Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. Kritis enforces deploy-time security policies that ensures only trusted container images are deployed on kubernetes to your cluster. With Kritis, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. Kritis enables tighter control over your container environment by ensuring only verified images are integrated into production.
Talk outline:
- Introduction to the concept of binary authorization
- Live demo of using Kritis and Grafeas for deploying images with confidence in Kubernetes
- Grafeas and Kritis roadmap
At the end, attendees will gain solid understanding on the process of binary authorization and how to incorporate it in their build and deployment pipelines
Kubernetes Interview Questions And Answers | Kubernetes Tutorial | Kubernetes...Edureka!
( Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification )
This Edureka tutorial on "Kubernetes Interview Questions" will help you crack interviews on various Kubernetes related roles in the industry. The different types of questions included in this session are:
1. Basic Kubernetes Interview Questions
2. Kubernetes Architecture-Based Interview Questions
3. Scenario-Based Interview Questions
4. Multiple Choice Questions
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
About 94% of AI Adopters are planning to use containers in the next 1 year. What’s driving this exponential growth? Faster time to deployment and Faster AI workload processing are the two major reasons. You can use GPUs in big data applications such as machine learning, data analytics, and genome sequencing. Docker containerization makes it easier for you to package and distribute applications. You can enable GPU support when using YARN on Docker containers. In this talk, I will demonstrate how Docker accelerates the AI workload development and deployment over the IoT Edge devices in efficient manner
Overview of kubernetes and its use as a DevOps cluster management framework.
Problems with deployment via kube-up.sh and improving kubernetes on AWS via custom cloud formation template.
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudDevOps.com
With Kubernetes taking over the world, most cloud service providers now offer managed Kubernetes services. Even though core Kubernetes functionality usually remains consistent across platforms, the feature sets and manageability of each provider varies wildly.
In this webinar, we’ll take a deep dive into the Kubernetes offerings from Amazon AWS, Microsoft Azure, and Google Cloud Platform and see how they measure up to each other, focusing on:
operational overhead,
supported features,
security options.
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
View full webinar on demand at http://nginx.com/resources/webinars/installing-tuning-nginx/
Kubernetes Interview Questions And Answers | Kubernetes Tutorial | Kubernetes...Edureka!
( Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification )
This Edureka tutorial on "Kubernetes Interview Questions" will help you crack interviews on various Kubernetes related roles in the industry. The different types of questions included in this session are:
1. Basic Kubernetes Interview Questions
2. Kubernetes Architecture-Based Interview Questions
3. Scenario-Based Interview Questions
4. Multiple Choice Questions
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
About 94% of AI Adopters are planning to use containers in the next 1 year. What’s driving this exponential growth? Faster time to deployment and Faster AI workload processing are the two major reasons. You can use GPUs in big data applications such as machine learning, data analytics, and genome sequencing. Docker containerization makes it easier for you to package and distribute applications. You can enable GPU support when using YARN on Docker containers. In this talk, I will demonstrate how Docker accelerates the AI workload development and deployment over the IoT Edge devices in efficient manner
Overview of kubernetes and its use as a DevOps cluster management framework.
Problems with deployment via kube-up.sh and improving kubernetes on AWS via custom cloud formation template.
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudDevOps.com
With Kubernetes taking over the world, most cloud service providers now offer managed Kubernetes services. Even though core Kubernetes functionality usually remains consistent across platforms, the feature sets and manageability of each provider varies wildly.
In this webinar, we’ll take a deep dive into the Kubernetes offerings from Amazon AWS, Microsoft Azure, and Google Cloud Platform and see how they measure up to each other, focusing on:
operational overhead,
supported features,
security options.
