8 - OpenShift - A look at a container platform: what's in the boxKangaroot
Many already have some familiarity with containers, and maybe even with Kubernetes. But what's the difference between those and a container platform? In this session the goal is to look at OpenShift, Red Hat's container platform based on Kubernetes. We see what it's made out of, what makes it tick, and what the future of OpenShift & Kubernetes holds.
Cloud Native Night, April 2018, Mainz: Workshop led by Jörg Schad (@joerg_schad, Technical Community Lead / Developer at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night/
PLEASE NOTE:
During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
DETAILS ABOUT THE WORKSHOP:
Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
Introducing github.com/open-cluster-management – How to deliver apps across c...Michael Elder
Introducing Open Cluster Management, a community-driven project focused on multicluster and multicloud scenarios for Kubernetes apps. Open APIs are evolving within this project for cluster registration, work distribution, dynamic placement of policies and workloads and cluster and workload health management. In this session, Michael will introduce the project and demonstrate what you can do on OpenShift and Managed Kubernetes as a Service today from community operators on OperatorHub.io.
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021William Caban
The adoption of cloud-native principles brings new challenges. Scaling and evolving operations teams and staying up to date requires the adoption of new operational models and paradigms.
This deck presents how modern paradigms map to GitOps principles and the charactersitics that must be supported by any software used for GitOps.
8 - OpenShift - A look at a container platform: what's in the boxKangaroot
Many already have some familiarity with containers, and maybe even with Kubernetes. But what's the difference between those and a container platform? In this session the goal is to look at OpenShift, Red Hat's container platform based on Kubernetes. We see what it's made out of, what makes it tick, and what the future of OpenShift & Kubernetes holds.
Cloud Native Night, April 2018, Mainz: Workshop led by Jörg Schad (@joerg_schad, Technical Community Lead / Developer at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night/
PLEASE NOTE:
During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
DETAILS ABOUT THE WORKSHOP:
Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
Introducing github.com/open-cluster-management – How to deliver apps across c...Michael Elder
Introducing Open Cluster Management, a community-driven project focused on multicluster and multicloud scenarios for Kubernetes apps. Open APIs are evolving within this project for cluster registration, work distribution, dynamic placement of policies and workloads and cluster and workload health management. In this session, Michael will introduce the project and demonstrate what you can do on OpenShift and Managed Kubernetes as a Service today from community operators on OperatorHub.io.
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021William Caban
The adoption of cloud-native principles brings new challenges. Scaling and evolving operations teams and staying up to date requires the adoption of new operational models and paradigms.
This deck presents how modern paradigms map to GitOps principles and the charactersitics that must be supported by any software used for GitOps.
KCD Italy 2022 - Application driven infrastructure with Crossplanesparkfabrik
Crossplane allows users to extend their Kubernetes clusters using CRDs. The CRDs map any infrastructure or managed service, ensuring that the creation process for the users is as simple as the Kubernetes resources creation. Using a collection of YAML manifests, the development teams can assemble the needed cloud services for their applications removing this duty from the operation teams: this is "shift left" at its best. All this powerfulness comes with a cost in terms of security, governance, cognitive load and maintenance. In this talk we'll discuss strategies and techniques to better map the complexity of this infrastructure.
Join this info-packed and hands-on workshop where we will cover:
Introduction to Kubernetes & GitOps talk:
We'll cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
* an opinionated repo structure to minimize decision fatigue
* disaster recovery using GitOps
* Helm charts example
* Multi-cluster example
* all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...ShapeBlue
Are you currently managing Kubernetes clusters in the cloud and considering a transition to on-premises infrastructure using Cloudstack? This session is an exciting demonstration of how you can deploy Kubernetes clusters in a declarative manner, leveraging the capabilities of Cloudstack and Cluster API. In this demo, Ozhan showcases a comprehensive solution that combines Packer, Gitlab CI, ArgoCD, Cluster API, and Cluster Autoscaler to create a seamless on-premises deployment strategy adaptable to diverse requirements over Cloudstack Infrastructure.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)Alexandre Roman
Avec l’essor de Kubernetes dans le petit monde des moteurs d’orchestration de conteneurs, nous nous rendons compte à quel point nos logiciels, conteneurs et plateformes sont vulnérables. Toute l’attention portée sur Kubernetes et les images Docker amène à découvrir des failles de sécurité plus ou moins importantes, avec un rythme de plus en plus soutenu.
