Migrating an existing enterprise PKI to Kubernetes can be daunting — there are so many moving parts to achieving trust across boundaries! From bootstrapping certificates to terminating TLS at the ingress level, all the way down to securing communication between workloads, supporting identity management quickly becomes non-trivial. In this session, members of the cert-manager and Linkerd teams will show you how to combine the two projects to manage identity while providing mTLS between your workloads, greatly reducing the burden on platform teams. You’ll learn how to integrate with a CA from an external PKI, and use it to bootstrap zero-trust across all cluster boundaries.
Flynn is a technology evangelist at Buoyant. He works on spreading the good word about Linkerd, the graduated CNCF service mesh that makes the fundamental software security and reliability tools freely available to every engineer, and about Kubernetes and cloud-native development in general. He is also the original author of the Emissary-ingress API gateway, a CNCF project.
Flynn's career in computing spans nearly forty years and runs the gamut from bringing bare metal up through distributed applications, with a common thread of communications and security throughout. He has spoken about Linkerd, Emissary-ingress, and other cloud native technologies at several conferences including KubeCon/CloudNativeCon, DevOps Days, and the NYC Kubernetes meetup.
Cloud Native Computing Foundation
Linux Foundation (CNCF)