2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf

•

1 like•461 views

The document discusses technical debt and strategies for managing it over time. It advocates for loose coupling between components using techniques like immutability, microservices, and standards. This distributes technical debt across teams and helps systems evolve more gradually over time like a tortoise, rather than taking on large debt quickly like a hare. The document recommends focusing on direction over speed and emphasizes the importance of stability, feedback, and continual learning to effectively manage technical debt.

Technology

The Hare
and the Tortoise
Raphaël Pinson | @raphink
Open Source, Standards & Technical Debt
Solutions Architect, Isovalent

Who am I
Raphaël Pinson
Solutions Architect @ Isovalent

The Hare & the Tortoise
Coupling & Immutability
Betting on the right Horse
Technical Debt
Haste vs Speed
Standards & Stability
Open Source, Standards & Technical Debt
Debt Dilution & Delegation

Technical Debt
Hard to monitor
Time to pay
- Evolves slowly from many small decisions
- Can go unnoticed for a long time
You might only realize debt when it’s time to pay
Technical decisions imply a hidden cost that will have to be
paid in the future in order to catch up with state-of-the-art
technology.

Standards
Lagging behind standards
My wheel is better than yours
Not Invented Here Syndrome
Keeping systems in place abiding to old standards

Open Source & Standards
Follow vs Influence
Avoid NIH by setting industry standards
When faced with a need:
- already existing?
- valid?
- implement
Most people have the same needs
New standard ⇒ public
- Stay ahead of the curve
- Set the new standard!

Coupling
Hard coupling / Monolith
Loose coupling / Microservices
- Monolithic systems are strongly coupled and hard to update.
- Their technical debt is also strongly coupled.
- Loose API between components
- Decorrelation of dependencies
- Distributes technical debt
Image:
Wikimedia
Commons
—
LuK
USA
LLC
/
Michael
Poehler
—
CC
BY
3.0

Immutability
Immutability encourages loose coupling
- No evolution of state (full replacement)
- Requires frequent changes
- Distributes technical debt
- VMs vs Containers vs Functions
Mutable systems
- State evolves with time
- Divergence vs Convergence vs Congruence

Public Cloud
Delegation of Technical Debt
One way to reduce debt
(at least its ownership)
⚠ Strong dependence on
Cloud APIs/features
Image:
Unsplash
—
Billy
Huynh
- local optimum
- global debt

Team Topologies
Conway’s Law
Code debt/ownership
Debt Dilution
Plan systems architecture, adapt teams
Ensure responsibility of debt management
and reduction
Distribute debt and associated mental
load between teams
Image:
XKCD

The Three Ways of DevOps
Flow / Systems Thinking
Amplify Feedback Loops
Culture of Continual Experimentation
& Learning
Decoupling software architecture from infrastructure lowers
risks of technical debt.
Involving Ops in architecture (+ feedback) helps lower coupling.
Definitely a tortoise approach to a race.

The right time to adopt
Image:
Craig
Chelius
—
CC
BY
3.0

Stability & Loose Coupling
Image:
Wikimedia
Commons
—
Emw
—
CC
BY-SA
3.0
Stability
- Standard interface
- Few changes in time
Loose Coupling
- Partial upgrades
- Delegation of Tech debt
- Configuration changes

eBPF
Highly efficient sandboxed virtual machine in the kernel,
making it more programmable at native execution speed.
Stability
eBPF is based on the OS (mainly Linux) kernel interface
Loose Coupling
eBPF can enhance application without specific instrumentation:
- observability
- security
- network
- tracing & profiling

Cilium & Friends
Cilium
- performance gains
(no need for iptables, bypass TCP/IP)
- simpler architecture
(e.g. no sidecar proxy for Service Mesh)
Tetragon
- observe & export kernel events
- act on events (e.g. SIGKILL)
Hubble
- fine-grained network observability
- exports to SIEM
- support for OpenTelemetry

eBPF resources
eCHO
eBPF YouTube podcast:
https://www.youtube.com/channel/UCJFUxkVQTBJh3LD1wYB
WvuQ
eBPF & Cilium Slack
http://slack.cilium.io/
eCHO News
Bi-weekly eBPF newsletter:
https://cilium.io/newsletter/

It’s not the speed
that matters,
it’s the direction.

