If your application accepts network connections, you need to know with confidence who is on the other end. If your application is composed of many microservices, it pays to take a managed approach to this identity question.
Identity is a foundational but complex component of secure systems. This talk provides a conceptual overview of how workload identity is established with a focus on practical application. In this talk Mike and Spike will compare and contrast some different options for establishing identity in your Kubernetes cluster.
We will explore recent work in the Kubernetes Container Identity working group and discuss patterns and pitfalls in case studies like Istio and SPIFFE. You'll learn how to decide between these different approaches and how to go about integrating them into your cluster and your application.
Spike Curtis is a software developer at Tigera. He co-leads the Istio Security Working Group and is a contributing author of SPIFFE specifications. He is also a core developer for Calico.
Mike is a software engineer at Google. He has worked on Kubernetes and GKE for over 7 years and is currently the lead of the GKE Identity, Policy Enforcement, and Regulated and Compliance teams. He is a chair and TL of the Kubernetes Auth Special Interest Group. He develops and maintains... Read More →