Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Ashley Davis
2023-04-20
tldr - powered by Generative AI
The presentation discusses the importance of a safe private PKI and how to mitigate risks associated with it.
- The third risk in PKI is trust, and it is important to mitigate it to ensure the certificate is not useless
- Trust manager is a tool that can help in this situation, but a plan is still needed for trusting certificates
- Issuance and policy are important to prevent unauthorized requests and ensure the safety of the PKI
- Private PKI offers advantages such as cost-effectiveness and total control over certificate issuance
- Certificates are important for encryption in transit and protecting data from attackers
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Josh Van Leeuwen, Thomas Meadows
2023-04-19
tldr - powered by Generative AI
The presentation discusses the Secure Production Identity Framework for Everyone (SPIFFE) and how it can be used with Cert Manager to deliver certificates to pods that are SPIFFE-compliant and attested by workload identity.
- SPIFFE is an open-source framework that defines a standard for defining a workload or machine identity.
- SPIFFE can issue SVIDs in two document formats, JWT and x509, and can verify SVIDs of other workloads.
- SPIFFE has an emerging ecosystem of plugins to integrate with other tools and services.
- CSI Driver SPIFFE can be used with Cert Manager to deliver certificates to pods that are SPIFFE-compliant and attested by workload identity.
- CSI is the way that any kind of storage works in Kubernetes.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Jake Sanders, Ashley Davis
2022-10-28
tldr - powered by Generative AI
Cert Manager is an open-source project that automates the management and issuance of TLS certificates in Kubernetes clusters, with a focus on security and extensibility.
- Cert Manager is an open-source project that automates the management and issuance of TLS certificates in Kubernetes clusters
- It is designed with a focus on security and extensibility
- Cert Manager supports multiple certificate issuers, including Let's Encrypt and private PKIs
- It is highly automated and can be used with a simple annotation on Ingress resources
- The project is actively maintained and welcomes community contributions
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Sitaram Iyer, Riaz Mohamed
2022-10-27
tldr - powered by Generative AI
The talk discusses how to manage security at the edge using cert-manager and utilizing SPIFFE as a way to manage and distribute trust.
- Workloads are moving from data centers to the edge, and Kubernetes has been adopted to run these workloads.
- The challenge is to secure these workloads and manage certificates and renewals at scale.
- Cert-manager and SPIFFE can be used to manage security at the edge and distribute trust.
- The talk demonstrates how to provision and renew certificates for both ingress and mTLS use cases using cert-manager on a Raspberry Pi.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Charlie Egan, Jake Sanders
2022-05-20
tldr - powered by Generative AI
The presentation discusses the use of standardized identities in workload agencies to improve security and simplify the process of moving from on-prem and hybrid environments to clouds.
- The use of standardized identities, such as SPIFFE, can improve security and simplify the process of moving from on-prem and hybrid environments to clouds.
- The presentation demonstrates a toy example of a workload agency using a SPIFFE connector server to issue short-lived cloud credentials to workloads.
- The SPIFFE connector server is configured with an ACL to control which workloads can access which credentials.
- The presentation includes a live demo of the toy example, showing the deployment of the SPIFFE connector server and an example workload with a sidecar.
- The demo illustrates how the SPIFFE connector server issues short-lived credentials to the workload, which can then be used to access cloud APIs.
- The use of standardized identities can improve security by allowing for better auditing and control over which workloads have access to which credentials.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Jose Manuel Ortega
2022-05-19
One of the best practices from a security point of view is to introduce the management of the certificates that we are going to use to support protocols such as SSL / TLS. In this talk we will explain cert-manager and his implementation in K8s as a native Kubernetes certificate management controller that allows us to manage connection certificates and secure communications through SSL/TLS protocols. Later I will explain the main functionalities and advantages that cert-manager provides, for example it allows us to validate that the certificates we are using in different environments are correct. Finally, some use cases are studied in which to use cert-manager and the integration with other services such as Let's Encrypt or HashiCorp Vault.Click here to view captioning/translation in the MeetingPlay platform!
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Nabarun Pal, Arsh Sharma
2022-05-18
tldr - powered by Generative AI
The presentation discusses the benefits of using Prow for collaboration in open source projects and provides a guide on how to set it up.
- Prow ensures a consistent experience across repositories in an organization
- Chat ops based interaction makes it easy to use for non-experts
- Prow is new contributor friendly
- Guide on how to set up Prow for use in open source projects