logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Jinhong Brejnholt, Charles-Edouard Brétéché
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of Kubernetes and OPA for security policy enforcement in DevOps.
  • Take advantage of recommended policies and customize them to fit organizational needs
  • Start with validation, value, and audit before enforcing policies
  • Kubernetes and OPA have extensive policy libraries and strong community support
  • Kubernetes can automate resource management and validation, including image signature verification
  • An anecdote is given about a misconfigured pod disruption budget causing issues with upgrading
Authors: Chip Zoller, Dolis Sharma
2022-10-27

tldr - powered by Generative AI

Kubernetes policy engine Kubernos can help with validation, mutation, and generation of rules in a Kubernetes cluster, as well as provide image verification and cost control. It can also automate tasks and set expectations for others.
  • Kubernos is a policy engine for Kubernetes that can validate, mutate, and generate rules in a cluster
  • It provides image verification and generates reports on violations
  • Kubernos can help with cost control and automation
  • It can set expectations for others and save time
  • Real-life use cases include blocking bad pod requests and creating fine-grained RBAC
Authors: Jim Bugwadia, Chip Zoller, Shuting Zhao
2022-10-26

Download the code ahead of time. DCO Required.Come work directly with some of the Kyverno maintainers on some ideas to expand the ability of Kyverno from a code and/or integration perspective. All potential contributors are welcome regardless of familiarity with Kyverno or Golang.This Contribfest session is designed to provide projects with the space and resources to tackle outstanding technical debt, security issues, or outstanding impactful feature requests. They are intended to provide a place for maintainers to meet contributors and potential contributors and work together on solving a problem.
Authors: Dolis Sharma
2022-10-26

tldr - powered by Generative AI

The presentation discusses the benefits and challenges of Infrastructure as Code (IAC) and how Crossplane can address these challenges by using Kubernetes API to provision and manage infrastructure.
  • IAC eliminates human errors and reduces costs by automating infrastructure deployment and management
  • Configuration drift can occur in manual deployment and management, which can jeopardize deployment cycles and increase project vulnerability
  • Crossplane uses Kubernetes API and declarative approach to automate infrastructure deployment and management, ensuring consistency and alignment between developers and operations
  • However, there are security risks associated with IAC, and bridging the gap between DevOps and SecOps can be a challenge
  • Crossplane addresses these challenges by using Version Control configuration, providing visibility and applying guardrails and rules
  • Crossplane can create infrastructure and policies using simple YAML files, such as EC2 instances and S3 buckets
  • Composite resources can be used to create more complex infrastructure, such as EKS clusters
  • Crossplane extends the functionality of Kubernetes clusters and provides self-service to developers
Authors: Mritunjay Sharma, Shuting Zhao, Ruhika Bulani
2022-10-25

tldr - powered by Generative AI

The panel discussion focuses on the intersection of Kyverno and DockerSlim in making Kubernetes workloads more secure.
  • Containers have become the norm as cloud adoption increases sharply.
  • Developers face challenges in making containers production-ready and secure.
  • Kyverno and DockerSlim are two projects that address these challenges.
  • Kyverno provides policies that act as a contract for shared environments like Kubernetes.
  • DockerSlim helps in minifying container images and automating the creation of AppArmor and SecComp profiles.
  • The combination of Kyverno and DockerSlim makes cluster security management easier and more efficient.