Session Name: Simplifying and Securing the DevX Experience With Buildpacks & Cosign
DevSecOps teams love containers! It is a foundational technology that can improve development velocity, operational efficiency and reduce risk. However, realizing these outcomes can be a challenge especially if you have containers built by hand or with disparate processes across your engineering teams. The most proven solution for building application images is using Dockerfile which requires some amount of manual effort. These homegrown containers build pipelines start showing rough edges as container usage scales into the hundreds and thousands, making a developer's or an end user's life miserable as dockerfile-based containers are hard to productionize and scale. This also has a security impedance in the supply chain which has to be taken care of. Developers struggle to maintain complicated dockerfiles, while operations teams face ongoing challenges to track the myriad dependencies and OS patch levels across a container fleet. In this talk, I am going to present an approach to simplifying the developer/devops experience through Buildpacks, more precisely with 'kpack' on a cloud-native platform (Kubernetes) together with image verification and identification through Cosign.
Suman is a Senior Cloud Native Architect at VMware. He is a consultant and advisor for the Tanzu Kubernetes platform, helping customers and users in their journey of app modernization, adoption, and cultural shift with DevOps best practices. Suman is a distinguished speaker in many Open Source community Meetups and global Tech Conferences. He has delivered talks around Devops, Cloud-Native tools, Kubernetes, Serverless on Open Source Summit (Linux Foundation), Hashitalks (HashiCorp), Devops India Summit, Docker India Meetup, and many more. His hobbies include traveling, biking, and exploring different cultures and food ;)