SlideShare a Scribd company logo

Cloud Native User Group: Shift-Left Testing IaC With PaC

smalltown
smalltown

How to leverage OPA (Open Policy Agent) to Shift-Left Testing IaC (Infrastructure as Code)

Software
1 of 53
Download to read offline
Shift-Left Testing IaC With PaC
HELLO! I am smalltown MaiCoin Site Reliability Engineer Taipei HashiCorp UG Organizer AWS UG Taiwan Staff 2
3 IaC PaC OPA Case I: TF Case II: K8S
4 IaC PaC OPA Case I: TF Case II: K8S
Infrastructure as Code ▪ The Process of Managing And Provisioning Computer Data Centers Through Machine-Readable Definition Files 5
IaC First Generation ~$ apt-get update ~$ apt-get install -y tar=1.16.1 package 'tar' do version '1.16.1' action :install end 👉 Record Your Provision Procedure with CM Tool, Not Document ! 6
7 R.I.P. Configuration Management
Why? Stateful Service Stateless Service Cloud Provider Orchestrator 8
IaC Second Generation 👉 Record Your Cloud Resource with IaC Tool, Not Document ! resource "aws_s3_bucket" "b" { bucket = "my_tf_test_bucket" acl = "private" tags { Name = "My_bucket" } } 9
10 IaC Second Generation is Hot Now! … etc AWS CDKPulumiTerraform
Everything As Code Could You Write Code Without Tests? 11
Not General Testing Today Unit, Function, Integration, Performance 12
More Security and Compliance Testing ▪ Perform Vulnerability Scanning ▫ SAST, RASP, DAST, IAST ▪ Ensure Compliance, Security Follow the Policy ▫ Traditional Auditing ▪ Have You Ever Been Audited? 13
14 Excel Engineer ▪ Lots of Spreadsheets ▪ Lots of Manual Process ▪ Takes Weeks to Months to Complete Review and Fix ▪ Policy Document Not Ready Yet ▪ But The Most Terrible ...
Shift Left Testing Testing is Performed Earlier in the Life Cycle 15
Development Life Cycle Local Development Continuous Integration Production Environment Fast Slow Slower 16
Development Life Cycle Local Development Continue Integration Production Environment Auditing 17
Development Life Cycle Local Development Continue Integration Production Environment Automation Auditing 18
IaC PaC OPA Case I: TF Case II: K8S 19
Audit CodePolicy How to Achieve Automation Auditing? 20
What is Policy? ▪ Compliance Policies: Ensure Compliance with External Standards (PCI-DSS, SOC, or GDPR) ▪ Security Policies: Adopted Internally Protect Data Privacy and Infrastructure Integrity ▪ Operational Excellence: Prevent Service Outages or Degradation Ref 21
Some Policy as Code Tools ▪ ModSecurity: Only Focus on Web Application Firewall (Capital One Event) ▪ Sentinel: Only Support Terraform, Vault, Nomad and Consul Enterprise (HashiCorp) ▪ Inspec: High-Quality Shared Content, Only For Programmer (Chef) ▪ Open Policy Agent: Solve Different Problems, Limited Shared Content 22
23
24 IaC PaC OPA Case I: TF Case II: K8S
What is Open Policy Agent? OPA Service Policy (Rego) Data (JSON) Request, Event, etc Query Decision 25
OPA Features ▪ Declarative Policy Language (Rego) ▪ Library, Sidecar, Host-Level Daemon ▪ Management API for Control & Observability ▪ Tooling to Build, Test and Debug Policy 26
OPA Integrations Admission Control API AUthorization SSH & sudo Data Protection Data Filtering Linux PAM 27
