The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
Frome Zero to DevOps Superhero: The Container Edition
1. 1S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
From Zero to DevOps
Superhero
The Container Edition
Jessica Deen|Senior Cloud
Advocate
2. 2S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Before we
begin…
Disclaimer
@jldeen- [ ] -# D E E N O F D E V O P S
What to
expect in
the next 45
minutes…
3. 3S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
I n t e n t- [ ] -
This session was
specifically
designed to…
Get you
thinking
Get you
excited
Show you
what’s
possible
Offer
resources to
learn more
4. 4S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Life runs on code
5. 5S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Source
https://informationisbeautiful.net/visualizations/million-lines-of-code/
Urban traffic control system
5 million lines of code
Artificial pancreas
160K lines of code
Space shuttle
400K lines of code
Luxury car
120 million lines of code
6. 6S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Intelligent vehicle
Smart city
Smart devices
Digital life
Intelligent experiences
Digital factory
Smart home68
Connected retail
8. 8S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
D e v e l o p e r D e v e l o p e r D e v e l o p e r
9. 9S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
O p e r a t i o n s O p e r a t i o n s O p e r a t i o n s
10. 10S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
IT Stress Points
L E V E L S E T- [ ] -
Security InnovationEfficiency
11. 11S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
- Donovan Brown
What is DevOps?
D e f i n i t i o n- [ ] -
12. 12S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Why Containers?
C o m i n g t o g e t h e r- [ ] -
Developers
Enable ‘write-once, run-
anywhere’ apps
Enables microservice
architectures
Operations
Portability
Standardization
Abstraction
Higher compute density
Scale
DevOps
13. 13S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
What is a
container
?
N o t a r e a l t h i n g- [ ] -
14. 14S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
N o t a r e a l t h i n g- [ ] -
15. 15S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
N o t a r e a l t h i n g- [ ] -
16. 16S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
N o t a r e a l t h i n g- [ ] -
17. 17S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Virtualization vs.
Containerization
C o m i n g t o g e t h e r- [ ] -
Infrastructure
Host OS
Docker
Bins/L
ibs
Bins/L
ibs
Bins/L
ibs
App A App B App C
Contain
er
Infrastructure
Hypervisor
Bins/L
ibs
App A
Guest
OS
Bins/L
ibs
App B
Guest
OS
Bins/L
ibs
App C
Guest
OS
VM
Infrastructure
Host OS
Hypervisor
Bins/L
ibs
App A
Guest
OS
Bins/L
ibs
App B
Guest
OS
Bins/L
ibs
App C
Guest
OS
VM
18. 18S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Refresher on
container layers
C o m i n g t o g e t h e r- [ ] -
From: Alpine:3.8
f61792ba8979
a7183fb762a8
d31af33eb855
c220123c8472
d7b1189bf667
91e49dfb1179
Container Layer Read / Write
Image layers
Read only
19. 19S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
The Container
Advantage
B e n e f i t s- [ ] -
Fast
iteration
Agile
delivery
Immutability Cost
savings
Elastic
bursting
Efficient
deployment
For ITFor
developers
20. 20S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
F U N T I M E
DEMO
21. 21S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
What just happened?
C o m i n g t o g e t h e r- [ ] -
Kubernetes Pipeline
Kubernetes Repository
Build
Package
Deploy
22. 22S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
What is
Kubernete
s?
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
23. 23S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Reconciliation Loop
C o m i n g t o g e t h e r- [ ] -
24. 24S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Declarative Syntax
C o m i n g t o g e t h e r- [ ] -
25. 25S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
Release
Automatio
n
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
Kubernetes is hard.
Kubernetes is
complex.
Let’s simplify.
26. 26S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
27. 27S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
K.I.SS
Keep It Super
Simple
28. 28S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
29. 29S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
“The steps you take don't have to be big,
they just have to take you in the right
direction.” // Jemma Simmons
30. 30S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
What are my main
objectives?
31. 31S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
What are my indicators for
those objectives?
32. 32S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
What will my pipeline
look like?
• Compile
• Build/Push
• Scan
• Deploy to Dev
• Test/Gates/Etc.
• Promote to staging > QA > Prod
• Private Package Feed
• Private Repository
• XRay, Aqua
• CI/CD - Azure Pipelines,
Codefresh, Jenkins,
Travis CI, etc.
• Selenium, WhiteSource
Bolt, etc
• CI/CD - Azure Pipelines,
Codefresh, Jenkins,
Travis CI, etc.
33. 33S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
The foundation is the
same.
34. 34S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
Does this add value, or
does this add unnecessary
complexity?
35. 35S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
I t ’ s j u s t a w a f f l e- [ ] -
36. 36S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
Kubernetes Best
Practices
Build small
containers
- Multistage builds
Application
architecture
- Use Namespaces
- Helm charts
- RBAC
Implement health
checks
- Liveness / Readiness
Probes
37. 37S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
C o n t a i n e r O r c h e s t r a t i o n- [ ] -
Kubernetes Best
Practices
Set requests
and limits
Be mindful of
your services
- Map external
services
- Don’t rely on
load balancers
38. 38S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
H e l l o !- [ ] -
I am Jessica Deen
39. 39S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
aka.ms/jldeen/swampup19 SEARCH
40. 40S L I D E# D E E N O F D E V O P S @jldeen- [ ] -
THANK YOU
Editor's Notes
Kubernetes is a series of reconciliation loops that are constantly trying to reconcile the actual state toward the desired state specified by the declarative API