Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques est principalement organisationnelle.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Container Security: How We Got Here and Where We're GoingPhil Estes
A talk given on Wednesday, Nov. 16th at DefragCon (DefragX) on a historical perspective on container security with a look to where we're going in the future.
Kubernetes 101 - A Cluster Operating Systemmikaelbarbero
The popularity of the Kubernetes platform is continuously increasing... for good reasons! It's a wonderful modular platform made out of fundamentals orthogonal bricks used to defined even more useful bricks. It enables a DevOps friendly envrionnment where microservices and continously delivery feel at home.
If you have not yet dig into what is usually defined as a Cluster Operating System, it's time to catch-up! This thorough introduction to Kubernetes will cover:
* What is a Node and what is the difference between master node(s) and worker nodes.
* What is it like to run an application in Kubernetes
* What is a Pod and how it relates to containers
* How to organize resources with Labels and Namespaces
* How to scale your application with ReplicaSet
* How to expose your application to clients internal to your clusters and to external clients with Services
* What is a Volume and how it is used to attach persistent storage, configuration and secrets to pods
How to do zero downtime rolling update of your application with Deployments
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Container Security: How We Got Here and Where We're GoingPhil Estes
A talk given on Wednesday, Nov. 16th at DefragCon (DefragX) on a historical perspective on container security with a look to where we're going in the future.
Kubernetes 101 - A Cluster Operating Systemmikaelbarbero
The popularity of the Kubernetes platform is continuously increasing... for good reasons! It's a wonderful modular platform made out of fundamentals orthogonal bricks used to defined even more useful bricks. It enables a DevOps friendly envrionnment where microservices and continously delivery feel at home.
If you have not yet dig into what is usually defined as a Cluster Operating System, it's time to catch-up! This thorough introduction to Kubernetes will cover:
* What is a Node and what is the difference between master node(s) and worker nodes.
* What is it like to run an application in Kubernetes
* What is a Pod and how it relates to containers
* How to organize resources with Labels and Namespaces
* How to scale your application with ReplicaSet
* How to expose your application to clients internal to your clusters and to external clients with Services
* What is a Volume and how it is used to attach persistent storage, configuration and secrets to pods
How to do zero downtime rolling update of your application with Deployments
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Docker for any type of workload and any IT InfrastructureDocker, Inc.
This presentation discusses the different types of workloads typical enterprises are required to run, which use cases exist for containerizing them and how leading-edge workload orchestration can be used to deploy, run and manage the containerized workloads or various types or scale-out infrastructures, such as on-premise clusters, public clouds or hybrid clouds.
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan
Originally designed by Google, Kubernetes is now an open-source platform that is used for managing applications deployed as containers across multiple hosts - now hosted under the Cloud Native Computing Foundation. It provides features for automating deployment, scaling, and maintaining these applications. Hosts are organised into clusters, and applications are deployed into these clusters as containers. Kubernetes is compatible with several container engines, notably Docker. The popularity of Kubernetes continues to increase as a result of the feature-rich tooling when compared to use of a container-engine alone, and a number of Cloud-based hosted solutions are now available, such as Google Kubernetes Engine, Amazon Elastic Container Service for Kubernetes, and IBM Cloud Container Service.
This talk will provide an introduction to the Kubernetes platform, and a detailed view of the platform architecture from both the Control Plane and Worker-node perspectives. A walk-through demonstration will also be provided. Furthermore, two additional tools that support Kubernetes will be presented and demonstrated - Helm: a package manager solution which enables easy deployment of pre-built Kubernetes software using Helm Charts, and Istio: a platform in development that aims to simplify the management of micro-services deployed on the Kubernetes platform.
Speaker Bio:
Dr. Michael J. O'Sullivan is a Software Engineer working as part of the Cloud Foundation Services team for IBM Cloud Dedicated, in the IBM Cloud division in Cork. Michael has worked on both Delivery Pipeline/Deployment Automation and Performance Testing teams, which has resulted in daily exposure to customer deployments of IBM Cloud services such as the IBM Cloud Containers Service, and the IBM Cloud Logging and Metrics Services. Michael has also worked on deployment of these services to OpenStack and VMware platforms. Michael holds a PhD in Computer Science from University College Cork (2012 - 2015), where, under the supervision of Dr. Dan Grigoras, engaged in research of Mobile Cloud Computing (MCC) - specifically, studying and implementing solutions for delivering seamless user experiences of MCC applications and services. Prior to this, Michael graduated with a 1st Class Honours Degree in Computer Science from University College Cork in 2012.
