A presentation about implications and headaches we're facing when we want to provide Confidentiality in a Cloud Native Environment.
Kubernetes has been transformative not onlyfrom the technical point of view, but also by introducing processes that democratized dealing with infrascture to some degree. To Enable developers to deploy their workloads independently required segmenting responsibilities of operating and using the cluster. The personas of Cluster Admin and API Users (and various shades in this spectrum) have been introduced to ensure teams can collaborate in a shared compute environment in safe and reliable manner. A multitude of extensions, tooling and processes have been introduced to protect a Kubernetes environment from malicious or erronous workloads (supply chain security).
However, typically this model is still very much hierarchical: Cloud Service Providers (CSP) serve compute and control plane components which are then administered By Cluster Operators (CO) who configure the security and compliance boundaries in which Users can operate. Confidential Computing is challenging this model. The notion of rusted execution environments and trusted parties, which may exclude the CO and most likely the CSP turns a rigid pyramid of privileges into a more messy, bi-directional picture. We want to discuss some of the conceptual and technical challenges that we currently identifiy for Confidential Computing in a Cloud Native environment and review ongoing, practical efforts to reconcile both domains.
Speakers: Magnus Kulke