Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon Europe in London from April 1 - 4, 2025. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at [ Ссылка ]
Dynamic Management of X509 Certificates Using Kubernetes Certificate Operator - Abhidnya Joshi & Senthil Ponnuswamy, Dell Technologies
Security is non-negotiable area and Kubernetes based environments are no exception! Usage of x509 certificates is the key thing. Be it K8s deployments in private or public cloud, ensuring availability of "right" X509 certificate for a service is very important. If this service is getting connected from external (apps/clients which are outside of K8s cluster) clients, this is even more important! But what is really the "right" x509 certificate and how can we ensure that is always remains "right"? Can we make corrections dynamically? Can we also ensure easy propagation of certificates imported from outside the cluster? Propagation of Certificate revocation lists to ensure services can deny revoked certificates?
This talk helps describe the strategy K8s based products can use to dynamically generate, make correction and propagation of X509 certificates within K8s cluster using K8s operator design pattern and makes use of well-known CNCF projects such as cert-manager and trust-manager.
