Do you want to make your releases safer, faster, and less effort? Lots of us now have microservices, kubernetes, maybe even a service mesh. So why are released still banned on fridays? Why is it so hard even know what version is running in production?
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
This talk covers the past, present, and future of Microservices at Squarespace. We begin with our journey to microservices, and describe the platform that made this possible. We introduce our idea of the “Pillars of Microservices”, everything a developer needs to have a successful production service. For each pillar we describe why we think it is important and discuss the implementation and how we utilize it in our environment. Next, we look to the future evolution of our microservices environment including how we are using containerization and Kubernetes to overcome some of the problems we’ve faced with more static infrastructure.
An overview on docker and container technology behind it. Lastly, we discuss few tools that might come handy when dealing with large number of containers management.
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...Amir Zmora
A lot has been written about the lack of interoperability between browsers when it comes to WebRTC. Why is it so complicated? What's keeping Google from moving the standard way from SDP Plan B to Unified Plan?
All about the C++ internals of WebRTC in browsers by guest speaker Alex Gouaillard.
Slides from talk given on May 23, 2016 at the HTML5 Denver Meetup Group.
Angular 2 is now in Release Candidate stage. We will use the new Angular CLI project to generate a new Angular 2 application. Next, we will take a quick tour through the scaffolded application structure. We will discuss how Angular 2 is bootstrapped and how modules are loaded. We will also show how to use the Angular CLI tool to generate a component and build our application.
Juraci Paixão Kröhling - All you need to know about OpenTelemetryJuliano Costa
OpenTelemetry is one of the newest projects in the realm of Observability at the CNCF and is already the second most active project there. In this session, Juraci Paixão Kröhling will talk about the different subprojects and how to get started using them. Even if you heard about OpenTelemetry before, you'll leave this session with a better understanding of what this is all about, the several faces of OpenTelemetry, and what you can do to make your projects more observable.
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors.
In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others.
I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.
How are microservices in 2017 different from how we used to build them at the beginning of the decade?
More traditional Service-Oriented Architectures were defined by protocols and standards published and curated by industry consortiums. Knowledge of the architectural style usually called "microservices", on the other hand, is often in the form of patterns, cautionary tales, and tools extracted from real-world reports and software made available by organisations that have adopted this style.
Almost ten years since the first wave of such reports, the landscape has changed considerably. Many hard challenges from the past have been eased or completely solved, and a lot of the custom software created by the microservices pioneers have been made off-the-shelf open source software.
In this talk, Phil Calçado will contrast what we first found in the first generation of microservices architectures against the current generation's landscape. Let's talk about which previous common knowledge and patterns are deprecated, which ones are still active, and introduce some of the ones that have been recently added to our toolbox.
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
This talk covers the past, present, and future of Microservices at Squarespace. We begin with our journey to microservices, and describe the platform that made this possible. We introduce our idea of the “Pillars of Microservices”, everything a developer needs to have a successful production service. For each pillar we describe why we think it is important and discuss the implementation and how we utilize it in our environment. Next, we look to the future evolution of our microservices environment including how we are using containerization and Kubernetes to overcome some of the problems we’ve faced with more static infrastructure.
An overview on docker and container technology behind it. Lastly, we discuss few tools that might come handy when dealing with large number of containers management.
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...Amir Zmora
A lot has been written about the lack of interoperability between browsers when it comes to WebRTC. Why is it so complicated? What's keeping Google from moving the standard way from SDP Plan B to Unified Plan?
All about the C++ internals of WebRTC in browsers by guest speaker Alex Gouaillard.
Slides from talk given on May 23, 2016 at the HTML5 Denver Meetup Group.
Angular 2 is now in Release Candidate stage. We will use the new Angular CLI project to generate a new Angular 2 application. Next, we will take a quick tour through the scaffolded application structure. We will discuss how Angular 2 is bootstrapped and how modules are loaded. We will also show how to use the Angular CLI tool to generate a component and build our application.
