Overview
Explore the innovative approach of using WebAssembly to create Kubernetes admission policies in this 41-minute conference talk by Flavio Castelli and Rafael Fernández López from SUSE. Dive into the world of Kubernetes compliance, dynamic admission controllers, and policy frameworks. Gain insights into WebAssembly's advantages for policy writing, including enhanced security and flexibility. Learn about the Policy Hub, kwctl tool, and the process of building, inspecting, and deploying policies. Discover how to generate manifests, implement required labels, and handle invalid requests. Understand the challenges addressed by this approach and its potential impact on Kubernetes policy management.
Syllabus
Intro
Survey
Compliance
Kubernetes Policies
Admission Controllers
Dynamic Admission Controllers
Policy Frameworks
Expectations
WebAssembly Overview
Writing Kubernetes Admission Policies
Advantages of WebAssembly
Policy Documentation
Security
Other Policies
Policy Server
Defining the problem
The Policy Hub
kwctl
pull
inspection
deployment
generate manifest
Required labels
Build the policy
Invalid request
Taught by
Linux Foundation