February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 4:40pm - 5:15pm
Improving Secure Pod-to-Pod Communication Within Kubernetes Using Trust Bundles - Thomas Edward Hahn, TCB Technologies, Inc & Mark Hahn, Qualys

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
New features are being added to Kubernetes which allow for roots of trust to be specified for applications on a cluster. These mechanisms are being added as “trust bundles” (or trust anchor sets). We demonstrate the updates to our previous work in creating convenient mechanisms to provide certificates to every pod, allow pods access to them and use them for mutual authentication. Our work leverages work being done by the cert-manager project, the SPIFFE project and KEP-3257 for trust anchor sets to automate the creation of TLS certificates for every pod and establish patterns for mTLS. Finally, we compare and contrast this to current methods for providing cluster communication security (service meshes) and present areas for refinement. This is a significant rework of our previous presentation and software to work with changes to the Kubernetes Ecosystem as the concepts have been refined and evolved.

avatar for Ted Hahn

Ted Hahn

Site Reliability Engineer, TCB Technologies, Inc
Ted Hahn is an SRE for hire working on planet-scale distributed systems.
avatar for Mark Hahn

Mark Hahn

Solutions Architect, Qualys
Mark Hahn is Qualys’s Solutions Architect for Cloud and DevOps Security. In this role he works with Qualys’s clients to ensure that cloud applications and infrastructure are secure and reliable. Mark uses DevSecOps and Site Reliability Engineering practices to ensure that software... Read More →

Wednesday February 1, 2023 4:40pm - 5:15pm PST
Room 609
  Architecture + Identity + Multi-tenancy + Isolation