Where Are Your Images Running? Stop Worrying and Start Encrypting!

Explore container image encryption and geofencing of execution in this 36-minute conference talk from CNCF's KubeCon + CloudNativeCon. Learn how DevOps, trust bootstrapping, and key management can work together with container image encryption to control where images can run. Discover the new encrypted container images worker node model in containerd and cri-o, and see a demonstration of its implementation. Delve into methods for bootstrapping node trust, ranging from simple setups to advanced key distribution using hardware root of trust and TPM technologies like Keylime. By the end of the talk, understand how to create images that are only usable by clusters in specific geographic regions, addressing compliance requirements and enhancing security in cloud-native environments.