Azure Rosenheim Meetup: Azure Service Operator

•

0 likes•63 views

ARM Templates und Terraform sind mittlerweile bekannt und weit verbreitet. In diesem Meetup wollen wir Euch zwei alternative Möglichkeiten zeigen, wie ihr Eure Azure Ressource verwalten und in Infrastructure as Code abbilden könnt. Hierbei zeigen wir Euch in einer Demo, wie die Tools funktionieren und sprechen Vor- und Nachteile sowie Best Practices an.

Technology

Azure Service Operator
Provision Your Resources in a Cloud-Native Way
Azure Rosenheim Meetup 2021

Nico Meisenzahl
• Senior Cloud & DevOps Consultant at white duck
• Microsoft MVP, GitLab Hero & Docker Community
Leader
• Container, Kubernetes, Cloud-Native & DevOps
© white duck GmbH 2021
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org

Agenda
• what is Azure Service Operator?
• bundle your app with its infrastructure
• manage your infrastructure with GitOps
© white duck GmbH 2021

Azure Service Operator (ASO)
• “…helps you provision Azure resources and connect your
applications to them from within Kubernetes.”
• Why?
• Bundle your app with its infrastructure
• GitOps
• …
© white duck GmbH 2021

Azure Service Operator (ASO)
• open-source project by Microsoft Azure
• still pretty new
• V1 but not production-ready yet
• 280 stars, 53 Contributors
• 3200 commit, first one in July 2019
• first use case was a self-service portal for an enterprise
customer
• monthly community call
© white duck GmbH 2021

ASO – how it works
• Custom Resource Definitions (CRDs) for each of the
Azure services
• e.g. ResourceGroup, RedisCache, CosmosDB, …
• A Kubernetes controller that watches for changes of the
CRDs and then acting on them
• creates, update, delete the Azure resources
© white duck GmbH 2021

ASO - technical details
• can be installed via Helm Chart on any Kubernetes
Cluster
• requires
• Cert-Manager
• Service Principal or Managed Identity (requires AKS)
• Azure AD Pod Identity (part of ASO, requires AKS)
• Controller is based on Kubebuilder
© white duck GmbH 2021

ASO – GitHub project
© white duck GmbH 2021

Demo: Create a first Azure resource
© white duck GmbH 2021

Demo: Bundle your app with its infrastructure
• combine app and infrastructure in one deployment
• inject secrets & connections strings via auto-generated
secrets
© white duck GmbH 2021

Manage your infrastructure with GitOps
• GitOps?
• Git as the single source of truth
• Push vs pull pipeline
• tools like Argo CD & Flux CD
can help
© white duck GmbH 2021

More on ASO
• detailed blog post on ASO
• https://medium.com/01001101/azure-service-operator-manage-
your-azure-resources-with-kubernetes-69f49d9dbbc5
• Cloud Native Club - ASO episode
• https://www.youtube.com/watch?v=d02hiMHLmsg
© white duck GmbH 2021

Questions?
Slides: https://www.slideshare.net/nmeisenzahl
Demo: https://github.com/nmeisenzahl/aso-fluxcd-sample
Nico Meisenzahl (Senior Cloud & DevOps Consultant)
Phone: +49 8031 230159 0
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org
© white duck GmbH 2021

In diesem Vortrag sprechen wir darüber, wie sich die Entwicklung und Bereitstellung von Cloud-nativen Anwendungen in der Zukunft verändern wird. Cloud-native Anwendungen, die oft auf Microservices und Kubernetes basieren, werden immer häufiger genutzt und sind inzwischen sehr verbreitet. Jedoch ist die Hürde noch immer recht hoch. Wir glauben, dass eine weitere Abstraktion notwendig ist, damit sich Entwickler und Administratoren auf ihre Arbeit konzentrieren können, anstatt sich mit zu vielen Implementierungsdetails zu beschäftigen. Aus diesem Grund möchten wir Ihnen die folgenden Open-Source-Projekte vorstellen: * Distributed Application Runtime (dapr) - Eine quellenoffene Laufzeitumgebung, die es Entwicklern leicht macht, robuste microservice-basierte Applikationen zu entwickeln. * Service Mesh Interface - Eine Standardschnittstelle für Service Meshes auf Kubernetes. Das Ziel ist es, einen gemeinsamen, portablen Satz von Service-Mesh-APIs bereitzustellen, den Entwickler und Administratoren providerunabhängig nutzen können. Verpassen Sie den Vortrag von Martin und Nico nicht und erhalten Sie nützliche Einblicke in die Zukunft der Entwicklung und des Betriebs Cloud-nativer Anwendungen.

DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?

Nico Meisenzahl

In this session, Nico will talk about Helm and Operators as well as the battle between them. If you ever ask yourself one of the following questions, this talk is the right one for you: "Do I have to decide?" "Do I need to learn both?" "What are the best tools for my use-case?" In short: There is no battle. Both tools have different scopes. Nico will talk about the pros and cons, and what the projects themselves focus on. Join his talk to learn more!

azdevcom - Hijack a Kubernetes Cluster

Nico Meisenzahl

Nico will show how to hijack a Kubernetes cluster based on common attack vectors. You'll also learn why it's important to implement zero-trust to prevent data leaks and malicious workloads from being executed on a hijacked cluster. Furthermore, he will show you how to protect your cluster from being taken over by sharing useful insights, configurations, and toolsets. This talk is not intended to be an in-depth security talk, but to provide you with best practices and also make you aware of certain attack vectors and how to prevent them.

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

Nico Meisenzahl

Infrastructure-as-code is key to keeping up with our rapidly changing world. In this talk, you will learn everything you need to get started with Terraform on Azure. Nico will show you all the fundamentals and best practices you need to know to use Terraform on Azure. Furthermore, you will learn how to scaffold a production-ready and secure Terraform project that you can use as a blueprint for your environments. Join Nico and walk away with all the details you need to use Terraform in production!

Continuous Lifecycle: Hijack Kubernetes

Nico Meisenzahl

The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...

Nico Meisenzahl

Die Evolution von Container Image Builds

Nico Meisenzahl

Containerisierte Anwendungen sind zu einem wesentlichen Bestandteil unseres täglichen Lebens geworden. Wir bauen diese mehrmals täglich, sowohl innerhalb unserer CI-Pipelines als auch lokal zu Debugging- und Testzwecken. Vor einigen Jahren konnten wir hierzu nur auf "docker build" zurückgreifen. Inzwischen gibt es jedoch viele alternative Projekte, die verschiedene Funktionen und Vorteile bieten. Nico führt Sie in diesem Vortrag in die Evolution der Container-Builds ein. Sie erhalten Einblicke in Werkzeuge wie BuildKit, buildx, Kaniko, buildah, img und weitere. Neben den Unterschieden werden Sie auch die Vor- und Nachteile der einzelnen Tools kennenlernen. Nach diesem Vortrag wissen Sie alles, was Sie benötigen, um Ihre Container Builds auf die nächsten Level zu heben.

Virtual Azure Community Day: Azure Kubernetes Service Basics

Nico Meisenzahl

Containerized applications have become an essential part of our everyday life. Learn everything about Kubernetes and how you can run it in the Azure Cloud. In this talk, Nico will explain how Kubernetes work and how it can help to run Containers in production. You will learn everything about Azure Kubernetes Service, Azure Container Registry and Azure Container Instances. Get to know the basics as well as the best practices that you can implement straight away!

You are already running Kubernetes-based workloads on Azure Kubernetes Service and want to get more out of it? This is your session! In this talk, Nico will show you all the nice features you get with AKS besides just Kubernetes. Learn all the details about the available add-ons, integrations, and toolsets to integrate and secure your Kubernetes-based applications. Furthermore, Nico will give a preview of potential new features from the AKS roadmap.

GitHub Actions 101

Nico Meisenzahl

Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines! Use containerized GitLab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. If you are building a Go project, deploying an app to Kubernetes or just building your infrastructure. It doesn’t matter, anything is possible! Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with GitLab CI/CD, Kubernetes and Kaniko.

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...

Nico Meisenzahl

Cloud native environments are a double edged sword - used right, the benefits are immense. However, it also introduces multiple entry points for example security breaches. In this session, Nico will show how application vulnerabilities make it easy to hijack a Kubernetes cluster. He will also talk about why it's important to implement zero-trust to prevent data leaks and malicious workloads from being executed on a hijacked cluster. In addition, you will learn how GitLab can protect you from being hijacked. Nico will talk about how to create more secure applications by using Static Application Security Testing (SAST) as well as how to secure your Kubernetes cluster with Container Host Security, Container Network Security or a Web Application Firewall.