Est-ce que votre installation Kubernetes est à jour ? Quelle est votre stratégie de mise à jour ? Comment garantir la sécurité des images Docker, alors même que de nouvelles failles apparaissent chaque jour ?
Equifax, Tesla, Marriott : nombreux sont les acteurs qui, ces dernières années, ont dû faire face à des incidents de sécurité majeurs, avec à la clé des fuites de données sensibles en grande quantité. Un rapport a montré récemment que 10 des images Docker les plus populaires contiennent au moins 30 vulnérabilités.
En s’appuyant sur les technologies Pivotal, venez découvrir comment sécuriser les images Docker avec des outils modernes, et comment patcher un cluster K8s avec un correctif pour la faille runC, sans interruption.
GCP Meetup #3 - Approaches to Cloud Native Architecturesnine
Talk by Daniel Leahy and Nic Gibson, given at the Google Cloud Meetup on March 3, 2020, hosted by Nine Internet Solutions AG - Your Swiss Managed Cloud Service Provider.
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...GetInData
Did you like it? Check out our blog to stay up to date: https://getindata.com/blog
The talk is focused on administration, development and monitoring platform with Apache Spark, Apache Flink and Kubeflow in which the monitoring stack is based on Prometheus stack.
Author: Albert Lewandowski
Linkedin: https://www.linkedin.com/in/albert-lewandowski/
___
Getindata is a company founded in 2014 by ex-Spotify data engineers. From day one our focus has been on Big Data projects. We bring together a group of best and most experienced experts in Poland, working with cloud and open-source Big Data technologies to help companies build scalable data architectures and implement advanced analytics over large data sets.
Our experts have vast production experience in implementing Big Data projects for Polish as well as foreign companies including i.a. Spotify, Play, Truecaller, Kcell, Acast, Allegro, ING, Agora, Synerise, StepStone, iZettle and many others from the pharmaceutical, media, finance and FMCG industries.
https://getindata.com
(DVO313) Building Next-Generation Applications with Amazon ECSAmazon Web Services
Two trends are driving app development: The shift from the server-based web to rich applications that run on a diverse set of mobile devices and modern browsers, and the growth of microservices running in the cloud that serve these clients. The results are “connected clients” - apps with the processing power of the device that are statefully connected and scaled to the cloud. In this session, you will learn about the architecture for Meteor's JavaScript app platform, Galaxy, which uses Amazon ECS, Elastic Load Balancing, and AWS CloudFormation to provide highly available, scalable, isolated environments for stateful apps across browsers and devices. We will discuss the essential characteristics of the platform, how those are provided for, and why we decided to use Amazon ECS instead of alternatives, such as Kubernetes. We will also demonstrate the Galaxy system in production.
How to Improve the Observability of Apache Cassandra and Kafka applications...Paul Brebner
As distributed cloud applications grow more complex, dynamic, and massively scalable, “observability” becomes more critical.
Observability is the practice of using metrics, monitoring and distributed tracing to understand how a system works.
We’ll explore two complementary Open Source technologies:
Prometheus for monitoring application metrics, and
OpenTracing and Jaeger for distributed tracing.
We’ll discover how they improve the observability of
an Anomaly Detection application, deployed on AWS Kubernetes, and using Instaclustr managed Apache Cassandra and Kafka clusters.
