Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Unleashing the Power of Kyverno: A Deep Dive in...
Search
Jeppe Johansen
May 31, 2023
Technology
160
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Unleashing the Power of Kyverno: A Deep Dive into Kubernetes Policy Management
Jeppe Johansen
May 31, 2023
More Decks by Jeppe Johansen
See All by Jeppe Johansen
Building a green supercomputer in the cloud
jepp2078
0
170
Building a Bank from Scratch in the Cloud on Kubernetes
jepp2078
0
85
KUDO - Kubernetes Operators, the easy way
jepp2078
0
44
Other Decks in Technology
See All in Technology
攻撃者視点で考えるDetection Engineering
cryptopeg
3
2k
マルチアカウント環境での コーディングエージェントを使った障害調査が大変なので AIエージェントにReadOnly権限を付与してみた / ReadOnly AI Agents for Multi-Account AWS Incident Response
yamaguchitk333
2
110
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
0
160
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
line_developers_tw
PRO
0
1.2k
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
masahirokawahara
2
410
Lightning近況報告
kozy4324
0
160
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
line_developers_tw
PRO
0
1.2k
【Snowflake Summit 2026 Recap!!】Snowflake Summit Deep Dive: Security & Governance
civitaspo
1
250
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
cscengineer
PRO
2
140
脆弱性対応、どこで線を引くか
rymiyamoto
1
410
人材育成分科会.pdf
_awache
4
290
現地で盛り上がった WWDC26 Keynote
zozotech
PRO
1
260
Featured
See All Featured
The SEO Collaboration Effect
kristinabergwall1
1
490
RailsConf 2023
tenderlove
30
1.5k
How GitHub (no longer) Works
holman
316
150k
Done Done
chrislema
186
16k
Embracing the Ebb and Flow
colly
88
5.1k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
410
How to Think Like a Performance Engineer
csswizardry
28
2.7k
How Software Deployment tools have changed in the past 20 years
geshan
0
34k
Building Adaptive Systems
keathley
44
3.1k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
290
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
390
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
300
Transcript
Abstract & bio
Unleashing the Power of Kyverno: A Deep Dive into Kubernetes
Policy Management
Agenda Who What & why Demo
None
None
None
Is it easy to run Kubernetes platform securely?
Not secure by default
Security Policies
Security Policies
OPA vs Kyverno vs VAP
VAP vs OPA vs Kyverno
OPA vs Kyverno
None
None
None
None
Where & How
Utilize out-of-the- box policies
Disallow “latest”
Require run as non root user
Resource management
Sync image pull secret
Multi-tenancy
Generate Flux Multi-Tenant Resources
Clean up
Clean up bare pod
Clean up bare pod - Grant Kyverno permission
Image Signature Verification
Verify Image GCP KMS
Verify Image Public Key
Demo
KubeCon Learnings
Performance Improve
Notary Support
GET/POST Support rules: - name: call-extension match: # .... context:
- name: result apiCall: service: requestType: POST urlPath: http://sample.kyverno- extension/check-namespace data: - key: namespace value: "{{request.namespace}}" validate: message: "namespace {{request.namespace}} is not allowed" deny: conditions: all: - key: "{{ result.allowed }}" operator: EQUALS value: false
VAP Adoption Evaluation
Wrap up - Why security policy - Other options -
What’s Kyverno - Where to use it - How to get started - New features to come
Thank You
jepp2078
cryptopeg
yamaguchitk333
amarelo_n24
line_developers_tw
masahirokawahara
kozy4324
civitaspo
cscengineer
rymiyamoto
_awache
zozotech
kristinabergwall1
tenderlove
holman
chrislema
colly
inesmontani
csswizardry
geshan
keathley
minecr
reverentgeek
retrage