Introduction to dockers and kubernetes. Learn how this helps you to build scalable and portable applications with cloud. It introduces the basic concepts of dockers, its differences with virtualization, then explain the need for orchestration and do some hands-on experiments with dockers
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
A webinar presented for the {code} Community on August 30, 2017. In this talk, we looked at the sphere of modern container runtimes that start with Docker's emergence in 2013/2014 to today's additions of rkt, OCI's runc, containerd, cri-o, and Cloud Foundry's garden-runc project, many of them consolidating around the OCI standard for container runtime and image specifications.
OpenStack, Containers, and Docker: The Future of Application Deployment
Twenty years ago, developers built static applications on well-defined stacks that ran on proprietary, monolithic hardware. Developers today want freedom to build applications using their choice of services and stacks and, ideally, want to be able to run those applications on any available hardware. Of course, this raises questions about service interaction, the practicality of migrating applications across environments, and the challenges of managing unlimited combinations of services and hardware environment.
By promoting an opensource approach to flexible and inter-operable infrastructure, OpenStack goes a long way towards achieving this vision of the future. This talk discusses the application and platform side of the equation, and the interplay between OpenStack, Container technology (e.g. LXC), and the opensource Docker.io project. Docker.io enables any application and its dependencies to be deployed as lightweight containers that run consistently virtually anywhere. The same containerized application that runs on a developer's laptop can run consistently on a bare metal server, an OpenStack cluster, a Rackspace cloud, a VM,etc. While providing isolation and compatibility, containers have significant size, performance, and deployment advantages over traditional VMs.
Recently, the community created an integration between Docker and OpenStack Nova, opening up exciting possibilities for web scale application deployment, continuous integration and deployment, private PaaS, and hybrid cloud. This session will give an introduction to Docker and containers in the context of OpenStack, and will then demonstrate cross-environment deployment of applications.
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
how to join legacy VMs and bare metal machines to a Kubernetes service mesh so that VMs can consume Kubernetes services AND publish services used by Kubernetes hosted applications
Introdution to Docker (theory and hands on) dbCafé - dbTrentoCristian Consonni
In this presentation I will introduce Docker, an "an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux." (source: Wikipedia). The presentation has an initial theoretical part and a second more practical, hands on part.
Webinar container management in OpenStackCREATE-NET
This webinar covers the topics of Containers in OpenStack and, in particular it offers an overview of what containers are, LXC, Docker and Kubernetes. It also includes the topic of Containers in OpenStack and the specific examples of Nova docker, Murano and Magnum. In the final part there are live Demos about the elements covered earlier.
Introduction to Microservices with Docker and KubernetesDavid Charles
Slides used to accompany a talk to introduce Microservices and two related technologies; Docker and Kubernetes. A large part of this talk is a live demonstration of Docker and Kubernetes features so the slides are just to support.
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques et très organisationnel
Docker for any type of workload and any IT InfrastructureDocker, Inc.
This presentation discusses the different types of workloads typical enterprises are required to run, which use cases exist for containerizing them and how leading-edge workload orchestration can be used to deploy, run and manage the containerized workloads or various types or scale-out infrastructures, such as on-premise clusters, public clouds or hybrid clouds.
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan
Originally designed by Google, Kubernetes is now an open-source platform that is used for managing applications deployed as containers across multiple hosts - now hosted under the Cloud Native Computing Foundation. It provides features for automating deployment, scaling, and maintaining these applications. Hosts are organised into clusters, and applications are deployed into these clusters as containers. Kubernetes is compatible with several container engines, notably Docker. The popularity of Kubernetes continues to increase as a result of the feature-rich tooling when compared to use of a container-engine alone, and a number of Cloud-based hosted solutions are now available, such as Google Kubernetes Engine, Amazon Elastic Container Service for Kubernetes, and IBM Cloud Container Service.
