Image Signing and Runtime Verification at Scale - Datadog's Journey
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Why sign & verify images?
Modern Consensus on Image Signing
Signature Metadata in a Registry
Signature Format: Payload
Signature Format: Envelope
Signature Format: Registry Layout
Signing as a Service
Signing Thin Client
Signing Service: Least Privilege & Auditability
Signing Service: Encapsulation
Validating Admission Webhooks
Image Verification in containerd
Developer Perspective
Distributing Verifier Config
Distributing Public Keys & Mode
Distributing Image Revocation List
Challenges & Recommendations
Takeaways
Taught by
CNCF [Cloud Native Computing Foundation]