October 12, 2021
Los Angeles, California + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 - Los Angeles, CA + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Monday, September 13 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually.
Back To Schedule
Tuesday, October 12 • 11:35am - 12:05pm
Replacing PSPs? Keep Bad Pods out of your cluster using Kyverno!- Shuting Zhao, Nirmata

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Securing sensitive aspects of the Pod specification has always been difficult but it has become more challenging now with the deprecation of PodSecurityPolicy (PSP). So how can you continue to ensure that “Bad Pods” stay out of your cluster and don’t compromise the security posture?   Kyverno, an admission controller, provides a Kubernetes native solution to set and validate security context, not only for pods but also for all the pod controllers. In addition to admission review, Kyverno can be run in audit mode. In this mode, Kyvero does not impact existing clusters but audits the cluster and reports any security violations in policy reports. Kyverno also provides the Command Line Tool (CLI) to support “dry run” so that you can easily execute policies in your CI/CD pipeline and generate reports without having to deploy Kyverno to your cluster.  In this talk, Shuting Zhao will provide an overview of Kyverno and present a set of Kyverno policies for Pod that is based on Pod Security Standards. She will demonstrate how to generate policy reports for existing clusters. She will also demonstrate how Kyverno can enforce best practices for Pod security. Lastly, she will show how Kyverno can help add default security context to Pods and improve the security posture of your clusters. 

avatar for Shuting Zhao

Shuting Zhao

Senior Software Engineer, Nirmata
Shuting Zhao is a senior software engineer at Nirmata, working on Kyverno and several other projects that help automate the deployment and operation of Kubernetes workloads and clusters. Shuting has become the mentor of several LXF mentorship programs since March 2021, she enjoys... Read More →

Tuesday October 12, 2021 11:35am - 12:05pm PDT
Room 408 AB + Online