TGIK

TGI Kubernetes is a weekly live video stream all about Kubernetes.

TGI Kubernetes 167: NetworkPolicy++ and pod security policies.next

Watch on YouTube
1:00 PM PDT on Friday, Sep 17, 2021

TGI Kubernetes 167: NetworkPolicy++ and pod security policies.next

TGI Kubernetes 167: NetworkPolicy++ and pod security policies.next

Sep 17 2021

In this episode

Join jay, abhishek, and stoyocos as we dig into the internals of a couple of KEPs that are setting the stage for the future of the Kubernetes security model!

  • 00:01:00 Intro
  • 00:02:58 News: VMWare Tanzu 1.4 is out!
  • 00:06:11 RWM RWO storage volumes to Single Pod Access
  • 00:11:00 Tim Hockins (Google) surprise guest !
  • 00:15:00 trying to patch my golang
  • 00:18:00 NetworkPolicy WG what’s up
  • 00:19:30 quick GKE overview of enhanced networks
  • 00:25:00 there’s lots of problems with Services
  • 00:30:00 “proto loadbalancer” ExternalIPs
  • 00:32:00 svc type LoadBalancers evolution
  • 00:35:00 EndPort fields
  • 00:38:00 Are EndPorts still alpha?
  • 00:41:00 Kind allows you to easily declare FeatureGates for Kubernetes!
  • 00:55:00 bypassing namespace restrictions
  • 00:56:00 Tenants and future ClusterScoped NetworkPolicies
  • 01:00:00 Empowerment vs Priority based policies for the future
  • 01:07:00 more on tenants and namespaces
  • 01:13:00 delegating to lower level network policies
  • 01:20:00 PSPs, OPA, and the future of PSPs
  • 01:25:00 how does the Kubelet deal with PSps, how will it in the future?