KubeCon + CloudNativeCon Europe 2018

SPIFFE (Secure Production Infrastructure for Everyone) and SPIRE are two of the newest projects to join the CNCF. These projects build on designs first championed at Google, Twitter and elsewhere to provide robust authentication and trust between disparate micro-services in heterogeneous operating environments.

This talk will expand on concepts introduced during the SPIFFE Intro Session to explore in detail how SPIRE performs attestation to workloads in diverse infrastructure and middleware settings, how it leans on different secrets storage backends and how PKI material is automatically delivered to a node and workload. The talk also will cover how these capabilities can be extended and customized through SPIRE’s plugin framework.

In this session, we will demo a Kerberos Node-Attestor for SPIRE in a Kubernetes cluster using the pluggable SPIRE model.  Using Project Lightwave—an open source multi-tenanted and enterprise-grade Kerberized identity platform—we will demonstrate how enterprise identity stacks can be used to identify and trust the next generation of cloud-native workloads.