May 20, 2022

Securing K8s releases (KubeCon EU 2022) (Ship It! #53)

1 hour 7 minutes

Today we are at KubeCon CloudNativeCon EU 2022, talking to Adolfo García Veytia about securing Kubernetes releases. Adolfo is a Staff Software Engineer at Chainguard, and one of the technical leads for SIG release, meaning that he helps ship Kubernetes. You most likely know him as Puerco, and have seen first-hand his passion for securing software via SBOMs, cosign and SLSA. Puerco’s love for bikes and Chainguard are a great match 🚴‍♂️

Join the discussion

Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

MongoDB – An integrated suite of cloud database and services — They have a FREE forever tier, so you can prove to yourself and to your team that they have everything you need. Check it out today at mongodb.com/changelog

FireHydrant – The reliability platform for every developer. Incidents impact everyone, not just SREs. FireHydrant gives teams the tools to maintain service catalogs, respond to incidents, communicate through status pages, and learn with retrospectives. Small teams up to 10 people can get started for free with all FireHydrant features included. No credit card required to sign up. Learn more at firehydrant.io

Sentry – Working code means happy customers. That’s exactly why teams choose Sentry. From error tracking to performance monitoring, Sentry helps teams see what actually matters, resolve problems quicker, and learn continuously about their applications - from the frontend to the backend. Use the code SHIPIT and get the team plan free for three months.

Chronosphere – Chronosphere is the observability platform for cloud-native teams operating at scale. When it comes to observability, teams need a reliable, scalable, and efficient solution so they can know about issues well before their customers do. Teams choose Chronosphere to help them move faster than the competition. Learn more and get a demo at chronosphere.io.

Featuring:

Adolfo García Veytia – GitHub, LinkedIn, X
Gerhard Lazu – Website, GitHub, LinkedIn, X

Show Notes:

KCCNCEU 2022: Make the Secure Kubernetes Supply Chain Work for You - Adolfo García Veytia, Chainguard

KCCNCEU 2022: Releasing Kubernetes Less Often and More Secure - The SIG Release Update - Adolfo García Veytia & Carlos Panato, Chainguard; Sascha Grunert, Red Hat; Stephen Augustus, Cisco

Kubernetes signals massive adoption of Sigstore for protecting open source ecosystem

kubectl plugin for signing Kubernetes manifest YAML files with sigstore

CLI utility to generate SPDX-compliant Bill of Materials manifests

Something missing or broken? PRs welcome!

...more

View all episodes

By Changelog Media

4.4

2929 ratings