Securing Cloud-Native Workloads: Hands-On with Notary Project, ORAS, and Ratify

95 min watch

Meet the Cast

David Flanagan HOST

David Flanagan

@rawkode

Weekly Cloud Native insights

Stay ahead in cloud native

Tutorials, deep dives, and curated events—no fluff.

In the cloud-native ecosystem, maintaining a secure software supply chain for cloud-native workloads is essential. This session will provide real-world examples of how to use open-source tools Notary Project, ORAS and Ratify to ensure the integrity and authenticity of cloud-native workloads on Kubernetes.

  • Background
  • Why ensuring integrity and authenticity?
  • End-to-End sign and verification experience
  • CNCF project Notary Project intro
  • CNCF project Ratify intro
  • CNCF project ORAS intro
  • Set up environment
  • Prepare your container images
  • Sign your container images
  • Publish your container images and signatures to production
  • Set up Ratify and policies
  • Deploy your container images on K8s and check results
  • What’s next

Related Videos

Kubernetes Disaster Recovery
19:17

Kubernetes Disaster Recovery

[object Object][object Object]
Flatcar Linux: A Modern OS for the Always-On Infrastructure
51:20

Flatcar Linux: A Modern OS for the Always-On Infrastructure

Platform Engineering: Asking "Why"? with Evelyn Osman
43:56

Platform Engineering: Asking "Why"? with Evelyn Osman

 Today we had some long conversations about Arc Bash and the future of scripting as well as platforms and the rise and fall of Kubernetes.

Hands-on with Headlamp: The Kubernetes UI
59:07

Hands-on with Headlamp: The Kubernetes UI

Join us as we explore Headlamp — an extensible, user-friendly Kubernetes UI. We’ll walk through installing, configuring, customizing, and using it in real time.