Docker Rosenheim Meetup: Policy & Governance for Kubernetes

Nico Meisenzahl

FestiveTechCalendar2021 - Have Yourself An Azure Container Registry

Philip Welz

DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines! Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton - an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.

Policy & Governance für Kubernetes

Nico Meisenzahl

DevOpsCon London: How containerized Pipelines can boost your CI/CD

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton – an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.

Global Azure Virtual: Container & Kubernetes on Azure

Nico Meisenzahl

Containerisierte Anwendungen sind zu einem festen Bestandteil unseres Alltags geworden. Erfahren Sie alles über Containern und wie Sie diese in der Azure Cloud betreiben können. In diesem Vortrag erklärt Nico, wie Container funktionieren und zeigt Ihnen welche Probleme diese in Ihrem Alltag lösen können. Im Anschluss erfahren Sie, wie Kubernetes Ihnen helfen kann, Container in Produktion zu betreiben. Lernen Sie die Grundlagen sowie Best-Practises kennen, die Sie direkt umsetzten können! Abschließend werden Sie die Möglichkeiten der Azure Container Services kennenlernen. Nico wird hierbei insbesondere auf Azure Kubernetes Service, Azure Container Registry und Azure Container Instances eingehen.

Global Azure Bootcamp: Container, Docker & Kubernetes Basics

Nico Meisenzahl

Azure Service Operator - Provision Your Resources in a Cloud-Native Way

Nico Meisenzahl

In this talk, Nico will introduce you to the Azure Service Operator project. The Azure Service Operator allows you to manage your Azure resources with a cloud-native approach using a Kubernetes Controllers and Custom Resource Definitions (CRDs). We will show you how Azure Service Operator works and share how customers and partners use it to take their Azure infrastructure management to the next level. Get insights into how Azure Service Operator can help you to package your application with its infrastructure dependencies, how you can use a GitOps approach to manage your Azure infrastructure, or how Azure Service Operator allows you to create your own composable abstraction to build your own implementations and self-service solutions. Walk away and know everything you need to know to successfully provision your Azure resources with Azure Service Operator.

AzDevCom2021 - Bicep vs Terraform

Philip Welz

Whether you want to get started with Infrastructure as Code on Azure or using it already today, in this session Philip will talk about Bicep and Terraform as well as the battle between them. Is there even a battle or is it just marketing? Do I have to decide? What is the best choice for my use case? If you have ever asked yourself one of those questions or even are just curious about one of those tools, this talk is for you. In short: There is no battle. Both tools have different scopes. Philip will talk about the pros and cons, and what the tools themselves focus on. Join his talk to learn more!

Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...

Nico Meisenzahl

Join Nico to learn how to enhance your Kubernetes CI/CD pipelines with GitLab FOSS/CE features as well as Open Source projects. Learn how GitLab can help you to better integrate your CI/CD pipelines with Kubernetes. Nico will talk about newer GitLab FOSS/CE features like the Web Application Firewall for Kubernetes Ingress, Monitoring and Logging as well as Serverless with Knative. Besides this, you will also learn how Open Source projects like Kaniko and Kustomize can help you to streamline your pipelines. Walk away with knowledge and best practices that will help you to enhance your own Kubernetes CI/CD Pipelines with Gitlab and Open Source!

Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source

Nico Meisenzahl

Working within a heavily regulated environment brings a special set of challenges, including increased difficulty in application scaling. In this session you will learn how you can enhance your Kubernetes CI/CD pipelines with GitLab and other open source projects. We will demonstrate practices for deployments using newer GitLab features like the Web Application Firewall for Kubernetes Ingress, and managing serverless functions with Knative. The techniques covered in this session will give you new options to streamline your Kubernetes pipelines reliably and consistently.

