Kubernetes v1.25 - Pod Security Admission Control - PodSecurityPolicy Successor

preview_player
Показать описание
Kubernetes v1.25 - Pod Security Admission Control - PodSecurityPolicy Successor

Also will be part of the feature CKS exams

Chapers
00:00 About the topic
00:11 PodSecurityPolicy Depreciation
01:02 PodSecurity Admission Intro
02:37 Admission Controllers Recap
03:51 PodSecurity Admission in short
06:25 How to enable PodSecurity Admission
08:35 PodSecurity Levels
11:30 PodSecurity Modes
13:41 PodSecurity Admission Steps
16:47 PodSecurity Admission Labels at Namespace Level
18:53 PodSecurity Admission Labels at Cluster Level
19:55 PodSecurity Admission Exemptions
21:45 PodSecurity Commands
22:51 PodSecurity Demo
43:56 PodSecurity Alternates

YAML files:

Pod Security Admission Github enhancement:

Like, Comment & Subscribe Learn with GVR

#cks #kubenetes #kubernetessecurity #k8s #learnwithgvr
  1. Learn with GVR
  2. kubernetes
  3. cks
  4. securityspeciality
  5. k8s
  6. #learnwithgvr
Рекомендации по теме
Kubernetes v1.25 - 0:44:45

Kubernetes v1.25 - Pod Security Admission Control - PodSecurityPolicy Successor

Kubernetes Security - 0:17:09

Kubernetes Security - Pod Security Standards | How to use them to enforce security contexts

Migrating From PodSecurityPolicy 0:35:10

Migrating From PodSecurityPolicy - Tim Allclair & Sam Stoelinga, Google

Kubernetes - Pod 0:05:23

Kubernetes - Pod Security

Hands on Demo 0:12:47

Hands on Demo Pod Security Admission| PodSecurityPolicy Successor| PodSecurityPolicy Replacemen

Setting Up Pod 0:27:20

Setting Up Pod Security Policies in Kubernetes

Pod Security Policies 0:09:43

Pod Security Policies in Kubernetes

Kubernetes Security - 0:14:47

Kubernetes Security - Security Contexts | How to use them to make your Containers and Pods secure

Kubernetes Security 2 0:11:28

Kubernetes Security 2 - Pod Security Policy for Kubernetes Cluster

Kubernetes Security - 0:35:58

Kubernetes Security - Pod Security Policies (PodSecurityPolicy) - 11

Kubernetes v1.25 - 0:27:24

Kubernetes v1.25 - endPort in Network Policy

Kubernetes v1.25 Release 0:53:25

Kubernetes v1.25 Release

Kubernetes Security After 0:35:32

Kubernetes Security After Pod Security Policies Removal - Raúl Cabello Martín & Victor Cuadrado ...

The Hitchhiker's Guide 0:30:36

The Hitchhiker's Guide to Pod Security - Lachlan Evenson, Microsoft

Kubernetes Security - 0:28:58

Kubernetes Security - Manage Kubernetes secrets and secret types - 14

Kubernetes v1.25 - 0:42:34

Kubernetes v1.25 - Ephemeral Containers - kubectl debug, kubectl attach with demo

Kubernetes Security, Part 1:38:01

Kubernetes Security, Part 2: Managing POD Run Time Security

Checking Pod Security 0:06:45

Checking Pod Security on Kubernetes with the Open Source PSA Checker

Kubernetes Security - 0:23:01

Kubernetes Security - Security Context for a Pod or Container - 13

Behold: A New 0:42:26

Behold: A New Way to Deploy Pod Security Policies Using Kyverno! - Abhinav Sinha, Nirmata

Kubernetes v1.25 - 0:47:37

Kubernetes v1.25 - CSI Inline Volumes - secrets-store.csi.k8s.io with AWS EKS secrets manager

Kubernetes v1.26 - 0:17:17

Kubernetes v1.26 - Pod Scheduling Readiness SchedulingGates - Alpha feature

Kubernetes Volume Plugins, 0:18:42

Kubernetes Volume Plugins, Pod Volume Types - v1.25

Secure Kubernetes Pods 0:00:36

Secure Kubernetes Pods The RIGHT way #coding #cybersecurity #kubernetes

Комментарии
Автор

Very detailed explanation about PodSecurity admission controller. This session is very helpful, Ramana.

aireddy
Автор

Thank you so much for detailed explanation. Its really helpful

mpandu
Автор

Hi Ramanan, thank you! Really helpful explanation.

MrWarious
Автор

Hey, thanks for the session and CKS playlist. Can you also share a video about your kube setup?

Ravi-grqn
Автор

Can we have custom Pod Security Standards?

saiprasanna
Автор

Hi @Learn With GVR,

I want to restrict users from running cp/scp/rsync/sftp commands inside the containers running in the kubernetes. I understand that we should only have needed packages available inside the application images. But in our system, lots of applications are already running and we can't control that as of now. I was wondering if we have a way to achieve the same by using PodSecurityPolicy or PodSecurity admission controller. Let me know your thoughts around the same.

iammrchetan
Автор

IS THIS THE COMPLETE TRAINING PLAYLIST ON KUBERNETES SECURITY ?

MOHAMMEDAHMEDMUDASSIR
Автор

Thanks Ramana, a very good session, Just one question, if we enable PSA at cluster level, will it add the labels to the namespaces automatically ?

KaranKumar-hyve
Автор

Thank you for your explanation. I have one practical question.

From my understanding, in the pod security admission(PSA), there is no customization feature. We can only select one of the security levels (privileged, baseline or restricted)

Now, there is a pod which uses capability CAP_NET_ADMIN only. But, the ‘baseline’ level of PSA doesn’t have CAP_NET_ADMIN. As a result, should this pod be created with ‘privileged’ level, even though the pod needs only one capability? (In case I don't use webhook or other tool for it)

qqq
Автор

Hey thanks for detailed explanation, I have couple questions:

1. I see that multiple pod-security lables can be applied to a namespace. What will happen if I apply labels with MODE: 'warn' and 'enforce' for PROFILE: 'restricted'. Does it create new baseline security context pod?
What action will be enforced at the end or will there be some conflict?

2. Is kube-system namespace expemted from this change?

jayeshthamke
Автор

Hi Ramanan, Can you please share those yaml files github link which you have shown in this videos?

tamilselvan
Автор

bro ye video to awesome h no doubt i jst wnna ask u if i want to store my secrets so which one could be the best option aws secrets manager or hashicorp vault accrdng to price n all things

shamstabrez
Автор

Thank you so much for detailed explanation. Its really helpful.

BVNTKS