Join PKI industry experts Jason Soroko (CTO of IoT) and Tim Callan (Senior Fellow) from Sectigo, to learn how TLS Certificates and Code Signing within CI/CD pipelines help you secure your DevOps environments. During this webinar, Tim and Jason will cover the following key topics, and answer all your questions:
Popular containerization and orchestration applications and how they handle PKI on their own (e.g. CA included, plug in your own outside CA, no PKI option)
How TLS Certificates and Code Signing fit into all this
Orchestration engine integration: container code signing made easy
3. Share your questions in Chat and we’ll
answer them at the end
About this webinar
Jason Soroko
CTO of IoT
Tim Callan
Senior Fellow
Estimated
20 Minutes, plus Q&A
4. For background on PKI for DevOps
Go to www.Sectigo.com/resources
Search for “DevOps”
1.
2.
5. Containers need strong identity
Which means PKI
Which means integration
with orchestration platforms
6. Kubernetes (K8S) Cluster TLS Use-Cases
Client certificates for the kubelet to authenticate to the API server
Server certificate for the API server endpoint
Client certificates for administrators of the cluster to authenticate to the API server
Client certificates for the API server to talk to the kubelets
Client certificate for the API server to talk to etcd
Client certificate/kubeconfig for the controller manager to talk to the API server
Client certificate/kubeconfig for the scheduler to talk to the API server.
Client and server certificates for the front-proxy
7. Two possible paths to PKI for containers
Included in the
orchestration engine
Manual certificate authority
setup
8. Most DevOps tools use external PKI
Tool PKI included API support for external PKI
Docker
Kubernetes
Ansible
Terraform
Hashicorp Vault
Puppet
Chef
Jenkins
Istio
9. Risks of DIY PKI
Insecure applications
Interoperability Future proofing
Compliance and auditability
10. Purpose-built applications can help
• Best practices for keys,
algorithms, roots
• Publicly-trusted root
• Visibility and control over
PKI parameters
• Crypto agility, industry
knowledge, ongoing
product updates
Insecure applications
Interoperability Future proofing
Compliance and auditability