How Does OPA Work? ▪ Example Policy: Employees Can Read Their Own Salary And The Salary of Anyone They Manage 28
Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “koreanfish” 29
Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “koreanfish” allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } 30
Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “koreanfish” allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = “koreanfish” } 31
Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } Different User Now! 32
Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = “koreanfish” } Different User Now! This Statement Will Fail! 33
Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } } allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } 34
35 Rego Demonstration allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = managers[employee_id][_] } Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } }
36 Rego Demonstration allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = managers[“koreanfish”][_] } Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } }
37 Rego Demonstration allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = “whitedolphin” } Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } }
38 IaC PaC OPA Case I: TF Case II: K8S
Network Misconfigurations Are Major Source Of Reliability and Security Issues 39
A Normal Day In The Cloud World ▪ AAA Company’s ElasticSearch Leak Customer Data ▪ BBB Company’s Kubernetes Admin Console Can Be Accessed Publicly ▪ CCC Company’s MongoDB Leak Customer Data ▪ ... 40
Someone Create A Server in AWS... 0.0.0.0/0 41
Test Terraform With OPA Policy (Rego) 1. Terraform Output Plan Result As Json File 2. OPA Test The Json Input Through Policy 42
43 https://github.com/smalltown/policy-as-code
Benefits ▪ Help Individual Developers Sanity Check Their Terraform Changes ▪ Auto-Approve Run-Of-The-Mill Infrastructure Changes And Reduce The Burden of Peer-Review ▪ Help Catch Problems That Arise When Applying Terraform To Production After Applying It To Staging 44
45 IaC PaC OPA Case I: TF Case II: K8S
How to Audit K8S Cluster? ▪ Require Specific Labels On All Resources ▪ Require Container Images Come The Corporate Image Registry ▪ Require All Pods Specify Resource Requests And Limits. ▪ ... 46
How OPA Audit K8S API Server OPA kubectl CI/CD Pipelines controllers AdmissionReview (Request) AdmissionReview (Response) 47
One application was OOM, it causes Pods in the same node also were affected 🍯 What the root cause of the K8S incident happened before dawn 🤔 48
49 https://github.com/smalltown/policy-as-code
More Use Cases Cloud Host sshd Container HTTP API APP Host DB orchestrator Admission Control Container Execution, SSH, sudo Microservice APIs Risk Management Data Protection & Filtering 50
Takeaways ▪ IaC History ▪ Shift-Left Testing IaC by Automation PaC ▪ OPA Introduction & Features ▪ Demo How OPA Integrate with Terraform & K8S 51
THANKS! ANY QUESTIONS? You can find me at: ▪ facebook.com/smalltown0110 ▪ smalltown@awsug.tw 52
53 🎅 Software Engineer I 🎅 Software Engineer in Test 🎅 Software Engineer II 🎅 Project Manager