Build your own private Cloud environment

Nico Meisenzahl

Besuchen Sie Nicos Vortrag um zu erfahren wie Sie Ihre eigene Private Cloud on-premises aufbauen können. Ziel dieser Session ist es, dass Sie einen Überblick erhalten, wie man eine Private Cloud Umgebung auf Basis von Kubernetes, unter Berücksichtigung notwendiger Anforderungen, aufbaut. Nico wird mit Ihnen über das Cluster Provisioning selbst sowie die benötigte Toolchain sprechen, die Sie benötigen um die eigene Umgebung erfolgreich zu betreiben. Im Vordergrund stehen dabei Themen wie Infrastructure as Code, CI/CD, Storage, Monitoring, Hochverfügbarkeit und Sicherheit. Erhalten Sie das notwendige Wissen sowie Best Practices, die Ihnen beim Aufbau Ihrer eigenen Private Cloud-Umgebung helfen.

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

Nico Meisenzahl

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with GitLab CI and Open Policy Agent. Philippe and Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join our session to learn how to improve compliance, from gating your dependencies to controlling your infrastructure.

Was ist ein Service Mesh und wie funktioniert es?

Cloud Native Rosenheim Meetup

In diesem Meetup möchten wir über Service Meshes sprechen. Was ist ein Service Mesh genau und wie funktioniert es? Wir klären euch auf! Wir starten den Abend mit einem Beispiel-Anwendung an der wir euch zeigen wie man Retry-, Timeout-Management sowie Circuit Breaker als Code implementiert um eine widerstandsfähige und belastbare Microservice zu erhalten. Des Weiteren zeigen wir auch die Implementierung von mutual TLS mit der eine sichere Kommunikation gewährleistet ist. Im Anschluss schauen wir uns nach einer Einleitung zu den Grundlagen von Service Meshes an wie man mit Hilfe von Istio die oben beschriebenen Funktionen abstrahieren und vom Code in die Infrastruktur verlagern kann. Abschließen geben wir einen Ausblick auf weitere Funktionen von Istio wie A/B testing und Fault Injection.

AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...

Philip Welz

Join this talk to learn about Azure Service Operator v2. In the first part, we will introduce Azure technologies like Azure Service Operator v2, Azure Workload Identity, and GitOps for Azure Kubernetes Service. We will explain how they are linked together to provision Azure resources from Kubernetes. In the second part, we will then show step-by-step how to deploy an application to Kubernetes together with the needed Azure resources only using Git. So don't miss joining us!

All Things Cloud Native Meetup: Azure Kubernetes Service Basics

Nico Meisenzahl

What's hot

Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...

Nico Meisenzahl

GitHub Actions 101

Nico Meisenzahl

Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...

Nico Meisenzahl

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...

Nico Meisenzahl

Docker Rosenheim Meetup: Policy & Governance for Kubernetes

Nico Meisenzahl

FestiveTechCalendar2021 - Have Yourself An Azure Container Registry

Philip Welz

DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines! Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton - an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.

Policy & Governance für Kubernetes

Nico Meisenzahl

DevOpsCon London: How containerized Pipelines can boost your CI/CD

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton – an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.

Global Azure Virtual: Container & Kubernetes on Azure

Nico Meisenzahl

Global Azure Bootcamp: Container, Docker & Kubernetes Basics

Nico Meisenzahl

Azure Service Operator - Provision Your Resources in a Cloud-Native Way

Nico Meisenzahl

AzDevCom2021 - Bicep vs Terraform

Philip Welz

Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...

Nico Meisenzahl

Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source

Nico Meisenzahl

Build your own private Cloud environment

Nico Meisenzahl

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

Nico Meisenzahl

Was ist ein Service Mesh und wie funktioniert es?

Cloud Native Rosenheim Meetup

What's hot (20)

Hijack a Kubernetes Cluster - a Walkthrough

Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...

GitHub Actions 101

Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...

Docker Rosenheim Meetup: Policy & Governance for Kubernetes

FestiveTechCalendar2021 - Have Yourself An Azure Container Registry

DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD

Policy & Governance für Kubernetes

DevOpsCon London: How containerized Pipelines can boost your CI/CD

Global Azure Virtual: Container & Kubernetes on Azure

Global Azure Bootcamp: Container, Docker & Kubernetes Basics

Azure Service Operator - Provision Your Resources in a Cloud-Native Way

AzDevCom2021 - Bicep vs Terraform

Hijack a Kubernetes Cluster - a Walkthrough

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...

Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source

Build your own private Cloud environment

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

Was ist ein Service Mesh und wie funktioniert es?

