Confidential Computing Summit 2026

Kubernetes shares host kernels, network stacks, storage paths, and control planes across tenants. These shared primitives become attack surfaces when tenants cannot trust each other or the infrastructure operator.

We enumerate the threat surfaces in confidential Kubernetes deployments, from eBPF snooping and conntrack hijacking to hardware-assisted virtualization rootkits. We then present a production architecture that eliminates shared-trust assumptions by flattening the virtualization stack so every workload runs as a TEE-protected guest, gating all secrets, identities, and device access on a composite attestation chain, and wrapping each shared primitive in a hardened overlay for compute, network, storage, control-plane, identity, and observability.

Attendees will learn which Kubernetes primitives leak across tenant boundaries, how composite attestation closes those gaps, and practical steps toward true multi-tenancy in confidential Kubernetes deployments.