Beyond RBAC – demystifying Open Policy Agent usage for advanced cluster security

---

Kubernetes provides a built-in access control system called RBAC – Role-Based Access Control, that allows limiting access to specific resources. For a modern enterprise with cross-functional DevOps teams restricting access to the whole resource is not an option. This is where OPA comes to the rescue, as when installed as an admission webhook it allows to create very granular policies for manifests contents and configuration. In this presentation, Adam will show examples of the policies configuration with a focus on Rego, the language used by Open Policy Agent for writing policies.

---

---

---

Adam Kozłowski

---

Solution Architect and Head of Automotive R&D

---

Solution Architect and Head of Automotive R&D at Grape Up Adam worked as a C/C++ and JavaScript Developer before starting his journey in the world of Cloud and Machine Learning. He is a huge fan of RnD initiatives, rapid prototyping, MLOps, and building great software products enhanced by ML algorithms. Throughout his career, Adam has worked with established companies such as Rijkswaterstaat, Porsche, and Allstate to develop their mission-critical systems. Currently, he is responsible for consulting projects in the automotive industry and specializes in Cloud and MLOps solutions.