►
From YouTube: Where Are Your Images Running? Stop Worrying and Start Encrypting! - Brandon Lum & Harshal Patil
Description
Don’t miss out! Join us at our upcoming events: EnvoyCon Virtual on October 15 and KubeCon + CloudNativeCon North America 2020 Virtual from November 17-20. Learn more at https://kubecon.io. The conferences feature presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Where Are Your Images Running? Stop Worrying and Start Encrypting! - Brandon Lum & Harshal Patil, IBM
Container image signing has made it possible for cluster operators to cryptographically verify that images are trusted. However, the same cannot be said of whether the nodes that run these images are trusted to view and use the contents of these images. This can be particularly important if compliance requires knowledge of WHERE a container image is running. In this talk, we will show how DevOps, trust bootstrapping, and key management, in conjunction with container image encryption can achieve geofencing of execution. We will demo the new encrypted container images worker node model in containerd and cri-o working in such a context. In addition, we will explore how to bootstrap node trust, from simple setups to advanced key distribution using HW Root of Trust/TPM technologies like Keylime. At the end, one should be able to “create an image only be usable by clusters in the EU region”.
https://sched.co/Zepc
A
There
are
several
reasons
why
this
would
matter.
First,
there
is,
if
our
container
contains
confidential
code
trade
secrets,
for
example,
top
secret
trading
or
military
algorithms.
We
wouldn't
want
our
code
to
be
accidentally
run
in
data
centers.
We
don't
own,
you
know
also
even
in
someone's
basement,
for
example.
A
The
second
is
for
compliance
reasons
and
highly
regulated
industries
like
financial,
federal
and
healthcare.
For
these
industries
they
go
even
a
step
further.
They
not
only
require
the
container
workload
to
be
tied
to
a
physical
location,
but
they
also
want
to
ensure
that
the
underlying
technology
stack
of
the
machine
is
attested
and
approved.
A
And
finally,
the
last
is
for
things
such
as
export
control
or
to
enforce
other
legal
regulations.
So
this
is
exactly
the
problem
we're
going
to
talk
about
today.
How
do
I
tie
compute
execution
of
my
container
to
a
specific
location,
and
this
is
also
called
execution
geofencing
and
by
the
end
of
the
talk
today,
we're
going
to
learn
how
to
do
this
with
containers.
A
A
So
what
is
container
image
encryption?
So
this
is
an
effort
that
started
almost
two
years
ago.
It
basically
allows
the
ability
to
encrypt
a
container
image.
The
process
of
this
is
fairly
simple.
On
the
left
hand,
side
during
the
build
stage,
we
add
an
encrypt
step
and
during
the
run
time
we
add
a
decrypt
step,
so
between
build
and
runtime
the
container
remains
encrypted.
A
A
A
B
A
A
So
on
the
right
here,
I'm
gonna
copy
and
as
this
public
key
and
I'm
gonna
paste
it
in
here
and
I'm
gonna
build
an
image
for
alice.
So
this
is
a
really
simple
image.
It's
a
busy
box
that
just
cuts
out.
This
is
an
encrypted
image
for
alice
and
we
are
gonna
use.
The
builder
tool
to
build
this
image
so
builder,
but
is
kind
of
like
docker,
build
it,
takes
the
docker
file
and
builds
an
image
and
we
are
going
to
push
this
image
to
docker
hub.
A
So
in
this
case
we
have
to
add
additional
flag
here
to
pass
in
as
decrypt
the
private
key.
We
have
decryption
key
flag
and
then
we
say
add
this
private
key.pm
and
what
this
is
going
to
do
now
is
it's
going
to
successfully
download
and
decrypt
the
image
we
can
then
go
ahead
on
addison's
workstation.
We
can
run
the
image
by
using
portman,
which
is
kind
of
like
docker
run,
and
we
can
see
that
it
is
running
the
encrypted
image
that
we
have
created.
A
A
A
A
So,
let's
take
a
look
at
this
now
we're
going
to
show
how
the
address
can
take
the
encrypted
image
from
earlier
and
run
it
on
the
kubernetes
cluster.
So
the
setup
here
we're
using
is
very
simple.
