context-aware policies can be created by injecting arbitrary data into OPA
- Policy decisions can also be arbitrary JSON objects
- OPA is flexible in deployment options, including running as a CLI, embedded library, or centralized authorization service
- The policy language is expressive but not as complex as a programming language
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Anders Eknert, Will Beason
2022-05-18
tldr - powered by Generative AI
Gatekeeper is a popular open-source tool for Kubernetes that enforces policies on resources in a cluster. The tool has undergone significant improvements, including a reduction in memory usage and the addition of external data and Gator CLI features.
- Gatekeeper is an open-source tool for Kubernetes that enforces policies on resources in a cluster
- Significant improvements have been made to Gatekeeper, including a 20x reduction in memory usage
- New features include external data and Gator CLI
- Gatekeeper is commonly used in service meshes like Istio
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Cagri Cetin, Quentin Long
2021-10-14
Yelp recently migrated their container-orchestration system from Mesos to Kubernetes. However, existing Kubernetes authorization mechanisms were insufficient to implement least-privilege access control rules. Yelp needed to authorize its users to hundreds of services owned by hundreds of different teams. By leveraging the Open Policy Agent (OPA), Yelp has implemented an authorization system that allows defining fine-grained authorization rules: These can rely on service ownerships, resources’ or actions’ sensitivity levels. This talk covers Yelp’s journey to a fine-grained Kubernetes authorization using OPA and LDAP. It will discuss: - Shortcomings of existing Kubernetes authorization mechanisms - Design details of the new OPA-based system - Strategies for provisioning authorization rules at scale - Migration to the new system with zero downtime - Issues encountered along the way and lessons learned