Kubernetes configurations are complex to manage across developers and operators. External tools like Helm, Kustomize cannot ensure environment-specific configurations and admission controllers provide a way to do this. Now, various tools have evolved over time that helps solve this problem - OPA Gatekeeper, Kyverno, Kubewarden and jsPolicy.

In this talk during ContainerDays 2021, Saiyam Pathak from Civo goes through the need for a policy engine and discusses how each of the tools help along with the differences between them and where these are headed to.

00:00 Intro

00:41 Kubernetes policy engine

03:32 Policy Landscape

04:35 OPA

08:52 Kyverno

11:37 Kubewarden

15:15 jsPolicy

18:27 Comparison

22:34 Demo (Kyverno + Cosign)

Agenda

• Why Policy Engine
• Introduction to OPA Gatekeeper, Kyverno, Kubewarden, jsPolicy
• Differences
• Kyverno Demo