Juraci Paixão Kröhling - All you need to know about OpenTelemetryJuliano Costa
OpenTelemetry is one of the newest projects in the realm of Observability at the CNCF and is already the second most active project there. In this session, Juraci Paixão Kröhling will talk about the different subprojects and how to get started using them. Even if you heard about OpenTelemetry before, you'll leave this session with a better understanding of what this is all about, the several faces of OpenTelemetry, and what you can do to make your projects more observable.
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors.
In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others.
I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.
How are microservices in 2017 different from how we used to build them at the beginning of the decade?
More traditional Service-Oriented Architectures were defined by protocols and standards published and curated by industry consortiums. Knowledge of the architectural style usually called "microservices", on the other hand, is often in the form of patterns, cautionary tales, and tools extracted from real-world reports and software made available by organisations that have adopted this style.
Almost ten years since the first wave of such reports, the landscape has changed considerably. Many hard challenges from the past have been eased or completely solved, and a lot of the custom software created by the microservices pioneers have been made off-the-shelf open source software.
In this talk, Phil Calçado will contrast what we first found in the first generation of microservices architectures against the current generation's landscape. Let's talk about which previous common knowledge and patterns are deprecated, which ones are still active, and introduce some of the ones that have been recently added to our toolbox.
As much as cloud-native applications and microservices help us be more productive and resilient and grow to unprecedented scales, they also bring an entirely new class of challenges. Let’s explore how the challenge of debugging applications has changed in a highly distributed world.
From: https://www.dashcon.io/agenda/ten-years-of-failing-microservices/
WebRTC Standards & Implementation Q&A - Legacy API Support ChangesAmir Zmora
The past few months have seen several discussions regarding the so-called “Legacy APIs”, meaning anything not officially supported in the spec that might have been implemented in the past. Some APIs have had support removed, others retained. This session will briefly review the recent decisions in addition to the normal Q&A.
Microservice API Gateways with NGINX
Slides from talk given on Tuesday August 2nd, 2017 at the Denver Open Source Users Group (DOSUG).
(NGINX is pronounced "engine x".)
Microservices are a popular architectural solution. Clients of microservices may experience some difficulty keeping track of the various instances and endpoints they have to call. An API gateway can help manage large numbers of microservices and hide the infrastructure complexity from your clients. We will review a microservice architecture before and after the addition of an API gateway.
An API gateway is a reverse proxy. A reverse proxy handles incoming requests from clients and calls a service to get the data to satisfy that request. The reverse proxy returns that data to the client. Many developers write these proxies by hand in custom code, not realizing there better solutions available. We will mention a number of popular solutions, some open source and some cloud-based services. For this talk, we will focus on NGINX, a popular open source reverse proxy and API Gateway. (NGINX also sells an enterprise offering, NGINX Plus, but this talk will only cover the features available in the open-source version.)
We will show how to set up NGINX as an API Gateway. We will dive into the configuration and operation of NGINX.
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
That is this group? How does it work? What is the CNCF? After this short introduction I am going to show you what is Opentracing what it means and why the adoption is growing so much in a short amount of time. Use cases, possible implementations and so on.
OpenStack Gluon is a model-driven, extensible framework that enables telecom network operators to provide customers with NFV networking services on-demand by generating APIs from a YAML file which models the NFV Networking Service. We’ll give an overview of Gluon and share a demonstration that will show how Gluon enables quick development and accelerates deployment of new networking service APIs (a.k.a. Protons). We’ll also provide an overview of the OPNFV NetReady project, whose goal is to investigate how the current OpenStack networking architecture needs to be evolved in order to ensure that NFV-related use cases can be flexibly and efficiently supported.
In this episode, we will focus on open sourcing how we run Netflix's open source program. Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
Slides from talk given on Tuesday June 12th at the Boulder Java Users Meetup Group and Wednesday June 13th, 2018 at the Denver Java Users Meetup Group.
This talk, by Geoff Filippi, will start with an introduction to reactive programming. We will introduce the Reactive Manifesto and explain Non-blocking IO. We will look at some of the new reactive programming features in Java like CompletableFuture and Reactive Streams. Project Reactor, Spring 5 and Spring Boot 2 are helping to make these new features accessible to Java developers. We will also introduce the concept of backpressure to control the flow of data.
You will learn how to create a Non-blocking application using Spring Boot 2. We will use start.spring.io to create a new Reactive application. Will will compare the Flux and Mono types and discuss when to use each.
