DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Docker socket security concern

•

0 likes•156 views

The Docker socket is insecure when mounted through to containers, allowing subsequent contains to escape the docker model and root the docker host. Many use Docker in their CI pipelines; but few everyday users are aware of the security issues surrounding the docker socket on docker hosts and the complications this brings. I want to highlight one such issue with the docker socket when creating docker containers within docker containers.

Internet

THINKING OUTSIDE THE BOX
DOCKER SOCKET SECURITY

DOCKER STATISTICS
 More than 900K Docker apps
 More than 12B image pulls (accounting for 390,000% growth)
 Nearly one third of container deployments are in production environments
 Nearly 60% of organizations are running 500 or more hosts
 More than 14M Docker hosts

DOCKER SECURITY THOUGHTS
 It's very insecure, but why do you care?You're inside a Docker container after all :)
 Containers don’t live long enough to be a security threat.
 We know there is an issue, but there isn’t a solution right now.

Host
Slave
Container
Build/Test
Container
Jenkins
Master

Host
Slave Build/Test
Jenkins
Master
/var/run/docker.sock:
/var/run/docker.sock
/cache/bootstrap/:
/cache
/cache/test-tools/:
/cache

Host
Slave Build/Test
Jenkins
Master
/var/run/docker.sock:
/var/run/docker.sock
/cache/bootstrap/:
/cache
/cache/test-tools/:
/cache
Evil
/etc/apt/:
/hosts-apt/
/home/:
/hosts-home-dir/

Host
Super secret project #1 Competitor project #2
Jenkins
Master
73845a45637c d8b849904888
Evil
docker cp
73845a45637c:/secrets
/out/my-stolen-secrets
docker exec –it
d8b849904888 /bin/bash

AUDITING
 Containers are transitive.
 File changes are made by root.

MISCONCEPTIONS
 Only a problem if you’re root.
 Didn’t namespaces solve this?
?!

MISCONCEPTIONS
 Only a problem if you’re root.

MISCONCEPTIONS
 Didn’t userns-remap solve this?

MISCONCEPTIONS
 Didn’t userns-remap solve this?
HostX SlaveX

WHAT CANYOU DO?
 Docker-in-Docker
 Storage drivers
 No cache
 NAT
 Seccomp in Docker
 requires kernel is configured with CONFIG_SECCOMP
 Container orchestration tools
 Kubernetes – Pod security policies
 Restrict test container creation with bespoke code.
 Separate docker user and other user

WHAT CANYOU DO?
 Docker-in-Docker
 Storage drivers
 No cache
 NAT

WHAT CANYOU DO?
 Seccomp in Docker
 requires kernel is configured with CONFIG_SECCOMP

WHAT CANYOU DO?
 Container orchestration tools
 Kubernetes – Pod security policies

WHAT CANYOU DO?
 Restrict test container creation with in-house code.
 Separate docker user and other user

GROUPS
 Careful with groups. Container user only needs to match group ID of outer container.

TAKEAWAY
 Docker socket == root
 Don’t go to production without considering the implications

Docker is hot, Docker security is not? In this talk the risks, benefits and defenses of Docker are discussed. They are followed up by some best practices, which can you use in your daily activities. What is clear is that there is still a lot to do to get your containers secured. Event: Docker Amsterdam Meetup - January 2015 This presentation was given by Michael Boelen, January 23rd at Schuberg Philis. The event was organized by Mark Robert Coleman with help of Harm Boertien. With a full house of people, Docker security was discussed. About the author: Michael Boelen is founder of CISOfy and researches Linux security to build tools and documentation, to simplify it for others. Examples are tools like Rootkit Hunter and Lynis, blog posts and presentations.

Hug #9 who's keeping your secrets

Cameron More

This document discusses secrets management in containers and recommends solutions like Kubernetes Secrets, Docker Swarm Secrets, DC/OS Secrets, Keywhiz, and Hashicorp Vault. It highlights Hashicorp Vault's purpose-built focus on secrets, key rolling capabilities, comprehensive access control, expiration policies, and extensibility. The document then provides a case study of Aqua Security's integration with Hashicorp Vault, which allows for central secret management without persisting secrets to disk, secured communications, control over user/group secret access, usage tracking, and runtime secret rotation/revocation without container restarts.

A (fun!) Comparison of Docker Vulnerability Scanners

John Kinsella

The document is an introduction to a talk on information security scanning and vulnerability management. It provides biographical information about the speaker, an overview of the topics to be covered including scanning tools and minimizing vulnerabilities in container images. It also includes examples of security product logos and discusses challenges in assessing vulnerabilities across image layers and databases tailored to specific operating systems.

Container Security Deep Dive & Kubernetes

Aqua Security

Security threats with Kubernetes - Igor Khoroshchenko

Kuberton

CyberSEED: Virtual Machine Introspection to Detect and Protect

Tamas K Lengyel

Tamas K Lengyel gives a presentation on virtual machine introspection and how it can be used to detect and protect against threats. He discusses how virtualization adds layers that can be leveraged for security monitoring. However, he notes that the approach of adding more layers is not a true solution and just increases the cost to break through defenses. Lengyel argues that the root hypervisor and lowest system layers are ultimately not fully transparent or accessible, leaving security imperfect similar to the concept of turtles all the way down.

