Loading…
In-person
18 April 2023
Learn More

The Sched app allows you to build your schedule, but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023, and have an All-Access pass in order to participate in the sessions.

The KubeCon + CloudNativeCon Only virtual pass is still available. With this pass you get all the fantastic content you’ve come to expect from KubeCon + CloudNativeCon but from the comfort of your own home!  *Observability Day + CiliumCon will be available via livestream on the virtual platform, all other co-located events recordings will be available 24-72 hours post-event on the CNCF YouTube channel.

Thank you to our CiliumCon livestream sponsor, Isovalent and our Observability Day livestream sponsor, Lightstep! Join the conversation on Cilium Slack.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

To view the full event schedule for a specific CNCF-hosted Co-located event, you can use the right-hand navigation bar to sort and filter.

The schedule is subject to change.
Back To Schedule
Tuesday, April 18 • 15:20 - 15:45
Cloud Native Deployments in Air Gapped Environments - Thomas Fricke, Freelancer

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Deploying applications in critical infrastructure is challenging. On the one hand the new generations of energy transmission grids, health care, ambulance, police, firefighter communication and other government services need the cloud native applications. On the other hand, for security and safety, the threat model including attacks by foreign governments forbids the use of public clouds and enforces deployments on isolated clusters. Every package in every image, every helm chart must be checked. With ArgoCD, Harbor, Trivy and a light weight Git solution based on Gitea the speaker has proposed a solution where Security Configuration Management (SCM) can be established within a few steps and security in depth can be enforced on third party suppliers. As all components can check signatures, supply chain security can be established from the package level to deployment. The solution is used in several clusters aiming for the highest level of security. The technical solution is easy, the talk also describes the processes implement monitoring and alerting if new CVE in existing applications occur, which must not be stopped. https://github.com/thomasfricke/notebooks-management-cluster
Speakers
avatar for Thomas Fricke

Thomas Fricke

Cloud Security Architect, Freelancer
Thomas Fricke has been working with containers and Kubernetes for 9 years, with Linux and networks for 30 and with computers for 40. His focus is on security in KRITIS environments (energy, health care) and the all the transformations that are necessary to turn these environments... Read More →

Cloud Native Deployments in Air Gapped Environments pdf
Tuesday April 18, 2023 15:20 - 15:45 CEST
Elicium Building | Elicium Ballroom 1 [Argo CD]
  ArgoCon, CD Track- Security Practice and Enforcement