oz123
commented
1 year ago Can you do this talk in Novemeber? That would be a bit short term, but I would love to see it!
Open m1ghtym0 opened 1 year ago
oz123
commented
1 year ago Can you do this talk in Novemeber? That would be a bit short term, but I would love to see it!
m1ghtym0
commented
1 year ago @oz123 Of course! Glad you like it:-) What day is the meetup planned for in November?
oz123
commented
1 year ago Probably one of these: 15/11, 16/11, 22/11 or 23/11
@meyerjom Can we check with the CoWo am Joseph Platz?
m1ghtym0
commented
1 year ago Alright, 16/11 would be perfect. I can't do 15/11, but 22 and 23/11 would also work. Let me know once you've settled the date:-)
Confidential computing is a relatively new technology that allows one to keep workloads encrypted and isolated in memory during processing. If used correctly, confidential computing can shield workloads from the underlying cloud. It's the first technology that effectively prevents data access from the cloud provider and its employees, co-tenants, and hackers coming through the infrastructure.
Constellation is an open-source K8s distro/engine that applies the confidential-computing concept to entire K8s clusters. Constellation ensures that all data in the cluster is always encrypted---at rest, in transit, and at runtime. Constellation also provides hardware-rooted "whole cluster" attestation with which the integrity of a cluster can be verified remotely.
Operations-wise, Constellation is very much vanilla K8s and should work with existing tooling. It's easy to set up and the security features are largely transparent to the DevOps engineer. To run, Constellation requires the availability of "Confidential VMs", which are available in Azure, GCP, and elsewhere.
In this talk, I'll introduce confidential computing, discuss the motivation behind Constellation, discuss the exciting use cases, give an overview of its architecture, and show a live demo.