TNS
VOXPOP
What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
0%
Super-fast S3 Express storage.
0%
New Graviton 4 processor instances.
0%
Emily Freeman leaving AWS.
0%
I don't use AWS, so none of this will affect me.
0%
Kubernetes

Pancakes at Kubecon + CloudNativeCon EU: All About SPIFFE and SPIRE

May 10th, 2018 1:52pm by
Featued image for: Pancakes at Kubecon + CloudNativeCon EU: All About SPIFFE and SPIRE


#161: Pancakes At Kubecon + CloudNativeCon EU: All About SPIFFE And SPIRE

To do cloud-native computing, you need to identify all your workloads, and, more importantly, they need the ability to identify each other, so they can work together in automated chains. To aid in this task, the Cloud Native Computing Foundation has adopted the open source SPIFFE specification and its associated SPIRE runtime. SPIFFE provides a standard for securely identifying software components in heterogeneous IT systems and SPIRE is the engine that can make it happen (and, in this setup, CNCF’s Open Policy Agent [OPA] can enforce the authorization duties).

If you feel all this is a bit much to take in, then you are not alone. For our latest “pancakes and podcast” edition of the The New Stack Analysts — recorded live at the Kubecon + CloudNativeCon Europe 2018 on May 3 — we focused our panel discussion on SPIFFE, and the room was filled with those curious about this topic (and/or hungry for delicious pancakes).

We discussed the specification, and its associated SPIRE runtime could do to help secure microservices, as well as the broader security implications for identity management in the cloud-native era. Panelists included Krishna Ganugapati, VMware vice president of R&D for cloud native applications at VMware; Andrew Jessup, Scytale Head of Product; Maya Kaczoworski, Google Product Manager; Tom Petrocelli, Amalgam Insights Analyst; and Andreas Zitzelsberger, QAware principal software architect.

In this Edition:

4:07: What have been the concepts we’ve been working within traditional IT environments?
14:56: Exploring service mesh projects such as Istio
23:51: Running SPIFFE on multiple clusters
33:49: Identity as a complex problem in security
39:04: Addressing SPIFFE as a specification and formal verification
42:08: What is the community doing to ensure the security of Kubernetes features

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.