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
View full webinar on demand at http://nginx.com/resources/webinars/installing-tuning-nginx/
What Is Docker? | What Is Docker And How It Works? | Docker Tutorial For Begi...Simplilearn
This presentation on Docker will help you understand DevOps tools, why Docker is needed, Docker vs Virtual Machine, what is Docker, how does a Docker work and components of Docker. Docker is a tool which is used to automate the deployment of the application in lightweight containers so that applications can work efficiently in different environments. A container is a software package that consists of all the dependencies required to run an application. Until now we have been running applications on virtual machines. Every virtual machine used to be the base of our application but now with the advent of Docker and containerization technologies, each application is run in a container like logical space. Now, let us get started and learn what exactly is Docker.
Below topics are explained in this Docker presentation:
1. DevOps and its tools
2. What is Docker?
3. How does Docker work?
4. What are the components of Docker?
Simplilearn's DevOps Certification Training Course will prepare you for a career in DevOps, the fast-growing field that bridges the gap between software developers and operations. You’ll become an expert in the principles of continuous development and deployment, automation of configuration management, inter-team collaboration and IT service agility, using modern DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios. DevOps jobs are highly paid and in great demand, so start on your path today.
Why learn DevOps?
Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age.
Who should take this course?
DevOps career opportunities are thriving worldwide. DevOps was featured as one of the 11 best jobs in America for 2017, according to CBS News, and data from Payscale.com shows that DevOps Managers earn as much as $122,234 per year, with DevOps engineers making as much as $151,461. DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit.
1. This DevOps training course will be of benefit for the following professional roles:
2. Software Developers
3. Technical Project Managers
4. Architects
5. Operations Support
6. Deployment engineers
7. IT managers
8. Development managers
Learn more at: https://www.simplilearn.com/
Join us to learn the concepts and terminology of Kubernetes such as Nodes, Labels, Pods, Replication Controllers, Services. After taking a closer look at the Kubernetes master and the nodes, we will walk you through the process of building, deploying, and scaling microservices applications. Each attendee gets $100 credit to start using Google Container Engine. The source code is available at https://github.com/janakiramm/kubernetes-101
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
The AT&T team recently embarked on a journey with CloudStack and has since deployed a solution which encompasses multiple data-centers. This talk focuses on how they are using open source tools like CloudStack, FreeIPA, and Metal as a Service (MaaS) to support KVM-based VM provisioning at an enterprise scale within a GitOps model.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
Google Cloud Next '22 Recap: Serverless & Data editionDaniel Zivkovic
See what's new in #Serverless and #Data at GCP. Our guest, Guillaume Blaquiere - Stack Overflow contributor & #GCP #Developer Expert from France, covered the best #GoogleCloudNext announcements, practically demoed how to benefit from #BigQuery Remote Functions and answered many questions.
The meetup recording with TOC for easy navigation is at https://youtu.be/AuZZTwHIcdY
P.S. For more interactive lectures like this, go to http://youtube.serverlesstoronto.org/ or sign up for our upcoming live events at https://www.meetup.com/Serverless-Toronto/events/
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
A presentation given on Thursday, January 19th, 2017 at the Devops Remote Conf 2017. This talk details the history of the Docker engine architecture, focusing on the split in April 2016 into the containerd and runc layers, and talking through the December 2016 announcement of the *new containerd project and what it will bring for the Docker engine and other consumers.
데브시스터즈의 Cookie Run: OvenBreak 에 적용된 Kubernetes 기반 다중 개발 서버 환경 구축 시스템에 대한 발표입니다.
Container orchestration 기반 개발 환경 구축 시스템의 필요성과, 왜 Kubernetes를 선택했는지, Kubernetes의 개념과 유용한 기능들을 다룹니다. 아울러 구축한 시스템에 대한 데모와, 작업했던 항목들에 대해 리뷰합니다.
*NDC17 발표에서는 데모 동영상을 사용했으나, 슬라이드 캡쳐로 대신합니다.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
Kubernetes provides an automated platform to deployment, scaling and operations of applications across a cluster of hosts. Complementing Kubernetes with a series of build scripts in conjunction with Travis-CI, GitHub, Artifactory, and Google Cloud Platform, we can take code from a merged pull request to a deployed environment with no manual intervention on a highly scaleable and robust infrastructure.
