《ZT-Workload-Identities-CloudNativeSecurityCon_2023.pptx.pdf》由会员分享,可在线阅读,更多相关《ZT-Workload-Identities-CloudNativeSecurityCon_2023.pptx.pdf(28页珍藏版)》请在三个皮匠报告上搜索。
1、Michael Peters-Red HatZero Trust Workload Identity in KubernetesZero Trust?Architectural Pattern Security applied at the asset level Not the location(network)ImplicitZero Trust?Zero Trust?MicroservicesBYODMulti-CloudAPIGatewaysServerlessZero Trust?SPIFFE?SPIFFE?Root of TrustSPIFFE?SPIFFE ID?spiffe:/
2、 ID?spiffe:/cluster-name/ns/ns/sa/service-accountSPIRE?SPIRE?SPIRE?SPIFFE+VaultSPIFFE+DatabasesService Mesh?SPIFFE+IstioSoftware Supply Chain?Tekton?SPIFFE+Tekton SLSA Level 3-Requires Non-Falsifiable Provenance TEP-0089-Proposes leveraging SPIFFE/SPIRE for workload identity and signingSigstore?SPIFFE+SigstoreSPIFFE+SigstoreKeylime?SPIFFE+KeylimeSPIFFE+KeylimeVerifierAgentPlease scan the QR Code aboveto leave feedback on this sessionThanks!