KubeCon + CloudNativeCon North America 2019

Zero Trust networking and secure authentication are hot topics in security team meetings all over the world. But how do you actually get started? The open-source SPIFFE and SPIRE projects are your foundation for building ridiculously secure software, even between multiple clouds and clusters.

In this talk, we will guide you through five practical applications with the open-source SPIFFE and SPIRE projects, including automatic authentication and mutual TLS encryption between:

workloads on two different clouds,
a workload in a virtual machine and an Istio cluster,
a container in a Google Container Engine cluster and Amazon Web Services
a workload in a Kubernetes cluster and a MySQL database
a workload in a Kubernetes cluster and a Hashicorp Vault cluster
a workload in a Kubernetes cluster and an API gateway

And we’ll do all of this without any annoying passwords, API keys, or secrets.

This talk focuses on real, practical examples of the SPIFFE and SPIRE projects. It assumes no prior knowledge of them, though some passing familiarity with Kubernetes will be helpful.