Exploring Modern and Secure Operations of Kubernetes Clusters on the Edge

Dive into modern and secure operations of Kubernetes clusters on the edge in this 45-minute conference talk. Explore novel approaches to securing ARM boot processes, including coreboot, LinuxBoot, and Trusted Firmware-A. Learn about secure OS image downloads using The Update Framework and ORAS, and discover how to leverage TPM for Remote Attestation. Examine Kubernetes deployment alternatives such as Cluster API, kubeadm, and k3s, and explore GitOps-based cluster lifecycle management using Flux v2, libgitops, and kspan. Investigate edge-to-cloud data synchronization solutions like KubeEdge and Akri. Gain insights into the creative combination of cloud-native and open-source firmware projects, and learn about the speaker's new open-source project, Racklet, for hands-on experience with these technologies.

Introduction
Agenda
Hardware
Bootloaders
Example
Netboot
Trusted Execution Environment
TFA
Linux Boot
Linux Boot vs UEFI
You Root
LinuxBoot
Update Framework
Open Containers Initiative
Linux boot in ociboot
Linux boot in toughboot
Advanced trust delegation
Trusted Platform Module
Static Root of Trust Measurements
Remote Verification
Remote attestation
Edge automation
Kubernetes Cluster Lifecycle
Cubed M vs Kubernetes
K3S vs Kubernetes
Cluster API
Cluster Controllers
Cluster APIs
Principles of GitOps
Flux
Kspan
Visualization
Cube Edge
Architecture diagrams
Cube use case
What now