Our Journey of Implementing TLS at Scale for Services on Kubernetes

Tuesday, October 29, 2019 - 11:45 am12:30 pm

Tilottama Gaat and Akshay Chitneni, VMware


TLS is the industry standard for encrypting communication between endpoints, however there are unique challenges to implementing TLS in a microservice environment. For example, you may have hundreds of microservices running on multiple environments, how do you provision and disburse TLS certificates in a scalable way, while causing least disruption to uptime? How do you easily manage day 2 operations of those TLS certificates such as certificate renewal or revocation? In this talk, we present Diploma, our Vault based Certificate generation system and Chancellor, a Kubernetes controller that disburses certificates to workloads using Kubernetes API, providing certificates for 40+ microservices in production and serves 2000+ certificates a day in development and test environments.

Tilottama Gaat, VMware

Tilottama Gaat has been a software development engineer for the past 11 years, working on different SaaS products. At VMware, she is working on building infrastructure that supports 40+ services in production.

Akshay Chitneni, VMware

Akshay Chitneni is a software engineer on the cloud services infrastructure team. He focuses on developing tools and services that help run the core services in more reliable and secure way.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {240822,
author = {Tilottama Gaat and Akshay Chitneni},
title = {Our Journey of Implementing {TLS} at Scale for Services on Kubernetes},
year = {2019},
address = {Portland, OR},
publisher = {USENIX Association},
month = oct

Presentation Video