 Hi, everyone. My name is Christine and I'll be talking about effortless mutual authentication with Sillium. So I kind of want to take a step back first and look at the state of security and how things have been evolving. So with the shift to containerization, security has become a large concern for a lot of organizations. Red Hat released this report where a lot of their teams are concerned that they're not taking security adequately enough. And so this quote from this report really stood out. And one of the best ways to overcome investment in adoption gap is investing into cloud-native tools with security baked in, rather than it being an add-on. And this is one of Sillium's core principles with being such a strong CNI. And it's really exciting because with Sillium, now we have mutual authentication, which was released in Sillium 1.14. And so, sorry, it's really early in the morning. I'm already showing you YAML. But, you know, don't stare too closely. This is a Sillium network policies. And the only thing I really want to highlight is the transparency of how easy it is to enable mutual authentication. You just have to add two lines of code to your YAML. So let's go to the business reasons of mutual auth and encryption and the why. So let's say that pods with identity A want to communicate with pods with identity B. Some questions should arise to your mind before the connection is made. So who are you? How can I trust who you say you are? Are you even allowed to be communicating with each other? Like, is this okay? And then lastly, is encryption enabled? And so with mutual auth and encryption, there is now that trust. So we have Spiffy Spire now being leveraged in Sillium 1.14, which establishes that chain of trust. So now we have strongly cryptographic identities being attested for. And we have X509 certificates. And so it's kind of that logical mapping of the Sillium ID, which is something you're probably familiar with if you've used Sillium before. Mapping over to the Spiffy ID. And now we also have network policies. This is also something that's been around Sillium. So hopefully you just are familiar with it if you've used it before. And then lastly, encryption. This is something also that Sillium has been offering with WireGuard and IPsec. It's a little flag that you just had to enable when you install Sillium. These slides are online. So you don't have to take pictures. I do see people taking pictures rapidly. Your phones will fill up very quickly. But it's a marathon, not a sprint. So please check out the slides afterwards if you want to read more about it. And so now we're just going to take a high overview, look at what's happening. So with Sillium 1.14, when you enable mutual authentication, you also get a Spire server now deployed. And there's also Spire agents deployed on your notes. So similar to the Sillium agent residing on each of your notes. When you deploy this, their certificates, the X509 certificates are also deployed. And so Identities A with Identities B, if there is a communication that is wanting to be instantiated, Sillium agents on each node and the attestation has to start. So with the Sillium network policy, when that agreement starts, there's also the handshake that has to begin. And so once that is attested for and you can check your certificate and then your counterpart certificate, communication can now flow over the wire. And also the Spire agent automatically regenerates certificates on your behalf. So you don't have to worry about that, which is really nice because humans are forgetful. And so now it's time for a demo. I think it's the first one of the day that's going to be somewhat live. So in a galaxy far, far away, the Empire has decided to enable mutual authentication in their cluster because, you know, they're trying to step up, they're trying to be better about their org and they want to enable handshakes now between the Death Star from their TIE fighters while not allowing connection from the Alliance's X-wings. So they know that they have a couple steps that they want to start off with. First, they have to install Sillium 1.14 with Mutual Auth enabled. And then they're going to deploy a Sillium network policy with Mutual Auth, those two lines of YAML. And then we're going to check out the flows with Hubble. All right. So this is painfully small. So can I even tape in this? Hold on one second with me. Maybe this will not be a live demo though. But luckily I came prepared and I have screenshots. So, and they were hidden. Ha ha. So there's an easy installation method with this. You just have to do Helm install with specifying the version 1.14. And then you just have to add those two flags of setting the Aspire enabled to true and the installation to true. And then after that is deployed, you have a Sillium network policy. Again, some YAML, I really apologize. And you just have to have authentication mode required there. And then once that's deployed, you can try curling against from your X-wing and your TIE fighters to the Death Star and each one will, one will pass the TIE fighters and the X-wings will fill. And so you can see with the Hubble flow afterwards that there is now the Aspire that is now inside the flows. So that is a really easy, painless, transparent process for enabling Mutual Auth authentication within the Empire's org. I guess I'm just going to continue. You can see my slide notes on the side there. But, you know, after that not so live demo, you can learn more and get more involved. So there is this Sillium issue that is open. And this feature is in beta. Help us help you make Sillium better. We would love if you tried it out, give feedback, get involved. If you have any questions, go into Slack as well or get involved. There's some other sessions that go more into the nitty-gritty and maybe these demos will actually be live in these sessions and not like this one. So check out the schedule and stay tuned for that. And lastly, there's also the Sillium open source experience center. So check that out. It's not running today. It starts tomorrow in the KubeCon floor and there's also the open source pavilion. So stop by the Sillium booth. And with that all being said, happy KubeCon.