Recommended

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Waysmalltown
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeAcademy
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA ExamAlfie Chen
 
[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson Lin[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson LinHanLing Shen
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack Meng-Ze Lee
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2smalltown
 
Elk for applications on k8s
Elk for applications on k8sElk for applications on k8s
Elk for applications on k8sChe-Chia Chang
 
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...NETWAYS
 

Recommended

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Waysmalltown
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeAcademy
 
How to Prepare for CKA Exam
How to Prepare for CKA ExamHow to Prepare for CKA Exam
How to Prepare for CKA ExamAlfie Chen
 
[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson Lin[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson LinHanLing Shen
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack Meng-Ze Lee
 
Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2Cloud Native User Group: Prometheus Day 2
Cloud Native User Group: Prometheus Day 2smalltown
 
Elk for applications on k8s
Elk for applications on k8sElk for applications on k8s
Elk for applications on k8sChe-Chia Chang
 
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...
OSDC 2018 | Hardware-level data-center monitoring with Prometheus by Conrad H...NETWAYS
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SYi-Fu Ciou
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCsmalltown
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209mffiedler
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuOSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuNETWAYS
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveRed Hat Developers
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4Tikal Knowledge
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a proGianluca Arbezzano
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變inwin stack
 
Implementing Progressive Delivery with Your Team (by Leigh Capili)
Implementing Progressive Delivery with Your Team (by Leigh Capili)Implementing Progressive Delivery with Your Team (by Leigh Capili)
Implementing Progressive Delivery with Your Team (by Leigh Capili)Weaveworks
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13Thibault Charbonnier
 
Kubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
Kubernetes Summit 2018 - Kubernetes: Stateless -> StatefulKubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
Kubernetes Summit 2018 - Kubernetes: Stateless -> Statefulsmalltown
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)inwin stack
 
How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git Weaveworks
 
Kubernetes 架構與虛擬化之差異
Kubernetes 架構與虛擬化之差異Kubernetes 架構與虛擬化之差異
Kubernetes 架構與虛擬化之差異inwin stack
 
How to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesHow to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesMeng-Ze Lee
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101HungWei Chiu
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)rhirschfeld
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015inside-BigData.com
 
Check Point automatizace a orchestrace
Check Point automatizace a orchestraceCheck Point automatizace a orchestrace
Check Point automatizace a orchestraceMarketingArrowECS_CZ
 
Dynamic Authorization & Policy Control for Docker Environments
Dynamic Authorization & Policy Control for Docker EnvironmentsDynamic Authorization & Policy Control for Docker Environments
Dynamic Authorization & Policy Control for Docker EnvironmentsTorin Sandall
 
Web Scale Reasoning and the LarKC Project
Web Scale Reasoning and the LarKC ProjectWeb Scale Reasoning and the LarKC Project
Web Scale Reasoning and the LarKC ProjectSaltlux Inc.
 

More Related Content

What's hot

Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SYi-Fu Ciou
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCsmalltown
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209mffiedler
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuOSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuNETWAYS
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveRed Hat Developers
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變inwin stack
 
Implementing Progressive Delivery with Your Team (by Leigh Capili)
Implementing Progressive Delivery with Your Team (by Leigh Capili)Implementing Progressive Delivery with Your Team (by Leigh Capili)
Implementing Progressive Delivery with Your Team (by Leigh Capili)Weaveworks
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13Thibault Charbonnier
 
Kubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
Kubernetes Summit 2018 - Kubernetes: Stateless -> StatefulKubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
Kubernetes Summit 2018 - Kubernetes: Stateless -> Statefulsmalltown
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)inwin stack
 
How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git Weaveworks
 
Kubernetes 架構與虛擬化之差異
Kubernetes 架構與虛擬化之差異Kubernetes 架構與虛擬化之差異
Kubernetes 架構與虛擬化之差異inwin stack
 
How to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesHow to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesMeng-Ze Lee
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101HungWei Chiu
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)rhirschfeld
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015inside-BigData.com
 

What's hot (19)

Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8S
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaC
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
 
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuOSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation Live
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變
 
Implementing Progressive Delivery with Your Team (by Leigh Capili)
Implementing Progressive Delivery with Your Team (by Leigh Capili)Implementing Progressive Delivery with Your Team (by Leigh Capili)
Implementing Progressive Delivery with Your Team (by Leigh Capili)
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13
 
Kubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
Kubernetes Summit 2018 - Kubernetes: Stateless -> StatefulKubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
Kubernetes Summit 2018 - Kubernetes: Stateless -> Stateful
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
 
How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git How to manage Kubernetes at scale with just git
How to manage Kubernetes at scale with just git
 
Kubernetes 架構與虛擬化之差異
Kubernetes 架構與虛擬化之差異Kubernetes 架構與虛擬化之差異
Kubernetes 架構與虛擬化之差異
 
How to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesHow to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetes
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015
 

Similar to Cloud Native User Group: Shift-Left Testing IaC With PaC

Check Point automatizace a orchestrace
Check Point automatizace a orchestraceCheck Point automatizace a orchestrace
Check Point automatizace a orchestraceMarketingArrowECS_CZ
 
Dynamic Authorization & Policy Control for Docker Environments
Dynamic Authorization & Policy Control for Docker EnvironmentsDynamic Authorization & Policy Control for Docker Environments
Dynamic Authorization & Policy Control for Docker EnvironmentsTorin Sandall
 
