Suraj Deshmukh has been working with Kubernetes since the release of v1.3. Currently he works for Microsoft as a Senior Software Engineer in the Azure’s AKS team with focus on the confidential compute specifically Confidential Containers upstream project. Suraj is an active member of the upstream confidential containers community and is also involved in the in-person community events in Seattle area.
Data encryption is not a solved problem today, at least not fully. Data is either stored, transmitted, or processed. We have solved data encryption for data at rest and data in transit. But the data is still decrypted and stored in plain text while it is being processed. Enter confidential computing technology, that stores data encrypted in memory. Confidential computing technology allows data to be encrypted in memory. This feature is enabled by the processor itself.
Kubernetes has become the de-facto platform for running cloud-native applications. This talk delves into the CNCF-sandbox project confidential containers and how it is bringing the confidential compute technology to the Kubernetes. The talk also goes on to showcase how cloud-native applications can add another layer of security using confidential compute. This technology can protect workloads against certain kinds of attack vectors pertaining to virtualization, hypervisors, host operating systems, etc. because all the underlying layers of the application stack are now out of trust boundary, now you only trust the processor without worrying about what happens to the intermediate layers.
Further the talk will discuss numerous ways to use confidential containers with Kubernetes and end with a demo that displays using confidential containers on Kubernetes deployed on a public cloud. The demo will showcase an artificial intelligence model deployed for image inferencing.