Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
20. #everyonecancontribute cafe: Securing Kubernetes with Kyverno
We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:
In this session, we change the perspective again and secure a Kubernetes cluster with Philip Welz.
- Overview of Cloud Native Security - The 4C’s of Cloud Native security
- Explore and secure the Kubernetes API
- Secure ETCD with encryption at REST
- Debug API server not starting problem
- Intercepts API requests prior persisting to ETCD as an admission controller with Webhooks:
- Extends the API with Custom Resource Definitions
- General Policy structure
- Policies can be
auditedand will be recorded in reports
- Policy Reporter
Next week, we’ll explore more Kubernetes topics:
- OpenID Connection of the API Server with Dex and GitLab and multi-tenancy with kiosk
- Hetzner storage volumes
- Monitoring with Prometheus, GitLab CI/CD deployments and much more :)
- Kubernetes group repos
- Repository with all commands from the session
- Twitter thread
- Kyverno policy examples - best practices
- Test-drive Kyverno with BadPods
- Exploring Kyverno - 3 Part Series
Enjoy the session! 🦊