Debugging an RBAC Problem in Istio
•
0 likes•356 views
The document provides a walk-through for debugging RBAC problems in Istio. It discusses the importance of observability and controllability when debugging. Some techniques discussed include examining Envoy logs and traffic dumps to understand the system, using permissive RBAC to change things incrementally, following the request pipeline, and doing guess-and-check testing to hone in on the problem. The presentation emphasizes taking a methodical approach and not panicking to eventually solve RBAC issues in Istio.
Report
Share
Report
Share
Download to read offline
Recommended
[論文紹介] PARANMT-50M- Pushing the Limits of Paraphrastic Sentence Embeddings wi...
The document summarizes research on PARANMT-50M, a new paraphrastic sentence embedding model. The model was created by training an LSTM on 50 million English-Czech machine translation pairs to map sentences to a shared vector space where semantic similarity is represented by vector similarity. Evaluation shows the embeddings achieve state-of-the-art results on semantic textual similarity tasks, outperforming prior models trained on smaller datasets. The researchers believe the improved performance is due to the large scale machine translation training data used to generate the embeddings.
Who's Knocking on My Door?
This document discusses real-time streaming and action logging. It explains that an Apache log captures page hits, visits, and system behavior, but not real-time streams or actions. Real-time streams and actions can only be captured with dedicated logging of events like ajax requests and user interactions. A demo of a real-time door knocking and logging system is provided, along with links to video and code examples.
2013 06-17-open-analytics
Elasticsearch is a search engine that can scale to handle large volumes of data and events. It allows for exploration of data through open source projects like Kibana. Users can clone the Kibana source code from GitHub, install dependencies, and run a local server to explore data.
The Life of a Packet through Istio III
Fully updated and revised! Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. This talk explores the details of how it all works under the hood, by following one brave request in from the internet and through the mesh. This talk will guide Istio newbies through its capabilities and features, while bringing experienced users up-to-date with the many design changes that have happened in the last few years since I presented the first version.
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain.
Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world.
In this talk, Matt and Francesco will
* Recap incident response 101
* Introduce some cloud-native tech including Kubernetes, Istio, and GitOps
* Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo
* Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.
apiserver-Only "Clusters" for fun and profit
This document discusses deploying Kubernetes clusters without most of the Kubernetes control plane for lightweight operations. It recaps how the Kubernetes control plane works, introduces the idea of using only certain minimal parts of it, and describes a prototype built that uses less of the control plane. The document concludes by hoping this inspires others to adopt their pattern or build an even more minimal version, and provides contact information for the presenters.
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Most large organisations today have their applications in data centers and in different clouds. Each of these are operated by different business units and often are owned and operated by 3P, partners, acquired companies, vendor operated etc and thus they operate with different levels of trust. How to ensure secure communications between all these applications with different level of trust boundaries and yet maintain agility in access and compliance in runtime is what this talk will cover.
Why Is Istio That Shape?
In this session, Matt will look at Istio, a Service Mesh, but no prior knowledge of Istio or the space is needed.
Istio is a “smart network” comprising traffic switches and controllers. It’s had about four different architectures over time, and we’ll look at what problem each solved, and the challenges that eventually led to it being changed. We’ll talk about how the different approaches each optimised performance, scalability, and redundancy.
We’ll explore analogies between the shapes of Istio and common patterns - three-tier web apps, big network routers, etc - and how Istio’s lessons are broadly applicable.
Recommended
[論文紹介] PARANMT-50M- Pushing the Limits of Paraphrastic Sentence Embeddings wi...
The document summarizes research on PARANMT-50M, a new paraphrastic sentence embedding model. The model was created by training an LSTM on 50 million English-Czech machine translation pairs to map sentences to a shared vector space where semantic similarity is represented by vector similarity. Evaluation shows the embeddings achieve state-of-the-art results on semantic textual similarity tasks, outperforming prior models trained on smaller datasets. The researchers believe the improved performance is due to the large scale machine translation training data used to generate the embeddings.
Who's Knocking on My Door?
This document discusses real-time streaming and action logging. It explains that an Apache log captures page hits, visits, and system behavior, but not real-time streams or actions. Real-time streams and actions can only be captured with dedicated logging of events like ajax requests and user interactions. A demo of a real-time door knocking and logging system is provided, along with links to video and code examples.
