The fundamental principle of GitOps is managing your entire stack through declarative, configuration files, managed in source-control. Changes to infrastructure and application code are managed the same way - pull requests and code review.
This session will focus on using Jenkins X and Grafeas to secure your Kubernetes CD pipeline and supply chain. Through examples, we will show how to extend the default Jenkins X build pipelines with steps to manage container image security, CVE detection and source provenance. Similar to Kelsey Hightower's "Kubernetes The Hard Way", this session will focus on setting up a secure pipeline from scratch, explaining each step in detail along the way.
The goal of this talk is for DevOps engineers to understand how all of these pieces (Kubernetes CRDs, Jenkins X, Grafeas can be combined into a secure system driven by pull requests (GitOps) that meets any organizational culture and processes.
Ещё видео!