Static Analysis of Kubernetes Manifests

Barak Schoster at KubeCon + CloudNativeCon North America 2020

Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream. In this talk, we'll cover best practices for writing, testing, and maintaining infrastructure at scale using policy-as-code both in CI/CD and kubernetes cluster runtime. We'll compare the two methods and review sample use cases that showcase the benefits of each. In addition we'll cover the current state of open source repositories and kubernetes manifests found in the wild.