About Geoff Filippi: Geoff is a Senior Architect at DISH Network, in the security group. Previously at Dish he served a large group of developers implementing microservices. Prior to his work at DISH, he was an Application Architect at Oildex, an oil and gas data service company. He also spent 12 years at Time Warner Cable, where he was a Senior Engineer. At TWC, he lead the team that built the video streaming web application, TWCTV.
Geoff holds BS and MS degrees in Computer Engineering from Virginia Tech. He holds several patents related to high-availability, architecture, wireless networks and cable systems.
Geoff is focused on automating security, API design, domain-driven design and cloud-native architectures.
"Less is More"
Talk given at the Open Networking Users Group at Columbia University, New York, May 15, 2015
Summary of what is wrong with OpenStack networking today, the complexity of overlays and the simplicity that can be achieved with a pure Layer 3 routed model, as embodied by Project Calico
In this WebHack talk I shared my experience about microservices, Docker, Kubernetes and Kong, an API gateway by Mashape. Since they are based on a real working system, this slides is majorly for how to build the whole thing up, not about detailed internal implementation. Although I included some details and reference in order to make it more comprehensive.
Composable Infrastructure is a revolutionary, new architecture that optimize various software and hardware for innovation ideas. Valence was introduced to disaggregates compute, storage, and network resources based on Intel Rack Scale Design. Nowadays applications and other OpenStack services can take advantage of Valence to introduce the ability to more efficiently pool and utilize these resources. Valence complements OpenStack by dynamically composing workload-optimized hardware while at the same time allowing workloads to run on bare-metal and do it all with a single management console. Valence was started one year ago and evolves rapidly. It’s readier than ever to unlock the effectiveness. In this session, we’ll share:
What exciting features have been added since last cycle
Intel Rack Scale Design Roadmap
New Features, such as Pooled NVMe resources management, Multi-Podmanager, etc.
Integration with other OpenStack projects
Community involvement and ecosystem
Use case & Demo
Talk given at OpenResty Con 2017 in Beijing.
Kong (https://getkong.org) is a widely-adopted open source API Gateway built with OpenResty. It aims at helping secure, manage, and extend microservices-based architectures with minimal effort from the user, while ensuring platform agnosticism.
In this talk, we will explore the challenges we encountered developing such an OpenResty application, and how we overcame many of them by way of libraries and contributions back to the OpenResty community. We will cover topics such as clustering OpenResty nodes, inter-workers communication, DNS resolution, typical pitfalls OpenResty developers should avoid, and much more.
A deck from the first CDIsrael meetup, presenting our CD flow at Snyk, focusing on our testing framework. A day in a life of a developer - code, test, publish, deploy, monitor.
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...Haggai Philip Zagury
The overwhelming growth of technologies in the Cloud Native foundation overtook our toolbox and completely changed (well, really enhanced) the Developer Experience.
In this talk, I will try to provide my personal journey from the "Operator to Developer's chair" and the practices which helped me along my journey as a Cloud-Native Dev ;)
As much as cloud-native applications and microservices help us be more productive and resilient and grow to unprecedented scales, they also bring an entirely new class of challenges. Let’s explore how the challenge of debugging applications has changed in a highly distributed world.
From: https://www.dashcon.io/agenda/ten-years-of-failing-microservices/
WebRTC Standards & Implementation Q&A - Legacy API Support ChangesAmir Zmora
The past few months have seen several discussions regarding the so-called “Legacy APIs”, meaning anything not officially supported in the spec that might have been implemented in the past. Some APIs have had support removed, others retained. This session will briefly review the recent decisions in addition to the normal Q&A.
Microservice API Gateways with NGINX
Slides from talk given on Tuesday August 2nd, 2017 at the Denver Open Source Users Group (DOSUG).
(NGINX is pronounced "engine x".)
Microservices are a popular architectural solution. Clients of microservices may experience some difficulty keeping track of the various instances and endpoints they have to call. An API gateway can help manage large numbers of microservices and hide the infrastructure complexity from your clients. We will review a microservice architecture before and after the addition of an API gateway.
An API gateway is a reverse proxy. A reverse proxy handles incoming requests from clients and calls a service to get the data to satisfy that request. The reverse proxy returns that data to the client. Many developers write these proxies by hand in custom code, not realizing there better solutions available. We will mention a number of popular solutions, some open source and some cloud-based services. For this talk, we will focus on NGINX, a popular open source reverse proxy and API Gateway. (NGINX also sells an enterprise offering, NGINX Plus, but this talk will only cover the features available in the open-source version.)
We will show how to set up NGINX as an API Gateway. We will dive into the configuration and operation of NGINX.
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
That is this group? How does it work? What is the CNCF? After this short introduction I am going to show you what is Opentracing what it means and why the adoption is growing so much in a short amount of time. Use cases, possible implementations and so on.
OpenStack Gluon is a model-driven, extensible framework that enables telecom network operators to provide customers with NFV networking services on-demand by generating APIs from a YAML file which models the NFV Networking Service. We’ll give an overview of Gluon and share a demonstration that will show how Gluon enables quick development and accelerates deployment of new networking service APIs (a.k.a. Protons). We’ll also provide an overview of the OPNFV NetReady project, whose goal is to investigate how the current OpenStack networking architecture needs to be evolved in order to ensure that NFV-related use cases can be flexibly and efficiently supported.
In this episode, we will focus on open sourcing how we run Netflix's open source program. Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
Slides from talk given on Tuesday June 12th at the Boulder Java Users Meetup Group and Wednesday June 13th, 2018 at the Denver Java Users Meetup Group.
This talk, by Geoff Filippi, will start with an introduction to reactive programming. We will introduce the Reactive Manifesto and explain Non-blocking IO. We will look at some of the new reactive programming features in Java like CompletableFuture and Reactive Streams. Project Reactor, Spring 5 and Spring Boot 2 are helping to make these new features accessible to Java developers. We will also introduce the concept of backpressure to control the flow of data.
You will learn how to create a Non-blocking application using Spring Boot 2. We will use start.spring.io to create a new Reactive application. Will will compare the Flux and Mono types and discuss when to use each.
About Geoff Filippi: Geoff is a Senior Architect at DISH Network, in the security group. Previously at Dish he served a large group of developers implementing microservices. Prior to his work at DISH, he was an Application Architect at Oildex, an oil and gas data service company. He also spent 12 years at Time Warner Cable, where he was a Senior Engineer. At TWC, he lead the team that built the video streaming web application, TWCTV.
Geoff holds BS and MS degrees in Computer Engineering from Virginia Tech. He holds several patents related to high-availability, architecture, wireless networks and cable systems.
Geoff is focused on automating security, API design, domain-driven design and cloud-native architectures.
"Less is More"
Talk given at the Open Networking Users Group at Columbia University, New York, May 15, 2015
Summary of what is wrong with OpenStack networking today, the complexity of overlays and the simplicity that can be achieved with a pure Layer 3 routed model, as embodied by Project Calico
In this WebHack talk I shared my experience about microservices, Docker, Kubernetes and Kong, an API gateway by Mashape. Since they are based on a real working system, this slides is majorly for how to build the whole thing up, not about detailed internal implementation. Although I included some details and reference in order to make it more comprehensive.
Composable Infrastructure is a revolutionary, new architecture that optimize various software and hardware for innovation ideas. Valence was introduced to disaggregates compute, storage, and network resources based on Intel Rack Scale Design. Nowadays applications and other OpenStack services can take advantage of Valence to introduce the ability to more efficiently pool and utilize these resources. Valence complements OpenStack by dynamically composing workload-optimized hardware while at the same time allowing workloads to run on bare-metal and do it all with a single management console. Valence was started one year ago and evolves rapidly. It’s readier than ever to unlock the effectiveness. In this session, we’ll share:
What exciting features have been added since last cycle
Intel Rack Scale Design Roadmap
New Features, such as Pooled NVMe resources management, Multi-Podmanager, etc.
Integration with other OpenStack projects
Community involvement and ecosystem
Use case & Demo
Talk given at OpenResty Con 2017 in Beijing.