The document discusses various pipeline patterns commonly used for continuous integration and continuous delivery (CI/CD) pipelines. It describes outcome-centric, button push, test automation, multiservice, multiservice environment, semi-approval, and full approval patterns. Each pattern discusses what it optimizes for, common use cases, and areas for improvement. The document provides guidance on designing pipelines to balance speed, safety, and repeatability.

Embracing Failure - AzureDay Rome

Alberto Acerbis

Unblocking Innovation for Digital Transformation

Amazon Web Services

The document discusses digital transformation and overcoming barriers to innovation for enterprises. It identifies common blockers such as culture, skills, organization structure, finance, leadership, and feedback systems. It then provides examples of how companies can address these blockers by focusing on areas like training, compensation, shifting from project-based to product-based teams, and moving from capital to operating expenditures. The document advocates for a pathway to digital transformation that emphasizes speed, scale, and strategic priorities through principles of cloud native architecture.

Enterprise Testing in The Cloud

Arun Pareek

Trends in Digital Transformation

Amazon Web Services

As industries digitally transform their existing business models to fend off competitors or disrupt new markets, they find their IT to be a limiting factor. In this session, we cover the trends of disruptions and opportunities of digital transformation, and the evolution of IT monoliths to microservices and now cloud native services. We also explore dependency management, or “lock in,” through a “choosing, using, and losing” mental model. Finally, we explore chaos architecture as an evolving method for exposing weaknesses before they become real problems.

Trends in Digital Transformation

Amazon Web Services

This document discusses trends in digital transformation for the public sector. It notes that the public sector faces major challenges like an aging workforce, technical debt, and security vulnerabilities. It advocates moving to a cloud-based infrastructure to address these challenges and unlock opportunities. This would allow improving services, workforce productivity, data utilization, and security while reducing costs. The document outlines a pathway for digital transformation involving adopting cloud-native architectures, distributed systems, and automation tools to improve agility, optimize costs, and accelerate innovation.

The document discusses deploying Blackboard learning management systems in a highly performant, scalable, and available manner. It covers key concepts around performance, scalability, and availability. It then discusses the drivers behind online learning growth and increasing user expectations. The rest of the document provides recommendations around deployment strategies that focus on flexibility, efficiency, adaptability, and reliability to ensure the continuous and optimal performance of Blackboard systems at any scale through virtualization, large memory allocation, distributed architectures, automation, and high-availability techniques.

2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...

Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS

Cloud computing is advancing public health by providing shared computing resources over the internet. It allows for data storage, processing, and access to resources in a secure and cost-effective manner. Public health agencies are using cloud platforms like AIMS to accelerate messaging solutions. While privacy and security are top concerns, cloud providers make large investments to strengthen security. Cloud computing provides benefits like reliability, efficiency, accessibility, and agility compared to on-premise systems. Public health agencies are adopting cloud solutions to reduce costs and improve operations.

Cloud forum-lessons-learned-20110405c-final

Mauricio Godoy

The document summarizes lessons learned from adopting open standards and cloud computing at North Carolina State University. It discusses how NCSU was able to break down silos and disrupt the status quo by focusing on business outcomes and operational ROI improvements. This allowed them to embrace change and increase control over spending. The summary also notes some insidious threats to cloud adoption like software licensing and security issues.

How to Build a Platform Team

VMware Tanzu

Five key emerging trends impacting Data Centers in 2016

Greg Stover

Audax Group: CIO Perspectives - Managing The Copy Data Explosion

actifio

Agile and continuous delivery – How IBM Watson Workspace is built

Vincent Burckhardt

A Tale of Contemporary Software

Yun Zhi Lin

This document summarizes a guest lecture at UNSW about contemporary software challenges and solutions. It discusses how technology can provide a competitive advantage if developed properly. It presents case studies of legacy systems that were difficult to change and scale, as well as examples of systems that used newer architectures like microservices. The lecture promotes approaches like test-driven development, REST, and self-organizing teams to build independent, scalable services.