- What is Kubernetes
- Why we need Kubernetes
- Demo how to deploy application on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/ThaiProgrammerSociety/videos/1908659749331066
Coder Live with Thai Programmer Association
June 6, 2022
Accelerate Application Innovation Journey with Azure Kubernetes Service WinWire Technologies Inc
Regardless of your organization’s size or industry, migrating to the public cloud and Kubernetes is burdened with business and technical risk. Managing Kubernetes clusters, applying blueprint to clusters and adding requisite governance and control are just a few hurdles that can stall your application modernization journey.
Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading much of the complexity and operational overhead.
In this session, you will learn:
- Introduction and architecture of AKS
- Best practices in adopting Azure Kubernetes Service
- How to monitor and optimize AKS
Speakers: Vic Iglesias, Benjamin Good, Karl Isenberg
Venue: Google Cloud Next '19
Video: https://www.youtube.com/watch?v=rt287-94Pq4
Continuous Integration and Delivery allows companies to quickly iterate on and deploy their ideas to customers. In doing so, they should strive to have environments that closely match production. Using Kubernetes as the target platform across cloud providers and on-premises environments can help to mitigate some difficulties when ensuring environment parity but many other concerns can arise.
In this talk we will dive into the tools and methodologies available to ensure your code and deployment artifacts can smoothly transition among the various people, environments, and platforms that make up your CI/CD process.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
More Related Content
Similar to 2022-05-23-DevOps pro Europe - Managing Apps at scale.pdf
KCD Italy 2022 - Application driven infrastructure with Crossplanesparkfabrik
Crossplane allows users to extend their Kubernetes clusters using CRDs. The CRDs map any infrastructure or managed service, ensuring that the creation process for the users is as simple as the Kubernetes resources creation. Using a collection of YAML manifests, the development teams can assemble the needed cloud services for their applications removing this duty from the operation teams: this is "shift left" at its best. All this powerfulness comes with a cost in terms of security, governance, cognitive load and maintenance. In this talk we'll discuss strategies and techniques to better map the complexity of this infrastructure.
Join this info-packed and hands-on workshop where we will cover:
Introduction to Kubernetes & GitOps talk:
We'll cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
* an opinionated repo structure to minimize decision fatigue
* disaster recovery using GitOps
* Helm charts example
* Multi-cluster example
* all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...ShapeBlue
Are you currently managing Kubernetes clusters in the cloud and considering a transition to on-premises infrastructure using Cloudstack? This session is an exciting demonstration of how you can deploy Kubernetes clusters in a declarative manner, leveraging the capabilities of Cloudstack and Cluster API. In this demo, Ozhan showcases a comprehensive solution that combines Packer, Gitlab CI, ArgoCD, Cluster API, and Cluster Autoscaler to create a seamless on-premises deployment strategy adaptable to diverse requirements over Cloudstack Infrastructure.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)Alexandre Roman
Avec l’essor de Kubernetes dans le petit monde des moteurs d’orchestration de conteneurs, nous nous rendons compte à quel point nos logiciels, conteneurs et plateformes sont vulnérables. Toute l’attention portée sur Kubernetes et les images Docker amène à découvrir des failles de sécurité plus ou moins importantes, avec un rythme de plus en plus soutenu.
Est-ce que votre installation Kubernetes est à jour ? Quelle est votre stratégie de mise à jour ? Comment garantir la sécurité des images Docker, alors même que de nouvelles failles apparaissent chaque jour ?
Equifax, Tesla, Marriott : nombreux sont les acteurs qui, ces dernières années, ont dû faire face à des incidents de sécurité majeurs, avec à la clé des fuites de données sensibles en grande quantité. Un rapport a montré récemment que 10 des images Docker les plus populaires contiennent au moins 30 vulnérabilités.
En s’appuyant sur les technologies Pivotal, venez découvrir comment sécuriser les images Docker avec des outils modernes, et comment patcher un cluster K8s avec un correctif pour la faille runC, sans interruption.
