Sentima at Kubecon Europe 2023 in Amsterdam
Last week, I had the incredible opportunity to attend and present at KubeCon Europe 2023 in Amsterdam, one of the premier events in the cloud native computing world. The conference brought together professionals and enthusiasts from around the globe to discuss the latest advancements in Kubernetes, container technologies, and cloud native computing. Sentima is a new, but our team has been working with SPIFFE for over five years now so there was a lot to talk about!
SPIFFE, or Secure Production Identity Framework For Everyone, aims to provide a flexible and secure identity framework for workloads in modern, heterogeneous environments. At Sentima, we’re building our next-generation cloud security product using SPIFFE as a foundation.?
?There were a number of extraordinary presentations from SPIFFE creators and users:
- Josh van Leeuwen presented a new integration between SPIFFE and AWS IAM Roles Anywhere, using their cert-manager project as glue. Watch it here.?
- Frederick Kautz, member of the SPIFFE Steering Committee and co-chair of the conference, delivered a keynote presentation on the goals and potential pitfalls of zero trust. Watch it here.?
- Alexa Nicole Griffith and Zhenni Fu presented on applications of SPIFFE and Istio at Bloomberg. Watch it here.?
- James Callaghan and Richard Featherstone presented on threat modeling in a SPIFFE/OPA context. Watch it here.
- Idit Levine from Solo.io talked about Gloo Fabric, Solo.io’s new service mesh product that uses SPIFFE as the security layer. We’re proud to have been part of Gloo Fabric since the beginning. Watch it here.?
- We hosted a SPIFFE booth that had a constant stream of visitors, all day during each day of the conference. Thanks to our volunteers for helping to keep the booth staffed. We also gave away over 100 copies of the SPIFFE Book and hosted a signing event with several of the authors!
- JetStack hosted a panel discussion on SPIFFE with members from the community. While the panel wasn’t recorded, a blog post about similar topics from Matt Bates at JetStack is here.?
- Last but hopefully not least, Andrés Vega and I presented a maintainer talk on SPIFFE and SPIRE progress. I’m really proud of how many topics we were able to cover in such a short period of time. The room was packed! Watch it here.?
Of course, there were plenty of other security-related presentations worth attending at Kubecon.?
- If you’ve been to a few Kubecons, you’ve probably seen the brilliant and engaging work on hacking Kubernetes from Ian Coldwater, Brad Geesaman, and their crew of merry hackers.? This time, they turned their attention to the properties of container security scanners. Watch it here.
- A project near to our hearts, In-toto, is closely related to what we’re working on at Sentima. In-toto provides contextual security for binaries (not for network connections). Aditya Sirish A Yelgundhalli did a great update on In-toto. Watch it here.?
- Thijs Ebbers and Diana Iordan from ING Bank talked about their work on zero-privilege security for banking applications. While they didn’t mention SPIFFE specifically, we think it would be a good fit. Watch it here.?
- Liz Rice joined a conversation with SiliconAngle about the future of Kubernetes security in general. Watch it here.?
- For the first time, CNCF hosted a Security Unconference for informal, spontaneous group discussions about security. By nature, these weren’t recorded, but several of the sessions were about SPIFFE.?
- Matt Jarvis and Andrew Martin did an incredible high-level presentation on the past, present, and future of infra security. What a great way to sum up the conference! Watch it here.?
There’s a long road ahead!
While SPIFFE and SPIRE are already successful projects, they’re just the beginning of what we’re working on at Sentima. We’re excited to show our fanatical community what we’re working on next!?