Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
20. #everyonecancontribute cafe: Securing Kubernetes with Kyverno
Highlights
We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:
-
- cafe: Provisioned the server and agent VMs with Terraform and Ansible in the first session with Max.
-
- cafe: Deployed k3s as Kubernetes distribution with Max.
-
- cafe: Learned about pods and the Hetzner load balancer with Max.
-
- cafe: Ingress controller for load balancer cost savings with Max.
-
- cafe: Break into Kubernetes Security with Philip Welz.
In this session, we change the perspective again and secure a Kubernetes cluster with Philip Welz.
- Overview of Cloud Native Security - The 4C’s of Cloud Native security
- Explore and secure the Kubernetes API
- Secure ETCD with encryption at REST
- Debug API server not starting problem
- Kyverno
- Intercepts API requests prior persisting to ETCD as an admission controller with Webhooks:
- Extends the API with Custom Resource Definitions
- General Policy structure
- Policies can be
enforcedorauditedand will be recorded in reports - Policy Reporter
Next week, we’ll explore more Kubernetes topics:
- OpenID Connection of the API Server with Dex and GitLab and multi-tenancy with kiosk
- Hetzner storage volumes
- Monitoring with Prometheus, GitLab CI/CD deployments and much more :)
Insights
- Kubernetes group repos
- Repository with all commands from the session
- Twitter thread
- Kyverno policy examples - best practices
- Test-drive Kyverno with BadPods
- Exploring Kyverno - 3 Part Series
Recording
Enjoy the session! 🦊
Written by: Michael Friedrich