Fueling innovative software
July 15-18, 2019
Portland, OR

Policy-enabled Kubernetes with Open Policy Agent

James Ray (Capital One)
5:05pm5:45pm Thursday, July 18, 2019
Average rating: *****
(5.00, 1 rating)

Who is this presentation for?

  • Engineers implementing Kubernetes in the enterprise




Open Policy Agent (OPA) was recently admitted to the CNCF. And, with Kubernetes 1.9, admission controllers have become easier to implement.

Jimmy Ray demonstrates how to use the Open Policy Agent with the ValidatingAdmissionWebhook resource to evaluate API events and enforce compliance directions. With OPA, Kubernetes operators can build dynamic admission controls to evaluate event metadata against dynamically defined policies. Example use cases include enforcing resource metadata, global or namespace specific, such as labeling, and preventing deployments from unauthorized image registries.

Prerequisite knowledge

  • Intermediate knowledge of Kubernetes
  • Familiarity with Open Policy Agent (useful but not required)

What you'll learn

  • Explore Open Policy Agent and learn how to use it to evaluate the JSON payload of many API server events
Photo of James Ray

James Ray

Capital One

Jimmy Ray is a Distinguished Engineer, focused on cloud native engineering, at Capital One. The majority of his 20+ years in IT has been spent developing software and architecting enterprise solutions. Jimmy is a leader in the Richmond, VA, tech community and has spoken at user groups and conferences in the US and Europe, including Jenkins World 2016 and Red Hat DevNation 2019. He’s passionate about delivering containerized cloud solutions.