In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, October 13 • 11:00am - 11:35am
Hardening the Kubernetes Software Supply Chain Through Better Transparency - Adolfo García Veytia, uServers; Verónica López González, Digital Ocean; Nabarun Pal, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Software supply chains are gaining increasingly complex nowadays, especially when it is about deploying cloud native environments securely. After refactoring the Kubernetes release process over the past years, SIG Release efforts have shifted towards three main areas of work. In this talk, Verónica, Nabarun, and Adolfo will cover all of them in-depth: * Starting with Kubernetes v1.22, every release includes an SPDX Bill of Materials describing the source code, binaries, and all published images. * Automatic verification of the integrity and consistency of release artifacts as part of the Kubernetes Release process. * Digital signing of released artifacts and signature verification of upstream images. In the final part of the presentation, the speakers will demonstrate some of the tools that SIG Release has created, which can be leveraged today by the community in other projects, too.

avatar for Nabarun Pal

Nabarun Pal

Staff Software Engineer, VMware
Nabarun is a Staff Software Engineer at VMware, a maintainer of the Kubernetes project, an elected Kubernetes Steering Committee member, and a Kubernetes SIG Contributor Experience chair. He is a Release Manager for Kubernetes and has been the Kubernetes 1.21 Release Team Lead. Nabarun... Read More →
avatar for Veronica Lopez

Veronica Lopez

Software Engineer, PlanetScale
Verónica is a distributed systems engineer, currently serving as a tech lead for Kubernetes SIG Release.
avatar for Adolfo García Veytia

Adolfo García Veytia

Staff OSS Engineer, Chainguard
Adolfo García Veytia (@puerco) is a software engineer with Chainguard, Inc. He is one of the Kubernetes SIG Release Technical Leads., actively working on the Release Engineering team. He specializes in improvements to the software that drives the automation behind the Kubernetes... Read More →

Wednesday October 13, 2021 11:00am - 11:35am PDT
Room 501 ABC + Online