Image Signing and Runtime Verification at Scale: Datadog's Journey

This talk details Datadog's approach to implementing image signing and runtime verification at scale within their complex Kubernetes environment. Facing challenges from a diverse technology stack and extensive infrastructure, Datadog developed a service-oriented signing approach using gRPC and integrated verification directly into the containerd runtime. The presentation covers the rationale behind eschewing traditional admission controllers, the custom signature format, and the benefits of this architecture for security and reliability.