October 25, 2022 | Detroit, Michigan
View More Details & Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 - Detroit, MI + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (EDT), UTC -4. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Tuesday, October 25 • 11:35am - 12:00pm
Sigstore Or: How We Learned to Stop Trusting Registries and Love Signatures - Wojciech Kocjan & Tyson Kamp, InfluxData

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Presentation talks about how InfluxData added signing of container images to its SaaS offering that uses around 100 different container images, is deployed on dozens of Kubernetes clusters in all major clouds. It shows the process from the perspective of DevOps and security teams.

It starts off by answering the important questions - “why are we doing it?” and “what would we get when this is done?”.

Session covers the roadmap InfluxData has taken to move from not signing any images, having partial checks in place to all critical workloads requiring signed images.

The SaaS offering consists of over 50 microservices, whose images are built multiple times a day via CD/CD.

It also uses open-source images by other teams inside the company as well as images provided by other companies.

The session provides details as to how each group differs and gets signed.

Presentation gives technical details on some aspects of the implementation - i.e. adding secure signing of container images in multiple CI/CD systems, key management.

It shows plans for reacting to security issues with images - from regular key rotation to getting all image signatures updated and invalidating older public keys.

avatar for Wojciech Kocjan

Wojciech Kocjan

Senior Platform Engineer, InfluxData
Wojciech is an Engineer on the Deployments Team at InfluxData, focusing on automation of InfluxDB Cloud deployments across multiple public clouds and regions. He has a decade of experience working with multiple public clouds, and before that, worked in open source as a developer... Read More →
avatar for Tyson Kamp

Tyson Kamp

Security Architect
Tyson is an ISC2 Certified Software Security Lifecycle Professional (CSSLP), ISC2 Certified Cloud Security Professional (CSSP), and security architect and engineer. He has experience in application development in many environments and phases of development but has focused on security... Read More →

Tuesday October 25, 2022 11:35am - 12:00pm EDT
Room 430 A