2013 06-17-open-analytics
Elasticsearch is a search engine that can scale to handle large volumes of data and events. It allows for exploration of data through open source projects like Kibana. Users can clone the Kibana source code from GitHub, install dependencies, and run a local server to explore data.
The Life of a Packet through Istio III
Fully updated and revised! Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. This talk explores the details of how it all works under the hood, by following one brave request in from the internet and through the mesh. This talk will guide Istio newbies through its capabilities and features, while bringing experienced users up-to-date with the many design changes that have happened in the last few years since I presented the first version.
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain.
Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world.
In this talk, Matt and Francesco will
* Recap incident response 101
* Introduce some cloud-native tech including Kubernetes, Istio, and GitOps
* Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo
* Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.
apiserver-Only "Clusters" for fun and profit
This document discusses deploying Kubernetes clusters without most of the Kubernetes control plane for lightweight operations. It recaps how the Kubernetes control plane works, introduces the idea of using only certain minimal parts of it, and describes a prototype built that uses less of the control plane. The document concludes by hoping this inspires others to adopt their pattern or build an even more minimal version, and provides contact information for the presenters.
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Most large organisations today have their applications in data centers and in different clouds. Each of these are operated by different business units and often are owned and operated by 3P, partners, acquired companies, vendor operated etc and thus they operate with different levels of trust. How to ensure secure communications between all these applications with different level of trust boundaries and yet maintain agility in access and compliance in runtime is what this talk will cover.
Why Is Istio That Shape?
In this session, Matt will look at Istio, a Service Mesh, but no prior knowledge of Istio or the space is needed.
Istio is a “smart network” comprising traffic switches and controllers. It’s had about four different architectures over time, and we’ll look at what problem each solved, and the challenges that eventually led to it being changed. We’ll talk about how the different approaches each optimised performance, scalability, and redundancy.
We’ll explore analogies between the shapes of Istio and common patterns - three-tier web apps, big network routers, etc - and how Istio’s lessons are broadly applicable.
Dynamically Testing Individual Microservice Releases In Production
A lot of us test new versions of services in our Production environment, since it’s the best way to get representative, reliable results. If the new service is “on the edge” of the topology then hitting it is easy, as the test clients can directly call it. But if it’s in the middle of a chain of services, then calling the current versions of all of them, except one beta version in the middle of the chain, is the dream.
This kind of advanced traffic control is possible with a Service Mesh like Istio. But the configuration needed to enable this for all versions of all services is complex and error-prone. In this session Matt will show you how to use an Operator which auto-generates the necessary config. We’ll see how just deploying a new version results in all the necessary config for sophisticated “override-based testing”. Matt will walk through the technique, the underlying config, and the operator that generates it from Deployments.
Gateway APIs, Envoy Gateway, and API Gateways
Up until now, Ingress routes into K8s clusters have been defined by the Ingress kind, or by vendor-specific CRDs. Neither of these were satisfactory, so a new set of built-in k8s APIs was developed - the Gateway API.
In this talk, Matt will cover the motivation for a new API, its design, and show some examples of its use. He’ll then also cover implimentations of it today and in the future, and talk about the exciting merging of several of the existing ingress controllers into one new de facto standard - Envoy Gateway.
The Life of a Packet III - Service Mesh London
This document summarizes the life of a packet traveling through a service mesh. It begins with an overview of service meshes and Istio. It then details the various components involved in routing a request through proxies like Envoy, including the control plane (Istiod), configuration distribution, routing rules, and telemetry collection. It discusses container networking, pod networking, and sidecar injection. Finally, it explores ongoing developments like eBPF-based acceleration and "ambient mesh" approaches.
Cloud-Native Progressive Delivery
Do you want to make your releases safer, faster, and less effort? Lots of us now have microservices, kubernetes, maybe even a service mesh. So why are released still banned on fridays? Why is it so hard even know what version is running in production?
An Introduction to Bazel
Bazel is a build system that focuses on sources and dependencies rather than build instructions. It uses a high-level language to declaratively describe builds in terms of inputs and outputs, and a low-level language to encode compiler knowledge. Bazel performs reproducible, hermetic, and fast builds across platforms by executing everything in a sandboxed environment.