Anything as a Service - Factors to Consider

snewell4

Winning People to DevOps

Matthew Skelton

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

The Linux Foundation

This document summarizes a discussion around enabling functional safety certification for the Xen open source hypervisor project. Key points discussed include: - Establishing a split development model with open and closed parts to balance community needs and safety requirements. - Developing reference implementations and stacks supported by multiple vendors to demonstrate safety certification feasibility. - Creating plans and processes around requirements, documentation, verification testing, and tooling integration to begin filling gaps for certification. - Addressing challenges around funding, resources, expertise, and maintaining contributions to ensure any initial work is sustainable long-term. - Taking an iterative, agile approach to make early progress while further securing necessary funding and support from interested parties.

From Technical Debt to Technical Health

Mikael Vesavuori

FINAL VER - 2015_09

Jesper Nielsen, MBA

The document discusses the evolution of data centers from traditional silo-based models to more flexible compute centers. It describes how early data centers had low utilization rates and high costs due to each system being contained separately without sharing resources. Newer hybrid and cloud-based models use virtualization, standardization, and automation to improve efficiency and reduce costs. The document argues that in order to remain competitive, organizations must continue adapting their data center services to new technologies and business needs such as analytics, mobility, and cloud computing. This will involve trends like fabric-based computing, opex models, private clouds, and a focus on security, sustainability, and business services rather than just infrastructure.

L'impatto della sicurezza su DevOps

Giulio Vian

Release Engineering Downstream of an OpenStack Project

Rainya Mosher

Presentation given at OSCON 2015 Open Cloud Day on 7/21/2015 For open source projects such as OpenStack, being able to effectively build, release, and deploy upstream code into a production environment is as much art as science. Using the experience gained from more than three years in OpenStack operations, we will share best practices and tools to create a sustainable and repeatable release engineering process for your own open source development needs. http://www.oscon.com/open-source-2015/public/schedule/detail/44790

AWS Public Sector Symposium 2014 Canberra | Putting the "Crowd" to work in th...

Amazon Web Services

"Cloud" computing provides significant advantages and enormous cost savings by allowing IT infrastructure to be provisioned as a ubiquitous, metered, unit priced and on demand service. However, the other major resourcing issue faced by CIO’s is the provision of skilled labour to develop, support and maintain a increasing wide range of IT applications. This session will show attendees how the worldwide pool of freelance developers, the "Crowd", can be utilised as a ubiquitous, metered, unit priced and on demand resource pool to work in the "Cloud" to improve responsiveness to customer demands, reduce development timeframes and achieve significant cost savings. Although the crowd can bring enormous benefits in terms of cost and agility, there are some technical and business barriers to adoption in large organisations. This presentation will discuss the barriers and, using some real examples, will explain how GoSource overcomes them.

Observability in serverless solutions

Leonardo Murillo

The document discusses foundational practices for achieving effective observability in serverless solutions. It recommends centralizing telemetry data to allow correlation across distributed systems. It also suggests leveraging native metrics from cloud services and taking a holistic view across all components involved in requests. Key practices include using structured metadata, pushing data rather than scraping, looking for patterns to define alerts, and using observability insights to automate limits and quotas. Tracing is identified as critically important for serverless applications.

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

Black Duck by Synopsys

In this session, we'll start with the basics of application security for an environment where development teams are able to push code into production at will. We quickly cover the basics and move on to the advanced topics of tests and models for long-term application security. We'll cover real-world Black Duck CI examples including keeping apps up-to-date in Pivotal Cloud Foundry environments, and end with tips for advocating for long-term security structures.

Enabling Fast IT using Containers, Microservices and DevOps Model

Cisco DevNet

This document discusses enabling fast IT using containers, microservices, and DevOps models. It provides an overview of containers and their ecosystem, use cases, and adoption trends. It then describes Contiv, an open source project that provides policy-based networking and storage for containerized applications. It discusses challenges around fast IT adoption and different consumption models. Finally, it concludes that containers will disrupt traditional virtualization and that Contiv provides tools to maintain policies in container infrastructure while embracing fast IT.

