SlideShare a Scribd company logo

Workshop: Successfully Secure DevOps Containerization and Orchestration Deployments with PKI

Download as PPTX, PDF
DevOps.com
DevOps.com

Join PKI industry experts Jason Soroko (CTO of IoT) and Tim Callan (Senior Fellow) from Sectigo, to learn how TLS Certificates and Code Signing within CI/CD pipelines help you secure your DevOps environments. During this webinar, Tim and Jason will cover the following key topics, and answer all your questions: Popular containerization and orchestration applications and how they handle PKI on their own (e.g. CA included, plug in your own outside CA, no PKI option) How TLS Certificates and Code Signing fit into all this Orchestration engine integration: container code signing made easy

Technology
1 of 17
PKI for DevOps Orchestration September 2019
Share your questions in Chat and we’ll answer them at the end About this webinar Jason Soroko CTO of IoT Tim Callan Senior Fellow Estimated 20 Minutes, plus Q&A
For background on PKI for DevOps Go to www.Sectigo.com/resources Search for “DevOps” 1. 2.
Containers need strong identity Which means PKI Which means integration with orchestration platforms
Kubernetes (K8S) Cluster TLS Use-Cases  Client certificates for the kubelet to authenticate to the API server  Server certificate for the API server endpoint  Client certificates for administrators of the cluster to authenticate to the API server  Client certificates for the API server to talk to the kubelets  Client certificate for the API server to talk to etcd  Client certificate/kubeconfig for the controller manager to talk to the API server  Client certificate/kubeconfig for the scheduler to talk to the API server.  Client and server certificates for the front-proxy
Two possible paths to PKI for containers Included in the orchestration engine Manual certificate authority setup
Most DevOps tools use external PKI Tool PKI included API support for external PKI Docker  Kubernetes   Ansible  Terraform  Hashicorp Vault   Puppet  Chef  Jenkins  Istio  
Risks of DIY PKI Insecure applications Interoperability Future proofing Compliance and auditability
Purpose-built applications can help • Best practices for keys, algorithms, roots • Publicly-trusted root • Visibility and control over PKI parameters • Crypto agility, industry knowledge, ongoing product updates Insecure applications Interoperability Future proofing Compliance and auditability
Sign code to ensure integrity
Sign code to ensure integrity
Sign code to ensure integrity
DevOps PKI architecture Web Servers, Load Balancers Container cloud Enterprise DevOps Sectigo Vault Private CA Public CA Certificate Manager OCSP Private Code Signing Sectigo Secure Container Kubernetes Docker SSH Client Server Automated Certificate Management Environment (ACME) Restful API Automation Docker Kubernetes Istio/Citadel Ansible Terraform HashiCorp Vault ACME
If you liked this conversation… Available on these streaming services …and others
Questions…
©2019 Sectigo. All Rights Reserved.

Recommended

Is iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraIs iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraPrancer Io
 
Mobile sdk best practices
Mobile sdk best practicesMobile sdk best practices
Mobile sdk best practicesGal Keidar - I'm hiring
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
Mix11 Recap DevDinner
Mix11 Recap DevDinnerMix11 Recap DevDinner
Mix11 Recap DevDinnerFrank La Vigne
 
Tech talk live on new alfresco api
Tech talk live on new alfresco apiTech talk live on new alfresco api
Tech talk live on new alfresco apiAlfresco Software
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...
apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...
apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...apidays
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UIEmerasoft, solutions to collaborate
 

Recommended

Is iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraIs iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraPrancer Io
 
Mobile sdk best practices
Mobile sdk best practicesMobile sdk best practices
Mobile sdk best practicesGal Keidar - I'm hiring
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
Mix11 Recap DevDinner
Mix11 Recap DevDinnerMix11 Recap DevDinner
Mix11 Recap DevDinnerFrank La Vigne
 
Tech talk live on new alfresco api
Tech talk live on new alfresco apiTech talk live on new alfresco api
Tech talk live on new alfresco apiAlfresco Software
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...
apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...
apidays LIVE LONDON - Architecting Scalable Software Platforms for IoT Applic...apidays
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UIEmerasoft, solutions to collaborate
 
WEB API Gateway
WEB API GatewayWEB API Gateway
WEB API GatewayKumaresh Chandra Baruri
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsKublr
 
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...Codemotion
 
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENTENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENTForgeRock
 
Event mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporeEvent mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporePhil Scanlon
 
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays
 
Better WebApp Development using OSGi - Raymond Auge
Better WebApp Development using OSGi - Raymond AugeBetter WebApp Development using OSGi - Raymond Auge
Better WebApp Development using OSGi - Raymond Augemfrancis
 
Ballerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming LanguageBallerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming LanguageBallerina
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Edureka!
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
K8s hard-way on DigitalOcean
K8s hard-way on DigitalOceanK8s hard-way on DigitalOcean
K8s hard-way on DigitalOceanCloudYuga
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow
 
給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗William Yeh
 
CI and CD with Spinnaker
CI and CD with SpinnakerCI and CD with Spinnaker
CI and CD with SpinnakerVMware Tanzu
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...HostedbyConfluent
 
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptxKubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptxHectorSebastianMendo
 
Kafka as a service in your organsation
Kafka as a service in your organsationKafka as a service in your organsation
Kafka as a service in your organsationSion Smith
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptographyishmecse13
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetesOleg Chunikhin
 

More Related Content

What's hot

How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsKublr
 
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...Codemotion
 
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENTENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENTForgeRock
 
Event mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporeEvent mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporePhil Scanlon
 
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays
 
Better WebApp Development using OSGi - Raymond Auge
Better WebApp Development using OSGi - Raymond AugeBetter WebApp Development using OSGi - Raymond Auge
Better WebApp Development using OSGi - Raymond Augemfrancis
 
Ballerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming LanguageBallerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming LanguageBallerina
 

What's hot (8)

WEB API Gateway
WEB API GatewayWEB API Gateway
WEB API Gateway
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive Environments
 
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
Building advanced Chats Bots and Voice Interactive Assistants - Stève Sfartz ...
 