Networks, Linux, Containers, Pods
Ziglu runs kubernetes and Istio in production, and it adds up to a complicated system. In order to debug deeply one day, Matt had to dive into the inner workings of Docker networking, virtual switches, and sidecar containers. This talk will share what he learned about off these systems, in the hope it’ll save other people time!
What is a Service Mesh and what can it do for your Microservices
e’ll explore what a service mesh is and what it can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out!
This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk. Matt will show a simple installation and demo, giving us all the knowledge to go home and try for ourself.
Running Resillient Workloads with Istio - KubeCon China 2019
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
Software Networking and Interfaces on Linux
These are the days of VMs, containers, and service meshes. The network, for a long time the sysadmin’s mysterious domain, is now at the fore-front: providing overlays, security features, and headaches. It’s vital to be able to understand what’s going on under the hood of a cloud-native platform if you ever hope to debug it, but do you know a TAP from a TUN, let alone an ipvlanL3? This talk will take you through all the network interface types on modern linux, from good old eth0 to the vEths used by Docker and the tunnels used by Calico.
Running Resillient Workloads with Istio - OpenInfra Days 2019
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
The Life of a Packet through Istio - DevExperience Romania, April 2019
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don’t have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, we will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. This will give a great insight into Istio’s full power, and its fascinating architecture.
The life of a packet through Istio - QCon London 2019
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don’t have to keep reimplementing them. Istio is rapidly taking off and ther are great introductory talks everywhere. However in this session, we will dive deep to explore precisely how it does what it does, following one brave little packet in from the Internet and back out again. At each point we’ll see how to configure the features of that component to exploit Istio’s full potential. This will give a great insight into Istio’s full power, and its fascinating architecture.
Do You Need a Service Mesh? @ London Devops, January 2019
Service meshes are cool, but are they useful? We'll explore what a service mesh is and what they can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we'll find out!
Istio, The Packet's-Eye View - KubeCon NA 2018
The Istio project reached 1.0 this summer, and is mature enough to have LTS releases. It’s getting a lot of attention, but in a lot of ways it’s still a mystery. You’ve probably read about it, you might have tried it, but do you really understand it? It promises advances routing, security, and resiliency, all for free! In this session I’ll present a practical introduction to the operation of Istio - what features it can bring to your environment.
What’s unique about this talk is that we’ll be exploring the different parts of Istio by following one plucky little packet into the mesh, through it, and out again. As we meet each component we’ll learn why it’s there, what it does, and see a demo of how to configure it for common tasks. This will leave you not only with slides showing example configs, but a valuable mental model and a unique insight into the service mesh’s operation.
The life of a packet through Istio
Video link (paywalled): https://skillsmatter.com/skillscasts/12045-the-life-of-a-packet-in-istio
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, Matt will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. Matt will share with you a great insight into Istio's full power, and you will also learn about its fascinating architecture.
Bash is Testing
Everyone says they’re coding in Rust these days, but they’re not. Every system has some bash-flavoured blu-tack hiding in the corners. But how well do you know this arcane, abstruse, annoying programming language? In 5 minutes, I’ll educate, entertain, and inform you about a core part of the bash language - the simple conditional statement. This irreverent and funny talk, while yes, insulting bash quite a lot, will hopefully provide a whole bunch of “oh, that’s why it does that” moments too.
Istio - The life of a packet
Presented at Istio London, October 2017
Abstract:
We will explore the architecture of Istio and Envoy from a packet-eye view, seeing the function and purpose of each component in the system.
Fluency
The document summarizes 10 lightning talks given at a conference including topics on finding bugs, rants, SharePoint, motivations, fluency, and style for version control. It also includes code snippets on copying data, C++ code, event handling in C#, Assertions in C#, Hello World in C++, and object initialization in C#.
