Difficulty: Intermediate
Estimated Time: 60-85 minutes

KubeCon Barcelona 2019 Secure Delivery Workshop

As the complexity of cloud architecture increases and the focus shifts more towards security, your organization faces new challenges when managing applications, services, and the cloud infrastructure itself. In particular, how do you ensure that you trust the code that's running in your production environment, that it's vulnerability free, and that it hasn't been tampered with by malicious third parties? You can build automation into your delivery pipelines to ensure that your infrastructure is kept secure against these threats.

In this workshop, you'll set up a simple delivery pipeline using Harbor, configure vulnerability scanning using Clair, and use content trust through Notary and Portieris to be sure that you're pushing the same image to your cluster.

Getting help

If you're completing the steps for this workshop in the scheduled session at KubeCon+CloudNativeCon EU 2019, feel free to ask the presenters for assistance or for more information about a particular section.

If you're completing the steps at the conference, but outside the slot, the friendly faces at the IBM Cloud booth have contact information for the speakers and can pass on your questions.

If you're not at KubeCon+CloudNativeCon, or you're finishing this workshop after the conference, you can contact the speakers by using the #container-registry channel in the IBM Kubernetes Service Slack.


In this workshop, you have configured a delivery pipeline to verify that images are vulnerability free, and that the content of the image is what you expect. These assurances allow you to deploy container images to production with increased confidence.

Tutorial assets

If you want to use any of the configuration files that we've used in this tutorial, you can find them in this Github repo.

Project homepages

We've used a bunch of open-source tools in this tutorial. You can find the project page for each one below.



The Update Framework

Notary Project



Kubernetes Secure Deployment

Step 1 of 6

Getting started

Please wait while we set up your cluster. This should only take 2-3 minutes. Once the script completes and a terminal prompt appears, your cluster is configured and you can get started.

Click Continue to start the workshop.

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]