← All Articles

[OpenShift Commons briefing]: Bringing Policy-As-Code into the Container Deployment Pipeline

Udi NachmanyUdi Nachmany
Aug 22nd 18Updated Jul 5th 22

Kubernetes and containers are fast gaining ground as infrastructure building blocks, and as managed (public cloud) Kubernetes becomes a commodity in the market, more and more production workloads migrate to containers.

As a consequence, an increasing number of infrastructure architects, DevOps specialists and engineering managers are coming to terms with their next problem: managing multi-environment deployment, configuration templates, policy and security in the pipeline. A great example of this is the case of Red Hat OpenShift, where the sophistication, quality and robustness of the platform itself exposes the immaturity and fragmented nature of the CI/CD space.

Cloud 66, a proud member of OpenShift Commons, has tackled these exact same issues when building and running our Kubernetes-based stack, which serves over 4,000 customer workloads. Our very own Khash Sajadi recently presented a briefing on the Commons' channel: Bringing Policy-As-Code into the Container Delivery Pipeline.

Here's the link to the briefing (description follows). We hope you enjoy the briefing, and do let us know if you have any questions or comments.


Containers bring Devs and Ops closer together, and at the pace of commits on a microservices app, that can be daunting to some IT Ops teams. A delicate balance is required between operational governance and developer freedom—and that balance needs to be automated. Now that they’ve put in place cutting edge containerized infrastructure on the likes of OpenShift, how do IT Ops teams and dev managers ensure infrastructure and security policies are embedded into the deployment pipeline, in an easily-maintainable way, and without slowing down code? How do they avoid building custom technology for deployment, in a rapidly commoditizing world?

This session will walk through tools (open source and otherwise) developed by Cloud 66, which runs 4,000 customer workloads on Kubernetes, supported by over 2,000 lines of configuration. These tools enable teams to:

- secure images and manage secrets and IP in the build;
- bring in configuration validation into the pipeline;
- ensure fine-grained access control; and
- complement CI tools with powerful multi-environment, multi-team deployment capabilities.

Try Cloud 66 for Free, No credit card required