Web Scale Reasoning and the LarKC Project
Web Scale Reasoning and the LarKC ProjectWeb Scale Reasoning and the LarKC Project
Web Scale Reasoning and the LarKC ProjectSaltlux Inc.
 
apidays LIVE Paris - Automation API Testing by Guillaume Jeannic
apidays LIVE Paris - Automation API Testing by Guillaume Jeannicapidays LIVE Paris - Automation API Testing by Guillaume Jeannic
apidays LIVE Paris - Automation API Testing by Guillaume Jeannicapidays
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
 
Openstack Nova APIs
Openstack Nova APIs Openstack Nova APIs
Openstack Nova APIs Stackops
 
Creando microservicios con Java, Microprofile y TomEE - Baranquilla JUG
Creando microservicios con Java, Microprofile y TomEE - Baranquilla JUGCreando microservicios con Java, Microprofile y TomEE - Baranquilla JUG
Creando microservicios con Java, Microprofile y TomEE - Baranquilla JUGCésar Hernández
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases WSO2
 
apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays
 
[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능
[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능
[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능Hyperledger Korea User Group
 
The Possibilities and Pitfalls of Writing Your Own State Stores with Daan Gertis
The Possibilities and Pitfalls of Writing Your Own State Stores with Daan GertisThe Possibilities and Pitfalls of Writing Your Own State Stores with Daan Gertis
The Possibilities and Pitfalls of Writing Your Own State Stores with Daan GertisHostedbyConfluent
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
Python Load Testing - Pygotham 2012
Python Load Testing - Pygotham 2012Python Load Testing - Pygotham 2012
Python Load Testing - Pygotham 2012Dan Kuebrich
 
How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.Renzo Tomà
 
Datacamp @ Transparency Camp 2010
Datacamp @ Transparency Camp 2010Datacamp @ Transparency Camp 2010
Datacamp @ Transparency Camp 2010Knowerce
 
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppet
 

Similar to Cloud Native User Group: Shift-Left Testing IaC With PaC (20)

Check Point automatizace a orchestrace
Check Point automatizace a orchestraceCheck Point automatizace a orchestrace
Check Point automatizace a orchestrace
 
Dynamic Authorization & Policy Control for Docker Environments
Dynamic Authorization & Policy Control for Docker EnvironmentsDynamic Authorization & Policy Control for Docker Environments
Dynamic Authorization & Policy Control for Docker Environments
 
Web Scale Reasoning and the LarKC Project
Web Scale Reasoning and the LarKC ProjectWeb Scale Reasoning and the LarKC Project
Web Scale Reasoning and the LarKC Project
 
Scale By The Bay | 2020 | Gimel
Scale By The Bay | 2020 | GimelScale By The Bay | 2020 | Gimel
Scale By The Bay | 2020 | Gimel
 
apidays LIVE Paris - Automation API Testing by Guillaume Jeannic
apidays LIVE Paris - Automation API Testing by Guillaume Jeannicapidays LIVE Paris - Automation API Testing by Guillaume Jeannic
apidays LIVE Paris - Automation API Testing by Guillaume Jeannic
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
 
Cncf microservices security
Cncf microservices securityCncf microservices security
Cncf microservices security
 
Openstack Nova APIs
Openstack Nova APIs Openstack Nova APIs
Openstack Nova APIs
 
Creando microservicios con Java, Microprofile y TomEE - Baranquilla JUG
Creando microservicios con Java, Microprofile y TomEE - Baranquilla JUGCreando microservicios con Java, Microprofile y TomEE - Baranquilla JUG
Creando microservicios con Java, Microprofile y TomEE - Baranquilla JUG
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases
 
apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...apidays LIVE New York - Automation API Testing: with Postman collection are ...
apidays LIVE New York - Automation API Testing: with Postman collection are ...
 
