Submit Search
Upload
Policy & Governance für Kubernetes
•
0 likes
•
117 views
Nico Meisenzahl
Follow
Policy & Governance für Kubernetes using Open Policy Agent Gatekeeper
Read less
Read more
Technology
Report
Share
Report
Share
1 of 24
Download now
Download to read offline
Recommended
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
Die Evolution von Container Image Builds
Die Evolution von Container Image Builds
Nico Meisenzahl
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
Recommended
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
Die Evolution von Container Image Builds
Die Evolution von Container Image Builds
Nico Meisenzahl
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Nico Meisenzahl
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
FestiveTechCalendar2021 - Have Yourself An Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An Azure Container Registry
Philip Welz
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...
Nico Meisenzahl
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Nico Meisenzahl
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
Nico Meisenzahl
Fast SAP system provisioning based on CloudStack
Fast SAP system provisioning based on CloudStack
ShapeBlue
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
Developing and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project Tye
Eran Stiller
Build your own private Cloud environment
Build your own private Cloud environment
Nico Meisenzahl
Orchestrating Microservices
Orchestrating Microservices
Mauricio (Salaboy) Salatino
[AzureCamp 24 Juin 2014] Témoignage de Conuxio par Arnaud Lecoufle
[AzureCamp 24 Juin 2014] Témoignage de Conuxio par Arnaud Lecoufle
Microsoft Technet France
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Nico Meisenzahl
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
More Related Content
What's hot
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Nico Meisenzahl
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
FestiveTechCalendar2021 - Have Yourself An Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An Azure Container Registry
Philip Welz
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...
Nico Meisenzahl
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Nico Meisenzahl
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
Nico Meisenzahl
Fast SAP system provisioning based on CloudStack
Fast SAP system provisioning based on CloudStack
ShapeBlue
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
Developing and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project Tye
Eran Stiller
Build your own private Cloud environment
Build your own private Cloud environment
Nico Meisenzahl
Orchestrating Microservices
Orchestrating Microservices
Mauricio (Salaboy) Salatino
[AzureCamp 24 Juin 2014] Témoignage de Conuxio par Arnaud Lecoufle
[AzureCamp 24 Juin 2014] Témoignage de Conuxio par Arnaud Lecoufle
Microsoft Technet France
What's hot
(20)
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
GitHub Actions 101
GitHub Actions 101
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
FestiveTechCalendar2021 - Have Yourself An Azure Container Registry
FestiveTechCalendar2021 - Have Yourself An Azure Container Registry
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...
The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
Virtual Azure Community Day: Azure Kubernetes Service Basics
Fast SAP system provisioning based on CloudStack
Fast SAP system provisioning based on CloudStack
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Developing and Deploying Microservices with Project Tye
Developing and Deploying Microservices with Project Tye
Build your own private Cloud environment
Build your own private Cloud environment
Orchestrating Microservices
Orchestrating Microservices
[AzureCamp 24 Juin 2014] Témoignage de Conuxio par Arnaud Lecoufle
[AzureCamp 24 Juin 2014] Témoignage de Conuxio par Arnaud Lecoufle
Similar to Policy & Governance für Kubernetes
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Nico Meisenzahl
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
Cloud Native Rosenheim Meetup
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
Global Azure Virtual: Container & Kubernetes on Azure
Global Azure Virtual: Container & Kubernetes on Azure
Nico Meisenzahl
All Things Cloud Native Meetup: Azure Kubernetes Service Basics
All Things Cloud Native Meetup: Azure Kubernetes Service Basics
Nico Meisenzahl
AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...
AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...
Philip Welz
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
Nico Meisenzahl
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
DEVNET-1149 Leveraging Rapid Development with PaaS on Cisco Cloud
DEVNET-1149 Leveraging Rapid Development with PaaS on Cisco Cloud
Cisco DevNet
OpenFaaS 2019 Project Update
OpenFaaS 2019 Project Update
Alex Ellis
The Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
Sanae BEKKAR
Winning in the Dark: Defending Serverless Infrastructure
Winning in the Dark: Defending Serverless Infrastructure
Puma Security, LLC
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
ragss
HP Helion European Webinar Series ,Webinar #3
HP Helion European Webinar Series ,Webinar #3
BeMyApp
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Cisco DevNet
Similar to Policy & Governance für Kubernetes
(20)
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Global Azure Virtual: Container & Kubernetes on Azure
Global Azure Virtual: Container & Kubernetes on Azure
All Things Cloud Native Meetup: Azure Kubernetes Service Basics
All Things Cloud Native Meetup: Azure Kubernetes Service Basics
AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...
AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
DEVNET-1149 Leveraging Rapid Development with PaaS on Cisco Cloud
DEVNET-1149 Leveraging Rapid Development with PaaS on Cisco Cloud
OpenFaaS 2019 Project Update
OpenFaaS 2019 Project Update
The Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
[Oracle Webcast] Discover the Oracle Blockchain Platform through the eyes of ...
