Exploring NRI for Automated CA Trust Injection - Tsuzuki Tsuchiya & Kento Kubo, LY Corporation

less than 1 minute read

Abstract

Large organizations use private CAs, but public container images lack their certificates. Today, fixing this means operators must manually build new images, or use Init Containers. However, manually installing these CAs in thousands of containers is complex and unreliable. In addition, many OS and programming languages often installs certificates differently. We will demonstrate a novel approach using the Node Resource Interface (NRI) to automatically inject private CA certificates into every relevant container upon startup. This eliminates per-pod customization, enforces organization-wide trust policies, and streamlines operations for secure, large-scale Kubernetes deployments without modifying base images. Attendees will learn how NRI can solve real-world security and operations challenges and we’ll explore the potential of NRI as the new extension point for automating tasks.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Exploring NRI for Automated CA Trust Injection - Tsuzuki Tsuchiya & Kento Kubo, LY Corporation

Abstract

Video

Share on

You May Also Enjoy

The Shared Service Blueprint: A Guide to Multi-Tenancy, Illustrated With KEDA - Aya Igarashi, Preferred Networks, Inc.

Tailor Made: Dynamic Fine-Grained Authorization for API Traffic - Erica Hughberg, Tetrate & Andres Aguiar, Okta

SPIFFE Meets OAuth: Federated Identity for Cloud Native Workloads - Yoshiyuki Tabata, Hitachi, Ltd.

SB💣💣M: Making SBOMs Play Together - Jacopo Bufalino, CNAM & Agathe Blaise, Thales SIX GTS France