Wednesday, September 19 • 1:30pm - 2:15pm
Secure GitOps Pipelines For Kubernetes In JenkinsX
Feedback form is now closed.
The fundamental principle of GitOps is managing your entire stack through declarative, configuration files, managed in source-control. Changes to infrastructure and application code are managed the same way - pull requests and code review.

This session will focus on using Jenkins X and Grafeas to secure your Kubernetes CD pipeline and supply chain. Through examples, we will show how to extend the default Jenkins X build pipelines with steps to manage container image security, CVE detection and source provenance. Similar to Kelsey Hightower's "Kubernetes The Hard Way", this session will focus on setting up a secure pipeline from scratch, explaining each step in detail along the way.

The goal of this talk is for DevOps engineers to understand how all of these pieces (Kubernetes CRDs, Jenkins X, Grafeas can be combined into a secure system driven by pull requests (GitOps) that meets any organizational culture and processes.

avatar for Dan Lorenc

Dan Lorenc

Dan Lorenc is a Staff Software Engineer at Google, where he's been working in the PAAS-space for 6 years. He currently manages a team focused on building open source tools to improve the container/Kubernetes developer experience. Previously he founded projects such as Minikube, Skaffold... Read More →

Wednesday September 19, 2018 1:30pm - 2:15pm
Golden Gate Ballroom B