Attending this event?
May 8 - 9, 2023 | Vancouver, Canada
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for cdCon+GitOpsCon to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right above "Filter by Date."
Back To Schedule
Tuesday, May 9 • 4:30pm - 5:00pm
Bundle, Test, Sign, Verify and Deploy Gatekeeper Policies as OCI Image - Mathieu Benoit, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Kubernetes policies are rules expressed in YAML that not only afford meeting governance requirements, but also improve the security of Kubernetes workloads and clusters. Policy engines like OPA Gatekeeper, Kyverno or even the new Kubernetes's Validating Admission Policies feature help write and enforce such policies. Once the policies are written, however, how do we easily and securely share them with different projects and teams? How do we deploy them across the fleet of clusters? How do we evaluate them as early as possible in CI/CD pipelines? In this presentation we will demonstrate how to bundle and share Gatekeeper policies as an OCI image using the ORAS command line client, how to evaluate any Kubernetes manifests against this OCI image with the gator command line client, and how to deploy this OCI image in Kubernetes clusters, in a GitOps way with Flux. Finally, we will illustrate how Sigstore Cosign can help making sure these policies as OCI image can be trusted and verified before being actually deployed in a cluster.

avatar for Mathieu Benoit

Mathieu Benoit

DevRel Engineer, Google
Mathieu is DevRel Engineer at Google, focused on Kubernetes. He is passionate about Cloud Native Computing technologies related to Kubernetes, Cloud Security, GitOps, DevSecOps and SRE. Based on his past experiences as software engineer, IT consultant, and solution architect, he now... Read More →

Tuesday May 9, 2023 4:30pm - 5:00pm PDT
Meeting Room 220
  GitOps Sessions
Feedback form isn't open yet.