Kyverno vs. OPA: Modernizing Your Kubernetes Policy Management by Ritesh Patel

Ever since Kubernetes emerged as a top-contender for multi-cloud container management, automation and security challenges have been holding back the adoption of this innovative solution. This is sparking a new revolutionary technology: Kubernetes policy management engines. These policy engines allow for the automation and secure handling of Kubernetes configurations — essentially restricting what applications can run within a given cluster. A few years ago, the best way to manage security within Kubernetes systems was through the use of Role-Based Access Control (RBAC). However, RBACs were unable to provide adequate oversight at the level of specific resources, meaning intervention at higher levels is not possible. Pod Security Policies (PSPs) were designed as a built-in solution to provide cluster-level security. PSPs enable fine-grained control over the authorization and update of different pods. Unfortunately, the decision has been made to deprecate the use of PSPs due to complexities in the understanding and configuration....