Doing More with Less: Product Features, Strategies, and Ideas to Weather

SolarWinds

To download a free 30-day trial of any SolarWinds Products: http://www.solarwinds.com/downloads/ Watch this webcast: http://www.solarwinds.com/resources/webcasts/doing-more-with-less.html Your agency or department is probably facing the tightest budget ever and while budgets are decreasing, demands only continue to increase. The only solution? Do more with less. In this webinar we will cover ideas, strategies, and product features designed to help you get the most from your IT investment.

Explore the World of Cilium, Tetragon & eBPF

Raphaël PINSON

Come explore the World of Cilium with us! In this workshop, you'll have the opportunity to discover about Cilium and Tetragon, and the kernel technology that makes them possible, eBPF. Through a collection of hands-on labs (available at https://labs-map.isovalent.com/) and the presenter's support, you'll be able to explore many topics covering Cloud Native Networking, Security, and Observability. In this gamified approach, you'll also be able to earn badges for completing labs. Whether you're a Platform Engineer, SRE, Network Engineer, SecOps Professional, Cloud Architect, and more, you'll certainly find subjects to explore in this session!

Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...

Raphaël PINSON

eBPF is used in several cloud native security tools. In this talk we’ll dive into demos and code to explore how eBPF can be used for the next generation of security enforcement tooling. This talk will cover: - Why enforcing NetworkPolicy with eBPF has been in place for years, but preventive security for applications has taken longer. - How Phantom attacks can compromise the use of basic system call hooks. - How other eBPF attachment points, such as BPF LSM, can be used for preventive security.

Similar to 2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf

071310 sun d_0930_feldman_stephen

Steve Feldman

2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...

Eduardo Gonzalez Loumiet, MBA, PMP, CPHIMS

Cloud forum-lessons-learned-20110405c-final

Mauricio Godoy

How to Build a Platform Team

VMware Tanzu

Five key emerging trends impacting Data Centers in 2016

Greg Stover

Audax Group: CIO Perspectives - Managing The Copy Data Explosion

actifio

Agile and continuous delivery – How IBM Watson Workspace is built

Vincent Burckhardt

A Tale of Contemporary Software

Yun Zhi Lin

Anything as a Service - Factors to Consider

snewell4

Winning People to DevOps

Matthew Skelton

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

The Linux Foundation

From Technical Debt to Technical Health

Mikael Vesavuori

FINAL VER - 2015_09

Jesper Nielsen, MBA

L'impatto della sicurezza su DevOps

Giulio Vian

Release Engineering Downstream of an OpenStack Project

Rainya Mosher

AWS Public Sector Symposium 2014 Canberra | Putting the "Crowd" to work in th...

Amazon Web Services

Observability in serverless solutions

Leonardo Murillo

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

Black Duck by Synopsys

Enabling Fast IT using Containers, Microservices and DevOps Model

Cisco DevNet

Doing More with Less: Product Features, Strategies, and Ideas to Weather

SolarWinds

Similar to 2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf (20)

071310 sun d_0930_feldman_stephen

2015 APHL Annual Meeting - Racing to the Clouds: How Cloud Computing is Advan...

Cloud forum-lessons-learned-20110405c-final

How to Build a Platform Team

Five key emerging trends impacting Data Centers in 2016

Audax Group: CIO Perspectives - Managing The Copy Data Explosion

Agile and continuous delivery – How IBM Watson Workspace is built

A Tale of Contemporary Software

Anything as a Service - Factors to Consider

Winning People to DevOps

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

From Technical Debt to Technical Health

FINAL VER - 2015_09

L'impatto della sicurezza su DevOps

Release Engineering Downstream of an OpenStack Project

AWS Public Sector Symposium 2014 Canberra | Putting the "Crowd" to work in th...

Observability in serverless solutions

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

Enabling Fast IT using Containers, Microservices and DevOps Model

Doing More with Less: Product Features, Strategies, and Ideas to Weather

More from Raphaël PINSON

Explore the World of Cilium, Tetragon & eBPF

Raphaël PINSON

Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...

