Search results for: open policy agent (opa)


How to secure Kubernetes Pods post-PSPs deprecation

Posted on June 30, 2022 | Amir Kaushansky

Guest post originally published on the ARMO blog by Amir Kaushansky Kubernetes pods are the basic building blocks of Kubernetes. It’s managing one or more tightly coupled application containers allowing them to share resources and networks. Pods are…


Real-time dynamic authorization – an introduction to OPAL

Posted on June 27, 2022 | Daniel Bass

An introduction to OPAL – an open-source administration layer for Open Policy Agent (OPA) that allows you to easily keep your authorization layer up-to-date in real-time Guest post originally published on the Permit.io blog by Daniel Bass TL;DR OPAL…


How do you integrate Emissary Ingress with OPA

Posted on May 6, 2022 | Tayyab Jamadar

Guest post originally published on InfraCloud’s blog by Tayyab Jamadar API gateways play a vital role while exposing microservices. They are an additional hop in the network that the incoming request must go through in order…


How to get robust GitOps? The U.S. Department of Defense uses Flux and Helm

Posted on September 30, 2021 | Tamao Nakahara

Project post cross-posted from the Weaveworks blog by Tamao Nakahara, Head of Developer Experience, Weaveworks and Flux community manager Challenge The DoD knew that it needed GitOps. Nicolas M. Chaillan, Chief Software Officer of the U.S….


Make your Kubernetes policies stick: use an effective enforcement plan

Posted on April 23, 2021 | Joe Pelletier

Guest post originally published on Fairwinds blog by Joe Pelletier As teams move beyond their first Kubernetes pilot and into a broader deployment across the organization, DevOps teams have an increasingly difficult job. They don’t have…


How to enforce Kubernetes network security policies using OPA

Posted on September 9, 2020 | Mohammed Ahmed

Guest post originally published on the Magalix blog by Mohammed Ahmed This article is part of our Open Policy Agent (OPA) series, and assumes that you are familiar with Kubernetes and OPA. If you haven’t already done so,…


TOC Approves SPIFFE and SPIRE to Incubation

Posted on June 22, 2020

Today, the CNCF Technical Oversight Committee (TOC) voted to accept SPIFFE and SPIRE as incubation-level hosted projects. The SPIFFE (Secure Production Identity Framework For Everyone) specification defines a standard to authenticate software services in cloud native…


How to promote the use of best practices and automate security policies using tools like OPA and Kubernetes native declaratives

Posted on May 28, 2020

Securing containers against attacks in multiple deployments and different geolocations requires integrating security into multiple points in the pipeline. Using manual processes to impose the policies is error-prone. Automation is a key to ensure the best…


Ensuring compliance, without sacrificing development agility and operational independence, in K8s with OPA Gatekeeper

Posted on April 16, 2020

If your organization has been operating Kubernetes, you probably have been looking for ways to control what end-users can do on the cluster and ways to ensure that clusters are in compliance with company policies. With…


CNCF joins Google Summer of Code 2019 with 17 interns, projects for containerd, CoreDNS, Kubernetes, OPA, Prometheus, Rook and more

Posted on August 23, 2019

Since 2005, the Google Summer of Code (GSoC) program has accepted thousands of university students from around the world to spend their summer holiday writing code and learning about the open source community. This year GSoC accepted 1,276 students from…