Closed fntlnz closed 3 years ago
/kind design /kind feature
I might be wrong, but I think @kris-nova just demoed something like this today at FOSDEM. Is this about a deeper integration?
I might be wrong, but I think @kris-nova just demoed something like this today at FOSDEM. Is this about a deeper integration?
Here's the talk http://bofh.nikhef.nl/events/FOSDEM/2020/K.1.105/kubernetes.webm
I'd like to find her project to deeply understand the gatekeeper OPA rules and have examples
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://github.com/falcosecurity/community. /close
@poiana: Closing this issue.
OPA - Open Policy Agent can be used at different levels of the stack and is not intended only for application business logic but also for other levels.
Said that, we want to find ways to integrate OPA with Falco by farming off policy decisions that can then be converted to falco rules.
For example, an OPA policy might be "limit what Kubernetes users can instruct the cluster to use specific image", Falco can read that policy and put in place the action with a Rule.