Kyverno Introduction and Deep Dive - Charles

The presentation discusses the use of Kubernetes and OPA for security policy enforcement in DevOps.

• Take advantage of recommended policies and customize them to fit organizational needs
• Start with validation, value, and audit before enforcing policies
• Kubernetes and OPA have extensive policy libraries and strong community support
• Kubernetes can automate resource management and validation, including image signature verification
• An anecdote is given about a misconfigured pod disruption budget causing issues with upgrading

The speaker shares an anecdote about a misconfigured pod disruption budget causing a whole node to be held from upgrading, highlighting the importance of proper resource validation.

Kyverno is a Kubernetes policy engine which enables a broad set of use cases to secure and automate Kubernetes workloads and cluster configurations. Kyverno policies enable resource validation, mutation, generation, cleanup, and software supply chain security use cases all without requiring knowledge of a programming language. In this session, Jinhong and Charles-Edouard will introduce you to Kyverno and explain and demonstrate in detail all of its capabilities. First, as a Kyverno user and community member, Jinhong will present how her company evaluated policy engines, and how they utilize Kyverno to not only enforce security and best practices, including better secret management. Next, Charles-Edouard, will dive into key project updates and features and demonstrate how to use Kyverno for Policy-as-Code and governance across clusters. They will also share future roadmap plans, how you can get involved in the community, and provide resources you need to start solving your use cases.