Most services built in 2022 make use of TLS to prove their identities and to encrypt their network traffic; as such, obtaining TLS certificates using tools like cert-manager is standard practice.
Getting the certificate is only part of the problem, though: the client needs to know how to validate the server’s identity and must make a decision on whether to trust the certificate presented by the server.
Many services rely on operating system vendors or container base images to solve this problem, but can we do better?
This talk will look at the concepts of trust in TLS, discuss how trust works in Kubernetes and will introduce the trust-manager tool from the cert-manager project which aims to solve the other half of the TLS handshake!
|Event||KubeCrash Fall 2022|