This talk will provide an introduction to the Kubernetes platform, and a detailed view of the platform architecture from both the Control Plane and Worker-node perspectives. A walk-through demonstration will also be provided. Furthermore, two additional tools that support Kubernetes will be presented and demonstrated - Helm: a package manager solution which enables easy deployment of pre-built Kubernetes software using Helm Charts, and Istio: a platform in development that aims to simplify the management of micro-services deployed on the Kubernetes platform.
Speaker Bio:
Dr. Michael J. O'Sullivan is a Software Engineer working as part of the Cloud Foundation Services team for IBM Cloud Dedicated, in the IBM Cloud division in Cork. Michael has worked on both Delivery Pipeline/Deployment Automation and Performance Testing teams, which has resulted in daily exposure to customer deployments of IBM Cloud services such as the IBM Cloud Containers Service, and the IBM Cloud Logging and Metrics Services. Michael has also worked on deployment of these services to OpenStack and VMware platforms. Michael holds a PhD in Computer Science from University College Cork (2012 - 2015), where, under the supervision of Dr. Dan Grigoras, engaged in research of Mobile Cloud Computing (MCC) - specifically, studying and implementing solutions for delivering seamless user experiences of MCC applications and services. Prior to this, Michael graduated with a 1st Class Honours Degree in Computer Science from University College Cork in 2012.
Introduction to dockers and kubernetes. Learn how this helps you to build scalable and portable applications with cloud. It introduces the basic concepts of dockers, its differences with virtualization, then explain the need for orchestration and do some hands-on experiments with dockers
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
A webinar presented for the {code} Community on August 30, 2017. In this talk, we looked at the sphere of modern container runtimes that start with Docker's emergence in 2013/2014 to today's additions of rkt, OCI's runc, containerd, cri-o, and Cloud Foundry's garden-runc project, many of them consolidating around the OCI standard for container runtime and image specifications.
OpenStack, Containers, and Docker: The Future of Application Deployment
Twenty years ago, developers built static applications on well-defined stacks that ran on proprietary, monolithic hardware. Developers today want freedom to build applications using their choice of services and stacks and, ideally, want to be able to run those applications on any available hardware. Of course, this raises questions about service interaction, the practicality of migrating applications across environments, and the challenges of managing unlimited combinations of services and hardware environment.
By promoting an opensource approach to flexible and inter-operable infrastructure, OpenStack goes a long way towards achieving this vision of the future. This talk discusses the application and platform side of the equation, and the interplay between OpenStack, Container technology (e.g. LXC), and the opensource Docker.io project. Docker.io enables any application and its dependencies to be deployed as lightweight containers that run consistently virtually anywhere. The same containerized application that runs on a developer's laptop can run consistently on a bare metal server, an OpenStack cluster, a Rackspace cloud, a VM,etc. While providing isolation and compatibility, containers have significant size, performance, and deployment advantages over traditional VMs.
Recently, the community created an integration between Docker and OpenStack Nova, opening up exciting possibilities for web scale application deployment, continuous integration and deployment, private PaaS, and hybrid cloud. This session will give an introduction to Docker and containers in the context of OpenStack, and will then demonstrate cross-environment deployment of applications.
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
how to join legacy VMs and bare metal machines to a Kubernetes service mesh so that VMs can consume Kubernetes services AND publish services used by Kubernetes hosted applications
Introdution to Docker (theory and hands on) dbCafé - dbTrentoCristian Consonni
In this presentation I will introduce Docker, an "an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux." (source: Wikipedia). The presentation has an initial theoretical part and a second more practical, hands on part.
Webinar container management in OpenStackCREATE-NET
This webinar covers the topics of Containers in OpenStack and, in particular it offers an overview of what containers are, LXC, Docker and Kubernetes. It also includes the topic of Containers in OpenStack and the specific examples of Nova docker, Murano and Magnum. In the final part there are live Demos about the elements covered earlier.