[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능
[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능
[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능
 
Riak at Kivra
Riak at KivraRiak at Kivra
Riak at Kivra
 
The Possibilities and Pitfalls of Writing Your Own State Stores with Daan Gertis
The Possibilities and Pitfalls of Writing Your Own State Stores with Daan GertisThe Possibilities and Pitfalls of Writing Your Own State Stores with Daan Gertis
The Possibilities and Pitfalls of Writing Your Own State Stores with Daan Gertis
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
Python Load Testing - Pygotham 2012
Python Load Testing - Pygotham 2012Python Load Testing - Pygotham 2012
Python Load Testing - Pygotham 2012
 
How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.
 
Datacamp @ Transparency Camp 2010
Datacamp @ Transparency Camp 2010Datacamp @ Transparency Camp 2010
Datacamp @ Transparency Camp 2010
 
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NY
 

More from smalltown

Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes smalltown
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culturesmalltown
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Uglysmalltown
 
DevOpsDays Taipei 2021 - How FinTech Embrace Change Management
DevOpsDays Taipei 2021 - How FinTech Embrace Change ManagementDevOpsDays Taipei 2021 - How FinTech Embrace Change Management
DevOpsDays Taipei 2021 - How FinTech Embrace Change Managementsmalltown
 
Kubernetes Summit 2020 - DevOps: Where is My PodPod
Kubernetes Summit 2020 - DevOps: Where is My PodPodKubernetes Summit 2020 - DevOps: Where is My PodPod
Kubernetes Summit 2020 - DevOps: Where is My PodPodsmalltown
 
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWSAWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWSsmalltown
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Clustersmalltown
 
HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩smalltown
 
TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?smalltown
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事smalltown
 
DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?smalltown
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事smalltown
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!smalltown
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitterssmalltown
 
DevOpsDays Taipei 2017 - Terraform: Everything Is Code
DevOpsDays Taipei 2017 - Terraform: Everything Is CodeDevOpsDays Taipei 2017 - Terraform: Everything Is Code
DevOpsDays Taipei 2017 - Terraform: Everything Is Codesmalltown
 
COSCUP 2017 - infrastructure As Code
COSCUP 2017 - infrastructure As Code COSCUP 2017 - infrastructure As Code
COSCUP 2017 - infrastructure As Code smalltown
 
AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)smalltown
 
DevOps Summit 2016 - The immutable Journey
DevOps Summit 2016 - The immutable JourneyDevOps Summit 2016 - The immutable Journey
DevOps Summit 2016 - The immutable Journeysmalltown
 
DevOps 2015 - Dancing with Chef
DevOps 2015 - Dancing with ChefDevOps 2015 - Dancing with Chef
DevOps 2015 - Dancing with Chefsmalltown
 

More from smalltown (19)

Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes Kubernetes Summit 2023: Head First Kubernetes
Kubernetes Summit 2023: Head First Kubernetes
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culture
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
 
DevOpsDays Taipei 2021 - How FinTech Embrace Change Management
DevOpsDays Taipei 2021 - How FinTech Embrace Change ManagementDevOpsDays Taipei 2021 - How FinTech Embrace Change Management
DevOpsDays Taipei 2021 - How FinTech Embrace Change Management
 
Kubernetes Summit 2020 - DevOps: Where is My PodPod
Kubernetes Summit 2020 - DevOps: Where is My PodPodKubernetes Summit 2020 - DevOps: Where is My PodPod
Kubernetes Summit 2020 - DevOps: Where is My PodPod
 
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWSAWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
 
HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩HashiCorp Vault Workshop:幫 Credentials 找個窩
HashiCorp Vault Workshop:幫 Credentials 找個窩
 
TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?TW SEAT - DevOps: Security 干我何事?
TW SEAT - DevOps: Security 干我何事?
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事
 
DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?DevOpsDays - DevOps: Security 干我何事?
DevOpsDays - DevOps: Security 干我何事?
 