What Is Docker? | What Is Docker And How It Works? | Docker Tutorial For Begi...Simplilearn
This presentation on Docker will help you understand DevOps tools, why Docker is needed, Docker vs Virtual Machine, what is Docker, how does a Docker work and components of Docker. Docker is a tool which is used to automate the deployment of the application in lightweight containers so that applications can work efficiently in different environments. A container is a software package that consists of all the dependencies required to run an application. Until now we have been running applications on virtual machines. Every virtual machine used to be the base of our application but now with the advent of Docker and containerization technologies, each application is run in a container like logical space. Now, let us get started and learn what exactly is Docker.
Below topics are explained in this Docker presentation:
1. DevOps and its tools
2. What is Docker?
3. How does Docker work?
4. What are the components of Docker?
Simplilearn's DevOps Certification Training Course will prepare you for a career in DevOps, the fast-growing field that bridges the gap between software developers and operations. You’ll become an expert in the principles of continuous development and deployment, automation of configuration management, inter-team collaboration and IT service agility, using modern DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios. DevOps jobs are highly paid and in great demand, so start on your path today.
Why learn DevOps?
Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age.
Who should take this course?
DevOps career opportunities are thriving worldwide. DevOps was featured as one of the 11 best jobs in America for 2017, according to CBS News, and data from Payscale.com shows that DevOps Managers earn as much as $122,234 per year, with DevOps engineers making as much as $151,461. DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit.
1. This DevOps training course will be of benefit for the following professional roles:
2. Software Developers
3. Technical Project Managers
4. Architects
5. Operations Support
6. Deployment engineers
7. IT managers
8. Development managers
Learn more at: https://www.simplilearn.com/
Join us to learn the concepts and terminology of Kubernetes such as Nodes, Labels, Pods, Replication Controllers, Services. After taking a closer look at the Kubernetes master and the nodes, we will walk you through the process of building, deploying, and scaling microservices applications. Each attendee gets $100 credit to start using Google Container Engine. The source code is available at https://github.com/janakiramm/kubernetes-101
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
The AT&T team recently embarked on a journey with CloudStack and has since deployed a solution which encompasses multiple data-centers. This talk focuses on how they are using open source tools like CloudStack, FreeIPA, and Metal as a Service (MaaS) to support KVM-based VM provisioning at an enterprise scale within a GitOps model.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
Google Cloud Next '22 Recap: Serverless & Data editionDaniel Zivkovic
See what's new in #Serverless and #Data at GCP. Our guest, Guillaume Blaquiere - Stack Overflow contributor & #GCP #Developer Expert from France, covered the best #GoogleCloudNext announcements, practically demoed how to benefit from #BigQuery Remote Functions and answered many questions.
The meetup recording with TOC for easy navigation is at https://youtu.be/AuZZTwHIcdY
P.S. For more interactive lectures like this, go to http://youtube.serverlesstoronto.org/ or sign up for our upcoming live events at https://www.meetup.com/Serverless-Toronto/events/
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
A presentation given on Thursday, January 19th, 2017 at the Devops Remote Conf 2017. This talk details the history of the Docker engine architecture, focusing on the split in April 2016 into the containerd and runc layers, and talking through the December 2016 announcement of the *new containerd project and what it will bring for the Docker engine and other consumers.
데브시스터즈의 Cookie Run: OvenBreak 에 적용된 Kubernetes 기반 다중 개발 서버 환경 구축 시스템에 대한 발표입니다.
Container orchestration 기반 개발 환경 구축 시스템의 필요성과, 왜 Kubernetes를 선택했는지, Kubernetes의 개념과 유용한 기능들을 다룹니다. 아울러 구축한 시스템에 대한 데모와, 작업했던 항목들에 대해 리뷰합니다.
