Enforcing Bespoke Policies in a Cloud Native System


The rise of DevOps and Cloud Native technology means that organizations increasingly rely on decentralized teams to manage deployments of complex distributed systems through fully-automated, self-service platforms like Kubernetes. At the same time, organizations still require tight control over their apps and infrastructure to satisfy important requirements around performance, cost, and security. As projects in the container and microservice spaces mature, extensibility has become a critical feature that platform engineers and administrators leverage to enforce their organization’s custom policies.

In this talk, Torin will show (with demos) how you can leverage Kubernetes third-party resources, webhooks, and operators to enforce custom policies over resources admitted into the cluster. The talk will also show how the same principles can be applied to enforce policies in other parts of the stack.

This talk is targeted at platform engineers and administrators that work with or build container orchestration solutions. Attendees can expect to walk away with an understanding of how to leverage extensibility in projects like Kubernetes to achieve greater control and flexibility over important workloads.

Speaker

Torin Sandall

Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer at Cyan Inc. (acquired by Ciena Corp.) where he designed and developed core components of their SDN/NFV platform such as modelling languages as well services for resource orchestration and topology discovery.