Putting an Invisible Shield on Kubernetes Secrets
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore an innovative approach to enhancing Kubernetes secrets protection in this conference talk. Learn about the implementation of Trusted Execution Environment (TEE) and enhanced authentication to create an end-to-end secret hardening solution for Kubernetes clusters. Discover how to guard secrets while in use, at rest, and in transit by making changes to kubectl, Kubernetes master, and node components. Gain insights into TEE transparency for developers and users, and witness a practical demonstration. Understand the real-world application of this technology at Alibaba and learn about the proposed Kubernetes Enhancement Proposal (KEP) for the community. Delve into topics such as confidential computing, TEE-based KMS plugins and providers, and the Occlum framework for simplified SGX development.
Syllabus
Intro
Background: K8s Secrets
Motivation: K8s Secrets Protection
Confidential Computing
TEE-based KMS Plugin
TEE-based KMS Provider
TEE-based Kubectl
TEE-based Secrets Protection (cont.)
KMS Plugin (cont.)
KMS Plugin as a Service
One binary: TEE Transparency
Occlum: SGX Dev Made Easy
Occlum: Major Features
Occlum: Container-Inspired Interface
Demo
Summary & Next Steps
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube