December 5, 2019

186 words 1 min read

Establishing Image Provenance and Security in Kubernetes

Establishing Image Provenance and Security in Kubernetes

Take any container running in your Kubernetes cluster. What can you say about it and with what level of certainty? Do you know where it came from? Could an attacker have modified it? Is it up-to-date? …

Talk Title Establishing Image Provenance and Security in Kubernetes
Speakers Adrian Mouat (Chief Scientist, Container Solutions)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Copenhagen, Denmark
Date Apr 30-May 4, 2018
URL Talk Page
Slides Talk Slides
Video

Take any container running in your Kubernetes cluster. What can you say about it and with what level of certainty? Do you know where it came from? Could an attacker have modified it? Is it up-to-date? Can you identify the exact revision of the code that the image was built from? This talk will look at what guarantees Kubernetes gives you out-of-the-box, and what you can do to establish a trustworthy and reliable workflow for deploying and updating images. Topics and tooling covered will include: - building images in a repeatable manner with BuildKit or Bazel - distributing images through registries - verifying provenance with secure hashes as well as Notary/TUF

comments powered by Disqus