Kong (https://getkong.org) is a widely-adopted open source API Gateway built with OpenResty. It aims at helping secure, manage, and extend microservices-based architectures with minimal effort from the user, while ensuring platform agnosticism.
In this talk, we will explore the challenges we encountered developing such an OpenResty application, and how we overcame many of them by way of libraries and contributions back to the OpenResty community. We will cover topics such as clustering OpenResty nodes, inter-workers communication, DNS resolution, typical pitfalls OpenResty developers should avoid, and much more.
A deck from the first CDIsrael meetup, presenting our CD flow at Snyk, focusing on our testing framework. A day in a life of a developer - code, test, publish, deploy, monitor.
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...Haggai Philip Zagury
The overwhelming growth of technologies in the Cloud Native foundation overtook our toolbox and completely changed (well, really enhanced) the Developer Experience.
In this talk, I will try to provide my personal journey from the "Operator to Developer's chair" and the practices which helped me along my journey as a Cloud-Native Dev ;)
Not my problem - Delegating responsibility to infrastructureYshay Yaacobi
Slides for for my talk, appeared on Code-Europe Poznan 12.06.2018
(https://www.codeeurope.pl/en/speakers/yshay-yaacobi)
https://github.com/yshayy/not-my-problem-talk
https://github.com/Yshayy/not-my-problem-talk/blob/master/slides/demo.md
Google Cloud Platform Solutions for DevOps EngineersMárton Kodok
learn the DevOps essentials about cloud components, FaaS, PaaS architectural patterns that make use of Cloud Functions, Pub/Sub, Dataflow, Kubernetes and how we develop and deploy cloud software. You will get hands on information how to build, run, monitor highly scalable and flexible applications optimized to run on GCP. We will discuss cloud concepts and highlights various design patterns and best practices.
Nona puntata del Mulesoft Meetup di Milano. Parliamo insieme a Paolo Petronzi di automazione e CI/CD e poi con Luca Bonaldo, il nostro Mulesoft Mentor in Italia, di best practices per batch processing.
The monolith to cloud-native, microservices evolution has driven a shift from monitoring to observability. OpenTelemetry, a merger of the OpenTracing and OpenCensus projects, is enabling Observability 2.0. This talk gives an overview of the OpenTelemetry project and then outlines some production-proven architectures for improving the observability of your applications and systems.
Join this info-packed and hands-on workshop where we will cover:
Introduction to Kubernetes & GitOps talk:
We'll cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
* an opinionated repo structure to minimize decision fatigue
* disaster recovery using GitOps
* Helm charts example
* Multi-cluster example
* all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
OSDC 2018 | From Monolith to Microservices by Paul Puschmann_NETWAYS
Scaling up from two developer teams supporting a monolith to more than 20 developer teams powering a micro-service landscape is not only a matter of technical excellence but also the matter of culture and collaboration. This talk will show the positive aspects of our evolution as well as the things we learned to improve on.
The DevOps methodology integrates development and operations so that system changes can get rolled out quickly without causing unplanned downtime. Industrial organizations that successfully implement DevOps will have a strong advantage, but knowing how to get started can be a real challenge.
Connecting ALM Tools for a DevOps World with RLIA-TETasktop
In this slide deck from the on-demand webinar presented by strategic partners Tasktop and 321 Gang, you’ll learn how to connect ALM development tools across development teams to create an architecture for DevOps automation and build process models that connect the various stages of software delivery using RLIA-TE.
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Weaveworks
View this video on Youtube here: https://youtu.be/tK4S8y3j5TA
In this info-packed and hands-on workshop we covered:
Introduction to Kubernetes & GitOps talk:
We covered the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
- an opinionated repo structure to minimize decision fatigue
- disaster recovery using GitOps
- Helm charts example
- Multi-cluster example
- all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Cloud Native CI/CD with Spring Cloud PipelinesLars Rosenquist
Spring, Spring Boot and Spring Cloud are tools that allow developers to speed up the creation of new business features. But a new feature is only useful if it's in production. Companies spend a lot of time and resources on building their own deployment pipelines using a plethora of technologies. Spring Cloud Pipelines provides an opinionated way for getting your features to production in a fast, reliable, reproducible and fully automated way.
