Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Priyanka Saggu, Rey Lejano
2023-04-21
tldr - powered by Generative AI
The presentation discusses the release process of Kubernetes and the roles of different teams in the process.
- Different teams are involved in the release process of Kubernetes, including the release team, documentation team, and branch management team.
- The release team is responsible for creating a place to keep track of deprecated APIs, creating the official release blog, coordinating webinars, and generating and editing release notes.
- The documentation team helps create feature blocks and writes blogs about new features.
- The branch management team is responsible for cutting the release and promoting images.
- The shadow program is open to anyone and has no requirements or working hours.
- Handbooks are available for each role to guide new members.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Carlos Panato, Adolfo García Veytia
2023-04-20
tldr - powered by Generative AI
The presentation discusses the release toolkit and its use in securing the supply chain for software development projects.
- The release toolkit generates binaries, checksums, and signatures for release artifacts
- It includes provenance attestation and S-BOM SPDX
- The toolkit can be used with GitHub actions and is language-agnostic
- The Salsa tester creates SLSA attestations and can be used with S-BOMs generated by other tools
- The toolkit uses OIDC tokens from GitHub to generate temporary certificates for attestation
- The toolkit can be used to donate repositories to Kubernetes organization
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Marko Mudrinić, Verónica López González
2023-04-19
tldr - powered by Generative AI
The presentation discusses the joint effort between SIG Release, SIG Infra, and other contributors to enforce the migration of Kubernetes images from GCR to Registery. The goal is to serve images from both GCP and AWS, but the migration required manual interaction from users and bending of policies.
- Introduced Registery as a new front for all Kubernetes images to serve images from both GCP and AWS
- Enforced migration from GCR to Registery due to high risk of not having enough GCP Cloud credits for the year
- Bent policies to allow for faster migration despite the policy requiring at least 12 months for users to migrate away from stable features
- Backwards compatibility was introduced to allow for continued access to GCR
- Manual interaction from users was required for the migration
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Carlos Panato, Jeremy Rickard, Sascha Grunert, Adolfo García Veytia
2022-10-26
Have you ever wondered how the Kubernetes source code is turned into artifacts for everyone to use? How do you know you can trust those artifacts? Have you heard about signing things and you're not sure how that fits in with Kubernetes? In this Kubernetes Special Interest Group (SIG) Release update, we will give a quick overview of SIG Release, highlight recent accomplishments, review our updated roadmap and discuss our continued efforts to move toward full SLSA (Supply-chain Levels for Software Artifacts) compliance. As part of this, we will deep dive into efforts to move all aspects of the build process and distribution to community controlled infrastructure and our efforts to expand artifact signing beyond just containers. Finally, we’ll talk about how attendees can become involved in SIG Release. These efforts are exciting and important, but we need your help! We’ll discuss how to contribute to SIG Release tooling, the Release Manager role, and discuss our contributor ladder.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Adolfo García Veytia
2022-05-19
tldr - powered by Generative AI
The presentation discusses the importance of provenance and attestation in the DevOps process, specifically in the Kubernetes project.
- The speaker emphasizes the need for general-purpose tooling to make the process as efficient as possible
- The S1 standard from the Linux Foundation is used to issue the S-bomb
- Two main patterns for attestation are discussed: binary calling and web hook
- Signing and verifying artifacts is crucial to prevent compromised dependencies
- Provenance information is necessary to understand the build process and detect errors
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Nabarun Pal, Verónica López González, Adolfo García Veytia
2021-10-13
Software supply chains are gaining increasingly complex nowadays, especially when it is about deploying cloud native environments securely. After refactoring the Kubernetes release process over the past years, SIG Release efforts have shifted towards three main areas of work. In this talk, Verónica, Nabarun, and Adolfo will cover all of them in-depth: * Starting with Kubernetes v1.22, every release includes an SPDX Bill of Materials describing the source code, binaries, and all published images. * Automatic verification of the integrity and consistency of release artifacts as part of the Kubernetes Release process. * Digital signing of released artifacts and signature verification of upstream images. In the final part of the presentation, the speakers will demonstrate some of the tools that SIG Release has created, which can be leveraged today by the community in other projects, too.