Back To Schedule
Friday, March 11 • 11:30 - 12:10
Integrated trusted computing in Kubernetes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Being able to trust your containers requires that you be able to trust the systems your containers are running on. Trusted computing makes it possible for computers to prove what they’ve booted, making it practical for clusters to verify that systems haven’t been compromised, but up until now it’s been a heroic task to deploy a trusted computing environment.

This presentation will describe the integration of trusted computing technologies into Kubernetes, making it possible to define policies that provide fine-grained access control to cluster resources and distribute secrets in a secure manner. It will then introduce functionality added to the rkt runtime, making it possible to extend trusted computing from initial system state to validation of individual containers.

  • Problem space: why do we care about system security, and what are the risks of it being compromised
  • Introduction to trusted computing: hardware requirements, OS support, what a TPM is, how attestation works
  • Integration of trusted computing in Kubernetes: The code added to Kubernetes in order to support verification of nodes at cluster admission time
  • Extending trust into containers: Discussion of how the container runtime can integrate with trusted computing

avatar for Matthew Garrett

Matthew Garrett

Principal Security Software Engineer, CoreOS
Matthew Garrett is a security developer at CoreOS, specialising in the areas where software starts knowing a little more about hardware than you'd like. He implemented much of Linux's support for UEFI Secure Boot, does things with TPMs and has found more bugs in system firmware than... Read More →

Friday March 11, 2016 11:30 - 12:10 PST
CodeNode - Alt Tab