Signature Approved: Securing Kubernetes Workloads with Kyverno and AWS Signer

Описание: This session addresses critical security challenges in cloud-native application development and deployment, focusing on ensuring container image integrity and trust. We will explore how AWS services (EKS and ECR) can be seamlessly integrated with Kyverno, Notation, and AWS Signer to establish a secure, automated CI/CD pipeline. This integration ensures that only verified container images are deployed in Kubernetes clusters, protecting against unauthorized modifications. Attendees will learn how to configure AWS EKS to securely manage containerized applications and utilize AWS ECR for storing signed container images. The presentation will demonstrate the use of AWS Signer for signing container images and Notation for verifying signatures. Using Kyverno with the kyverno-notation-aws plugin, attendees will see how to enforce signature verification policies within Kubernetes, ensuring that only trusted images are allowed to run. This end-to-end approach showcases practical techniques for automating security workflows, enhancing compliance, and fortifying cloud-native security from image creation to deployment.

Bio: Batuhan Apaydın a.k.a. developer-guy has been very active in Software Supply Chain Security space. He is eager to learn more about it in all aspects because he know this topic will become one of the upmost critical topics that everybody has to be concerned. Towards that direction, he won the "Best Sigstore Evangelist" award and wrote a blog post about it to encourage to the next one and took an active role in first-ever SigstoreCon by being one of the Program Commitee members of the event and created a Twitter Community about Software Supply Chain Security and that community is now about 500+ people joined. He also tries to be active in the Turkey by organizing in-person, virtual meetups, workshops. He is the organizer of the two important organization in Turkey named DevOpsTr, CNCF Istanbul Chapter, Cloud Native Turkiye. He is also one of the organizers of the KCD Turkey. He is also an active contributor of several CNCF projects including ko, Flux, and Kyverno. He also enjoys writing technical blog posts and wrote 10+ blog posts and all of them are published on important official websites including Kyverno, CD Foundation, Flux, Sigstore, etc.

Koray Oksay works at Kubermatic as a Kubernetes Consultant and Trainer to help companies with their cloud-native journey. Before that, he worked for startup and enterprise companies in the advertising, banking, and telecom industries as SysAdmin, Application Admin, DevOps Engineer, and SRE for more than 20 years. He is a CNCF Ambassador and Kubestronaut.