Home Blog Weeknotes Search

Using SPIFFE and OPA to Authenticate and Authorize Workloads

Slides

Link (PDF)

Repo

Link

Video

Link

Abstract #

What’s the highest value platform feature you can offer your Kubernetes tenants? It might be standardizing workload identity and policy controls. In this session, we will discuss desirable properties for a workload identity and present a modern architecture built on SPIFFE and cert-manager which uses Open Policy Agent (OPA) for policy decisions. This should leave you with actionable ideas to help you re-evaluate your workload identity functionality and security posture.

Photos #

photo of myself giving the talk photo credit: Greg Brown

photo of myself giving the talk at EIC photo credit: Anders Eknert

photo of myself giving the talk photo credit: DevSecOps London

photo of myself giving the talks photo credit: Salman Iqbal

Events

2023-03-08 Cloud Native London March

2023-03-08 - London, UK
Links: Event Page Video

2023-05-11 EIC 2023

2023-05-11 - Berlin, DE
Links: Event Page

2023-05-17 DevSecOps London

2023-05-17 - London, UK
Links: Event Page

2023-06-09 Cloud Platform Engineering London

2023-06-09 - London, UK
Links: Event Page

QR Code QR Code for Using SPIFFE and OPA to Authenticate and Authorize Workloads
Acknowledgements