Kubernetes Cluster guardrails using Open Policy Agent / Gatekeeper
Enforcing best practices on Kubernetes clusters is a must - such as a namespace should have specific labels, containers should include resource limits, running containers as a non-root user, etc. Traditionally these best practices are documented and enforced on users to follow, continuous auditing is done to ensure the workload meets all the best practices. Open Policy Agent(OPA) changes the way how we can enforce these policies on the cluster for users. In this Tech-Talk, we will cover -
What is an Open Policy Agent(OPA)
OPA implementation in Kubernetes
Walk-through most common policies
Writing a custom policy
Additional use-cases