Unleashing the Power of Kyverno: A Deep Dive into Kubernetes Policy Management

Jeppe Johansen

May 31, 2023

More Decks by Jeppe Johansen

See All by Jeppe Johansen

Building a green supercomputer in the cloud

0

170

Building a Bank from Scratch in the Cloud on Kubernetes

0

85

KUDO - Kubernetes Operators, the easy way

0

44

Other Decks in Technology

See All in Technology

AWS Security Agent といっしょに脅威モデリングをやってみよう

0

160

作って終わりにしないタイミーのセマンティックレイヤー育成の現在地

4

2.5k

気軽に使える"情報のハブ"としてのNotion活用　〜フロー情報の集積点と、 Claude Code × Notion AI〜

1

150

2026TECHFRESH畢業分享會 - 原生還是跨平台? App 開發踩坑實錄

line_developers_tw

PRO

0

1.3k

2026TECHFRESH畢業分享會 - Lightning Talk - 資料也要 CI/CD? 用 Airbyte 自動化資料同步

line_developers_tw

PRO

0

1.2k

【NRUG vol.18】KubernetesにおけるNew Relicデータ取得量削減の考え方

0

160

日本 Fintech 未来予測レポート 2027〜2028年（手動編集版）

1

2.4k

スキルと MCP ツール、責務をどう分けるか？ AI が迷わないインターフェース設計の戦略

1

1.1k

「勝手に広まる」人気 AI エージェントを爆速で作ろう！（AWS Summit Japan 2026講演資料）

PRO

5

1.5k

AWS Security Hub CSPMの成功・失敗体験

0

180

[チョークトーク資料]AWS DevOps Agent を使いこなす / AWS Dev Ops Agent Chalk Talk AWS Summit Japan 2026

2

510

スタートアップにAmazon EKSは早すぎる？マルチプロダクト戦略を加速する Platform Engineeringの実践 / Is Amazon EKS Too Soon for Startups? Practical Platform Engineering to Accelerate a Multi-Product Strategy

0

190

Featured

See All Featured

GraphQLとの向き合い方2022年版

50

15k

The MySQL Ecosystem @ GitHub 2015

251

13k

Testing 201, or: Great Expectations

46

8.2k

Dealing with People You Can't Stand - Big Design 2015

367

27k

sira's awesome portfolio website redesign presentation

0

280

The SEO Collaboration Effect

kristinabergwall1

1

490

How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.

0

140

Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO

3

160

Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum

0

590

Efficient Content Optimization with Google Search Console & Apps Script

PRO

1

630

DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所

PRO

66

55k

Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)

0

460

Transcript

Abstract & bio
Unleashing the Power of Kyverno: A Deep Dive into Kubernetes
Policy Management
Agenda Who What & why Demo
None
None
None
Is it easy to run Kubernetes platform securely?
Not secure by default
Security Policies
Security Policies
OPA vs Kyverno vs VAP
VAP vs OPA vs Kyverno
OPA vs Kyverno
None
None
None
None
Where & How
Utilize out-of-the- box policies
Disallow “latest”
Require run as non root user
Resource management
Sync image pull secret
Multi-tenancy
Generate Flux Multi-Tenant Resources
Clean up
Clean up bare pod
Clean up bare pod - Grant Kyverno permission
Image Signature Verification
Verify Image GCP KMS
Verify Image Public Key
Demo
KubeCon Learnings
Performance Improve
Notary Support
GET/POST Support rules: - name: call-extension match: # .... context:
- name: result apiCall: service: requestType: POST urlPath: http://sample.kyverno- extension/check-namespace data: - key: namespace value: "{{request.namespace}}" validate: message: "namespace {{request.namespace}} is not allowed" deny: conditions: all: - key: "{{ result.allowed }}" operator: EQUALS value: false
VAP Adoption Evaluation
Wrap up - Why security policy - Other options -
What’s Kyverno - Where to use it - How to get started - New features to come
Thank You