Introduction to Microservices with Docker and KubernetesDavid Charles
Slides used to accompany a talk to introduce Microservices and two related technologies; Docker and Kubernetes. A large part of this talk is a live demonstration of Docker and Kubernetes features so the slides are just to support.
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques et très organisationnel
History and Basics of containers, LXC, Docker and Kubernetes. This presentation is given to Engineering colleage students at VIT DevFest 2018. Beginner to Intermediate level.
Docker Kubernetes Istio
Understanding Docker and creating containers.
Container Orchestration based on Kubernetes
Blue Green Deployment, AB Testing, Canary Deployment, Traffic Rules based on Istio
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Accelerate your software development with DockerAndrey Hristov
Docker is in all the news and this talk presents you the technology and shows you how to leverage it to build your applications according to the 12 factor application model.
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
containerd the universal container runtimeDocker, Inc.
containerd is an industry-standard core container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc..
containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
containerd includes a daemon exposing gRPC API over a local UNIX socket. The API is a low-level one designed for higher layers to wrap and extend. It also includes a barebone CLI (ctr) designed specifically for development and debugging purpose. It uses runC to run containers according to the OCI specification. The code can be found on GitHub, and here are the contribution guidelines.
containerd is based on the Docker Engine’s core container runtime to benefit from its maturity and existing contributors.
Building specialized container-based systems with Moby: a few use cases
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios. We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary. Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
This presentation by Andrew Aslinger discusses best practices and pitfalls of integrating Docker into Continuous Delivery Pipelines. Learn how Andrew and his team used Docker to replace Chef to simplify their development and migration processes.
Il s’agit dans un premier temps de présenter Docker, ses cas d’usage et quelques bonnes pratiques d’utilisation.
Le but est de présenter Docker, son mode de fonctionnement et son écosystème.
Ce qu’il peut apporter et les pièges à éviter
https://github.com/kanedafromparis/prez-fabric8-dmp
Kubernetes is exploding in popularity right now and has all the buzz and cargo-culting that Docker enjoyed just a few years ago. But what even is Kubernetes? How do I run my PHP apps in it? Should I run my PHP apps in it ?
Similar to Dev opsec dockerimage_patch_n_lifecyclemanagement_ (20)
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
On parle des Operator Kubernetes, mais de quoi s’agit-il ? Comment peut-on programmer son cluster Kubernetes et surtout, est-il possible de les écrire en Java ?
C’est ce que nous allons présenter au cours de 3 sessions dont celle-ci est la première. Dans cette session, nous allons présenter les différentes ressources de l’api REST de Kubernetes, les CRD (Custom Resource Definition), la bibliothèque fabric8 kubernetes-client et le projet exemple Hypnos.
par Charles Sabourdin
Pourquoi, quand vous demandez à mettre en production une application java containérisée avec docker, vos ops font soudain la grimace ? Pourquoi vos containers, qui marchaient si bien sur votre PC, crashent si souvent en production ; et aussi pourquoi la RAM des noeuds se met-elle à swaper autant ?
Ces problèmes nous les avons rencontrés et nous vous proposons de partager ensemble nos découvertes et nos réflexions sur l'utilisation combinée de java et de docker.
Ensemble creusons la RAM, le CPU et les différentes options de gestion de mémoire de la JVM pour obtenir le bon fonctionnement de notre application dans un containeur.
Cette présentation donne une vue d’ensemble et les concepts généraux, permettant d’appréhender OpenShift et de faciliter les premières étales de prises en mains.
On y parle de Pods, de services, de source-to-image, etc.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Dev opsec dockerimage_patch_n_lifecyclemanagement_
1. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
DevSecOps
Container Image :
“Application LifeCycle Management”
sed /sLifeCycle/Patch/g
netsecure-day.fr
2018/12/13
2. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Moi : Charles Sabourdin
Javaiste
Linuxien
Devoxx France
ParisJUG
OpenSource
Architect
Dev/Ops
@kanedafromparis
https://github.com/kanedafromparis/
https://github.com/kanedafromparis
- 45:00
3. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Sommaire
I. Reminder
A. Docker
1. intro
2. isolation
3. layers
B. Kubernetes
1. generic
2. deployment
C. Development pipeline (security focus)
II. Application life cycle
A. Scanning tools
B. Too much technos
III. Proposed solution
A. 1,2,3 Hosting
B. Pitfalls
4. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Docker Engine uses namespaces such as the following on Linux:
● The pid namespace: Process isolation (PID: Process ID).
