https://socake.github.io/tags/security/Recent content in Security on 黄文卓 | DevOps EngineerHugo -- gohugo.iozh-CN17691281867@163.com (Wenzhuo Huang)17691281867@163.com (Wenzhuo Huang)© 2026 Wenzhuo HuangThu, 11 Sep 2025 13:36:00 +0800https://socake.github.io/posts/opa-kyverno-admission-control/Thu, 11 Sep 2025 13:36:00 +080017691281867@163.com (Wenzhuo Huang)https://socake.github.io/posts/opa-kyverno-admission-control/没有准入控制的 K8s 集群就像一个没有门卫的机房——任何人都能随意进出。本文记录了我在多个生产集群部署 Kyverno 策略的实战经验，涵盖资源限制强制、镜像来源白名单、标签规范、以及与 OPA Gatekeeper 的对比选型思路。