December 5, 2019

186 words 1 min read

Establishing Image Provenance and Security in Kubernetes

Establishing Image Provenance and Security in Kubernetes

Take any container running in your Kubernetes cluster. What can you say about it and with what level of certainty? Do you know where it came from? Could an attacker have modified it? Is it up-to-date? …
Talk Title Establishing Image Provenance and Security in Kubernetes
Speakers Adrian Mouat (Chief Scientist, Container Solutions)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Copenhagen, Denmark
Date Apr 30-May 4, 2018
URL Talk Page
Slides Talk Slides
Video

Take any container running in your Kubernetes cluster. What can you say about it and with what level of certainty? Do you know where it came from? Could an attacker have modified it? Is it up-to-date? Can you identify the exact revision of the code that the image was built from? This talk will look at what guarantees Kubernetes gives you out-of-the-box, and what you can do to establish a trustworthy and reliable workflow for deploying and updating images. Topics and tooling covered will include: - building images in a repeatable manner with BuildKit or Bazel - distributing images through registries - verifying provenance with secure hashes as well as Notary/TUF

container cluster code security attack kubernetes
comments powered by Disqus
Good Enough for the Finance Industry: Achieving High Security at Scale with Microservices in Kubernetes

Good Enough for the Finance Industry: Achieving High Security at Scale with Microservices in Kubernetes

November 27, 2019

Security is a challenge for most companies. Especially those in periods of rapid growth. It is often taken for granted as we trust the frameworks we use to implement the necessary security protocols f …
Continuous Delivery Meets Custom Kubernetes Controller: A Declarative Configuration Approach to CI/CD

Continuous Delivery Meets Custom Kubernetes Controller: A Declarative Configuration Approach to CI/CD

December 5, 2019

Building and maintaining streamlined continuous integration and delivery (CI/CD) pipelines is often challenging. It is even harder on Kubernetes since the deployments are, rightfully so, safely guarde …
Keynote: Skip the Anxiety Attack - Build Secure Apps with Kubernetes

Keynote: Skip the Anxiety Attack - Build Secure Apps with Kubernetes

November 30, 2019

Software development today is more rapid, more distributed and more dynamic. As a developer, you really want to be able to focus your time on creating new solutions. But as much as you might want to i …
HDFS on Kubernetes: Tech deep dive on locality and security

HDFS on Kubernetes: Tech deep dive on locality and security

November 25, 2019

There is growing interest in running Spark natively on Kubernetes, and Spark data is often stored in HDFS. Kimoon Kim and Ilan Filonenko explain how to make Spark on Kubernetes work seamlessly with HDFS by addressing challenges such as HDFS data locality and secure HDFS support.
Building a Kubernetes Scheduler using Custom Metrics

Building a Kubernetes Scheduler using Custom Metrics

November 24, 2019

The default Kubernetes scheduler does a fantastic job for typical workloads, but when you have specific requirements (like higher level application metrics) you might need other scheduling methods. …
A Hacker's Guide to Kubernetes and the Cloud

A Hacker's Guide to Kubernetes and the Cloud

November 19, 2019

As Kubernetes increases in adoption it is inevitable that more clusters will come under attack by people wanting to compromise specific applications or just people looking to get access to resources f …