● The net namespace: Managing network interfaces (NET: Networking).
● The ipc namespace: Managing access to IPC resources (IPC:
InterProcess Communication).
● The mnt namespace: Managing filesystem mount points (MNT: Mount).
● The uts namespace: Isolating kernel and version identifiers. (UTS: Unix
Timesharing System).
Namespaces
Docker uses a technology called namespaces to provide the isolated workspace called the container.
When you run a container, Docker creates a set of namespaces for that container.
These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace
and its access is limited to that namespace.
I. Reminder : Docker
sources : https://docs.docker.com/engine/docker-overview/#the-underlying-technology
https://en.wikipedia.org/wiki/Linux_kernel
5. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Control groups
Docker Engine on Linux also relies on another technology called control groups (cgroups). A cgroup
limits an application to a specific set of resources. Control groups allow Docker Engine to share
available hardware resources to containers and optionally enforce limits and constraints. For
example, you can limit the memory available to a specific container.
Union file systems
Union file systems, or UnionFS, are file systems that operate by creating layers, making them very
lightweight and fast. Docker Engine uses UnionFS to provide the building blocks for containers.
Docker Engine can use multiple UnionFS variants, including AUFS, btrfs, vfs, and DeviceMapper.
Container format
Docker Engine combines the namespaces, control groups, and UnionFS into a wrapper called a
container format. The default container format is libcontainer. In the future, Docker may support other
container formats by integrating with technologies such as BSD Jails or Solaris Zones.
Isolation
I. Reminder : Docker
sources : https://docs.docker.com/engine/docker-overview/#the-underlying-technology
https://en.wikipedia.org/wiki/Cgroups
6. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Union file systems (again)
Union file systems, or UnionFS, are file systems that operate by creating layers,
making them very lightweight and fast. Docker Engine uses UnionFS to provide the
building blocks for containers. Docker Engine can use multiple UnionFS variants,
including AUFS, btrfs, vfs, and DeviceMapper.
Container format
A Docker image is built up from a series of layers. Each layer represents an
instruction in the image’s Dockerfile. Each layer except the very last one is read-only.
Each layer is only a set of differences from the layer before it. The layers are stacked
on top of each other. When you create a new container, you add a new writable layer
on top of the underlying layers. This layer is often called the “container layer”.
All changes made to the running container, such as writing new files, modifying
existing files, and deleting files, are written to this thin writable container layer.
Layers
I. Reminder : Docker
sources : https://docs.docker.com/storage/storagedriver/#images-and-layers
7. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Breadcrumb
Operating System
Toolings / Utils
Language Toolings
Application Toolings
Frameworks / external libs
Application code
Operating System (Docker Image)
I. Reminder : Docker
9. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Docker Images
A recipe or template for creating Docker containers. It includes the steps for
installing and running the necessary software
Docker Container
Like a tiny virtual machine that is created from the instructions found within the
Docker image
Docker Client
Command-line utility or other tool that takes advantage of the Docker API
(docs.docker.com/ reference/api/docker_remote_api) to communicate with a
Docker daemon
Glossary
I. Reminder : Docker
sources : https://docs.docker.com/glossary/
https://dzone.com/refcardz/getting-started-with-docker-1
Docker Host
A physical or virtual machine that is running a Docker daemon and contains cached images as well as runnable containers created from
images
Docker Registry
A repository of Docker images that can be used to create Docker containers. Docker Hub (hub.docker.com) is the most popular social
example of a Docker repository.
10. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
● Agile application creation and deployment: Increased ease and efficiency
of container image creation compared to VM image use.
● Continuous development, integration, and deployment
● Dev and Ops separation of concerns
● Environmental consistency across development, testing, and production
● Application-centric management: Raises the level of abstraction from
running an OS on virtual hardware to running an application on an OS
using logical resources.
● Loosely coupled, distributed, elastic, liberated micro-services
● Resource isolation: Predictable application performance.
