Software Engineering Radio - the podcast for professional software developers SE Radio 634: Jim Bugwadia on Kubernetes Policy as Code
10 snips
Sep 25, 2024 Jim Bugwadia, CEO of Nimrata and kyverno project contributor, dives into the exciting world of policy-as-code. He discusses how kubernetes can enhance security and compliance through automated policy management. The conversation highlights the practical implementations of kyverno and its role in preventing vulnerabilities. Topics include dynamic admission controllers, resource optimization, and the integration of monitoring tools like Prometheus. Jim also emphasizes community engagement and best practices for maintaining compliance across diverse Kubernetes environments.
AI Snips
Chapters
Transcript
Episode notes
API Calls in Policies
- Kyverno policies can call internal or external APIs for more complex logic.
- Calls during admission control should be fast to avoid blocking other API requests.
Kyverno Installation Order
- Install Kyverno after the control plane and CNI, but before other controllers and workloads.
- This ensures policies are applied to all components, including Prometheus and Istio.
Policy Installation Timing
- Install Kyverno policies immediately after Kyverno is up and running.
- Use GitOps tools like Argo CD or Flux to manage and deploy policies as workloads.