Explore the innovative approach of using WebAssembly to create Kubernetes admission policies in this 41-minute conference talk by Flavio Castelli and Rafael Fernández López from SUSE. Dive into the world of Kubernetes compliance, dynamic admission controllers, and policy frameworks. Gain insights into WebAssembly's advantages for policy writing, including enhanced security and flexibility. Learn about the Policy Hub, kwctl tool, and the process of building, inspecting, and deploying policies. Discover how to generate manifests, implement required labels, and handle invalid requests. Understand the challenges addressed by this approach and its potential impact on Kubernetes policy management.
Leveraging WebAssembly to Write Kubernetes Admission Policies
Overview
Syllabus
Intro
Survey
Compliance
Kubernetes Policies
Admission Controllers
Dynamic Admission Controllers
Policy Frameworks
Expectations
WebAssembly Overview
Writing Kubernetes Admission Policies
Advantages of WebAssembly
Policy Documentation
Security
Other Policies
Policy Server
Defining the problem
The Policy Hub
kwctl
pull
inspection
deployment
generate manifest
Required labels
Build the policy
Invalid request
Taught by
Linux Foundation
Tags
Related Courses
-
Leveraging WebAssembly to Write Kubernetes Admission Policies
-
Making Dynamic Admission Control Even More Dynamic Using WebAssembly
-
Making Dynamic Admission Control Even More Dynamic Using WebAssembly
-
Extending Kube-Apiserver with WebAssembly - A Prototype
-
Extending Kubernetes Core with WebAssembly Modules - Admission Controllers
-
One Large Cluster or Lots of Small Ones - Pros, Cons and When to Apply Each Approach
