Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
Back To Schedule
Tuesday, December 11 • 3:40pm - 5:05pm
Tututorial: Building Security into Kubernetes Deployment Pipelines – Andrew Martin & Pi Unnerup, ControlPlane; Michael Hough & Liam White, IBM (Limited Seating Available - See Description for Details)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
IMPORTANT NOTE: Due to the nature of tutorials, this session has been placed in a smaller capacity room to help facilitate a conducive learning environment. Space is very limited and seating will be given on a first come-first serve basis. The tutorial will be recorded and viewed on the CNCF YouTube channel after the event concludes. Thank you for your understanding.

How secure is your deployment pipeline? Is image integrity verified or can any user deploy any image to production? Are those images scanned for known CVEs? And are security policies enforced to harden the cluster at runtime?

This tutorial covers current best practices for enhanced Kubernetes cluster security. It is led by core contributors and subject matter experts, and provides hands-on experience with Notary, admission controllers, and vulnerability scanning.

It teaches integrating image signing and vulnerability scanning into a pipeline through live examples, and demonstrates how to configure Kubernetes to enforce security policies and image integrity.

Attendees should expect to learn how to utilise state-of-the-art CNCF and OS tooling, and frustrate potential attackers throughout the deployment lifecycle.

Requirements: internet-capable laptop, a local Minikube installation.

avatar for Michael Hough

Michael Hough

Software Engineer, IBM
Michael is a Software Engineer on the IBM Cloud Container Registry team, delivering and operating code using Kubernetes in production, and a contributor to Notary and Portieris. He has presented and led labs about Kubernetes and IBM Cloud Container Service at IBM Technical Universities... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, Control Plane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is comfortable profiling and securing every tier of a bare metal or cloud native system, and has battle-hardened... Read More →
avatar for Pi Unnerup

Pi Unnerup

Infrastructure Engineer, ControlPlane
Pi is an Infrastructure Engineer for ControlPlane, configuring secure end-to-end pipelines in containerised environments. She has contributed to projects securing high impact products, and worked on critical national infrastructure for the UK Home Office.
avatar for Liam White

Liam White

Software Engineer, Tetrate
Liam is a software engineer at Tetrate and maintainer on the Istio project. He leads the GetEnvoy project at Tetrate, focused on simplifying Envoy adoption in Brownfield workloads.

Tuesday December 11, 2018 3:40pm - 5:05pm PST
Skagit 4/5 @ TCC The Conference Center (TCC) - Separate from WSCC building