Case Study: IBM achieves trusted container image security with Kubernetes and Notary

Building an Image Trust Service on Kubernetes with Notary and TUF

IBM needed a way to ensure the authenticity and integrity of container images for its Kubernetes-based cloud services, including IBM Cloud Private Kubernetes Service and IBM Cloud Container Service. The company wanted enterprise customers to be confident that the Docker images they deployed had not been tampered with, but at the time there was no native, consistent secure signing and verification mechanism across the container ecosystem.

Kubernetes helped IBM implement an image trust service using Notary, an open source implementation of TUF, enabling Docker Content Trust for image signing and verification. With this solution, IBM could enforce security policies for container deployment through its admission controller, improving trust in container images and strengthening its cloud-native security posture. IBM also contributed back to Notary, including a CouchDB backend for persistent storage.

Open case study document...

IBM

Michael Hough

Software Developer

Kubernetes

55 Case Studies

Case Study: IBM achieves trusted container image security with Kubernetes and Notary

Building an Image Trust Service on Kubernetes with Notary and TUF

IBM

Kubernetes

Was it helpful? Rate this case study:

Thank you for your feedback.