GCP Meetup #3 - Approaches to Cloud Native Architecturesnine
Talk by Daniel Leahy and Nic Gibson, given at the Google Cloud Meetup on March 3, 2020, hosted by Nine Internet Solutions AG - Your Swiss Managed Cloud Service Provider.
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...GetInData
Did you like it? Check out our blog to stay up to date: https://getindata.com/blog
The talk is focused on administration, development and monitoring platform with Apache Spark, Apache Flink and Kubeflow in which the monitoring stack is based on Prometheus stack.
Author: Albert Lewandowski
Linkedin: https://www.linkedin.com/in/albert-lewandowski/
___
Getindata is a company founded in 2014 by ex-Spotify data engineers. From day one our focus has been on Big Data projects. We bring together a group of best and most experienced experts in Poland, working with cloud and open-source Big Data technologies to help companies build scalable data architectures and implement advanced analytics over large data sets.
Our experts have vast production experience in implementing Big Data projects for Polish as well as foreign companies including i.a. Spotify, Play, Truecaller, Kcell, Acast, Allegro, ING, Agora, Synerise, StepStone, iZettle and many others from the pharmaceutical, media, finance and FMCG industries.
https://getindata.com
(DVO313) Building Next-Generation Applications with Amazon ECSAmazon Web Services
Two trends are driving app development: The shift from the server-based web to rich applications that run on a diverse set of mobile devices and modern browsers, and the growth of microservices running in the cloud that serve these clients. The results are “connected clients” - apps with the processing power of the device that are statefully connected and scaled to the cloud. In this session, you will learn about the architecture for Meteor's JavaScript app platform, Galaxy, which uses Amazon ECS, Elastic Load Balancing, and AWS CloudFormation to provide highly available, scalable, isolated environments for stateful apps across browsers and devices. We will discuss the essential characteristics of the platform, how those are provided for, and why we decided to use Amazon ECS instead of alternatives, such as Kubernetes. We will also demonstrate the Galaxy system in production.
How to Improve the Observability of Apache Cassandra and Kafka applications...Paul Brebner
As distributed cloud applications grow more complex, dynamic, and massively scalable, “observability” becomes more critical.
Observability is the practice of using metrics, monitoring and distributed tracing to understand how a system works.
We’ll explore two complementary Open Source technologies:
Prometheus for monitoring application metrics, and
OpenTracing and Jaeger for distributed tracing.
We’ll discover how they improve the observability of
an Anomaly Detection application, deployed on AWS Kubernetes, and using Instaclustr managed Apache Cassandra and Kafka clusters.
- What is Kubernetes
- Why we need Kubernetes
- Demo how to deploy application on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/ThaiProgrammerSociety/videos/1908659749331066
Coder Live with Thai Programmer Association
June 6, 2022
Accelerate Application Innovation Journey with Azure Kubernetes Service WinWire Technologies Inc
Regardless of your organization’s size or industry, migrating to the public cloud and Kubernetes is burdened with business and technical risk. Managing Kubernetes clusters, applying blueprint to clusters and adding requisite governance and control are just a few hurdles that can stall your application modernization journey.
Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading much of the complexity and operational overhead.
In this session, you will learn:
- Introduction and architecture of AKS
- Best practices in adopting Azure Kubernetes Service
- How to monitor and optimize AKS
Speakers: Vic Iglesias, Benjamin Good, Karl Isenberg
Venue: Google Cloud Next '19
Video: https://www.youtube.com/watch?v=rt287-94Pq4
Continuous Integration and Delivery allows companies to quickly iterate on and deploy their ideas to customers. In doing so, they should strive to have environments that closely match production. Using Kubernetes as the target platform across cloud providers and on-premises environments can help to mitigate some difficulties when ensuring environment parity but many other concerns can arise.
In this talk we will dive into the tools and methodologies available to ensure your code and deployment artifacts can smoothly transition among the various people, environments, and platforms that make up your CI/CD process.