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENTENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
ENABLING THE E-CITIZEN IN A DISTRIBUTED ENVIRONMENT
 
Event mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporeEvent mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI Singapore
 
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
apidays LIVE Australia 2020 - Evaluating the usability of security APIs by Dr...
 
Better WebApp Development using OSGi - Raymond Auge
Better WebApp Development using OSGi - Raymond AugeBetter WebApp Development using OSGi - Raymond Auge
Better WebApp Development using OSGi - Raymond Auge
 
Ballerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming LanguageBallerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming Language
 

Similar to Workshop: Successfully Secure DevOps Containerization and Orchestration Deployments with PKI

Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Edureka!
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
K8s hard-way on DigitalOcean
K8s hard-way on DigitalOceanK8s hard-way on DigitalOcean
K8s hard-way on DigitalOceanCloudYuga
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow
 
給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗William Yeh
 
CI and CD with Spinnaker
CI and CD with SpinnakerCI and CD with Spinnaker
CI and CD with SpinnakerVMware Tanzu
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...HostedbyConfluent
 
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptxKubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptxHectorSebastianMendo
 
Kafka as a service in your organsation
Kafka as a service in your organsationKafka as a service in your organsation
Kafka as a service in your organsationSion Smith
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptographyishmecse13
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetesOleg Chunikhin
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortGabriel Bechara
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019Kumton Suttiraksiri
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
 
Goodbye Pod Security Policy - Hello alternatives
Goodbye Pod Security Policy - Hello alternativesGoodbye Pod Security Policy - Hello alternatives
Goodbye Pod Security Policy - Hello alternativesMario Fahlandt
 

Similar to Workshop: Successfully Secure DevOps Containerization and Orchestration Deployments with PKI (20)

Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえり
 
K8s hard-way on DigitalOcean
K8s hard-way on DigitalOceanK8s hard-way on DigitalOcean
K8s hard-way on DigitalOcean
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container Platform
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
 
給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗給 RD 的 Kubernetes 初體驗
給 RD 的 Kubernetes 初體驗
 
CI and CD with Spinnaker
CI and CD with SpinnakerCI and CD with Spinnaker
CI and CD with Spinnaker
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
 
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
 
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptxKubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptx
 
Kafka as a service in your organsation
Kafka as a service in your organsationKafka as a service in your organsation
Kafka as a service in your organsation
 
Kerberos using public key cryptography
Kerberos using public key cryptographyKerberos using public key cryptography
Kerberos using public key cryptography
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetes
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-shortK8sfor dev parisoss-summit-microsoft-5-decembre-short
K8sfor dev parisoss-summit-microsoft-5-decembre-short
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
 
Goodbye Pod Security Policy - Hello alternatives
Goodbye Pod Security Policy - Hello alternativesGoodbye Pod Security Policy - Hello alternatives
Goodbye Pod Security Policy - Hello alternatives
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Workshop: Successfully Secure DevOps Containerization and Orchestration Deployments with PKI

  • 1.
  • 2. PKI for DevOps Orchestration September 2019
  • 3. Share your questions in Chat and we’ll answer them at the end About this webinar Jason Soroko CTO of IoT Tim Callan Senior Fellow Estimated 20 Minutes, plus Q&A
  • 4. For background on PKI for DevOps Go to www.Sectigo.com/resources Search for “DevOps” 1. 2.
  • 5. Containers need strong identity Which means PKI Which means integration with orchestration platforms
  • 6. Kubernetes (K8S) Cluster TLS Use-Cases  Client certificates for the kubelet to authenticate to the API server  Server certificate for the API server endpoint  Client certificates for administrators of the cluster to authenticate to the API server  Client certificates for the API server to talk to the kubelets  Client certificate for the API server to talk to etcd  Client certificate/kubeconfig for the controller manager to talk to the API server  Client certificate/kubeconfig for the scheduler to talk to the API server.  Client and server certificates for the front-proxy
  • 7. Two possible paths to PKI for containers Included in the orchestration engine Manual certificate authority setup
  • 8. Most DevOps tools use external PKI Tool PKI included API support for external PKI Docker  Kubernetes   Ansible  Terraform  Hashicorp Vault   Puppet  Chef  Jenkins  Istio  
  • 9. Risks of DIY PKI Insecure applications Interoperability Future proofing Compliance and auditability
  • 10. Purpose-built applications can help • Best practices for keys, algorithms, roots • Publicly-trusted root • Visibility and control over PKI parameters • Crypto agility, industry knowledge, ongoing product updates Insecure applications Interoperability Future proofing Compliance and auditability
  • 11. Sign code to ensure integrity
  • 12. Sign code to ensure integrity
  • 13. Sign code to ensure integrity
  • 14. DevOps PKI architecture Web Servers, Load Balancers Container cloud Enterprise DevOps Sectigo Vault Private CA Public CA Certificate Manager OCSP Private Code Signing Sectigo Secure Container Kubernetes Docker SSH Client Server Automated Certificate Management Environment (ACME) Restful API Automation Docker Kubernetes Istio/Citadel Ansible Terraform HashiCorp Vault ACME
  • 15. If you liked this conversation… Available on these streaming services …and others
  • 17. ©2019 Sectigo. All Rights Reserved.

Editor's Notes

  1. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  2. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  3. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  4. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  5. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  6. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  7. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  8. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  9. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  10. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  11. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  12. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements
  13. Founding member of CA/Browser Forum Leader in establishing CA baseline requirements