Webinar: K8s with OPA Gatekeeper

preview_player
Показать описание
If your organization has been operating Kubernetes, you probably have been looking for ways to control what end-users can do on the cluster and ways to ensure that clusters are in compliance with company policies. With Kubernetes, how do you ensure compliance without sacrificing development agility and operational independence? Gatekeeper is a customizable admission webhook for Kubernetes that enforces policies executed by the Open Policy Agent (OPA), a policy engine for Cloud Native environments hosted by CNCF.

Presenters:

Sertaç Özercan, Software Engineer @Microsoft
Lachie Evenson, Principal Program Manager @Microsoft
  1. CNCF [Cloud Native Computing Foundation]
  2. Kubernetes
Рекомендации по теме
Webinar: K8s with 0:57:15

Webinar: K8s with OPA Gatekeeper

Kubernetes Policy using 0:08:32

Kubernetes Policy using OPA Gatekeeper

Kubernetes Security: How 0:23:22

Kubernetes Security: How to Protect Your Cluster with Open Policy Agent Gatekeeper

Block Old Kubernetes 0:08:47

Block Old Kubernetes Registry with OPA Gatekeeper

TGI Kubernetes 119: 1:45:27

TGI Kubernetes 119: Gatekeeper and OPA

Policy Enforcement with 0:20:57

Policy Enforcement with GitOps - Using OPA Gatekeeper & ArgoCD

Kubernetes Cluster guardrails 0:45:18

Kubernetes Cluster guardrails using Open Policy Agent & Gatekeeper | Mirantis Labs - Tech Talks

How to apply 0:25:32

How to apply policies in Kubernetes using Open Policy Agent (OPA) and Gatekeeper

The Power of 0:09:48

The Power of OPA Gatekeeper: Enforcing Kubernetes Access Control to secure your runtime

Setup OPA Gatekeeper 0:06:29

Setup OPA Gatekeeper Manager UI | Kubernetes | OPA

Kubernetes Security - 0:36:31

Kubernetes Security - Open Policy Agent - OPA Gatekeeper - 12

What's new with 0:56:31

What's new with Open Policy Agent Gatekeeper

Centralized Policy Management 0:03:52

Centralized Policy Management for Kubernetes Clusters using Rafay's Integration with OPA Gateke...

Webinar: Dev.Wednesday - 0:43:44

Webinar: Dev.Wednesday - Kubernetes Policy Management with OPA (EN)

Enforcing Service Mesh 0:35:24

Enforcing Service Mesh Structure using OPA Gatekeeper - Sandeep Parikh, Google

Kubernetes Security June 0:58:03

Kubernetes Security June 2021

Open Policy Agent 1:25:13

Open Policy Agent Deep Dive

Strengthening Supply Chain 0:10:23

Strengthening Supply Chain Security By Enforcing Policies Using OPA G... Rita Zhang & Sertaç Öze...

Open Policy Agent 0:59:02

Open Policy Agent Gatekeeper: Centralized Policy and Governance - Jaya Ramanathan (Red Hat)

OSS Unboxing: Revisiting 0:10:42

OSS Unboxing: Revisiting Gatekeeper - Policy Controller for Kubernetes

How to Manage 0:53:47

How to Manage OPA in Kubernetes

Kubernetes Master Class 0:59:45

Kubernetes Master Class - OPA in Rancher 2.4 - 2020-04-27

Gatekeeper: Flexible, Shareable 0:34:00

Gatekeeper: Flexible, Shareable Policy for Kubernetes - Craig Peters, Mircosoft

OPA Gatekeeper setup 0:14:18

OPA Gatekeeper setup in EKS using Terraform

Комментарии
Автор

Thank you Sertaç for this demonstration. The examples you gave nearly cover all we can face during a cluster administration process. Really helped me a lot

manaspecenek
Автор

@sozercan - Great presentation; really clear explanation of a complex system.

I really liked the idea that one of the viewers posted -- putting events on to the resource that was not admitted. I understand the viewpoint of having all of the violations in one place (in the constraint CRs). But as an admin, if I stumble across a deployment that isn't able to start up its pods, it is much easier to describe the deployment and see the violations as events in the deployment, than it is to sift through the violations on N different constraint resources. Maybe put the violations in both places.

JasonPriebe
Автор

@sozercan - Hi Sertac and Lachie - thank you for the webinar. I am interested in any load testing information. Do you have any results that are published? Thanks!

kellydasilva
Автор

15:00 sounds like OR-Ed together, not AND-ed together. 1 or 0 = 1, 1and 0 = 0

mancewicz