Modern Kubernetes applications are often composed of components packaged in the form of Helm charts. These modular applications help teams deliver innovation to market faster than ever. However, building applications from components that may not have been designed to work together requires careful consideration of security architecture and risks. This presentation will explain the risks that Helm development teams need to be aware of, and demonstrate how to mitigate those risks using policy as code, open standards such as the Open Policy Agent (OPA) and open source IaC scanners such as Terrascan. Policy as code enables teams to establish baseline policies that define what components are allowed to do, and enables programmatic enforcement of those policies during development and at runtime. This effectively creates guardrails that ensure the application operates within well-defined, safe boundaries, minimizes attack surface, and avoids risky behavior.
Presented by: accurics