Difficulty: Intermediate
Estimated Time: 60-85 minutes

KubeCon Barcelona 2019 Secure Delivery Workshop

As the complexity of cloud architecture increases and the focus shifts more towards security, your organization faces new challenges when managing applications, services, and the cloud infrastructure itself. In particular, how do you ensure that you trust the code that's running in your production environment, that it's vulnerability free, and that it hasn't been tampered with by malicious third parties? You can build automation into your delivery pipelines to ensure that your infrastructure is kept secure against these threats.

In this workshop, you'll set up a simple delivery pipeline using Harbor, configure vulnerability scanning using Clair, and use content trust through Notary and Portieris to be sure that you're pushing the same image to your cluster.

Getting help

If you're completing the steps for this workshop in the scheduled session at KubeCon+CloudNativeCon EU 2019, feel free to ask the presenters for assistance or for more information about a particular section.

If you're completing the steps at the conference, but outside the slot, the friendly faces at the IBM Cloud booth have contact information for the speakers and can pass on your questions.

If you're not at KubeCon+CloudNativeCon, or you're finishing this workshop after the conference, you can contact the speakers by using the #container-registry channel in the IBM Kubernetes Service Slack.

Conclusion

In this workshop, you have configured a delivery pipeline to verify that images are vulnerability free, and that the content of the image is what you expect. These assurances allow you to deploy container images to production with increased confidence.

Project homepages

We've used a bunch of open-source tools in this tutorial. You can find the project page for each one below.

Harbor

Clair

The Update Framework

Notary Project

Portieris

Kubesec

Kubernetes Secure Deployment

Step 1 of 5

Getting started

Please wait while we set up your cluster. This should only take 2-3 minutes. Once the script completes and a terminal prompt appears, your cluster is configured and you can get started.

Click Continue to start the workshop.