This is a continuation of the PodSecurityPolicy Is Dead, Long Live…? article, which looks at how to construct the most effective policy for your Kubernetes infrastructure. Haven’t read that? Check it out first.
“Policy as code” is one of the more recent “as-code” buzzwords to enter the discourse since “infrastructure-as-code” paved the way for the *-as-code term. The fundamental principles of it sound great: everything in version control, auditable, repeatable, and so on. However, in practice, it can often fall apart when it comes to the day 2 operational challenges which are exacerbated by adopting “GitOps.”