● Resource utilization: High efficiency and density.
Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services, that facilitates both
declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely
available.
Kubernetes
I. Reminder : Kubernetes
sources : https://kubernetes.io/docs/concepts/architecture/cloud-controller/
https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/
11. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Master
The machine that controls Kubernetes nodes. This is where all task assignments originate.
Node
These machines perform the requested, assigned tasks. The Kubernetes master controls
them.
Pod
A group of one or more containers deployed to a single node. All containers in a pod share an
IP address, IPC, hostname, and other resources. Pods abstract network and storage away
from the underlying container. This lets you move containers around the cluster more easily.
Kubelet
This service runs on nodes and reads the container manifests and ensures the defined
containers are started and running.
Glossary
I. Reminder : Kubernetes
sources : https://www.redhat.com/en/topics/containers/what-is-kubernetes
Replication controller
This controls how many identical copies of a pod should be running somewhere on the cluster.
Service
This decouples work definitions from the pods. Kubernetes service proxies automatically get service requests to the right pod—no matter
where it moves to in the cluster or even if it’s been replaced.
12. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
A container is an instanciate executable
isolated process
A container repository is a library of image.
A Kubernetes Pod (PO) is a group of one or
more containers.
A service (SVC) is named mapping to pod
Object
I. Reminder : Kubernetes
sources : https://github.com/kanedafromparisfriends/icones_ocp_kube
A ReplicatSet (RS) create and maintain the pod
declaration that will instantiate pods replica
(docker images) that will provide services.
A Deployment (Deploy) create the ReplicatSet that
will provide services.
Persistent Volume (PV) is a piece of networked
storage in the cluster.
Persistent Volume Claim (PVC) is a reservation of a
Persistent Volume into a namespace / project
...
13. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
The following are typical use cases for Deployments:
● Create a Deployment to rollout a ReplicaSet. The ReplicaSet creates Pods in the background. Check the status of the rollout to see if
it succeeds or not.
● Declare the new state of the Pods by updating the PodTemplateSpec of the Deployment. A new ReplicaSet is created and the
Deployment manages moving the Pods from the old ReplicaSet to the new one at a controlled rate. Each new ReplicaSet updates
the revision of the Deployment.
Deployment
I. Reminder : Kubernetes
sources : https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
● Rollback to an earlier Deployment revision if the current
state of the Deployment is not stable. Each rollback updates
the revision of the Deployment.
● Scale up the Deployment to facilitate more load.
● Pause the Deployment to apply multiple fixes to its
PodTemplateSpec and then resume it to start a new rollout.
● Use the status of the Deployment as an indicator that a
rollout has stuck.
● Clean up older ReplicaSets that you don’t need anymore.
16. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Dev Local
Developper need to develop project on it,s local machine (unit test, debug,
etc…)
Dev on cluster
In order to check some integration issue, Dev can develop into a dedicated
namespace. This namespace can host component and resources identical to
production
CI on cluster
Automated build/test system (Jenkins) catch commit in order to build the future
docker artifact(s) that will be propagated to the QA namespaces
QA on cluster
Automated test are executed on a dedicated namespaces
Staging on cluster (optional)
A referential namespace can be used for load testing, human validation and pre-
visualisation
Production on cluster
A production namespace host the project with the necessary security
constraintes
s/Development/Deployment/g pipeline
I. Reminder : Development pipeline
sources : Containerizing Continuous Delivery in Java by Daniel Bryant
17. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
SonarQube® is an automatic code review tool to detect bugs, vulnerabilities and
code smells in your code. It can integrate with your existing workflow to enable
continuous code inspection across your project branches and pull requests.
Continuous Inspection
SonarQube provides the capability to not only show health of an application but
also to highlight issues newly introduced. With a Quality Gate in place, you can
fix the leak and therefore improve code quality systematically.
Detect Tricky Issues
Our code analyzers are equipped with powerful path sensitive dataflow engines
to detect tricky issues such as null-pointers dereferences, logic errors, resource
leaks..
