In your application’s Dockerfile you write: “FROM alpine:latest” and “RUN apk add –no-cache ca-certificates”. You’ve just trusted over 250 root certificates from hundreds of institutions. Any one of them could issue a certificate to impersonate your secret store, another service, even the base OS’s update service. Any one of them could have their root key compromised. Do you trust them all? You just did. Trust root management is a critical, but often overlooked component of security in cloud native. Service meshes often require custom trust roots, air-gapped services can ignore public CAs entirely, but the picture isn’t always so simple. In this presentation we’ll discuss how cert-manager helps to solve this problem with trust, an open source project to distribute root CAs, and how you can use other open source tools to understand who it is you’re trusting.
|Event||Kubernetes Community Days UK 2022|
|Speaker||Josh van Leeuwen & James Laverack|