KubeCon EU 2016: Integrated trusted computing in Kubernetes

download KubeCon EU 2016: Integrated trusted computing in Kubernetes

If you can't read please download the document

Transcript of KubeCon EU 2016: Integrated trusted computing in Kubernetes

Matthew Garrett@mjg59 | [email protected] | coreos.com

Integrated Trusted Computing in Kubernetes

Secure runtimes require a secure base

How do we trust a system?

Trusted Computing

Trusted Platform Module

Unique per-system identity

Cryptographically verifiable system state

Attestation

How does this fit into Kubernetes?

Verify system state before providing access

Two-pronged approach

Authentication Controller

Initial authentication is TPM based

Attestation is slow :(

On valid auth, provide secrets

Admission Controller

Validate state on node operations

Can we go further?

Measure initial container state

Cryptographically verifiable audit trail

Proof of concept implementation

JSON-based policy description

Should this be in-tree?

https://github.com/mjg59/kubernetes

Thank you!

Matthew Garrett@mjg59 | [email protected] | coreos.com Were hiring in all departments!Email: [email protected] Positions: coreos.com/careers


Immutable Infrastructure - USENIX · 2019-12-18 · 3 @zehicle #immutable Storytime! “Self-Bootstrapping Kubernetes” Kubecon in Nov 2017 we created this demo Simple “immutable”

Immutable Infrastructure - USENIX · 2019-12-18 · 3 @zehicle #immutable Storytime! “Self-Bootstrapping Kubernetes” Kubecon in Nov 2017 we created this demo Simple “immutable”

KubeCon EU 2016:

KubeCon EU 2016:

KubeCon EU 2016: Bringing an open source Containerized Container Platform to Kubernetes

KubeCon EU 2016: Bringing an open source Containerized Container Platform to Kubernetes

Tales from Lastminute.com machine room: our journey towards a full on-premise kubernetes architecture in production (KubeCon Berlin 2017)

Tales from Lastminute.com machine room: our journey towards a full on-premise kubernetes architecture in production (KubeCon Berlin 2017)

Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry

Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry

KubeCon EU 2016: Using Traffic Control to Test Apps in Kubernetes

KubeCon EU 2016: Using Traffic Control to Test Apps in Kubernetes

3 About KubeCon + CloudNativeCon · 2019. 10. 28. · 3 KubeCon + CloudNativeCon Europe 2020 Amsterdam, The Netherlands | March 30 - April 2, 2020 10,000+ attendees KubeCon + CloudNativeCon

3 About KubeCon + CloudNativeCon · 2019. 10. 28. · 3 KubeCon + CloudNativeCon Europe 2020 Amsterdam, The Netherlands | March 30 - April 2, 2020 10,000+ attendees KubeCon + CloudNativeCon

KubeCon London 2016 Ronana Cloud Native SDN

KubeCon London 2016 Ronana Cloud Native SDN

KubeCon EU 2016: Transforming the Government

KubeCon EU 2016: Transforming the Government

Counting with Prometheus (CloudNativeCon+Kubecon Europe 2017)

Counting with Prometheus (CloudNativeCon+Kubecon Europe 2017)

KubeCon EU 2016: Scaling Open edX with Kubernetes

KubeCon EU 2016: Scaling Open edX with Kubernetes

KubeCon EU 2016: Trading in the Kube

KubeCon EU 2016: Trading in the Kube

Kubernetes kubecon-roundup

Kubernetes kubecon-roundup

Join us for KubeCon + CloudNativeCon Virtual€¦ · Kubernetes CNI Integrating Project Antrea and NVIDIA Mellanox ConnectX SmartNICS ... Plumbing eth0 (network interface) into Pod

Join us for KubeCon + CloudNativeCon Virtual€¦ · Kubernetes CNI Integrating Project Antrea and NVIDIA Mellanox ConnectX SmartNICS ... Plumbing eth0 (network interface) into Pod

KubeCon NA, Seattle, 2016: Performance and Scalability Tuning Kubernetes for OpenShift and Docker

KubeCon NA, Seattle, 2016: Performance and Scalability Tuning Kubernetes for OpenShift and Docker

KubeCon CloudNativeCon 2016 Seattle - a report

KubeCon CloudNativeCon 2016 Seattle - a report

Cloud nativecon kubecon final

Cloud nativecon kubecon final

Federation of Kubernetes Clusters (a.k.a. "Ubernetes") - KubeCon 2015 slides - Quinton Hoole

Federation of Kubernetes Clusters (a.k.a. "Ubernetes") - KubeCon 2015 slides - Quinton Hoole

Transforming The Government - KubeCon

Transforming The Government - KubeCon

KubeCon Europe 2017: Running Workloads in Kubernetes

KubeCon Europe 2017: Running Workloads in Kubernetes