Cloud Native CI/CD with Spring Cloud PipelinesLars Rosenquist
Spring, Spring Boot and Spring Cloud are tools that allow developers to speed up the creation of new business features. But a new feature is only useful if it's in production. Companies spend a lot of time and resources on building their own deployment pipelines using a plethora of technologies. Spring Cloud Pipelines provides an opinionated way for getting your features to production in a fast, reliable, reproducible and fully automated way.
Fully updated and revised! Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. This talk explores the details of how it all works under the hood, by following one brave request in from the internet and through the mesh. This talk will guide Istio newbies through its capabilities and features, while bringing experienced users up-to-date with the many design changes that have happened in the last few years since I presented the first version.
Automated Cloud-Native Incident Response with Kubernetes and Service MeshMatt Turner
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain.
Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world.
In this talk, Matt and Francesco will
* Recap incident response 101
* Introduce some cloud-native tech including Kubernetes, Istio, and GitOps
* Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo
* Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.
apiserver-Only "Clusters" for fun and profitMatt Turner
Kubernetes is a very extensible system, to the point that the apiserver and database can be run on their own. In this configuration there's no controller-manager or scheduler, and no support for actually running workloads. However these components can support CRDs and Operators. This makes it a perfect host for lightweight control planes for other systems. In this talk, Matt will show how an Operator can run on just a bare-bones control plane. The control-plane cannot run workloads and the Operator (Istio, in this case) doesn't deal with anything in the cluster. However, together they functions as a small, lightweight unit providing services outside the cluster. Matt will explain the theory of this style of deployment, and how to set it up yourself. He will show a demo using the Istio control plane, which will provide networking services to a set of VMs (as there is no cluster).
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosMatt Turner
Most large organisations today have their applications in data centers and in different clouds. Each of these are operated by different business units and often are owned and operated by 3P, partners, acquired companies, vendor operated etc and thus they operate with different levels of trust. How to ensure secure communications between all these applications with different level of trust boundaries and yet maintain agility in access and compliance in runtime is what this talk will cover.
In this session, Matt will look at Istio, a Service Mesh, but no prior knowledge of Istio or the space is needed.
Istio is a “smart network” comprising traffic switches and controllers. It’s had about four different architectures over time, and we’ll look at what problem each solved, and the challenges that eventually led to it being changed. We’ll talk about how the different approaches each optimised performance, scalability, and redundancy.
We’ll explore analogies between the shapes of Istio and common patterns - three-tier web apps, big network routers, etc - and how Istio’s lessons are broadly applicable.
Dynamically Testing Individual Microservice Releases In ProductionMatt Turner
A lot of us test new versions of services in our Production environment, since it’s the best way to get representative, reliable results. If the new service is “on the edge” of the topology then hitting it is easy, as the test clients can directly call it. But if it’s in the middle of a chain of services, then calling the current versions of all of them, except one beta version in the middle of the chain, is the dream.
This kind of advanced traffic control is possible with a Service Mesh like Istio. But the configuration needed to enable this for all versions of all services is complex and error-prone. In this session Matt will show you how to use an Operator which auto-generates the necessary config. We’ll see how just deploying a new version results in all the necessary config for sophisticated “override-based testing”. Matt will walk through the technique, the underlying config, and the operator that generates it from Deployments.
Gateway APIs, Envoy Gateway, and API GatewaysMatt Turner
Up until now, Ingress routes into K8s clusters have been defined by the Ingress kind, or by vendor-specific CRDs. Neither of these were satisfactory, so a new set of built-in k8s APIs was developed - the Gateway API.
In this talk, Matt will cover the motivation for a new API, its design, and show some examples of its use. He’ll then also cover implimentations of it today and in the future, and talk about the exciting merging of several of the existing ingress controllers into one new de facto standard - Envoy Gateway.
Ziglu runs kubernetes and Istio in production, and it adds up to a complicated system. In order to debug deeply one day, Matt had to dive into the inner workings of Docker networking, virtual switches, and sidecar containers. This talk will share what he learned about off these systems, in the hope it’ll save other people time!
What is a Service Mesh and what can it do for your MicroservicesMatt Turner
e’ll explore what a service mesh is and what it can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out!
