Kubernetes Policy Enforcement: OPA vs jsPolicy

Two piles of coffee beans, one green and one brown

Developer Experience

helm install jspolicy jspolicy -n jspolicy --create-namespace --repo https://charts.loft.sh
​​# policy.yaml
apiVersion: policy.jspolicy.com/v1beta1
kind: JsPolicy
metadata:
name: "deny-default-namespace.company.tld"
spec:
operations: ["CREATE"]
resources: ["*"]
scope: Namespaced
javascript: |
if (request.namespace === "default") {
deny("Creation of resources within the default namespace is not allowed!");
}

Maintainability

Testability of Policies

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store