Modern Kubernetes applications are deployed on a wide range of hosting environments, from multitenant clusters in the cloud to specialized microclusters at the edge. Recent security disclosures, such as those associated with CVE-2020-8554 and CVE-2020-8569, highlight the need for development teams to protect their applications against weaknesses that may be exposed through the runtime environment.

This presentation will demonstrate how Kubernetes development teams can improve security with policy as code, using open standards such as the Open Policy Agent (OPA) and open source IaC scanners such as Terrascan. OPA provides a standard tool for codifying and evaluating policies, and Terrascan provides hundreds of pre-built policies aligned to best practices for Kubernetes, common cloud environments, and package managers such as Helm. Used together, they help you establish and enforce security policies during development that will help eliminate security risks before services and applications are deployed, and build those policies into the application so it can remain secure when faced with attacks in the runtime environment.