Everyone can contribute! Let's learn together in a weekly cafe ☕
We love to break things, make mistakes, debug, analyse, fix problems together. Live and unfiltered on Youtube.
Community members and thought leaders regularly join and share their projects and ideas.
"Everyone Can Contribute" is inspired by GitLab's mission.
20. #everyonecancontribute cafe: Securing Kubernetes with Kyverno
We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:
In this session, we change the perspective again and secure a Kubernetes cluster with Philip Welz.
- Overview of Cloud Native Security - The 4C’s of Cloud Native security
- Explore and secure the Kubernetes API
- Secure ETCD with encryption at REST
- Debug API server not starting problem
- Intercepts API requests prior persisting to ETCD as an admission controller with Webhooks:
- Extends the API with Custom Resource Definitions
- General Policy structure
- Policies can be
auditedand will be recorded in reports
- Policy Reporter
Next week, we’ll explore more Kubernetes topics:
- OpenID Connection of the API Server with Dex and GitLab and multi-tenancy with kiosk
- Hetzner storage volumes
- Monitoring with Prometheus, GitLab CI/CD deployments and much more :)
- Kubernetes group repos
- Repository with all commands from the session
- Twitter thread
- Kyverno policy examples - best practices
- Test-drive Kyverno with BadPods
- Exploring Kyverno - 3 Part Series
Enjoy the session! 🦊