Talk:Portal:Toolforge/Admin/Kubernetes/RBAC and Pod security/PSP migration
Keeping the custom admission controllers out of scope
We should not block ourselves on trying to find a solution that fits the current policies plus the admission controller usecases, those are two different problems and the latter needs some discussion (and it's way way less urgent).
Essentially, I suggest we focus only on the problem at hand (PSPs), and find the best solution for it, and only after we focus on other things. David Caro (talk) 09:57, 5 April 2024 (UTC)
Doing a PoC of OPA for a fair comparison
Specially given that Kyverno is maintained by a single company that has an enterprise product on top of it, I think that we should do the same PoC with OPA, to make sure that we are not discarding the stabler, upstream recommended alternative without a very very clear idea of the benefits.
Even more if we are considering replacing the admission controllers with it (as that would add way more dependency on kyverno, making it way harder to move out of it in case they decide to pull the plug). David Caro (talk) 08:41, 10 April 2024 (UTC)