An Introduction to User Space Filesystem Development
This document provides an introduction to developing userspace filesystems using FUSE (Filesystem in Userspace). It discusses why filesystems are important in organizing data, and how FUSE allows filesystem development to occur in userspace rather than kernelspace. FUSE uses a POSIX-like API to handle filesystem operations and provides both high-level and low-level interfaces. The high-level interface is simpler but the low-level interface provides more control and potential performance benefits. Debugging, testing, and ensuring good performance of FUSE filesystems are also covered.
Trusted Execution Environment for Decentralized Process Mining
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
More Related Content
More from Matt Turner
Dynamically Testing Individual Microservice Releases In Production
A lot of us test new versions of services in our Production environment, since it’s the best way to get representative, reliable results. If the new service is “on the edge” of the topology then hitting it is easy, as the test clients can directly call it. But if it’s in the middle of a chain of services, then calling the current versions of all of them, except one beta version in the middle of the chain, is the dream.
This kind of advanced traffic control is possible with a Service Mesh like Istio. But the configuration needed to enable this for all versions of all services is complex and error-prone. In this session Matt will show you how to use an Operator which auto-generates the necessary config. We’ll see how just deploying a new version results in all the necessary config for sophisticated “override-based testing”. Matt will walk through the technique, the underlying config, and the operator that generates it from Deployments.
Gateway APIs, Envoy Gateway, and API Gateways
Up until now, Ingress routes into K8s clusters have been defined by the Ingress kind, or by vendor-specific CRDs. Neither of these were satisfactory, so a new set of built-in k8s APIs was developed - the Gateway API.
In this talk, Matt will cover the motivation for a new API, its design, and show some examples of its use. He’ll then also cover implimentations of it today and in the future, and talk about the exciting merging of several of the existing ingress controllers into one new de facto standard - Envoy Gateway.
The Life of a Packet III - Service Mesh London
This document summarizes the life of a packet traveling through a service mesh. It begins with an overview of service meshes and Istio. It then details the various components involved in routing a request through proxies like Envoy, including the control plane (Istiod), configuration distribution, routing rules, and telemetry collection. It discusses container networking, pod networking, and sidecar injection. Finally, it explores ongoing developments like eBPF-based acceleration and "ambient mesh" approaches.
Cloud-Native Progressive Delivery
Do you want to make your releases safer, faster, and less effort? Lots of us now have microservices, kubernetes, maybe even a service mesh. So why are released still banned on fridays? Why is it so hard even know what version is running in production?
An Introduction to Bazel
Bazel is a build system that focuses on sources and dependencies rather than build instructions. It uses a high-level language to declaratively describe builds in terms of inputs and outputs, and a low-level language to encode compiler knowledge. Bazel performs reproducible, hermetic, and fast builds across platforms by executing everything in a sandboxed environment.
Networks, Linux, Containers, Pods
Ziglu runs kubernetes and Istio in production, and it adds up to a complicated system. In order to debug deeply one day, Matt had to dive into the inner workings of Docker networking, virtual switches, and sidecar containers. This talk will share what he learned about off these systems, in the hope it’ll save other people time!
What is a Service Mesh and what can it do for your Microservices
e’ll explore what a service mesh is and what it can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out!
This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk. Matt will show a simple installation and demo, giving us all the knowledge to go home and try for ourself.
Running Resillient Workloads with Istio - KubeCon China 2019
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
Software Networking and Interfaces on Linux
These are the days of VMs, containers, and service meshes. The network, for a long time the sysadmin’s mysterious domain, is now at the fore-front: providing overlays, security features, and headaches. It’s vital to be able to understand what’s going on under the hood of a cloud-native platform if you ever hope to debug it, but do you know a TAP from a TUN, let alone an ipvlanL3? This talk will take you through all the network interface types on modern linux, from good old eth0 to the vEths used by Docker and the tunnels used by Calico.
Running Resillient Workloads with Istio - OpenInfra Days 2019
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
The Life of a Packet through Istio - DevExperience Romania, April 2019
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don’t have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, we will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. This will give a great insight into Istio’s full power, and its fascinating architecture.
The life of a packet through Istio - QCon London 2019
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don’t have to keep reimplementing them. Istio is rapidly taking off and ther are great introductory talks everywhere. However in this session, we will dive deep to explore precisely how it does what it does, following one brave little packet in from the Internet and back out again. At each point we’ll see how to configure the features of that component to exploit Istio’s full potential. This will give a great insight into Istio’s full power, and its fascinating architecture.
