Replacing PSPs - Keep Bad Pods out of Your Cluster Using Kyverno

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Explore effective strategies for maintaining cluster security in the absence of PodSecurityPolicy (PSP) in this 26-minute conference talk from KubeCon + CloudNativeCon Europe 2022. Learn how to leverage Kyverno, a Kubernetes-native admission controller, to set and validate security contexts for pods and pod controllers. Discover Kyverno's audit mode capabilities for identifying security violations without impacting existing clusters, and its Command Line Tool for executing policies in CI/CD pipelines. Follow along as Shuting Zhao demonstrates how to generate policy reports, enforce Pod security best practices, and improve overall cluster security posture using Kyverno's features, including policy libraries, validation policies, autogen functionality, and mutation policies.

Syllabus

Introduction
Pod Security
PSP Security Emission
PSP Security Recommendations
Why use Kyverno
Kyverno Policy Library
Kyverno Validation Policy
Kyverno Autogen
Kyverno Enforce Policy
Kyverno Policy Report
Grandfather Dashboard
Mutate Policy
Conclusion

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Replacing PSPs - Keep Bad Pods out of Your Cluster Using Kyverno

Taught by

Deploying Pod Security Policies Using Kyverno - A New Approach

Kyverno for Beginners - Secure Your Kubernetes Clusters Like a Pro

Kubernetes Policy as Code with Kyverno - Cloud Native Live

One Large Cluster or Lots of Small Ones - Pros, Cons and When to Apply Each Approach

Never Stop Learning.