Raphaël PINSON

ContainerDays Hamburg 2023 — Cilium Workshop.pdf

Raphaël PINSON

KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf

Raphaël PINSON

eBPF (extended Berkeley Packet Filter) is a powerful and versatile technology that can be used to extend observability in Linux systems. In this talk, we will explore how eBPF can be used to bridge the gap between dev and ops by providing a deeper understanding of the kernel and OS internals as well as the applications running on top. We will discuss how eBPF can be used to extend observability downwards by enabling access to low-level system information and how it can be used to extend observability upwards by providing application-level tracing capabilities.

Cloud Native Bern 05.2023 — Zero Trust Visibility

Raphaël PINSON

As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies. In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace. By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.

DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...

Raphaël PINSON

Révolution eBPF - un noyau dynamique

Raphaël PINSON

De KubeCon à ContainerDays, eBPF a le vent en poupe dans le monde Cloud Native. Mais de quoi s’agit-il, pourquoi cette technologie est-elle révolutionnaire, et qu’est-ce qu’elle peut m’apporter concrètement? À travers des exemples concrets appliqués aux domaines de l’observabilité, du réseau et de la sécurité, cette session explique les tenants d’eBPF et ses avantages concrets pour connecter et sécuriser les applications Cloud Native. Vous y découvrirez comment démarrer votre aventure avec eBPF, avec des outils vous permettant de bénéficier de ses super-pouvoirs en toute simplicité.

Cfgmgmtcamp 2023 — eBPF Superpowers

Raphaël PINSON

From KubeCon to ContainerDays, eBPF is trendy in the Cloud Native world. What is eBPF, and why is it revolutionary, and what can it bring to you specifically? Through concrete examples applied to observability, networking, and security, this talk will explain the principles of eBPF and its concrete advantages to connect and secure Cloud Native applications. This talk will explain what is eBPF, why it is revolutionary is several fields, give examples of tools using eBPF and what they gain from it, and open up to the future of that technology.

Cloud Native Networking & Security with Cilium & eBPF

Raphaël PINSON

This document summarizes a presentation about Cilium and eBPF. Cilium provides cloud native networking and security using eBPF. eBPF allows programs to run securely in the Linux kernel for networking, security, and observability. Cilium offers networking features like Kubernetes services, cluster mesh for multi-cluster connectivity, and platform integration. It also provides security using identity-based policies and API authorization. Observability features include flow visibility and service maps. Cilium can be used as a service mesh or with Tetragon for prevention capabilities without proxies.

SKS in git ops mode

Raphaël PINSON

Raphaël Pinson presented on implementing GitOps with the DevOps Stack. The DevOps Stack provides an opinionated Kubernetes stack that is deployed and managed using GitOps. It handles provisioning Kubernetes, integrating single sign-on, and managing observability tools through Argo CD. Argo CD syncs the cluster state with the desired manifests in Git, ensuring congruence. It also provides an interface for managing applications and templates. The DevOps Stack offers a standardized way to deploy common services and manage infrastructure as code.

The Hare and the Tortoise: Open Source, Standards & Technological Debt

Raphaël PINSON

The document summarizes key points from a presentation about open source, standards, and technical debt. It discusses how technical debt can go unnoticed but must eventually be paid back, and how following standards helps avoid issues related to not invented here syndrome. It also covers topics like loose coupling through immutability, team topologies as related to code ownership and debt dilution, and how public cloud can help delegate technical debt but introduce new dependencies. Throughout, it emphasizes that the important thing is not speed but direction when it comes to reducing technical debt over time.

Devops stack

Raphaël PINSON

YAML Engineering: why we need a new paradigm

Raphaël PINSON

Container Security: a toolchain for automatic image rebuilds

Raphaël PINSON

Containers and Kubernetes have revolutionized the way applications are deployed at scale. This new approach, along with the use of CI/CD for deployment automation, brings new challenges, in particular when it comes to security, as containers are static artifacts that require rebuilding and redeployment in order to perform updates. This talk will demonstrate how to set up an automated CI/CD pipeline to deploy applications on Kubernetes using OpenShift and GitLab, so that updates of public base images trigger rebuilds and deployments of derivative containers. It will also show how static image analysis can be plugged into the pipeline to increase application security.