It's
a
mini,
cube
setup
with
the
container
runtime
cryo,
and
what
we're
going
to
do
first
is
to
install
the
operator
that
we
talked
about
which
will
synchronize
the
keys.
A
A
B
A
A
A
So
if
we
generalize
this
right
as
his
key
mentioned,
what
does
key
management
do
for
us?
So
key
management
says
that
a
certain
key
x,
for
example,
in
this
case
x,
is
alice's.
Private
key
is
only
accessible
by
a
set
of
entities
e
where
e
in
this
case
is
addison's,
workstation
and
as
kubernetes
cluster.
A
A
Key
management
says,
I
can
say,
a
key
x
is
only
accessible
by
entities
e,
and
so,
if
we
put
this
together,
we
can
get
the
statement
that
says
the
container
workload
is
only
decryptable
on
the
particular
entities
e,
and
this
is
exactly
geofencing,
because
if
entities
e
may
be
a
set
of
workers
in
a
particular
location,
that
would
be
able
to
allow
us
to
do
a
fancy
execution
awesome.
So
now
that
we
have
this
capability,
harsha
will
show
you
how
we
can
use
this
enterprise
scenario.
B
B
B
B
So
I
have
a
simple
docker
file
here.
I
just
want
to
make
sure
that
this
sample
workload
only
runs
on
the
cluster
that's
running
inside
european
union.
So
let's
build
this
using
build
now,
once
it's
built,
you
can
use
the
same
builder
command
to
encrypt
this
image
using
a
public
key
once
it's
encrypted.
It
can
only
be
decrypted
using
this
private
key.
So
it's
very
important
that
you
copy
this
private
key
to
the
worker
nodes.
B
B
B
B
B
It's
running
right,
that's
good!
So
now
now
that
we
have,
we
are
able
to
download
the
image
and
decrypt
it
and
run
it
successfully.
Let's
see
what
happens
if,
if
the
cluster
that
doesn't
have
this
required,
private
keys
tries
to
run
this
container
image
so
on
the
us
cluster
I
have
this.
I
can
run
the
same
workload
which
refers
to
the
same
image
that
we
just
built
here
in
european
for
the
european
union
cluster.
Let's
see
if
we
try
to
run
it
here,
what.
B
B
B
So
the
error
says
that
none
of
the
private
keys
could
be
used
for
decryption.
It
means
that
this
cluster
is
not
able
to
use
this
image
because
it
doesn't
have
the
required
private
keys
and
this.
This
is
how
we
are
able
to
prevent
the
cluster
running
in
us
from
using
the
image
that
was
built
for
running
the
for
from
running
the
cluster
that
is
running
inside
european
union.
B
B
B
B
B
A
A
A
A
A
How
do
we
kind
of
get
to
the
next
step
in
being
able
to
bootstrap
trust
into
our
container
platform,
and
this
is
something
that
we
want
to
continuously
work
on,
and
we
would
like
to
be
engaged
with
this,
so
we
have
a
repository
here
that
we
we've
created
so
that
people
can
join
into
the
discussion.
So
please
do
feel
free
to
come
and
engage
with
us.
A
A
A
B
Oh
well,
can
you
hear
me?
I
think
I
have
sorry
I
wasn't
mute,
so
must
images
be
decrypted
in
order
for
static
vulnerability
scanners?
There's
a
question
from
casper
came
in
casper
kramer
about.
If
you
need
to
use
the
scanning
tools
like
trivia
or
claire,
do
you
need
to
decrypt?
And
yes
I
mean
so
the
way
it
would
work?
Is
you
you
can
when
you
encrypt
the
image
you
can
have
a
multiple
recipients.
B
So
let's
say
I
encrypt
the
image
that
I
need
to
run
on
my
cluster
and
then
I
can
add
the
a
private
key
that
I
will
associate
with
the
clear,
for
example.
So
when
the
when
you
know
your
build
pipeline,
you
will
be
able
to
that
clear
instance
will
be
able
to
decrypt
the
image.
Do
your
scanning
and
no,
it
can
go
ahead
with
that.
So
that
way,
you
don't
have
to
disclose
this
image
to
everyone
except
your
instance
where
you're
running
the
scanning.