Similar to Azure Rosenheim Meetup: Azure Service Operator

AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...

Philip Welz

All Things Cloud Native Meetup: Azure Kubernetes Service Basics

Nico Meisenzahl

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...

Cloud Native Rosenheim Meetup

GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...

Nico Meisenzahl

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

Nico Meisenzahl

Lernen Sie, wie Sie mit containerisierten Pipelines Abhängigkeiten in Ihren CI/CD-Umgebung eliminieren, um sich nicht mit verschiedenen Versionen Ihrer Toolchain und Abhängigkeiten herumschlagen zu müssen. Nutzen Sie die containerisierten Gitlab CI/CD-Pipelines und Kaniko, um Build- und Deployment-Workloads in Ihrem Kubernetes-Cluster zu verlagern. Stellen Sie Ihre Microservices und/oder Infrastruktur ohne externe Abhängigkeiten und Einschränkungen bereit. Nico wird Sie auch in Tekton einführen - ein Open-Source-Projekt, das Ihnen hilft, eine Cloud-native Toolchain aufzubauen, indem Sie Ihr gesamtes CI/CD (Workload sowie Konfiguration) in Kubernetes verlagern. Begleiten Sie Nico auf einem Deep Dive in die Geheimnisse von containerisierten Build und Deployment Pipelines mit Gitlab CI/CD, Kaniko und Tekton.

How to Prevent Your Kubernetes Cluster From Being Hacked

Nico Meisenzahl

KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked

Nico Meisenzahl

Microsoft DevOps Forum 2021 – DevOps & Security

Nico Meisenzahl

Festive Tech Calendar: Festive time with AKS networking

Nico Meisenzahl

Containerized Build & Deployment Pipelines

Nico Meisenzahl

Containerized Workloads sind mittlerweile nicht mehr aus unserem Alltag wegzudenken. Warum also nicht auch Container und deren Vorteile als Grundlage unserer Build- und Deployment-Pipelines nutzen? Nico wird in seinem Talk über die Grundlagen und Vorteile von Containerized Pipelines sprechen sowie nützliche Best Practices vorstellen, die sich direkt umsetzen lassen. Darüber hinaus wird Nico die folgenden Themen anhand von Demos präsentieren und vertiefen: * Pipeline Workload auf Kubernetes mit Hilfe von Gitlab Runner * Docker Image Builds mit Kaniko * Ausblick auf Kubernetes-native Pipelines mit Tekton

Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

Container Days: Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

Nico Meisenzahl

Nico will show how to prevent your Kubernetes cluster from being hijacked by introducing you to best practices as well as useful open-source projects based on real-world examples. You’ll learn everything you need to know to build and run secure Kubernetes clusters including: - basics like shift left and container image security - ensure supply chain security - implement Kubernetes policies - introduce Kubernetes network security - rely on Container Runtime Security - many more… Don't miss this session to learn everything you need to know to securely run your Kubernetes-based workloads.

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

ContainerDay Security 2023

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. Nico will show how to prevent your Kubernetes cluster from being hijacked by introducing you to best practices as well as useful open-source projects based on real-world examples. You’ll learn everything you need to know to build and run secure Kubernetes clusters including: - basics like shift left and container image security - ensure supply chain security - implement Kubernetes policies - introduce Kubernetes network security - rely on Container Runtime Security - many more… Don't miss this session to learn everything you need to know to securely run your Kubernetes-based workloads.

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

ContainerDay Security 2023

ContainerConf 2022: Kubernetes is awesome - but...

Nico Meisenzahl

Cloud Love Conference: Kubernetes is awesome, but...

Nico Meisenzahl

… you should also know when not to use it. This is what Philip and Nico will talk about in this session. They will share all the things they have learned and seen over the past years. Philip and Nico share real-world examples of what they've seen in projects and tell you what went wrong and what could have been done better. And why Kubernetes has been the wrong choice for some of them. Applications and use-cases that do not fit Kubernetes are just one example we will talk about. Join this talk to learn how to take full advantage of Kubernetes and learn where it fits to run your workload successfully. That said: We love Kubernetes!

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...

Nico Meisenzahl

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with Open Policy Agent. Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join this session to learn all the details on how to stay compliant with project dependencies or control your Infrastructure and Kubernetes deployment pipelines.

KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...

Tom Kerkhove

Similar to Azure Rosenheim Meetup: Azure Service Operator (20)

AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...

All Things Cloud Native Meetup: Azure Kubernetes Service Basics

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...

GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

How to Prevent Your Kubernetes Cluster From Being Hacked

KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked

Microsoft DevOps Forum 2021 – DevOps & Security

Festive Tech Calendar: Festive time with AKS networking

Containerized Build & Deployment Pipelines

Hijack a Kubernetes Cluster - a Walkthrough

Container Days: Hijack a Kubernetes Cluster - a Walkthrough

Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

How to Prevent Your Kubernetes Cluster From Being Hacked by Nico Meisenzahl

ContainerConf 2022: Kubernetes is awesome - but...

Cloud Love Conference: Kubernetes is awesome, but...

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...

KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough

Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...

Recently uploaded

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Knowledge engineering: from people to machines and back

Elena Simperl

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Recently uploaded (20)

Neuro-symbolic is not enough, we need neuro-*semantic*

UiPath Test Automation using UiPath Test Suite series, part 4

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Generating a custom Ruby SDK for your web service or Rails API using Smithy

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

FIDO Alliance Osaka Seminar: Overview.pdf

Designing Great Products: The Power of Design and Leadership by Chief Designe...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Essentials of Automations: Optimizing FME Workflows with Parameters

Knowledge engineering: from people to machines and back

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

UiPath Test Automation using UiPath Test Suite series, part 3

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

The Art of the Pitch: WordPress Relationships and Sales

How world-class product teams are winning in the AI era by CEO and Founder, P...

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Leading Change strategies and insights for effective change management pdf 1.pdf

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Azure Rosenheim Meetup: Azure Service Operator

1. Azure Service Operator Provision Your Resources in a Cloud-Native Way Azure Rosenheim Meetup 2021

2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, GitLab Hero & Docker Community Leader • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org

3. Agenda • what is Azure Service Operator? • bundle your app with its infrastructure • manage your infrastructure with GitOps © white duck GmbH 2021

4. Azure Service Operator (ASO) • “…helps you provision Azure resources and connect your applications to them from within Kubernetes.” • Why? • Bundle your app with its infrastructure • GitOps • … © white duck GmbH 2021

5. Azure Service Operator (ASO) • open-source project by Microsoft Azure • still pretty new • V1 but not production-ready yet • 280 stars, 53 Contributors • 3200 commit, first one in July 2019 • first use case was a self-service portal for an enterprise customer • monthly community call © white duck GmbH 2021

6. ASO – how it works • Custom Resource Definitions (CRDs) for each of the Azure services • e.g. ResourceGroup, RedisCache, CosmosDB, … • A Kubernetes controller that watches for changes of the CRDs and then acting on them • creates, update, delete the Azure resources © white duck GmbH 2021

7. ASO - technical details • can be installed via Helm Chart on any Kubernetes Cluster • requires • Cert-Manager • Service Principal or Managed Identity (requires AKS) • Azure AD Pod Identity (part of ASO, requires AKS) • Controller is based on Kubebuilder © white duck GmbH 2021

10. Demo: Bundle your app with its infrastructure • combine app and infrastructure in one deployment • inject secrets & connections strings via auto-generated secrets © white duck GmbH 2021

11. Manage your infrastructure with GitOps • GitOps? • Git as the single source of truth • Push vs pull pipeline • tools like Argo CD & Flux CD can help © white duck GmbH 2021

12. More on ASO • detailed blog post on ASO • https://medium.com/01001101/azure-service-operator-manage- your-azure-resources-with-kubernetes-69f49d9dbbc5 • Cloud Native Club - ASO episode • https://www.youtube.com/watch?v=d02hiMHLmsg © white duck GmbH 2021

13. Questions? Slides: https://www.slideshare.net/nmeisenzahl Demo: https://github.com/nmeisenzahl/aso-fluxcd-sample Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2021

Azure Rosenheim Meetup: Azure Service Operator

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Azure Rosenheim Meetup: Azure Service Operator

Similar to Azure Rosenheim Meetup: Azure Service Operator (20)

Recently uploaded

Recently uploaded (20)

Azure Rosenheim Meetup: Azure Service Operator