Successfully reported this slideshow.
Your SlideShare is downloading. ×

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Based CI/CD

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 15 Ad

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Based CI/CD

Download to read offline

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with Open Policy Agent.
Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines.
Join this session to learn all the details on how to stay compliant with project dependencies or control your Infrastructure and Kubernetes deployment pipelines.

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with Open Policy Agent.
Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines.
Join this session to learn all the details on how to stay compliant with project dependencies or control your Infrastructure and Kubernetes deployment pipelines.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

More from Nico Meisenzahl (18)

Advertisement

Recently uploaded (20)

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Based CI/CD

  1. 1. Enhance Your Compliance and Governance With Policy-Based CI/CD Continuous Lifecycle & Container Conf 2021
  2. 2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, GitLab Hero • Cloud Native, Kubernetes & Azure © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
  3. 3. Agenda • Why do we need compliance and governance in CI/CD? • What is Open Policy Agent and how does it work? • How to get started – demo time © white duck GmbH 2021
  4. 4. Why do we need governance? • Regulatory compliance: comply with relevant laws, policies, and regulations • Standards: adhere to established and standard requirements • Contractual commitments: like vendor agreements, customers contracts • Corporate requirements: rules and policies defined by the company to comply with its needs © white duck GmbH 2021
  5. 5. Compliance and governance in CI/CD? Shift Left! • rises awareness • defines the “how” around the “what” of the pipeline • security and compliance gates • ensures requirements are always met © white duck GmbH 2021
  6. 6. Open Policy Agent (OPA) “policy-based control for cloud native environments” • general-purpose policy engine across your stack • graduated CNCF project introduced by styra • declarative policy language • decoupled the application logic from policy decisions • REST API with sidecar or daemon • Golang library or Wasm module • provides APIs for easy management © white duck GmbH 2021
  7. 7. © white duck GmbH 2021
  8. 8. Ecosystem • API and service authorization with Envoy, Kong, Traefik, … • authorization policies for SQL, Kafka, … • container network authorization with Istio and Linkerd • test policies for Terraform infrastructure changes • policies for SSH and sudo • policy and governance for Kubernetes • and many more • https://www.openpolicyagent.org/docs/latest/ecosystem © white duck GmbH 2021
  9. 9. How OPA works
  10. 10. How OPA works
  11. 11. Rego • “ray-go” • declarative Policy Language • ”is Nico allowed to POST a payload to /api?” • rules commonly return true/false • but may return any value • 140+ build-in functions • date/time, string, ... • Regex • JWT validation © white duck GmbH 2021
  12. 12. How OPA works
  13. 13. How to get started • OPA playground • https://play.openpolicyagent.org • docs • https://www.openpolicyagent.org/docs • OPA CLI • opa run (server) • opa eval (swiss-army knife)
  14. 14. Demos • Terraform change validation with GitLab CI/CD • Kubernetes manifest security validation with GitHub Actions • further samples • dependency deny list • https://play.openpolicyagent.org/p/b0n6CHElcw • Kubernetes Ingress validation • https://play.openpolicyagent.org/p/5o1UFjIl0S © white duck GmbH 2021
  15. 15. Questions? • Slides: https://www.slideshare.net/nmeisenzahl • Demos: • https://gitlab.com/nico-meisenzahl/demo-opa-terraform-validation • https://github.com/nmeisenzahl/demo-opa-cicd-validation © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org

×