This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk. Matt will show a simple installation and demo, giving us all the knowledge to go home and try for ourself.
Running Resillient Workloads with Istio - KubeCon China 2019Matt Turner
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
Software Networking and Interfaces on LinuxMatt Turner
These are the days of VMs, containers, and service meshes. The network, for a long time the sysadmin’s mysterious domain, is now at the fore-front: providing overlays, security features, and headaches. It’s vital to be able to understand what’s going on under the hood of a cloud-native platform if you ever hope to debug it, but do you know a TAP from a TUN, let alone an ipvlanL3? This talk will take you through all the network interface types on modern linux, from good old eth0 to the vEths used by Docker and the tunnels used by Calico.
Running Resillient Workloads with Istio - OpenInfra Days 2019Matt Turner
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
The Life of a Packet through Istio - DevExperience Romania, April 2019Matt Turner
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don’t have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, we will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. This will give a great insight into Istio’s full power, and its fascinating architecture.
The life of a packet through Istio - QCon London 2019Matt Turner
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don’t have to keep reimplementing them. Istio is rapidly taking off and ther are great introductory talks everywhere. However in this session, we will dive deep to explore precisely how it does what it does, following one brave little packet in from the Internet and back out again. At each point we’ll see how to configure the features of that component to exploit Istio’s full potential. This will give a great insight into Istio’s full power, and its fascinating architecture.
Do You Need a Service Mesh? @ London Devops, January 2019Matt Turner
Service meshes are cool, but are they useful? We'll explore what a service mesh is and what they can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we'll find out!
Istio, The Packet's-Eye View - KubeCon NA 2018Matt Turner
The Istio project reached 1.0 this summer, and is mature enough to have LTS releases. It’s getting a lot of attention, but in a lot of ways it’s still a mystery. You’ve probably read about it, you might have tried it, but do you really understand it? It promises advances routing, security, and resiliency, all for free! In this session I’ll present a practical introduction to the operation of Istio - what features it can bring to your environment.
What’s unique about this talk is that we’ll be exploring the different parts of Istio by following one plucky little packet into the mesh, through it, and out again. As we meet each component we’ll learn why it’s there, what it does, and see a demo of how to configure it for common tasks. This will leave you not only with slides showing example configs, but a valuable mental model and a unique insight into the service mesh’s operation.
Video link (paywalled): https://skillsmatter.com/skillscasts/12045-the-life-of-a-packet-in-istio
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, Matt will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. Matt will share with you a great insight into Istio's full power, and you will also learn about its fascinating architecture.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
20. Metrics
“RED”
● Rate - requests / second
● Errors - errors (%)
● Duration - latency of responses
21. Service Levels
● SLA - Service Level Agreement - broad statement of what’s on offer, reads
like a contract
● SLO - Service Level Objective - measurable, quantified target for availability,
performance, etc. Eg error rate %, latency ms.
● SLI - Service Level Indicator - how will we measure the service level? How
are we measuring things? Where? How are we aggregating them?
22. Infrastructure-as-Code & Declarative Systems
● Everything is described as “code” (needs an API)
● Eg Terraform, Kubernetes YAMLs
● No more click-ops!
23. GitOps
● Git as the single source of truth for everything
● Uses IaC to describe the desired state
● Committed to git
● Reconciled to the world
● Enables Operations via git (rather that by ticket)
37. Contract
● Triggered by a new commit to main
● Produces a new container image and push to the registry
● Bottom of the testing pyramid: Linting, Compilation, Unit Testing
49. Isolation
● Does it even start?
● Available for manual testing
● Automated integration testing
● Automated end-to-end testing
● Automated non-functional testing
○ Failed if performance isn’t within SLO
54. Read-Only
● Gets a mirror of user traffic, but responses dropped
● What’s its Service Level? - crash rate, error rate, performance
● Compare results, if helpful
59. Progressive Roll-Out
● Sends 1% of user traffic to new version
● Monitor all SLIs for a period of time
● If it’s within the SLOs, add 1% more traffic
Roll-back
● If it fails SLO at any point, all traffic sent back to the old version
● New version left running for inspection
● Alert raised