Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing the Future: A Walkthrough of Pulumi and Policy-as-Code for Robust Kubernetes Clusters

Ringo
PRO
June 19, 2023
Technology
0
14

Securing the Future: A Walkthrough of Pulumi and Policy-as-Code for Robust Kubernetes Clusters

In this dynamic and engaging meetup, we will dive into the cutting-edge realm of Infrastructure as Code (IaC) by demonstrating how Pulumi can be wielded to efficiently orchestrate Kubernetes clusters.
Pulumi, a modern IaC tool, not only supports multiple languages but also integrates seamlessly with Kubernetes. However, building and deploying is just half the story. As security and compliance become paramount in the cloud, incorporating policies as code alongside infrastructure is vital.
Through live demos and hands-on examples, this session will unravel how to amalgamate Pulumi with Open Policy Agent (OPA), a CNCF project, to enforce fine-grained, context-aware policies.

CloudNative Prague Meetup

Ringo
PRO

June 19, 2023
Tweet

More Decks by Ringo

See All by Ringo
Scaling Infrastructure with Pulumi
ringods
PRO
0
5
Power to the People: Combine Imperative with Declarative aspects
ringods
PRO
0
160
Infrastructure as Code
ringods
PRO
0
47
Container runtimes & cost
ringods
PRO
0
30
What to expect in Terraform 0.12?
ringods
PRO
0
70
Terraform Provider Development
ringods
PRO
0
82
Vault: Unified Operational Access
ringods
PRO
0
26
What is DevOps?
ringods
PRO
0
33

Other Decks in Technology

See All in Technology
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
400
web-application-security
matsuihidetoshi
0
180
本当のAWS基礎
toru_kubota
0
540
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
280
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
310
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
260
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
230
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
180
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
260
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
260
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
870

Featured

See All Featured
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Building Adaptive Systems
keathley
31
1.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
The Language of Interfaces
destraynor
151
23k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Designing for humans not robots
tammielis
248
25k
Debugging Ruby Performance
tmm1
70
11k
A designer walks into a library…
pauljervisheath
200
23k
Product Roadmaps are Hard
iamctodd
44
9.7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
1k
Facilitating Awesome Meetings
lara
42
5.6k

Transcript

  1. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved Ringo De

    Smet Customer Experience Architect 19 June 2023

  2. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved

  3. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 3 Architecture

    SCM Team Foundation Data Network Others IDEs Tools Packages Build Deploy Manage

  4. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 4 Multi-Cloud

    Infrastructure as Code BUILD, DEPLOY, AND MANAGE ANYWHERE WITH A STANDARD WORKFLOW Cloud Native Clouds Core Features: • Any Cloud, Any Language • State Management • Secrets Management • Guaranteed Preview Plans • CI/CD Integrations • Webhooks • REST API • Automation API • Dashboards and Reports Infra Providers

  5. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 5 Pulumi

    - High Level View • Pulumi Architecture • Language Host • CLI & Engine • Providers • State Backend •Pulumi Service •Cloud Storage (S3, …)

  6. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 6 Pulumi

    - High Level View • Automate your infrastructure setup with 1 or more Pulumi projects • A project contains • a program: this is your “template” from which you can create stacks • the stacks: each stack is an “instance” of the program • One project can use info from another project as input

  7. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved

  8. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved

  9. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 9 Pulumi

    - ComponentResource Language Host Pulumi CLI & Engine Pulumi Provider (e.g. aws) $ pulumi up runtime: nodejs Start Network + children provider: aws Start CREATE …

  10. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 10 Pulumi

    - Multi Language Components

  11. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 11 Pulumi

    - Multi Language Component Language Host Pulumi CLI & Engine Pulumi Provider (e.g. aws) $ pulumi up runtime: nodejs Start i80.nw.Network provider: aws Start CREATE … MLC (e.g. acme) Start Nw resources

  12. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved

  13. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved

  14. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved

  15. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved 15

  16. Pulumi Confidential. © 2023 Pulumi. All Rights Reserved @ringods @[email protected]

    • https://www.pulumi.com/docs • https://www.pulumi.com/blog • https://www.pulumi.com/registry