OPA on Kubernetes: Security policies
<p>Every organisation now are onboarded into kubernetes and terraform and use a lot of kubernetes objects, GCP resources and other infrastructure components. Therefore adhering to some best practices and guidelines is of utmost priority. We need to define some policy which would check the state of objects and either allow or deny the creation or mutate(edit) the resources during run time.</p>
<p>Some of the usecases where we need a policy adherance tool are as follows:</p>
<ol>
<li>Scan terraform resources before applying to check some labels or best practices. Ex: All resources should have either (dev, stg, prd, tooling labels)</li>
<li>Check and deny any pods running with priviledged access</li>
<li>Only allow pods to run images from specific registries like gcr, k8s.gcr.io/ etc</li>
<li>Ensure all kubernetes objects have a team lable or some specific annotations</li>
</ol>
<p><a href="https://snigdhasambit.medium.com/opa-on-kubernetes-security-policies-361313c141e9"><strong>Read More</strong></a></p>