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
AgileTW Feat. DevOpsTW: 維運 Kubernetes 的兩三事
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitters
 
DevOpsDays Taipei 2017 - Terraform: Everything Is Code
DevOpsDays Taipei 2017 - Terraform: Everything Is CodeDevOpsDays Taipei 2017 - Terraform: Everything Is Code
DevOpsDays Taipei 2017 - Terraform: Everything Is Code
 
COSCUP 2017 - infrastructure As Code
COSCUP 2017 - infrastructure As Code COSCUP 2017 - infrastructure As Code
COSCUP 2017 - infrastructure As Code
 
AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)
 
DevOps Summit 2016 - The immutable Journey
DevOps Summit 2016 - The immutable JourneyDevOps Summit 2016 - The immutable Journey
DevOps Summit 2016 - The immutable Journey
 
DevOps 2015 - Dancing with Chef
DevOps 2015 - Dancing with ChefDevOps 2015 - Dancing with Chef
DevOps 2015 - Dancing with Chef
 

Recently uploaded

Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 

Recently uploaded (20)

Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 

Cloud Native User Group: Shift-Left Testing IaC With PaC

  • 2. HELLO! I am smalltown MaiCoin Site Reliability Engineer Taipei HashiCorp UG Organizer AWS UG Taiwan Staff 2
  • 3. 3 IaC PaC OPA Case I: TF Case II: K8S
  • 4. 4 IaC PaC OPA Case I: TF Case II: K8S
  • 5. Infrastructure as Code ▪ The Process of Managing And Provisioning Computer Data Centers Through Machine-Readable Definition Files 5
  • 6. IaC First Generation ~$ apt-get update ~$ apt-get install -y tar=1.16.1 package 'tar' do version '1.16.1' action :install end 👉 Record Your Provision Procedure with CM Tool, Not Document ! 6
  • 9. IaC Second Generation 👉 Record Your Cloud Resource with IaC Tool, Not Document ! resource "aws_s3_bucket" "b" { bucket = "my_tf_test_bucket" acl = "private" tags { Name = "My_bucket" } } 9
  • 10. 10 IaC Second Generation is Hot Now! … etc AWS CDKPulumiTerraform
  • 11. Everything As Code Could You Write Code Without Tests? 11
  • 12. Not General Testing Today Unit, Function, Integration, Performance 12
  • 13. More Security and Compliance Testing ▪ Perform Vulnerability Scanning ▫ SAST, RASP, DAST, IAST ▪ Ensure Compliance, Security Follow the Policy ▫ Traditional Auditing ▪ Have You Ever Been Audited? 13
  • 14. 14 Excel Engineer ▪ Lots of Spreadsheets ▪ Lots of Manual Process ▪ Takes Weeks to Months to Complete Review and Fix ▪ Policy Document Not Ready Yet ▪ But The Most Terrible ...
  • 15. Shift Left Testing Testing is Performed Earlier in the Life Cycle 15
  • 19. IaC PaC OPA Case I: TF Case II: K8S 19
  • 20. Audit CodePolicy How to Achieve Automation Auditing? 20
  • 21. What is Policy? ▪ Compliance Policies: Ensure Compliance with External Standards (PCI-DSS, SOC, or GDPR) ▪ Security Policies: Adopted Internally Protect Data Privacy and Infrastructure Integrity ▪ Operational Excellence: Prevent Service Outages or Degradation Ref 21
  • 22. Some Policy as Code Tools ▪ ModSecurity: Only Focus on Web Application Firewall (Capital One Event) ▪ Sentinel: Only Support Terraform, Vault, Nomad and Consul Enterprise (HashiCorp) ▪ Inspec: High-Quality Shared Content, Only For Programmer (Chef) ▪ Open Policy Agent: Solve Different Problems, Limited Shared Content 22
  • 23. 23
  • 24. 24 IaC PaC OPA Case I: TF Case II: K8S
  • 25. What is Open Policy Agent? OPA Service Policy (Rego) Data (JSON) Request, Event, etc Query Decision 25
  • 26. OPA Features ▪ Declarative Policy Language (Rego) ▪ Library, Sidecar, Host-Level Daemon ▪ Management API for Control & Observability ▪ Tooling to Build, Test and Debug Policy 26
