Philipp Krenn

OPA for the cloud natives

Stop embedding security rules in brittle scripts. OPA lets you manage policy as auditable, version-controlled code, enforced consistently across your stack.

OPA for the cloud natives
#1about 3 minutes

Decoupling security checks from application deployment

Traditional embedded security checks are hard to audit and maintain, so decoupling them as policy-as-code enables continuous validation and simplifies compliance.

#2about 3 minutes

Shifting security left to prevent incidents before deployment

Proactively catching security violations in the CI pipeline is far better than reacting to incidents in production, moving beyond tribal knowledge to codified policies.

#3about 3 minutes

Introducing the Open Policy Agent (OPA) and Rego

OPA is a CNCF graduated project that provides a unified way to enforce policies across APIs using a custom declarative language called Rego.

#4about 3 minutes

Writing basic Rego policies for common use cases

Simple Rego policies can enforce rules like user data access control, manager hierarchies, or ensuring Kubernetes pods use a trusted container registry.

#5about 5 minutes

Using the OPA Playground to test and debug policies

The OPA Playground provides an interactive environment for writing, testing, and debugging Rego policies against sample input data, such as Kubernetes configurations.

#6about 2 minutes

Exploring OPA deployment patterns and advanced use cases

OPA can be deployed as a Go library or a sidecar daemon, enabling advanced use cases like validating Elasticsearch queries to enforce fine-grained data access control.

#7about 3 minutes

Automating infrastructure compliance with CIS benchmarks

OPA policies can codify Center for Internet Security (CIS) benchmarks to continuously scan Kubernetes clusters for misconfigurations and security vulnerabilities.

#8about 3 minutes

Addressing performance and adoption challenges with OPA

While powerful, OPA adoption can be hindered by the complexity of writing performant queries and the learning curve associated with its custom language, Rego.

#9about 3 minutes

Answering audience questions about OPA and Rego

The Q&A covers Rego's support for JSON and YAML, deployment options on bare metal or VMs, and potential integrations with APIs like GraphQL.

Related jobs
Jobs that call for the skills explored in this talk.

test

Milly
Vienna, Austria

Intermediate

test

Milly
Vienna, Austria

Intermediate

job ad

Saby Company
Delebio, Italy

Intermediate

Matching moments

Introducing Open Policy Agent for custom policies
30:46 MIN

Introducing Open Policy Agent for custom policies

A practical guide to writing secure Dockerfiles

Exploring other use cases for OPA beyond web APIs
29:05 MIN

Exploring other use cases for OPA beyond web APIs

Decoupled Authorization using Policy as Code

Q&A on policy culture, tooling, and security
23:51 MIN

Q&A on policy culture, tooling, and security

Policy as [versioned] code - you're doing it wrong

Introducing Policy as Code and Open Policy Agent
04:57 MIN

Introducing Policy as Code and Open Policy Agent

Decoupled Authorization using Policy as Code

Automating policy enforcement with admission controllers
19:31 MIN

Automating policy enforcement with admission controllers

Kubernetes Security Best Practices

How OPA works with a simple Rego policy
11:26 MIN

How OPA works with a simple Rego policy

Decoupled Authorization using Policy as Code

Demo of basic policy evaluation using OPA
14:53 MIN

Demo of basic policy evaluation using OPA

Decoupled Authorization using Policy as Code

Dynamically updating authorization policies without downtime
24:40 MIN

Dynamically updating authorization policies without downtime

Decoupled Authorization using Policy as Code

Featured Partners

Related Videos

See all videos
Decoupled Authorization using Policy as Code32:16

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

Policy as [versioned] code - you're doing it wrong45:57

Policy as [versioned] code - you're doing it wrong

Chris Nesbitt-Smith

Un-complicate authorization maintenance1:00:00

Un-complicate authorization maintenance

Alex Olivier

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue23:29

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Deepu

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems29:31

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Adam Larter

External Secrets Operator: the secrets management toolbox for self-sufficient teams30:07

External Secrets Operator: the secrets management toolbox for self-sufficient teams

Moritz Johner

GitOps for the people29:49

GitOps for the people

Lian Li

Kubernetes Security Best Practices23:08

Kubernetes Security Best Practices

Rico Komenda

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 131 - AI'm not sure about OSS
News and ArticlesRust and Typescript are rising stars in programming languages 2024 survey, the State of CSS 2024 survey is open and here is what's new in ECMAScript.In security news, a Microsoft update bricks Linux dual-boot systems, they patched a ...
Dev Digest 131 - AI'm not sure about OSS
BB
Benedikt Bischof
MLOps – What’s the deal behind it?
Welcome to this issue of the WeAreDevelopers Live Talk series. This article recaps an interesting talk by Nico Axtmann who introduced us to MLOpsAbout the speaker:Nico Axtmann is a seasoned machine learning veteran. Starting back in 2014 he observed ...
MLOps – What’s the deal behind it?

From learning to earning

Jobs that call for the skills explored in this talk.