Winning in the Dark: Defending Serverless Infrastructure
Winning in the Dark: Defending Serverless Infrastructure
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
HP Helion European Webinar Series ,Webinar #3
HP Helion European Webinar Series ,Webinar #3
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
Webex Teams Widgets Technical Drill down - Cisco Live Orlando 2018 - DEVNET-3891
More from Nico Meisenzahl
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
Nico Meisenzahl
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
More from Nico Meisenzahl
(8)
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Recently uploaded
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
itnewsafrica
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Pim van der Noll
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Ingrid Airi González
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
Kari Kakkonen
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
fnnc6jmgwh
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Kaya Weers
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
IES VE
Recently uploaded
(20)
A Framework for Development in the AI Age
A Framework for Development in the AI Age
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
Policy & Governance für Kubernetes
1.
Policy & Governance
for Kubernetes June 2020
2.
Nico Meisenzahl • Senior
Cloud & DevOps Consultant at white duck • Microsoft MVP, GitLab Hero, Docker Community Leader • loves Kubernetes, DevOps and Cloud © white duck GmbH 2020 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
3.
Agenda • Cloud Governance?
Why do we need it? • Governance for Kubernetes • Open Policy Agent – the foundation • OPA Gatekeeper – the Kubernetes implementation © white duck GmbH 2020
4.
CLOUD GOVERNANCE Why do
we need it? © white duck GmbH 2020
5.
Cloud Governance … …
is used to provide a set of rules that defines guidelines that can either be enforced or audited. © white duck GmbH 2020
6.
Why do we
need it? • decisions are made decentralized & taken at a rapid pace • therefore it is important to • reduce risk • control shadow IT • make it easier to manage cloud resources • reduce effort © white duck GmbH 2020
7.
KUBERNETES GOVERNANCE Why do
we need it? © white duck GmbH 2020
8.
Governance for Kubernetes •
Authorization with Role-based Access Control (RBAC) • is used to define who is allowed to do what • very granular • But: Kubernetes offers nothing to control/change the specification of resources • which is essential for successfully governing a cluster © white duck GmbH 2020
9.
Some examples are •
whitelist of trusted container registries, images or tags • required container security specifications • required labels to group resources • permit conflicting Ingress host resources • permit publicly exposed LoadBalancer services © white duck GmbH 2020
10.
OPEN POLICY AGENT The
foundation © white duck GmbH 2020
11.
Open Policy Agent •
“policy-based control for cloud native environments” • open-source project by styra • a unified toolset and framework • declarative policy language • decoupled • Golang library • REST API with sidecar or daemon © white duck GmbH 2020
12.
© white duck
GmbH 2020
13.
Ecosystem • API and
service authorization with Envoy, Kong or Traefik • Authorization policies for SQL, Kafka and others • Container Network authorization with Istio • Test policies for Terraform infrastructure changes • Polices for SSH and sudo • Policy and Governance for Kubernetes • and many more • https://www.openpolicyagent.org/docs/latest/ecosystem/ © white duck GmbH 2020
14.
How OPA works ©
white duck GmbH 2020
15.
How OPA works ©
white duck GmbH 2020 POST /api HTTP/1.1 Authorization: nico { “method”: “POST”, “path”: “api”, “user”: “nico” } { “allow”: “true” } { }
16.
Rego • “ray-go” • inspired
by Datalog with support for JSON • declarative Policy Language • ”is Nico allowed to POST a payload to /api” • Get started • Rego Playground • https://play.openpolicyagent.org/ • Rego deep dive • https://www.slideshare.net/TorinSandall/rego-deep-dive © white duck GmbH 2020 package app.abac default allow = false allow { action_is_post user_is_owner } action_is_post { input.method == ”POST" } user_is_owner { input.user == "nico" }
17.
Rego in action ©
white duck GmbH 2020 POST /api HTTP/1.1 Authorization: nico { “method”: “POST”, “path”: “api”, “user”: “nico” } { “allow”: “true” } package app.abac default allow = false allow { action_is_post user_is_owner } action_is_post { input.method == ”POST" } user_is_owner { input.user == "nico" } { }
18.
OPA Tips • OPA
binary • opa run, opa test, … • VS Code plugin • management APIs • bundle API à send policies and data to OPA • status API à for observability/monitoring • log API à for receiving audit logs © white duck GmbH 2020
19.
OPA GATEKEEPER OPA Kubernetes
implementation © white duck GmbH 2020
20.
OPA Gatekeeper • Kubernetes
implementation of OPA • build by Google, Microsoft, Red Hat, and styra • based on • Open Policy Agent daemon • Kubernetes Admission Controller • Custom Resource Definitions (CRDs) • AuthZ Webhook • Can be installed with Helm or kubectl apply • https://github.com/open-policy-agent/gatekeeper © white duck GmbH 2020
21.
How Gatekeeper works ©
white duck GmbH 2020 https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/
22.
How Gatekeeper works ©
white duck GmbH 2020
23.
Demos • OPA Gatekeeper
in action • example rules • required label • trusted images • unique ingress hosts • auditing © white duck GmbH 2020
24.
Questions? Slides: https://www.slideshare.net/nmeisenzahl Demos: https://gitlab.com/nico-meisenzahl/opa-gatekeeper-sample Nico
Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2020
Download now