Replacing PSPs - Keep Bad Pods out of Your Cluster Using Kyverno
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore effective strategies for maintaining cluster security in the absence of PodSecurityPolicy (PSP) in this 26-minute conference talk from KubeCon + CloudNativeCon Europe 2022. Learn how to leverage Kyverno, a Kubernetes-native admission controller, to set and validate security contexts for pods and pod controllers. Discover Kyverno's audit mode capabilities for identifying security violations without impacting existing clusters, and its Command Line Tool for executing policies in CI/CD pipelines. Follow along as Shuting Zhao demonstrates how to generate policy reports, enforce Pod security best practices, and improve overall cluster security posture using Kyverno's features, including policy libraries, validation policies, autogen functionality, and mutation policies.
Syllabus
Introduction
Pod Security
PSP Security Emission
PSP Security Recommendations
Why use Kyverno
Kyverno Policy Library
Kyverno Validation Policy
Kyverno Autogen
Kyverno Enforce Policy
Kyverno Policy Report
Grandfather Dashboard
Mutate Policy
Conclusion
Taught by
CNCF [Cloud Native Computing Foundation]