logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Kyverno Introduction and Deep Dive - Charles

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Jinhong Brejnholt, Charles-Edouard Brétéché
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of Kubernetes and OPA for security policy enforcement in DevOps.
  • Take advantage of recommended policies and customize them to fit organizational needs
  • Start with validation, value, and audit before enforcing policies
  • Kubernetes and OPA have extensive policy libraries and strong community support
  • Kubernetes can automate resource management and validation, including image signature verification
  • An anecdote is given about a misconfigured pod disruption budget causing issues with upgrading
Tags:
Kubernetes
policy
engine
Kyverno
Security

Kyverno Introduction And Overview

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Chip Zoller, Dolis Sharma
2022-10-27

tldr - powered by Generative AI

Kubernetes policy engine Kubernos can help with validation, mutation, and generation of rules in a Kubernetes cluster, as well as provide image verification and cost control. It can also automate tasks and set expectations for others.
  • Kubernos is a policy engine for Kubernetes that can validate, mutate, and generate rules in a cluster
  • It provides image verification and generates reports on violations
  • Kubernos can help with cost control and automation
  • It can set expectations for others and save time
  • Real-life use cases include blocking bad pod requests and creating fine-grained RBAC
Tags:
Kyverno
Kubernetes
policy
engine
Validation

🚨 ContribFest - Kyverno: Help Secure and Automate Kubernetes by Contributing to the Kyverno Project (Limited Availability; First-Come, First

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Jim Bugwadia, Chip Zoller, Shuting Zhao
2022-10-26
Download the code ahead of time. DCO Required.Come work directly with some of the Kyverno maintainers on some ideas to expand the ability of Kyverno from a code and/or integration perspective. All potential contributors are welcome regardless of familiarity with Kyverno or Golang.This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Tags:
DCO
Required
Kyverno
Golang
Contribfest

Cloud Governance With Infrastructure As Code (IaC) With Kyverno And Crossplane

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Dolis Sharma
2022-10-26

tldr - powered by Generative AI

The presentation discusses the benefits and challenges of Infrastructure as Code (IAC) and how Crossplane can address these challenges by using Kubernetes API to provision and manage infrastructure.
  • IAC eliminates human errors and reduces costs by automating infrastructure deployment and management
  • Configuration drift can occur in manual deployment and management, which can jeopardize deployment cycles and increase project vulnerability
  • Crossplane uses Kubernetes API and declarative approach to automate infrastructure deployment and management, ensuring consistency and alignment between developers and operations
  • However, there are security risks associated with IAC, and bridging the gap between DevOps and SecOps can be a challenge
  • Crossplane addresses these challenges by using Version Control configuration, providing visibility and applying guardrails and rules
  • Crossplane can create infrastructure and policies using simple YAML files, such as EC2 instances and S3 buckets
  • Composite resources can be used to create more complex infrastructure, such as EKS clusters
  • Crossplane extends the functionality of Kubernetes clusters and provides self-service to developers
Tags:
self-service
clusters
cloud resources
Crossplane
Kyverno

Panel Discussion: Say Hi to the New Couple in the Town – DockerSlim and Kyverno – Making Your Kubernetes Workloads More Secure!

Conference:  Cloud Native SecurityCon North America 2022
Authors: Mritunjay Sharma, Shuting Zhao, Ruhika Bulani
2022-10-25

tldr - powered by Generative AI

The panel discussion focuses on the intersection of Kyverno and DockerSlim in making Kubernetes workloads more secure.
  • Containers have become the norm as cloud adoption increases sharply.
  • Developers face challenges in making containers production-ready and secure.
  • Kyverno and DockerSlim are two projects that address these challenges.
  • Kyverno provides policies that act as a contract for shared environments like Kubernetes.
  • DockerSlim helps in minifying container images and automating the creation of AppArmor and SecComp profiles.
  • The combination of Kyverno and DockerSlim makes cluster security management easier and more efficient.
Tags:
container images
minification
AppArmor
SecComp
Kyverno