Open Policy Agent (OPA) was recently admitted to the CNCF. And, with Kubernetes 1.9, admission controllers have become easier to implement.
Jimmy Ray demonstrates how to use the Open Policy Agent with the ValidatingAdmissionWebhook resource to evaluate API events and enforce compliance directions. With OPA, Kubernetes operators can build dynamic admission controls to evaluate event metadata against dynamically defined policies. Example use cases include enforcing resource metadata, global or namespace specific, such as labeling, and preventing deployments from unauthorized image registries.
Jimmy Ray is a Distinguished Engineer, focused on cloud native engineering, at Capital One. The majority of his 20+ years in IT has been spent developing software and architecting enterprise solutions. Jimmy is a leader in the Richmond, VA, tech community and has spoken at user groups and conferences in the US and Europe, including Jenkins World 2016 and Red Hat DevNation 2019. He’s passionate about delivering containerized cloud solutions.
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org