In this talk, we will discuss the tools and processes created by Yubico to enable autonomous teams through policy.

Initially, Kubernetes RBAC and peer reviews from our Platform team allowed teams to adopt Kubernetes for their services. However, we knew that a dependency on a single team was not a scalable solution. To give teams more autonomy over their services, and rely less on manual reviews, we began to enforce policies in our pipelines and clusters by leveraging the Open Policy Agent. The Open Policy Agent and its surrounding projects were the perfect fit for us; they are open source, flexible, performant, and have seen widespread adoption throughout the ecosystem.

We'll also discuss the tooling that was built that enabled us to test policies, automatically generate supporting documentation and audit how each policy is being used so that they can be safely promoted through our environments. Best of all? They are all open source!