K9s - Kubernetes CLI To Manage Your Clusters In Style

Raphaël PINSON

This document discusses K9s, a rich Kubernetes client that provides a VIM-like interface for interacting with Kubernetes clusters. K9s does not require in-cluster installation but is instead a standalone Golang binary. It allows viewing and filtering Kubernetes resources, logs, port forwarding, and more through an intuitive interface with key bindings. Plugins can add additional functionality and views can be customized through skins defined in YAML.

Argocd up and running

Raphaël PINSON

This document discusses setting up ArgoCD, an open source tool for continuous delivery for Kubernetes applications, including building and testing source code, deploying Docker images to a registry, and using ArgoCD to apply configuration definitions and deploy applications. It also provides links to additional Dev.to posts and GitHub projects about using Kustomize and secrets management with ArgoCD.

Bivac - Container Volumes Backup

Raphaël PINSON

Containers have become a great facility to easily deploy applications, whether locally or on orchestrated clusters. However, containers are ephemeral, meaning their data should be stored externally. When possible, they can be stored using databases or object storage. Most often though, you will need to resort to using data volumes, mounted inside your containers. How then can be perform a backup of this data?

Automating Puppet Certificates Renewal

Raphaël PINSON

Running the Puppet Stack in Containers

Raphaël PINSON

Installing a Puppet Configuration Management system always starts with setting up the Puppet Master infrastructure. This is a complex task. Various installers exist, and managing the infrastructure on the long run isn't an easy task either. At Camptocamp, we have decided to containerize the whole Puppet server stack to deploy it without the help of Puppet, and ease its scaling and updating. This talk outlines our journey and the benefits we got from this setup.

Automating Puppet Certificates Renewal

Raphaël PINSON

This document discusses automating the renewal of Puppet certificates for both the Puppet CA certificate and agent certificates. It describes using the puppetlabs-certregen module to regenerate the CA certificate before expiration and generating unique renewal tokens to securely automate approval of agent certificate signing requests. It also discusses integrating certificate extensions to provision roles and environments based on the certificate and tying the renewal process to trusted facts for security.

More from Raphaël PINSON (20)

Explore the World of Cilium, Tetragon & eBPF

Cfgmgmtcamp 2024 — eBPF-based Security Observability & Runtime Enforcement wi...

ContainerDays Hamburg 2023 — Cilium Workshop.pdf

KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf

Cloud Native Bern 05.2023 — Zero Trust Visibility

DevOpsDays Zurich 2023 — Bridging Dev and Ops with eBPF: Extending Observabil...

Révolution eBPF - un noyau dynamique

Cfgmgmtcamp 2023 — eBPF Superpowers

Cloud Native Networking & Security with Cilium & eBPF

SKS in git ops mode

The Hare and the Tortoise: Open Source, Standards & Technological Debt

Devops stack

YAML Engineering: why we need a new paradigm

Container Security: a toolchain for automatic image rebuilds

K9s - Kubernetes CLI To Manage Your Clusters In Style

Argocd up and running

Bivac - Container Volumes Backup

Automating Puppet Certificates Renewal

Running the Puppet Stack in Containers

Automating Puppet Certificates Renewal

Recently uploaded

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Mind map of terminologies used in context of Generative AI

Kumud Singh

RESUME BUILDER APPLICATION Project for students

KAMESHS29

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Speck&Tech

ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune. Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile. BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Recently uploaded (20)

Securing your Kubernetes cluster_ a step-by-step guide to success !

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

PCI PIN Basics Webinar from the Controlcase Team

Video Streaming: Then, Now, and in the Future

Mind map of terminologies used in context of Generative AI

RESUME BUILDER APPLICATION Project for students

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Large Language Model (LLM) and it’s Geospatial Applications

Communications Mining Series - Zero to Hero - Session 1

Uni Systems Copilot event_05062024_C.Vlachos.pdf

UiPath Test Automation using UiPath Test Suite series, part 6

Monitoring Java Application Security with JDK Tools and JFR Events

20240609 QFM020 Irresponsible AI Reading List May 2024

Microsoft - Power Platform_G.Aspiotis.pdf

How to Get CNIC Information System with Paksim Ga.pptx

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Removing Uninteresting Bytes in Software Fuzzing

