18 April 2023
Learn More

The Sched app allows you to build your schedule, but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023, and have an All-Access pass in order to participate in the sessions.

The KubeCon + CloudNativeCon Only virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home!  *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

Thank you to our CiliumCon livestream sponsor, Isovalent and our Observability Day livestream sponsor, Lightstep! Join the conversation on Cilium Slack.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

To view the full event schedule for a specific CNCF-hosted Co-located event, you can use the right-hand navigation bar to sort and filter.

The schedule is subject to change.
Back To Schedule
Tuesday, April 18 • 15:20 - 15:45
Cloud Native Deployments in Air Gapped Environments - Thomas Fricke, Freelancer

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Deploying applications in critical infrastructure is challenging. On the one hand the new generations of energy transmission grids, health care, ambulance, police, firefighter communication and other government services need the cloud native applications. On the other hand, for security and safety, the threat model including attacks by foreign governments forbids the use of public clouds and enforces deployments on isolated clusters. Every package in every image, every helm chart must be checked. With ArgoCD, Harbor, Trivy and a light weight Git solution based on Gitea the speaker has proposed a solution where Security Configuration Management (SCM) can be established within a few steps and security in depth can be enforced on third party suppliers. As all components can check signatures, supply chain security can be established from the package level to deployment. The solution is used in several clusters aiming for the highest level of security. The technical solution is easy, the talk also describes the processes implement monitoring and alerting if new CVE in existing applications occur, which must not be stopped. https://github.com/thomasfricke/notebooks-management-cluster

avatar for Thomas Fricke

Thomas Fricke

Founder, Freelancer
Working with Cloud Technologies in Critical Infrastructure (Energy, EU Transmission Grid Companies, Health Care, German Government Administration, Aero Space, ...)Kubernetes Security since 1.2 Free trainings available on GitHub https://github.com/thomasfricke/training-kubernetes-security Pro... Read More →

Tuesday April 18, 2023 15:20 - 15:45 CEST
Elicium Building | Elicium Ballroom 1 [Argo CD]
  ArgoCon, CD Track- Security Practice and Enforcement