Similar to 2022-05-23-DevOps pro Europe - Managing Apps at scale.pdf (20)
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
4. Problems
● Preparing applications for a Kubernetes cluster
○ How to prepare (package) an app?
○ How to ensure best practices?
○ How to make sure the application will run on your cluster?
● Deploying applications
○ How to manage life cycle?
○ How to manage configuration?
■ Extracting common patterns
■ Yet doing last mile overrides
5. What is Helm?
● Package manager for Kubernetes
● Allows you to pack different YAMLs (Deployment, Service,
anything) into a single package and run some templating on the
YAMLs
● Templating parameters act as Chart’s configuration
● Terminology
○ Chart - a package that can be installed on a cluster
○ Repository - a service exposing downloadable Charts
○ Release - a Chart and its configuration installed on a Kubernetes
cluster
6.
7.
8. More problems
● Shortcomings of Helm
○ No support for deploying to multiple clusters
○ Only installation time tests
○ No representation in K8s API
○ One configuration layer only
○ CRD management can be hard
○ Cluster live state detection is hard
○ Source command (intent) is On My Laptop Only (™)
10. Why App Platform?
We manage fleets (hundreds) of Kubernetes clusters, so we need tools that can:
● Ensure quality at build and release time, with easy repeatable process
● Target many clusters from a single control point,
● Share, reuse, and also override configuration of applications across multiple clusters,
● Offer the same set of applications across all managed clusters,
● Offer a native Kubernetes API for application management.
11. What is App Platform?
A set of tools to help create, test, deliver and manage applications (Helm charts) on top of Kubernetes,
at scale.
● create - app-build-suite
○ Best practices about building and QA-ing Helm charts
○ Providing additional metadata about the app
● test - app-test-suite
○ Tools to help test the app before delivering to clusters
● deliver - chart repositories
○ Tools and practices about storing Helm charts
● manage - operators
○ Kubernetes native app life-cycle management API for fleets
12. App Platform 10,000 m view
app-build-suite
Operators Operators
app-test-suite
Workload Cluster Management Cluster
Helm chart sources
Metadata info
Helm chart
Test
Kubernetes
Cluster
Helm
repository
Tests
Metadata
CI/CD Process
scan
deploy
13. App Platform 1,000 m view
Operators Operators
app-test-suite
Workload Cluster Management Cluster
Test
Kubernetes
Cluster
Helm
repository
scan
deploy
app-build-suite
Helm chart sources
Metadata info
Helm chart
Tests
Metadata
CI/CD Process
14.
15. Building an app
● App-build-suite
○ Opinionated and repeatable process to run on dev machines and in CI/CD
○ Docs: https://github.com/giantswarm/app-build-suite
○ The build process
■ App and chart versions in the Chart.yaml file are set using git info (if configured)
■ External linters and code quality tools are invoked
■ Helm creates a chart archive
■ Metadata is generated from the data collected during the build (if configured)
○ What is metadata?
■ We extend Helm with a side file that includes more non-standard metadata about the chart, like:
● Which cloud infrastructure provider is this app valid for?
● Is it safe to install it multiple times on a single cluster or in a single namespace?
16. App Platform 1,000 m view
Operators Operators
Workload Cluster Management Cluster
deploy
app-build-suite
Helm chart sources
Metadata info
Helm chart
Tests
Metadata
app-test-suite
Test
Kubernetes
Cluster
Helm
repository
scan
CI/CD Process
17.