  • 27. OPA Integrations Admission Control API AUthorization SSH & sudo Data Protection Data Filtering Linux PAM 27
  • 28. How Does OPA Work? ▪ Example Policy: Employees Can Read Their Own Salary And The Salary of Anyone They Manage 28
  • 29. Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “koreanfish” 29
  • 30. Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “koreanfish” allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } 30
  • 31. Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “koreanfish” allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = “koreanfish” } 31
  • 32. Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } Different User Now! 32
  • 33. Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = “koreanfish” } Different User Now! This Statement Will Fail! 33
  • 34. Rego Demonstration Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } } allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } 34
  • 35. 35 Rego Demonstration allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = managers[employee_id][_] } Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } }
  • 36. 36 Rego Demonstration allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = managers[“koreanfish”][_] } Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } }
  • 37. 37 Rego Demonstration allow = true { input.method = “GET” input.path = [“salary”, employee_id] input.user = employ_id } allow = true { input.method = “GET” input.path = [“salary”, “koreanfish”] input.user = “whitedolphin” } Input Data: method: “GET” path: [“salary”, “koreanfish”] user: “whitedolphin” Context Data: { “managers”: { “koreanfish”: [“whitedolphin”], “williamboy”: [“vegetenglish”] } }
  • 38. 38 IaC PaC OPA Case I: TF Case II: K8S
  • 39. Network Misconfigurations Are Major Source Of Reliability and Security Issues 39
  • 40. A Normal Day In The Cloud World ▪ AAA Company’s ElasticSearch Leak Customer Data ▪ BBB Company’s Kubernetes Admin Console Can Be Accessed Publicly ▪ CCC Company’s MongoDB Leak Customer Data ▪ ... 40
  • 41. Someone Create A Server in AWS... 0.0.0.0/0 41
  • 42. Test Terraform With OPA Policy (Rego) 1. Terraform Output Plan Result As Json File 2. OPA Test The Json Input Through Policy 42
  • 44. Benefits ▪ Help Individual Developers Sanity Check Their Terraform Changes ▪ Auto-Approve Run-Of-The-Mill Infrastructure Changes And Reduce The Burden of Peer-Review ▪ Help Catch Problems That Arise When Applying Terraform To Production After Applying It To Staging 44
  • 45. 45 IaC PaC OPA Case I: TF Case II: K8S
  • 46. How to Audit K8S Cluster? ▪ Require Specific Labels On All Resources ▪ Require Container Images Come The Corporate Image Registry ▪ Require All Pods Specify Resource Requests And Limits. ▪ ... 46
  • 47. How OPA Audit K8S API Server OPA kubectl CI/CD Pipelines controllers AdmissionReview (Request) AdmissionReview (Response) 47
  • 48. One application was OOM, it causes Pods in the same node also were affected 🍯 What the root cause of the K8S incident happened before dawn 🤔 48
  • 50. More Use Cases Cloud Host sshd Container HTTP API APP Host DB orchestrator Admission Control Container Execution, SSH, sudo Microservice APIs Risk Management Data Protection & Filtering 50
  • 51. Takeaways ▪ IaC History ▪ Shift-Left Testing IaC by Automation PaC ▪ OPA Introduction & Features ▪ Demo How OPA Integrate with Terraform & K8S 51
  • 52. THANKS! ANY QUESTIONS? You can find me at: ▪ facebook.com/smalltown0110 ▪ smalltown@awsug.tw 52
  • 53. 53 🎅 Software Engineer I 🎅 Software Engineer in Test 🎅 Software Engineer II 🎅 Project Manager