In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Friday, May 20 • 16:00 - 16:35
Multi-Cloud Workload Identity With SPIFFE - Jake Sanders & Charlie Egan, Jetstack

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Within a single cloud provider, accessing secured APIs using your own workload identity is simple. Cloud SDKs used by application developers know how to retrieve identities and credentials from the cloud environment for each workload based on its context. A cloud administrator can then assign permissions to these identities which allow access to the required APIs. This is seamless for developers - simply calling an API in their code just works, while behind the scenes the network call is cryptographically authenticated / authorized. Unfortunately for the user, this identity is cloud-specific. With few alternatives, this often leads to long-lived credentials being mounted into workloads instead. This is less secure and harder to use. This presentation will show an alternative solution which combines features of open source CNCF projects Kubernetes, cert-manager, cert-manager-csi-driver-spiffe, cert-manager-trust and spiffe-connector to expand your SPIFFE trust domain to any cloud.

Click here to view captioning/translation in the MeetingPlay platform!

avatar for Charlie Egan

Charlie Egan

Senior Software Engineer, Jetstack
Charlie has been working with containerization tech for many years, and currently works on the product team at Jetstack. They are currently working on policy and security in the Kubernetes ecosystem, having recently contributed to cert-manager's approver policy and OpenPolicyAgent... Read More →
avatar for Jake Sanders

Jake Sanders

Senior Software Engineer, Jetstack
Jake has been working with Kubernetes since approximately version 0.8, and is now one of the maintainers of the cert-manager project. They are currently interested in all things identity, open source and X.509.

Friday May 20, 2022 16:00 - 16:35 CEST
Auditorium 1A | Event Center Feria Valencia