Generative AI Deep Dive: Advancing from Proof of Concept to Production

2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf

1. The Hare and the Tortoise Raphaël Pinson | @raphink Open Source, Standards & Technical Debt Solutions Architect, Isovalent

2. Who am I Raphaël Pinson Solutions Architect @ Isovalent

3. The Hare & the Tortoise Coupling & Immutability Betting on the right Horse Technical Debt Haste vs Speed Standards & Stability Open Source, Standards & Technical Debt Debt Dilution & Delegation

4. Technical Debt Hard to monitor Time to pay - Evolves slowly from many small decisions - Can go unnoticed for a long time You might only realize debt when it’s time to pay Technical decisions imply a hidden cost that will have to be paid in the future in order to catch up with state-of-the-art technology.

5. Time to pay!

6. Standards Lagging behind standards My wheel is better than yours Not Invented Here Syndrome Keeping systems in place abiding to old standards

7. Open Source & Standards Follow vs Influence Avoid NIH by setting industry standards When faced with a need: - already existing? - valid? - implement Most people have the same needs New standard ⇒ public - Stay ahead of the curve - Set the new standard!

8. Coupling Hard coupling / Monolith Loose coupling / Microservices - Monolithic systems are strongly coupled and hard to update. - Their technical debt is also strongly coupled. - Loose API between components - Decorrelation of dependencies - Distributes technical debt Image: Wikimedia Commons — LuK USA LLC / Michael Poehler — CC BY 3.0

9. Immutability Immutability encourages loose coupling - No evolution of state (full replacement) - Requires frequent changes - Distributes technical debt - VMs vs Containers vs Functions Mutable systems - State evolves with time - Divergence vs Convergence vs Congruence

10. Public Cloud Delegation of Technical Debt One way to reduce debt (at least its ownership) ⚠ Strong dependence on Cloud APIs/features Image: Unsplash — Billy Huynh - local optimum - global debt

11. Team Topologies Conway’s Law Code debt/ownership Debt Dilution Plan systems architecture, adapt teams Ensure responsibility of debt management and reduction Distribute debt and associated mental load between teams Image: XKCD

12. More Haste, less Speed

13. The Three Ways of DevOps Flow / Systems Thinking Amplify Feedback Loops Culture of Continual Experimentation & Learning Decoupling software architecture from infrastructure lowers risks of technical debt. Involving Ops in architecture (+ feedback) helps lower coupling. Definitely a tortoise approach to a race.

14. Betting on the right Horse

15. The right time to adopt Image: Craig Chelius — CC BY 3.0

16. Stability & Loose Coupling Image: Wikimedia Commons — Emw — CC BY-SA 3.0 Stability - Standard interface - Few changes in time Loose Coupling - Partial upgrades - Delegation of Tech debt - Configuration changes

17. eBPF Highly efficient sandboxed virtual machine in the kernel, making it more programmable at native execution speed. Stability eBPF is based on the OS (mainly Linux) kernel interface Loose Coupling eBPF can enhance application without specific instrumentation: - observability - security - network - tracing & profiling

18. eBPF Projects

19. Cilium & Friends Cilium - performance gains (no need for iptables, bypass TCP/IP) - simpler architecture (e.g. no sidecar proxy for Service Mesh) Tetragon - observe & export kernel events - act on events (e.g. SIGKILL) Hubble - fine-grained network observability - exports to SIEM - support for OpenTelemetry

20. eBPF resources eCHO eBPF YouTube podcast: https://www.youtube.com/channel/UCJFUxkVQTBJh3LD1wYB WvuQ eBPF & Cilium Slack http://slack.cilium.io/ eCHO News Bi-weekly eBPF newsletter: https://cilium.io/newsletter/

21. It’s not the speed that matters, it’s the direction.

22. Thank you!

2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf

Recommended

Recommended

More Related Content

Similar to 2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf

Similar to 2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf (20)

More from Raphaël PINSON

More from Raphaël PINSON (20)

Recently uploaded

Recently uploaded (20)

2022 DevOpsDays Geneva — The Hare and the Tortoise.pdf