Nixing challenges of Kubernetes packaging with Nix

Software supply chain management (SSCM) systems should provide software bill of materials (SBOM) and auditability as well as scanning for vulnerabilities and licensing conflicts. Furthermore, it should offer flexible configuration options and the ability to define comprehensive specifications e.g. for regulatory compliance and every change should undergo a quality assurance (QA) process. These requirements are addressed by Nix, a functional language and package manager allowing to create reproducible, declarative, and reliable builds. We present a packaging of Kubernetes manifests based on Nix and show how this enrichs the features of SSCM and improve reliability and operational safety.

Vorkenntnisse

The audience should have basic knowledge of the Kubernetes API and be familiar with managing Kubernetes workloads. Experience with package management systems and software supply chain is helpful, as well as structured data formats and functional programming languages.

Lernziele

This talk shows the advantages of packaging Kubernetes manifests. These result in higher transparency of software supply chain management (SSCM) and a potential enrichment of its feature sets. Furthermore, we demonstrate potential improvements in reliability and operational safety. The presented concept is part of the SSCM and system development life cycle (SDLC) product by SysEleven, which will be published under a FOSS license.