Loading…
In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, October 13 • 11:00am - 11:35am
Hardening the Kubernetes Software Supply Chain Through Better Transparency - Adolfo García Veytia, uServers; Verónica López González, Digital Ocean; Nabarun Pal, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Software supply chains are gaining increasingly complex nowadays, especially when it is about deploying cloud native environments securely. After refactoring the Kubernetes release process over the past years, SIG Release efforts have shifted towards three main areas of work. In this talk, Verónica, Nabarun, and Adolfo will cover all of them in-depth: * Starting with Kubernetes v1.22, every release includes an SPDX Bill of Materials describing the source code, binaries, and all published images. * Automatic verification of the integrity and consistency of release artifacts as part of the Kubernetes Release process. * Digital signing of released artifacts and signature verification of upstream images. In the final part of the presentation, the speakers will demonstrate some of the tools that SIG Release has created, which can be leveraged today by the community in other projects, too.

Speakers
avatar for Nabarun Pal

Nabarun Pal

Senior Member of Technical Staff, VMware
Nabarun is a Senior Engineer at VMware working on the upstream Kubernetes project. Nabarun contributes to various Special Interest Groups like API Machinery, Architecture, Contributor Experience, CLI, Release and Testing in the community and focuses on forward-looking features in... Read More →
avatar for Verónica López González

Verónica López González

Software Engineer, Digital Ocean
avatar for Adolfo García Veytia

Adolfo García Veytia

Staff Software Engineer, Chainguard
Adolfo García Veytia (puerco) is a software engineer with Chainguard, Inc based in Mexico City. He is a Technical Lead with Kubernetes SIG Release, recently acting as Branch Manager for the 1.21 and 1.22 releases. He actively works on the Release Engineering team, specializing in... Read More →


Wednesday October 13, 2021 11:00am - 11:35am PDT
Room 501 ABC + Online