In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Thursday, April 20 • 15:25 - 16:00
Automating Configuration and Permissions Testing for GitOps with OPA Conftest - Eve Ben Ezra & Michael Hume, The New York Times

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Deployment is an important part of the software development life cycle. The New York Times had an even more ambitious goal: build a self-service platform that allowed developers to deploy with autonomy. But managing multi-tenant deployments securely is a difficult task. And while top-down checks were configured in Kubernetes and ArgoCD itself that disallowed certain resource creation or access, engineers wanted to ensure there were proper checks in place to make sure no excessive permissions or bad practices, such as latest images, got checked into the source code of the ArgoCD app-of-apps architecture itself. Enter OPA conftest. OPA conftest allows for policies and testing against structured configuration at the PR level, before any code is merged. By narrowing the scope of allowed declarative permissions, the CICD team at NYT was able to take a "trust, but verify" approach to deployment, safeguarding systems while also giving feature developers the autonomy they needed to self-service deploy their applications. In this presentation, the speakers will go through policy set-up, best practices, and implementation within a greater GitOps mindset.

avatar for Eve Ben Ezra

Eve Ben Ezra

Software Engineer, The New York Times
Eve Ben Ezra is a Software Engineer with The New York Times Company. Coming from a data and mathematics background, Eve has built a career on using logic to apply solutions to broad business problems while considering necessary outliers. In their free time, Eve makes jokes about kubernetes... Read More →

Thursday April 20, 2023 15:25 - 16:00 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)