*NDC17 발표에서는 데모 동영상을 사용했으나, 슬라이드 캡쳐로 대신합니다.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
Kubernetes provides an automated platform to deployment, scaling and operations of applications across a cluster of hosts. Complementing Kubernetes with a series of build scripts in conjunction with Travis-CI, GitHub, Artifactory, and Google Cloud Platform, we can take code from a merged pull request to a deployed environment with no manual intervention on a highly scaleable and robust infrastructure.
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
Join us for a webinar on how to secure your CI/CD pipeline for Kubernetes with GitOps best practices and continuous runtime protection. As modern developers and DevOps teams are embarking on a quest for speed and reliability through automated CI/CD pipelines for Kubernetes, enterprises still need to ensure security and regulatory compliance.
Together with Deepfence, the Weaveworks team will explain and demonstrate how GitOps continuous delivery pipelines, combined with continuous security observability, improves the overall security of your development workflow - from Git to production.
In this webinar we will demonstrate:
Deepfence container scanning
Git-to-Kubernetes using FluxCD
Deepfence continuous runtime security
Software Supply Chain Management with Grafeas and KritisAysylu Greenberg
Software Supply Chain is a collective term used to describe the continuous integration and delivery pipelines. In addition, it refers to the observability tools that track what happens to a piece of code from the moment it’s in the source code to when it gets deployed, and everywhere in between. Grafeas is an open-source artifact metadata API to audit and govern your software supply chain. It's built as an industry standard for storing and retrieving metadata about software resources. Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. It enforces deploy-time security policies using Grafeas.
This talk will discuss the goals for each of the two open source projects, dive into the examples of how they can be used to secure your company's software supply chain, and conclude with the details of current and future development.
5 Kubernetes Security Tools You Should UseDevOps.com
Kubernetes enables teams to strike a balance between velocity and security. It abstracts away just enough of the infrastructure layer to enable developers to deploy freely without sacrificing governance and risk controls. However, configuration mistakes are easy to make and can lead to DoS attacks or security breaches.
Fortunately, Kubernetes has some great tools for hardening your clusters. Join Fairwinds VP of Products, Joe Pelletier, and Director of Open Source, Robert Brennan, as they discuss five of the tools you should use to secure your clusters. Here are the first three:
Kubernetes Ingress Policy for DoS Protection
RBAC
Network Policy
Join us for the event to learn more about these tools and their benefits.
Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share best practices (including ones followed internally at Amazon) and how you can bring them to your company by using open source and AWS services.
Speaker: Raghuraman Balachandran, Solutions Architect, Amazon India
Software Supply Chains for DevOps @ InfoQ Live 2021Aysylu Greenberg
Several recent high-profile security incidents were due to compromised software supply chains. Software Supply Chain is a collective term used to describe the stages of software lifecycle from source to deployment through CI/CD pipelines, and all the static and dynamic analyses in between. In the world of microservices and cloud computing, trust in your company’s supply chain is critical, as most of the tooling and dependencies are from open source and vendor projects.
When the code hits production, it’s essential to have enough observability to detect and investigate the problem and get to the root cause and mitigation as quickly as possible. With software supply chain attacks, not only is the newly deployed code under suspicion, but also all the tooling used to produce it becomes a potential attack vector, so an efficient and effective way to verify the integrity of the supply chain is paramount.
This talk will discuss what information needs to be collected to allow DevOps to inspect and verify the integrity of the supply chain, the challenges of having the right level of detail to reduce mean-time-to-detection and mean-time-to-understanding, some of the existing solutions and open problems in this space.
Embacing service-level-objectives of your microservices in your Cl/CDNebulaworks
Shifting left - How to use Continuous Integration tools to bring security into the DevOps world
In today's modern software factories, organizations are shifting security to the left. No longer just the purview of firewalls, security needs to be built in during development and deployment processes. By doing so, organizations can ensure they are limiting vulnerabilities getting into production while cutting costs of both downtime and code rework.
