Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Replacing PSPs - Keep Bad Pods out of Your Cluster Using Kyverno

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore effective strategies for maintaining cluster security in the absence of PodSecurityPolicy (PSP) in this 26-minute conference talk from KubeCon + CloudNativeCon Europe 2022. Learn how to leverage Kyverno, a Kubernetes-native admission controller, to set and validate security contexts for pods and pod controllers. Discover Kyverno's audit mode capabilities for identifying security violations without impacting existing clusters, and its Command Line Tool for executing policies in CI/CD pipelines. Follow along as Shuting Zhao demonstrates how to generate policy reports, enforce Pod security best practices, and improve overall cluster security posture using Kyverno's features, including policy libraries, validation policies, autogen functionality, and mutation policies.

Syllabus

Introduction
Pod Security
PSP Security Emission
PSP Security Recommendations
Why use Kyverno
Kyverno Policy Library
Kyverno Validation Policy
Kyverno Autogen
Kyverno Enforce Policy
Kyverno Policy Report
Grandfather Dashboard
Mutate Policy
Conclusion

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Replacing PSPs - Keep Bad Pods out of Your Cluster Using Kyverno

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.