December 15, 2019

250 words 2 mins read

Deep Dive: SPIFFE

Deep Dive: SPIFFE

SPIFFE (Secure Production Infrastructure for Everyone) and SPIRE are two of the newer projects to join the CNCF. These projects build on designs first championed at Google, Twitter and elsewhere to pr …
Talk Title Deep Dive: SPIFFE
Speakers Emiliano Berenbaum (CTO, Scytale), Andrew Harding (Software Engineer, Scytale)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Seattle, WA, USA
Date Dec 9-14, 2018
URL Talk Page
Slides Talk Slides
Video

SPIFFE (Secure Production Infrastructure for Everyone) and SPIRE are two of the newer projects to join the CNCF. These projects build on designs first championed at Google, Twitter and elsewhere to provide robust authentication and trust between disparate micro-services in heterogeneous operating environments.This talk will expand on concepts introduced during the SPIFFE 101 session to explore in detail how SPIRE performs attestation to workloads in diverse infrastructure and middleware settings, how it leans on different secrets storage backends and how PKI material is automatically delivered to a node and workload. The talk also will cover how these capabilities can be extended and customized through SPIRE’s plugin framework.In this session, we will demo two (2) things, specifically:1) How SPIFFE can be used to secure communication between two workloads running on different Kubernetes clusters running on different clouds. For a twist, we’ll demo this for both direct connections as well as those going through load balancers.2) How to federate SPIRE deployments in different trust domains. This demo will also showcase how we federate JSON Web Tokens (JWT) to facilitate cross-cloud communication.

cluster google framework json twitter infrastructure load balancer cloud 101 kubernetes isp
comments powered by Disqus
SPIFFE Deep Dive

SPIFFE Deep Dive

November 26, 2019

SPIFFE (Secure Production Infrastructure for Everyone) and SPIRE are two of the newest projects to join the CNCF. These projects build on designs first championed at Google, Twitter and elsewhere to p …
Distributed training of deep learning models

Distributed training of deep learning models

December 10, 2019

Mathew Salvaris, Miguel Gonzalez-Fierro, and Ilia Karmanov offer a comparison of two platforms for running distributed deep learning training in the cloud, using a ResNet network trained on the ImageNet dataset as an example. You'll examine the performance of each as the number of nodes scales and learn some tips and tricks as well as some pitfalls to watch out for.
Controllers: Lambda Functions for Extending your Infrastructure

Controllers: Lambda Functions for Extending your Infrastructure

November 19, 2019

This session demonstrates how to leverage Kubernetes Controllers and Initializers as a framework for building transparent extensions of your Kubernetes cluster. Using a live coding exercise and demo, …
Performance Testing Ingress for Internet-Scale Workloads

Performance Testing Ingress for Internet-Scale Workloads

December 11, 2019

Have you ever wondered how much ingress traffic a Kubernetes cluster could handle? How many nodes would it take to handle the traffic of an Alexa top-40 website? Understanding these numbers and how yo …
Collecting Operational Metrics for a Cluster with 5,000 Namespaces

Collecting Operational Metrics for a Cluster with 5,000 Namespaces

December 10, 2019

Kubernetes is popular to provide a multi-tenant, shared infrastructure layer for many eng teams within an org. This is great for the teams, as they have a stable, scalable cluster to build upon. Howev …
Shopifys $25k Bug Report, and the Cluster Takeover That Didnt Happen

Shopifys $25k Bug Report, and the Cluster Takeover That Didnt Happen

December 9, 2019

In May, a security researcher reported a vulnerability in a Shopify microservice and demonstrated how it could be used to access keys from the Google Cloud metadata API. This could have led to a clust …