Key Takeaways:
○ How to ensure that the use of open source doesn’t introduce vulnerabilities and other security risks
○ How to automate the delivery of trusted images using a policy-driven approach
○ Empowering developers to secure their applications, while maintaining segregation of duties
○ Ensuring the consistent flow of images through the pipeline, with no side-doors or introduction of unvetted images
○ Enforcing immutability of containers, preventing container-image drift
A list of action items you want to keep in mind when you're devsecops'ing for your cloudnative environments. Given as a part of a talk on the Modern Security series (
https://info.signalsciences.com/securing-cloud-native-ten-tips-better-container-security).
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...Evgeny Antyshev
Presentation for QA:Conference held in Moscow, Russia on April 23rd.
Author: Evgeny Antyshev, Virtuozzo
These slide discover some Openstack Infrastructure tools to ease the task of creating generic CI systems. As an illustration, I setup "model" CI stand to test Libvirt project. Important ideas originated from Openstack testing also mentioned: pre-review integration testing, testing infrastructure in a cloud, project gating, etc.
Security considerations while deploying Containerized Applications by Neepend...Agile India
Congratulations on deploying applications on Docker and/or Kubernetes; Nowthe next thing that you would worry, is security and would have following questions :
Are my images update to date ?
Have I given right access to users ?
Are there any security loop-holes in application deployment ?
How I can audit environment/application to be security compliant ?
Am I running the cluster in right configuration ?
.... and many more
More details:
https://confengine.com/agile-india-2019/proposal/8551/security-considerations-while-deploying-containerized-applications
Conference link: https://2019.agileindia.org
Slides of talk given at London Study of Enterprise Agile Meetup in June 2019.
We go over GitOps and how it affects delivery speed in software development and release.
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.
In the latest versions of K8s there has been an evolution regarding the definition of security strategies at the level of access policies to the cluster by users and developers. The security contexts (securityContext) allow you to define the configurations at the level of access control and privileges for a pod or container in a simple way using keywords in the configuration files.
To facilitate the implementation of these security strategies throughout the cluster, new strategies have emerged such as the Pod Security Policy (PSP) where the cluster administrator is in charge of defining these policies at the cluster level with the aim that developers can follow these policies.
Other interesting projects include Open Policy Agent (OPA) as the main cloud-native authorization policy agent for creating policies and managing user permissions for access to applications.
The objective of this talk is to present the evolution that has occurred in security strategies and how we could use them together, as well as analyze their behavior in accessing resources. Among the points to be discussed we can highlight:
*Introduction to security strategies in K8s environments
*Pod Security Admission(PSA) vs Open Policy Agent (OPA)
*Combination of different security strategies together
*Access to resources in privileged and non-privileged mode
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...MayaData Inc
If you were not at the GitLab Commit conferences in New York and London, here’s an opportunity to attend our popular talk on using chaos engineering in Gitlab pipelines for faster hardening. As cloud native applications are coming to life faster than anyone could have imagined, the explosion of microservices empowers developers while also making it increasingly difficult to build pipelines that validate changes outside of their (or their SREs') control.
Chaos engineering has emerged as a way to introduce faults into systems to increase their resiliency and Litmus, part of OpenEBS Enterprise Platform, can shake out a lot of bugs.
We are also glad to announce that OpenEBS 1.3 has been released and we will review the new features added.
Docker Enterprise Edition (EE) is a secure, scalable, and supported container platform for building and orchestrating applications across multi-tenant Linux and Windows environments. Join Docker product managers as they dive into how Docker EE addresses challenges faced by enterprise customers, as well as the technical architecture of the solution. They will also walk through demos for the latest and upcoming features around application runtime and image management.
Take your CI to the next level! Learn how to optimize your pipelines for faster and more efficient builds through parallelization, caching, failing early, and more.
Software Supply Chain Observability with Grafeas and KritisAysylu Greenberg
Software Supply Chain is a collective term used to describe the continuous integration and delivery pipelines. In addition, it refers to the observability tools that track what happens to a piece of code from the moment it’s in the source code to when it gets deployed, and everywhere in between. Grafeas (https://grafeas.io/) is an open-source artifact metadata API to audit and govern your software supply chain. It's built as an industry standard for storing and retrieving metadata about software resources. Kritis (https://github.com/grafeas/kritis) is an open-source solution for securing your software supply chain for Kubernetes applications. It enforces deploy-time security policies using Grafeas.
