Welcome, connect with old friends, make new friends, network and hangout

Chris Russo - Presentation

As organizations evolve their Kubernetes clusters, ensuring policy compliance becomes crucial, especially during the upgrade process. This talk explores the significance of OpenPolicy Agent (OPA) in enforcing policies on Kubernetes clusters that require upgrading, considering the deprecation of Pod Security Policies (PSP).

OpenPolicy Agent, an open-source policy engine, provides a flexible and extensible approach to policy enforcement on Kubernetes. With OPA, organizations can define and enforce policies that govern various aspects of cluster security, resource allocation, and application behavior.

However, the deprecation of Pod Security Policies in recent Kubernetes versions presents a challenge. Pod Security Policies were widely used to enforce security policies at the pod level, but their removal necessitates alternative solutions. OPA fills this gap by enabling a declarative policy framework that can be used alongside Kubernetes admission controllers like Gatekeeper.

During the cluster upgrade process, organizations can leverage OPA's capabilities to ensure policy compliance. By authoring custom policies in the Rego language, administrators can define rules that address security, resource usage, network access, and other requirements specific to their environment. OPA evaluates these policies against incoming requests, such as pod creations or updates, and enforces the defined policies by rejecting or modifying requests that violate the rules.

Furthermore, OPA's integration with Kubernetes admission controllers allows seamless integration into the cluster upgrade workflow. Policies can be evaluated at different stages, such as during admission, mutation, or validation, ensuring that the desired policies are enforced consistently.

This talk highlights the significance of OpenPolicy Agent in enforcing policies during Kubernetes cluster upgrades, particularly in light of PSP deprecation. By adopting OPA and its declarative policy framework, organizations can continue to maintain and enforce robust security and compliance measures while keeping pace with the evolving Kubernetes ecosystem.

Andrew Block, Red Hat's distinguished architect, is visiting Wellington. Hear more about it as he shares details on Red Hat Developer Hub, Trusted Content/RHTAP, ACS cloud service, OpenShift AI/ML, Service Interconnect and the Ansible integration, and much more. Ensure you bring in the questions you would have wanted regarding these new product announcements from Red Hat.