Centralize Quality
One place to provide a shared vision of code quality for developers, tech leads,
managers and executives in charge of a few to a few thousands projects and
also to act as a toll gate for application promotion or release
QA : Exemple SonarQube
I. Reminder : Development pipeline
sources : https://www.sonarqube.org/
18. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Some of ZAP's functionality:
● Man-in-the-middle Proxy
● Traditional and AJAX spiders
● Automated scanner
● Passive scanner
● Forced browsing
● Fuzzer
● Dynamic SSL certificates
● Smartcard and Client Digital Certificates support
● Web sockets support
● Support for a wide range of scripting languages
● Plug-n-Hack support
● Authentication and session support
● Powerful REST based API
● Automatic updating option
● Integrated and growing marketplace of add-ons
QA : Example ZappProxy
I. Reminder : Development pipeline
sources :
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Functionality
19. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Continuous Integration
the practice of frequently integrating one's new or changed code with the existing code repository – should occur frequently enough that
no intervening window remains between commit and build, and such that no errors can arise without developers noticing them and
correcting them immediately.
Notice : Maturity level
I. Reminder : Development pipeline
sources : DevOps with OpenShift by Stefano Picozzi, Mike Hepburn, and Noel O’Connor
https://en.wikipedia.org/wiki/Continuous_delivery, https://en.wikipedia.org/wiki/Continuous_deployment, https://en.wikipedia.org/wiki/Continuous_integration
Continuous delivery (CDE)
A software engineering approach in which teams
produce software in short cycles, ensuring that the
software can be reliably released at any time and,
when releasing the software, doing so manually.
Continuous deployment (CD)
A software engineering approach in which software
functionalities are delivered frequently through
automated deployments.
- 30:00
20. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
DEV
(NS)
Digression: version tag versus purpose tag
I. Reminder : Kubernetes
img:1.2.1
QA
(NS)
STG
(NS)
PROD
(NS)
img:1.2.0 img:1.1.1 img:1.1.1
DEV
(NS)
img:dev
QA
(NS)
STG
(NS)
PROD
(NS)
img:qa img:stg img:prod
imagePullPolicy: Always
21. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Sommaire
I. Reminder
A. Docker
1. intro
2. isolation
3. layers
B. Kubernetes
1. generic
2. deployment
C. Development pipeline (security focus)
II. Application life cycle
A. Scanning tools
B. Too much technos
III. Proposed solution
A. 1,2,3 Hosting
B. Pitfalls
22. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
sources : https://devops.com.vn/2018/117/
Application lifecycle (example)
II. Application life cycle
23. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Application lifecycle (example)
sources : https://www.lemondeinformatique.fr/actualites/lire-atlassian-fait-pousser-ses-offres-devops-68588.html
II. Application life cycle
24. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
CVE happens
II. Application life cycle
sources : https://www.cvedetails.com/
25. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
CVE happens
II. Application life cycle
sources : https://www.cvedetails.com/
26. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
CVE happens
II. Application life cycle
sources : https://www.cvedetails.com/
27. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Application lifecycle (example)
3 years Lifecycle of a website application (example)
Patch
II. Application life cycle
28. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Application lifecycle
Feature developpement through application configuration or coding is only a phase of the Application life cycle. This phase
can be a big or a small part of the application life.
Several phase are also necessary within the application lifecycle :
- Feature development with testing and validation
This phase can happen several time during the application life.
- Deployment
This phase can happen several time during the application life.
- Security update
This phase can happen several time during the application life.
- Decommission
This phase should only happen once.
The manpower necessary for any of theses phases vary a lot.
Depending of the complexity of the application, the disponibility of
the knowledgeable parties, the level of automatisation
This is why an application need to have a application owner
accountable over the entire application lifecycle.
II. Application life cycle
29. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Scan tools: downstream / upstream
Security tools can give you inside knowledge of your image and
potential security vulnerability
Most are hook on you registry or can have local agent that will
highlight most of you CVE issue.
Usually they scan package (.rpm, .deb, .apk,...) but not tar.gz
and mostly not application library.
II. Application life cycle
They can have various trigger and can set various trigger
- email alert
- automatic rebuild
- block pull
- ...
30. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Docker
Image
Docker Image Docker
Image
Docker
Image
Docker Image Docker Image
Breadcump
Infrastructure
Operating System (Node OS)
Toolings / Utils
Language Toolings
Application Toolings
Frameworks / external libs
Application code
Alpine Base Image
OpenJDK 8
Tomcat Wildfly
App lib
App 2
App 3
Apache httpd 2.4
PHP 7.1 PHP 5.6
Drupal Wordpress
App 1 App 4
Operating System (Docker Image)
Spring|
boot
https://myregistry.or
g/.../App1:x.y
../App2:x.y ../App3:x.y ../App4:x.y ../App5:x.y
Docker
Image
kubelet
Detected by most vulnerability
scanner
Often out of scope
II. Application life cycle
- 20:00
34. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Application lifecycle : Scala
Sacla
● sbt
● …
● Play
● Sparks
● ...
II. Application life cycle
35. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
It can rapidly became unmanageable
II. Application life cycle
36. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Sommaire
I. Reminder
A. Docker
1. intro
2. isolation
3. layers
B. Kubernetes
1. generic
2. deployment
C. Development pipeline (security focus)
II. Application life cycle
A. Scanning tools
B. Too much technos
III. Proposed solution
A. 1,2,3 Hosting
B. Pitfalls
37. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Docker
Image
Docker Image Docker
Image
Docker
Image
Docker Image Docker Image
Breadcrumb
Infrastructure
Operating System (Node OS)
Toolings / Utils
Language Toolings
Application Toolings
Frameworks / external libs
Application code
Alpine Base Image
OpenJDK 8
Tomcat Wildfly
App lib
App 2
App 3
Apache httpd 2.4
PHP 7.1 PHP 5.6
Drupal Wordpress
App 1 App 4
Operating System (Docker Image)
Spring|
boot
https://myregistry.or
g/.../App1:x.y
../App2:x.y ../App3:x.y ../App4:x.y ../App5:x.y
Docker
Image
kubelet
Usually ops scope
Usually Dev scop
III. Proposed solution
38. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Base image : A transition image destined to process program
code in order to create an application image.
Application image : An image use into kubernetes that
provide the custom service developed by the company. It can
came from a base image or a custom dockerfile.
Proposed vocabulary
Still image : An image used into kubernetes cluster with only
configuration adaptation. A still image is based on non-internal
source code or binaries.
III. Proposed solution
40. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
1,2,3 hosting
III. Proposed solution
1 : Project will use Dockerfile using our base image & still
image proposed and maintain by the host team (ops)
41. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
1,2,3 hosting
1 : Project will use Dockerfile using our base image & still
image proposed and maintain by the host team (ops)
2 : Project will use its own Dockerfile but will be in charge of
maintenance (specially security)
III. Proposed solution
42. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
1,2,3 hosting
1 : Project will use Dockerfile using our base image & still
image proposed and maintain by the host team (ops)
2 : Project will use its own Dockerfile but will be in charge of
maintenance (specially security)
3 : Project will use third parties image (signed image)
III. Proposed solution
43. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
III. Proposed solution
- 10:00
44. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
● Absence of a project Owner
III. Proposed solution
45. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
● Absence of a project Owner
● Tooling focus / automation freak
III. Proposed solution
46. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
● Absence of a project Owner
● Tooling focus / automation freak
● Lack of communication (specially between dev team and hosting team)
III. Proposed solution
47. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
● Absence of a project Owner
● Tooling focus / automation freak
● Lack of communication (specially between dev team and hosting team)
● Build to Prod (no test)
III. Proposed solution
48. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
● Absence of a project Owner
● Tooling focus / automation freak
● Lack of communication (specially between dev team and hosting team)
● Build to Prod (no test)
● Too many version, too many variante
III. Proposed solution
49. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Pitfalls
● Absence of a project Owner
● Tooling focus / automation freak
● Lack of communication (specially between dev team and hosting team)
● Build to Prod (no test)
● Too many version, too many variante
● Lack of management support / acceptance in rules enforcement
III. Proposed solution
50. Kubernetes Application Life Cycle
(patch management)
2018/12/13
#NSD18
Thank you
● Questions ?
III. Proposed solution
- 00:00