This talk will discuss the goals for each of the two open source projects, dive into the examples of how they can be used to secure your company's software supply chain, and conclude with the details of current and future development.
Software Supply Chain Management with Grafeas and KritisAysylu Greenberg
Software Supply Chain is a collective term used to describe the continuous integration and delivery pipelines. In addition, it refers to the observability tools that track what happens to a piece of code from the moment it’s in the source code to when it gets deployed, and everywhere in between. Grafeas is an open-source artifact metadata API to audit and govern your software supply chain. It's built as an industry standard for storing and retrieving metadata about software resources. Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. It enforces deploy-time security policies using Grafeas.
This talk will discuss the goals for each of the two open source projects, dive into the examples of how they can be used to secure your company's software supply chain, and conclude with the details of current and future development.
Already have a system that serves user traffic and it has become so popular that it's hitting scaling limitations? It's probably time to upgrade its architecture or move its data to a more scalable database. Learn how to do this upgrade with zero downtime and no user visible effects in my talk!
The paper describes an interesting approach to data replication which allows for finer control over the probability of data loss occurrence and the amount of data loss during such an event. In addition, we'll discuss a technique for moving randomization from runtime to initialization to achieve the same benefits. After the discussion of the paper's contributions, we'll turn to pragmatic aspects of this approach.
Distributed systems in practice, in theory (ScaleConf Colombia)Aysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we'll discuss some of these patterns from systems I've worked on at Google and the related work that provide insights into the motivations behind them.
MesosCon Asia Keynote: Replacing a Jet Engine Mid-flightAysylu Greenberg
Once a system becomes successful, releasing fixes and improvements to its backends without affecting user productivity becomes more challenging. Over time the need arises to re-think the architecture of the system and release its implementation to better support the most popular (and potentially unanticipated) use cases and growth. In globally distributed systems, like the distributed build system at Google which serves millions of requests per day, the luxury of downtime is not an option. In this talk, we’ll look at the general patterns that allow us to replace the previous production system with a new architecture, with no downtime or user visible effects.
Distributed systems in practice, in theory (JAX London)Aysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we’ll discuss some of these patterns from systems I’ve worked on at Google and the related work that provide insights into the motivations behind them.
Building A Distributed Build System at Google Scale (StrangeLoop 2016)Aysylu Greenberg
It's hard to imagine a modern developer workflow without a sufficiently advanced build system: Make, Gradle, Maven, Rake, and many others. In this talk, we'll discuss the evolution of build systems that leads to distributed build systems. Then, we'll dive into how we can build a scalable system that is fast and resilient, with examples from Google. We'll conclude with the discussion of general challenges of migrating systems from one architecture to another.
QCon NYC: Distributed systems in practice, in theoryAysylu Greenberg
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we'll discuss some of these patterns from systems I've worked on at Google and the related work that provide insights into the motivations behind them.
Building a Distributed Build System at Google ScaleAysylu Greenberg
It’s hard to imagine a modern developer workflow without a sufficiently advanced build system: Make, Gradle, Maven, Rake, and many others. In this talk, we’ll discuss the evolution of build systems that leads to distributed build systems, like Google's BuildRabbit. Then, we’ll dive into how we can build a scalable system that is fast and resilient, with examples from Google. We’ll conclude with the discussion of general challenges of migrating systems from one architecture to another.
Loom is an open-source Clojure library that provides many graph algorithms and visualizations. Loom's graph API focuses on generality and simplicity of integration, which enables other graph representations to be ported to Loom. In this talk, we'll look at how Loom's API and graph implementations evolved in the past 2 years since being presented at Clojure/West 2014. We'll also discuss complexities of maintaining an open-source library.
