diff --git a/README.md b/README.md index cb313c2..b55e359 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# @niggl/kubecon25 +# @niggl/cnsmunich25 -My experiences at Cloud Native Rejekts and KubeCon + CloudNativeCon Europe 2025 in London. +My experiences at Cloud Native Summit 2025 in Munich. ## Quickstart 🐳 diff --git a/content/day1/09_confidential.md b/content/day1/09_confidential.md new file mode 100644 index 0000000..d374e0b --- /dev/null +++ b/content/day1/09_confidential.md @@ -0,0 +1,58 @@ +--- +title: Building a Confidential AI Inference Platform on Kubernetes +weight: 9 +tags: + - security + - ai +--- + + + + +> Felt a bit like a showcase of their product's architecture - not bad, just nothing really to take home + +Backgrund: How do we protect the data flowing into and out of our ai models? + +## Goals + +- Cloud based interference api +- E2E Encryption +- E2E Attestation + +## Encryption Mechanisms + +- Idea: Combine data at rest with data in transit and data in use encryption (encrypted memory) +- Attestation: CPU has a private key and issues certificates + +## Confidential Containers + +- Traditional: Full VM-based isolation +- Kubernetes: Advanced contaoiner isolation using virtual sockets and much more +- Implementation: Frameworks like contrast + +### Threat model + +- Isolated: Container +- Shared: Kubernetes, Hypervisor, Cloud Infra, Hardware + +### Architecture + +```mermaid +graph LR +User +User-->|Accesses with trust|AICode +User-->|Key exchange|SecretService-->|Key exchange|AICode +Manifest-->|Configure|ContrastCoordinator +subgraph Cluster + ContrastCoordinator(Contrast Coordinator) + ContrastCoordinator-->|Verify|Worker + subgraph Worker + AICode(AI Code) + AttestationAgent + end + AICode-->|Accesses|GPU + AttestationAgent-->|Verify|GPU + SecretService +end +ContrastCoordinator-->|Attest|User +```