Overview
Explore the implementation of Zero Trust principles in Kubernetes workload identity through this informative conference talk. Delve into the challenges of traditional authorization methods using passwords and secret keys, and discover a simpler solution that ties authorization directly to the workload's identity. Learn about SIFFE (the specification) and Spire (the implementation) as tools for achieving Zero Trust systems. Gain insights into implementing explicit authorization between services across a service mesh in Kubernetes using workload identity. Examine centralized policy enforcement techniques and explore integrations with emerging projects like Keylime for hardware attestation-based identity and Sigstore for identity during software builds. Understand how this approach can enhance security, simplify deployment, and reduce the risk of breaches in Kubernetes environments.
Syllabus
Zero Trust Workload Identity in Kubernetes - Michael Peters, Red Hat
Taught by
CNCF [Cloud Native Computing Foundation]