B
A
A
Do
I
need
to
have
different
private
keys
to
be
able
to?
Can
I
use
different
private
keys
for
different
machines?
If
I
want
to
or
can
does
the
image
is
an
image
only
tied
to
a
single
private
key
and
the
answer
is
you
can
use
different
private
keys?
You
can
encrypt
an
image
for
multiple
using
multiple
public
keys,
and
this
is
kind
of
like
an
approach
that
we
were
thinking
about
in
terms
of
how
one
will
use
this
for
scanning
service.
A
So,
for
example,
a
service
like
trivia
or
cloud
or
something
would
expose
a
public
key,
and
if
you
trust
the
service,
you
will
encrypt
your
image
both
for
your
hardware
as
well
as
for
the
for
the
scanning
services
that
you
trust.
That
is
one
way
to
do
it.
There
are
a
couple
other
approaches
to
this,
so
what
the
image
encryption
is
also
done
on
a
layer
level.
A
So
what
you
could
do
is,
for
example,
if
your
confidential
code
is
only
a
small
portion
of
the
entire
image
right,
because
we
serve
the
operating
system
because
of
the
middleware.
You
could
also
leave
your
middle
middleware
operating
system
layers
decrypted,
because
there's
no
confidential
material
that
and
only
encrypt
your
topmost
layer.
A
B
B
Yep
yeah,
we
have
a
question
for
philip
village
about
what
is
the
benefit
of
using
asymmetric
keys
here
instead
of
symmetric
keys,
so
the
symmetric
keys
are
we
do
use
symmetric
keys
to
encrypt
the
layers?
We
just
wrap
them
in
a
sigmetric
keys
so
that
you
can
have
recipients
for
that.
So
brandon.
You
want
to
add
in
that.
A
No,
I
think
you
said
it
pretty
well,
we
use
both
of
them.
We
didn't
go
to
the
spec
over
here,
but
if
you,
if
you
go
to
the
we
have
a
couple
links
in
the
last
slide,
some
of
them
and
if
you
want
to
download
the
presentation,
there's
a
couple
links
there.
The
spec
will
contain
more
detail
about
how
we
use
both
symmetric
for
the
data
and
this
we're
using
asymmetric
jets
for
the
key
wrapping
and
key
delivery.
B
A
A
Okay,
there's
a
question
for
alejandro
about
other
manufacturing
conflict
files
also
encrypted
so
right
now
only
the
layers
are
being
encrypted.
We
had
a
lot
of
conversations
about
encrypting
the
conflict
as
well.
It
seems
like
there
are
some
technical
challenges
in
terms
of
how
a
lot
of
the
tooling
is
written,
where
the
code
paths
are
not
are
not
kind
of
similar
to
the
layers.
So
we
started
off
with
layers
conflict.
Is
conflicts
are
kind
of
from
the
roadmap
manifests
we
weren't.
A
We
couldn't
really
figure
out
the
use
case
for
manifest
conflict.
We
definitely
think
it
should
be
encrypted.
What
we
are,
what
the
next
step
for
this
is
we're
actually
proposing
this
encryption
scheme
at
the
ocr
artifacts
level.
So
what
this
would
mean
would
be.
You
could
encrypt
any
oci
media
type
right,
so
you
could
have.
If
you
had
a
manifest,
you
could
have
layers
and
then,
if
there
are
new
oci
media
types,
it
would
just
be
a
suffix.
B
B
That
kind
of
answers
the
question
ron
chitaro
has:
is
there
any
signature
details
in
image
manifest
that
can
be
read
by
admission
controller?
You
know
when
you,
if
you
can
fetch
the
image,
and
if
you
read
the
layers,
the
layers
will
be
tagged
as
not
as
these.
It
will
be
tagged
and
then
enc
will
be
at
the
end
of
it.
A
Yeah
and-
and
I
I
would
say
that
this
will
be
used
in
tandem
with
any
signing
solutions
like
doctor
content,
trust
overhead,
simple
signing
just
because
we
are
only
the
encryptions-
are
really
focused
on
the
integrity
of
the
the
granular
level.
Blobs
like
the
layers,
but
in
terms
of
like
the
entire
manifest
and
the
provenance.
We're
not
really
looking
at
that.