Our Journey of Implementing TLS at Scale for Services on Kubernetes

Tuesday, October 29, 2019 - 11:45 am12:30 pm

Tilottama Gaat and Akshay Chitneni, VMware


TLS is the industry standard for encrypting communication between endpoints, however there are unique challenges to implementing TLS in a microservice environment. For example, you may have hundreds of microservices running on multiple environments, how do you provision and disburse TLS certificates in a scalable way, while causing least disruption to uptime? How do you easily manage day 2 operations of those TLS certificates such as certificate renewal or revocation? In this talk, we present Diploma, our Vault based Certificate generation system and Chancellor, a Kubernetes controller that disburses certificates to workloads using Kubernetes API, providing certificates for 40+ microservices in production and serves 2000+ certificates a day in development and test environments.

Tilottama Gaat, VMware

Tilottama Gaat has been a software development engineer for the past 11 years, working on different SaaS products. At VMware, she is working on building infrastructure that supports 40+ services in production.

Akshay Chitneni, VMware

Akshay Chitneni is a software engineer on the cloud services infrastructure team. He focuses on developing tools and services that help run the core services in more reliable and secure way.

@conference {240822,
author = {Tilottama Gaat and Akshay Chitneni},
title = {Our Journey of Implementing {TLS} at Scale for Services on Kubernetes},
year = {2019},
address = {Portland, OR},
publisher = {{USENIX} Association},
month = oct,