Policy-Based Governance for End-to-End Integrity Control of Policies - Yuji Watanabe, IBM Research & Jayashree Ramanathan, Red Hat

less than 1 minute read

Abstract

Open Cluster Management (OCM) is a CNCF sandbox project aimed at simplifying and streamlining multi-cluster and multi-cloud management of Kubernetes environments. OCM policy framework simplifies complex and time consuming processes to meet enterprise standards for security and regulatory compliance requirements. The integrity of policies is critical because any modification, maliciously or accidentally, can negatively impact your cluster. This talk describes how you can manage the integrity of the policy resources using the OCM policy framework. We will use manifest signing to protect the integrity of policies. To enable signing, secret values such as the signing key or some sort of access credentials managed on Vault are securely delivered to the signing pipeline by using the policy with a new function called templated secret. The secret values are embedded into the policy and delivered from the hub to the cluster in an encrypted form, and decrypted at the clusters. Admission control to enforce signature verification of policy resources at the cluster is also enabled by using the policy.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Policy-Based Governance for End-to-End Integrity Control of Policies - Yuji Watanabe, IBM Research & Jayashree Ramanathan, Red Hat

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google