Modern systems in production rely on decades of computer science research. Over time, new architectural patterns emerge that enable more resilient and robust systems. In this talk, we'll discuss some of these patterns from systems I've worked on at Google and the related work that provide insights into the motivations behind them.
Probabilistic Accuracy Bounds @ Papers We Love SFAysylu Greenberg
Aysylu Greenberg presents the Probabilistic Accuracy Bounds for Fault-Tolerant Computations that Discard Tasks paper (http://people.csail.mit.edu/rinard/paper/ics06.pdf )
Aysylu tells us "As our systems get more complex and expensive to operate, tradeoffs between accuracy and performance gains become more relevant. The paper demonstrates a new approach to analyzing programs where we can train statistical models to bound the error as tasks fail. This allows us to be more resilient in the face of system failures in many applications that can tolerate "good enough" results. This area of research is particularly dear to my heart as I was first exposed to it while taking a compiler engineering course at MIT which the author, Prof. Martin Rinard, taught. The probabilistic high-performance computing captured my interest because it challenges the widely accepted expectation that for-loops are deterministic."
Knowledge of how to set up good benchmarks is invaluable in understanding performance of the system. Writing correct and useful benchmarks is hard, and verification of the results is difficult and prone to errors. When done right, benchmarks guide teams to improve the performance of their systems. When done wrong, hours of effort may result in a worse performing application, upset customers or worse! In this talk, we will discuss what you need to know to write better benchmarks. We will look at examples of bad benchmarks and learn about what biases can invalidate the measurements, in the hope of correctly applying our new-found skills and avoiding such pitfalls in the future.
Loom & Functional Graphs in Clojure @ LambdaConf 2015Aysylu Greenberg
Graphs are ubiquitous data structures, and the algorithms for analyzing them are fascinating. Loom is an open-source Clojure library that provides many graph algorithms and visualizations. We will discuss how graphs are represented in a functional world, bridge the gap between procedural description of algorithms and their functional implementation, and learn about the way Loom integrates with other graph representations.
Knowledge of how to set up good benchmarks is invaluable in understanding performance of the system. Writing correct and useful benchmarks is hard, and verification of the results is difficult and prone to errors. When done right, benchmarks guide teams to improve the performance of their systems. When done wrong, hours of effort may result in a worse performing application, upset customers or worse! In this talk, we will discuss what you need to know to write better benchmarks. We will look at examples of bad benchmarks and learn about what biases can invalidate the measurements, in the hope of correctly applying our new-found skills and avoiding such pitfalls in the future.
Knowledge of how to set up good benchmarks is invaluable in understanding performance of the system. Writing correct and useful benchmarks is hard, and verification of the results is difficult and prone to errors. When done right, benchmarks guide teams to improve the performance of their systems. When done wrong, hours of effort may result in a worse performing application, upset customers or worse! In this talk, we will discuss what you need to know to write better benchmarks for distributed systems. We will look at examples of bad benchmarks and learn about what biases can invalidate the measurements, in the hope of correctly applying our new-found skills and avoiding such pitfalls in the future.
Benchmarking: You're Doing It Wrong (StrangeLoop 2014)Aysylu Greenberg
Knowledge of how to set up good benchmarks is invaluable in understanding performance of the system. Writing correct and useful benchmarks is hard, and verification of the results is difficult and prone to errors. When done right, benchmarks guide teams to improve the performance of their systems. When done wrong, hours of effort may result in a worse performing application, upset customers or worse! In this talk, we will discuss what you need to know to write better benchmarks. We will look at examples of bad benchmarks and learn about what biases can invalidate the measurements, in the hope of correctly applying our new-found skills and avoiding such pitfalls in the future.
The paper explains how you can write an interpreter and get an optimizing just-in-time (JIT) compiler for free. This enables language designers to focus on features without worrying about the complexities of compiler optimizations and code generation. This paper presents a Java Virtual Machine (JVM) that allows the application to control the JIT compiler behavior at runtime. We'll discuss how various programming languages can take advantage of this framework.
