We have two great talks this month: one is on the new CKS exam and what you need to know about where to get started, and the other is on hierarchical namespaces which allow for more powerful policies and the freedom to create new namespaces without bypassing those policies. But there are rules! Find out more at our meetup on Feb. 16 at 12 pm.
Speakers
Michael Foster
Red Hat
Principal Product Marketing Manager
Adrian Ludwin
Google
Software Engineer
Ginny Li
Google
When
Tuesday, February 16, 2021 5:00 PM – 6:30 PM (UTC)
Agenda
Intro
CNCF Update
Kubernetes Security Specialist Exam is Here! What to Know and How to Get Started
By Michael Foster, StackRox One of the most significant KubeCon North America announcements was the Certified Kubernetes Security Specialist (CKS) program. The online, proctored, performance-based exam will test on a range of Kubernetes security topics. In this virtual talk, I will discuss: -How to get started and set up a Kubernetes 1.19 cluster -The general structure of the exam -Important topics to focus on -General best practice tips for taking the exam
What's new in Hierarchical Namespaces: now with less hierarchy!
By Adrian Ludwin and Ginny Ji, Google
Kubernetes Namespaces aren’t just dumb containers; they’re a critical part of the security and operation of your cluster. Hierarchical namespaces give you more control over your policies, but strict hierarchy can be too limiting. So we’ve added new ways to make your policies even more flexible. The Hierarchical Namespace Controller (HNC) extends Kubernetes namespaces to support the notion of hierarchy: that is, policies applied to ancestor namespaces should also apply to descendant namespaces. This allows cluster admins to naturally express more powerful policies, and also give cluster users the freedom to create new namespaces without bypassing those policies. However, strict hierarchies can be too limiting - lots of rules have special cases. To handle this, the latest version of HNC (v0.7.0) add the concept of exceptions - policies that can be restricted to only apply to certain namespaces. This talk will introduce exceptions and talk about the path to HNC v1.0.