// Ivan Labrovic & Anusha Hegde

Get Your Platform In Order: A Kyverno Case Study

Abstract:

Kyverno has become a staple in the world of Policy-as-Code. There are numerous examples of how it can be used to ensure the security and compliance of Kubernetes clusters and the workloads deployed on them. For platform teams, implementing governance largely involves automating the compliance controls mandated by security teams. In addition to security controls, Kyverno policies are useful for enforcing operational best practices, making platforms easier to manage and scale. In this presentation, we will demonstrate how Kyverno can implement guardrails in self-service pipelines, such as generating NetworkPolicies and RBAC rules automatically whenever a namespace is provisioned. We will then explore how this concept is applied at the Department of Dutch Police, focusing on how it enforces operational best practices in the platform. We will also discuss how this automation reduced manual effort and lowered maintenance costs within a production Kubernetes environment.

Speaker:

Ivan Labrovic – HCS Company, Openshift Engineer Helping Clients Succeed wherever I can on Red Hat Enterprise Linux, Red Hat Openshift and a variety of automation tools. Implemented various Kyverno policies on Openshift.

Anusha Hedge is a Senior Technical Product Manager at Nirmata. For the last two years, she has been working with open-source Kyverno users and also enterprise customers to improve the usability and adoption of Kyverno in their organizations. She was also a founding engineer of the VMware Tanzu Edge team and is an emeritus maintainer of the CAPI-BYOH provider. When not glued to her laptop, she is almost always goofing around with her dog.