Thursday, November 21 • 5:20pm - 5:55pm
Kubernetes Policy Enforcement Using OPA At Goldman Sachs - Miguel Uzcategui, Goldman Sachs & Tim Hinrichs, Styra

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Managing state on multiple shared Kubernetes clusters may sound scary. The Goldman Sachs Kubernetes team uses OPA to manage that state using two different applications of policy. The first is the validating admission control policies that prevent unsafe resources on the cluster. The second, and novel, application goes beyond simple yes/no decisions and uses OPA policy to provision new resources on the cluster to implement a common baseline, e.g. RBAC, Volumes, ResourceQuotas, and LimitRanges.

This talk focuses on the architectural design that allows GS to run OPA at scale in production. Along the way we discuss best practices and lessons learned, highlighting how GS reduced policy deployment times from days to under 10 minutes. The audience will learn how to create their own policy pipelines using popular open-source tools to enforce OPA policy across multiple Kubernetes clusters.

avatar for Tim Hinrichs

Tim Hinrichs

CTO, Styra
Tim Hinrichs is the CTO and Co-founder of Styra. For the last 15 years, he designed and built policy languages across different domains, most recently the CNCF Open Policy Agent and prior to that OpenStack Congress. Before Styra he worked as a software developer at VMware on Nicira's... Read More →
avatar for Miguel Uzcategui

Miguel Uzcategui

Associate, Goldman Sachs
Miguel Uzcategui is a Technology Associate in the Unix Engineering team at Goldman Sachs. He spends his time managing the compute infrastructure in areas such as configuration management, OS patching, and kubernetes. Miguel's team is currently responsible for engineering & maintaining... Read More →

Thursday November 21, 2019 5:20pm - 5:55pm
Room 16AB - San Diego Convention Center Mezzanine Level