To intrigue compiler aficionados, the authors show how combining AST node rewriting during interpretation, optimization, and deoptimization produces high performance code from the interpreter without a language-specific compiler. In addition, they present how features of a variety of programming languages, such as JavaScript, Ruby, Python, R and others, map on the framework.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
3. Who are we
Aysylu Greenberg
Sr Software Engineer @ Google
Eng Lead of open-source Grafeas and Kritis
@aysylu22
Liron Levin
Chief software architect @ Prisma Cloud Compute
Grafeas and Kritis contributor
5. Today
● Why we need binary authorization
● Improve the security posture of your k8s cluster
6. Today
● Why we need binary authorization
● Improve the security posture of your k8s cluster
● Learn about exciting open source security technologies
7. Today
● Why we need binary authorization
● Improve the security posture of your k8s cluster
● Learn about exciting open source security technologies
● Have fun and see cool demos
13. Software supply chain - reality
● Which images are
deployed right now?
● Did all deployed
images pass required
QA tests
14. Software supply chain - reality
● Which images are
deployed right now?
● Did all deployed
images pass required
QA tests
● Does vulnerability
CVE-2017-5638
(Equifax, apache struts
RCE) impact
production images?
17. Binary authorization - use cases
● Require images to be signed by trusted authorities:
○ QA
○ DevOps
○ Security tools
https://github.com/grafeas/kritis/blob/master/docs/binary-authorization.md
18. Binary authorization - use cases
● Require images to be signed by trusted authorities:
○ QA
○ DevOps
○ Security tools
● Require images to pass some restrictive security criteria
(e.g., no critical severity unpatched vulnerabilities)
https://github.com/grafeas/kritis/blob/master/docs/binary-authorization.md
19. Binary authorization - use cases
● Require images to be signed by trusted authorities:
○ QA
○ DevOps
○ Security tools
● Require images to pass some restrictive security criteria
(e.g., no critical severity unpatched vulnerabilities)
● Continuously monitor our inventory
https://github.com/grafeas/kritis/blob/master/docs/binary-authorization.md
25. Pod lifecycle
● Kritis - Admission controller for policy enforcement
Kubernentes API
Kritis
Create a pod
26. Pod lifecycle
● Kritis - Admission controller for policy enforcement
Kubernentes API
Validation
webhook
Kritis
Create a pod
Validate
pod
Admission webhooks
receive admission
requests and
do something with them.
27. Pod lifecycle
● Kritis - Admission controller for policy enforcement
Kubernentes API
Validation
webhook
Image security
validator
Kritis
Create a pod
Validate
pod
28. Pod lifecycle
● Kritis - Admission controller for policy enforcement
Kubernentes API
Validation
webhook
Image security
validator
Kritis
Fetch policy
(CRD)
Create a pod
Validate
pod
29. Pod lifecycle
● Kritis - Admission controller for policy enforcement
Kubernentes API
Validation
webhook
Image security
validator
Kritis
Fetch policy
(CRD)
Create a pod
Validate
pod
Kritis policy is a CRD.
52. Pod lifecycle
Kubernentes API
Validation
webhook
Image security
validator
Kritis
Fetch policy
(CRD)
Create a pod
Validate
pod
Grafeas
Image security
validator
Fetch
metadata
API
DB
Who pushes security data
to Grafeas?
59. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
60. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
■ Designate client owners for each language
61. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
■ Designate client owners for each language
■ Maintenance of the reference server v1.0
62. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
● Kritis
63. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
● Kritis
○ Production-ready, high-availability Kritis
64. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
● Kritis
○ Production-ready, high-availability Kritis
○ Interoperability between BinAuthz and Kritis
65. Roadmap
● Grafeas
○ New metadata kinds contributed by the community
○ Server v1.0
○ Move towards larger community ownership
● Kritis
○ Production-ready, high-availability Kritis
○ Interoperability between BinAuthz and Kritis
○ More expressive policies based on stored metadata