18. Testing an app
● App-test-suite
○ Repeatable process to test on dev machines and in CI/CD
○ Docs: https://github.com/giantswarm/app-test-suite
○ Runs scenarios, currently smoke, functional and upgrade tests
○ Takes care of bootstrapping target cluster
○ Allows to implement tests in python or go
○ Declarative matching between scenarios and test implementation
○ Can produce additional metadata
■ Upgrade tests save info on successfully tested upgrade path
19. Testing an app
Test matching and execution
Smoke
run tests marked @smoke
Functional
run tests marked @functional
Upgrade
• run tests marked @upgrade on stable App version
• upgrade the App version
• run tests marked @upgrade again on new App version
@pytest.mark.smoke
def test_app_installed(cluster):
@pytest.mark.functional
@pytest.mark.upgrade
def test_login_api_ok(cluster):
@pytest.mark.upgrade
def test_new_api_ok(cluster):
app-test-suite tests.py
20. Testing an app
● Python test helper - pytest-helm-charts
○ Pytest plugin
○ Delivers test information and cluster connection as a set of fixtures (dependency-injected objects)
○ Integrated with pykube-ng library
21. App Platform 10.000 m view
Operators Operators
Workload Cluster Management Cluster
deploy
app-build-suite
Helm chart sources
Metadata info
Helm chart
Tests
Metadata
app-test-suite
Test
Kubernetes
Cluster
Helm
repository
scan
CI/CD Process
22.
23. Chart storage
● Currently, very simple
○ As a Helm repository available through HTTPS
○ Charts stored together with their metadata
○ The repository is periodically scanned by our life-cycle
management operators and reflected as Kubernetes objects
24. App Platform 10.000 m view
app-build-suite
Helm chart sources
Metadata info
Helm chart
Tests
Metadata
app-test-suite
Test
Kubernetes
Cluster
Helm
repository
CI/CD Process
Operators Operators
Workload Cluster Management Cluster
deploy
scan
25.
26. Life-cycle management
● Tasks
○ Managing configuration - global defaults, last mile overrides
○ Native K8s style API - available the same way as any other
object in API server
○ Status reporting and monitoring
○ Configuration validation and defaulting
● 100% compatible with Helm charts and catalogs
○ With optional extensions like metadata
27. App life-cycle management API overview
Catalog CR
AppCatalogEntry CR
Shows which app described by
AppCatalogEntry should be
installed on which Workload Cluster.
Does that by creating Chart CR
there.
App CR
Local representation (on the
Workload Cluster) of an app that
should be installed on that cluster.
Creates local Helm Release.
Chart CR
Show what we have. Catalogs point
to remote Helm repositories.
AppCatalogEntries are created for
each app and its version present in
the catalog.
Management Cluster Workload Cluster
28. Main software components
● App-operator
○ Watches Catalog CRs
■ “Where is the catalog?”
○ Watches configured Catalog URLs to produce
AppCatalogEntries CRs
■ “What is in the catalog?”
■ Based on index.yaml and metadata files
○ Watches App CRs
■ “On which WC a specific app described by ACE should be deployed?”
○ Does 3-level config merge
■ Catalog level config and 2 App level configs (base and user configs)
○ Creates Chart CR on the target WC
29. Main software components
● Chart-operator
○ Runs on WC (applies to all CRs below)
○ Watches Chart [namespaced]
■ “Where should I install with Helm on this cluster?”
○ Manages local installation/update/removal requests using Helm
● App-admission-controller
○ Runs on MC
○ Validation and admission of App CRs
● App-exporter
○ Runs on MC
○ Prometheus metrics about the status of locally present App CRs
38. Integration with gitops tools
How to integrate app platform with gitops?
● The integration is natural - just keep your App CRs
definitions in the repo
● Remember to add configuration ConfigMaps and Secrets
○ Secrets need to be encrypted at rest in the repo, so use
tools like sops
● We recommend flux as gitops tool
41. Summary
● We need to deliver multiple apps to many clusters
○ We’re using Helm and are Helm compatible, but also extended it a lot
○ We’re addressing the delivery process from build, through test and then life-cycle management
○ We care about user experience
○ Nothing lives in void
■ We integrate well with gitops tools - we use Flux to manage our apps
● Future
○ Delivery pipeline security
○ More functionality in the metadata area
■ Kubernetes version compatibility testing
■ App dependencies