Do You Need a Service Mesh? @ London Devops, January 2019
Service meshes are cool, but are they useful? We'll explore what a service mesh is and what they can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we'll find out!
Istio, The Packet's-Eye View - KubeCon NA 2018
The Istio project reached 1.0 this summer, and is mature enough to have LTS releases. It’s getting a lot of attention, but in a lot of ways it’s still a mystery. You’ve probably read about it, you might have tried it, but do you really understand it? It promises advances routing, security, and resiliency, all for free! In this session I’ll present a practical introduction to the operation of Istio - what features it can bring to your environment.
What’s unique about this talk is that we’ll be exploring the different parts of Istio by following one plucky little packet into the mesh, through it, and out again. As we meet each component we’ll learn why it’s there, what it does, and see a demo of how to configure it for common tasks. This will leave you not only with slides showing example configs, but a valuable mental model and a unique insight into the service mesh’s operation.
The life of a packet through Istio
Video link (paywalled): https://skillsmatter.com/skillscasts/12045-the-life-of-a-packet-in-istio
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, Matt will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. Matt will share with you a great insight into Istio's full power, and you will also learn about its fascinating architecture.
Bash is Testing
Everyone says they’re coding in Rust these days, but they’re not. Every system has some bash-flavoured blu-tack hiding in the corners. But how well do you know this arcane, abstruse, annoying programming language? In 5 minutes, I’ll educate, entertain, and inform you about a core part of the bash language - the simple conditional statement. This irreverent and funny talk, while yes, insulting bash quite a lot, will hopefully provide a whole bunch of “oh, that’s why it does that” moments too.
Istio - The life of a packet
Presented at Istio London, October 2017
Abstract:
We will explore the architecture of Istio and Envoy from a packet-eye view, seeing the function and purpose of each component in the system.
Fluency
The document summarizes 10 lightning talks given at a conference including topics on finding bugs, rants, SharePoint, motivations, fluency, and style for version control. It also includes code snippets on copying data, C++ code, event handling in C#, Assertions in C#, Hello World in C++, and object initialization in C#.
An Introduction to User Space Filesystem Development
This document provides an introduction to developing userspace filesystems using FUSE (Filesystem in Userspace). It discusses why filesystems are important in organizing data, and how FUSE allows filesystem development to occur in userspace rather than kernelspace. FUSE uses a POSIX-like API to handle filesystem operations and provides both high-level and low-level interfaces. The high-level interface is simpler but the low-level interface provides more control and potential performance benefits. Debugging, testing, and ensuring good performance of FUSE filesystems are also covered.
More from Matt Turner (19)
Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production
What is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your Microservices
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
Recently uploaded
Trusted Execution Environment for Decentralized Process Mining
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Azure API Management to expose backend services securely
How to use Azure API Management to expose backend service securely
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S4 HANA to Public cloud data object differences
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Recently uploaded (20)
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Azure API Management to expose backend services securely
Azure API Management to expose backend services securely
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Debugging an RBAC Problem in Istio
- 1. (but without the swearing) Walk-through: Debugging an RBAC Problem in Istio Matt Turner KubeCon, San Diego California | November 2019 @mt165 | mt165.co.uk
- 5. Introduction
- 7. RBAC: 20, 21
- 10. Debuggability = Observability X Controllability
- 11. Observability “... the behaviour of the entire system can be determined by only looking at its inputs and outputs” - Kalman, 1961 The software has a model of the world, which may be wrong. You have a model of its model, which may be wrong.
- 12. Envoy Logs: 30
- 14. engarde!
- 15. Traffic Dump: 31
- 16. ksniff!
- 17. It’s all meshed up!
- 18. Controllability
- 20. Change One Thing At A Time R-BACk on: 20
- 21. Follow the Pipeline: 33
- 22. Hone in: 34, 35
- 23. Guess and check: 36
- 24. ⸘What the actual fuck‽ Why? Can do end-user, port, etc based authz ServiceRole[Binding] will be gone from 1.6, replaced with AuthorizationPolicy
- 25. One more: Don’t Panic!