Airgapped container orchestration
Abstract:
For many environments, it is taken for granted that the internet is always accessible and available. This also applies to many container platforms. But what if this is not desirable from a security perspective?
In this presentation, I will delve into an environment where this is the case and where multiple security zones play a role. I will discuss a workflow where OCI images, Helm charts, Git repositories, etc. are selectively replicated in a way that never requires a (direct) connection from a secure zone to the internet.
I will also discuss the use of certificates in such environments because container images are often not familiar with their own root CA.
During this presentation, I will also discuss a number of open-source products and the reasons for choosing them. For the technically inclined, everything will be substantiated with examples of configurations on how to do this, but this is not a requirement.
Speaker:
I was here first. Then came Unix, the internet, and Linux. With every advancement, I’ve always been deeply interested in the latest technology, and that hasn’t changed. My current focus is on designing and implementing secure, air-gapped container platforms that are managed primarily from a GitOps perspective. I’ve been doing this for quite some time for various government and semi-government organizations.