London HUG 19/5 - Kubernetes and vault

London HashiCorp User Group

This document discusses using Kubernetes and Vault together to manage secrets. It summarizes that Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications, while Vault provides a single source for secrets, access via API and CLI, leasing and renewal of secrets, auditing, access control lists, and secure secret storage. It notes that while Kubernetes has native secrets functionality, Vault is useful for separately managing secrets from applications for improved security and process. An example is provided of using Vault to fetch and renew SSL certificates for a MongoDB deployment in Kubernetes.

Security Walls in Linux Environment: Practice, Experience, and Results

Igor Beliaiev

While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore! Read more on: https://sysdig.com/blog/docker-runtime-security/ https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/

Container Security Mmanagement

Suresh Thivanka Rupasinghe

Stop disabling SELinux!

Maciej Lasyk

SBA Live Academy - Secure Containers for Developer by Mathias Tausig

SBA Research

Target Group: SysAdmins, Developer, DevOps Focus: technical Talk language: English Abstract ********** What are Containers and what makes them secure to use? Which different types of Containers are out there and how can I best use them securely? What container types are there beyond Docker? About the Speaker: ********************* Mathias Tausig is Security Consultant at SBA Research. Mathias received a master’s degree (DI / MSc) in Technical Mathematics from the University of Technology Vienna (TU Wien). His professional experience includes a tenure as a Security Officer for a Certification Authority and lecturing IT-Security at the University of Applied Sciences Campus Vienna.

Continuous integration and deployment with docker

pebble {code}

Watch How The Giants Fall: Learning from Bug Bounty Results

jtmelton

Security is hard. We all miss things. Attackers find things. "You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself." -Samuel Levenson This talk is a fun, fast-moving survey of some of the best recent bug bounty finds against some of the largest and best-known applications in the world. Some of the bugs are really simple, some are super complex, but all are entertaining. As we go through these, we'll take a look at what caused the issue, and how to fix it. From this talk, you'll walk away with: * a few minutes of entertainment * a view of the wide breadth of security issues * practical ideas on testing and shoring up security in your own applications * (maybe) a new side gig as a bug bounty hunter!

Kubernetes - Security Journey

Jerry Jalava

What is Google Cloud Good For at DevFestInspire 2021

Robert John

BlueHat v17 || Dangerous Contents - Securing .Net Deserialization

BlueHat Security Conference

Jonathan Birch from Microsoft discusses how misuse of serialization in .NET can lead to remote code execution (RCE) vulnerabilities. He explains how serialization works and how untrusted data streams containing type information can be exploited to instantiate dangerous classes and execute arbitrary code. He provides advice on how to prevent these vulnerabilities, such as using serialization formats without type information, constraining allowed types, and validating streams have not been modified.

Docker

A.K.M. Ahsrafuzzaman

Docker allows building, shipping, and running applications in portable containers. It packages an application with all its dependencies into a standardized unit for software development. Major cloud providers and companies support and use Docker in production. Containers are more lightweight and efficient than virtual machines, providing faster launch times and allowing thousands to run simultaneously on the same server. Docker simplifies distributing applications and ensures a consistent environment.

Container security

Anthony Chow

This document discusses container security. It outlines the advantages and disadvantages of containers, including their small footprint, fast provisioning time, and ability to enable effective microservices. However, containers also pose security risks like reduced isolation and potential for cross-container attacks. The document then examines different approaches to container security, including host-based methods using namespaces, control groups, and Linux Security Modules, as well as container-based scanning and third-party security offerings. It provides examples of configuring security controls and evaluating containers for vulnerabilities.

Demo of security tool nessus - Network vulnerablity scanner

Ajit Dadresa

Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH

Erica Windisch

This document discusses using Docker containers and Chef configuration management together. It begins by showing how to build Docker images that include Chef using Dockerfiles. It then explains how Chef can be used to configure containers during the image build process, essentially "baking" the configuration into the images. This allows immutable infrastructure where configured containers can be started without needing to rerun Chef provisioning. The document also discusses using multi-stage Dockerfiles and Chef runs to fully configure images. It briefly covers tools for deploying Docker containers, such as using Chef on EC2 instances or with OpenStack Heat orchestration.

Wocker: Create a WordPress Development Environment in Seconds

Kite Koga

Csw2016 wang docker_escapetechnology

CanSecWest

This document summarizes Docker escape techniques. It begins with an overview of Docker and how it uses namespaces and control groups (cgroups) for isolation. It then discusses vulnerabilities in Docker from untrusted images and escaping namespaces to access the host or other containers. The main part describes the Docker escape technology, which involves getting a task structure handle, resetting its namespaces proxy to the initial namespace, and gaining root access on the host system by exploiting vulnerabilities or setting credentials. Example code is provided to switch the filesystem structure and namespace proxy to escape the container.

Docker, Linux Containers (LXC), and security

Jérôme Petazzoni

Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.

The State of Kubernetes Security

Jimmy Mesta

JupyterHub + kubernetes

Carol Willing

This document introduces Zero to JupyterHub, which allows for scalable JupyterHub deployments on Kubernetes. It provides instructions on setting up a JupyterHub instance on Google Cloud using Kubernetes and Helm. The tutorial goals are to launch a JupyterHub on Google Cloud using free credits, understand allocated resources for users, perform basic debugging, and tear down the deployment. Key steps include signing up for Google Cloud, activating products, installing Kubernetes components like kubectl and Helm, adding the JupyterHub Helm chart repository, generating configuration files, and installing JupyterHub using Helm.

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

BlueHat Security Conference

The document summarizes the Wannacrypt + Smbv1.0 ransomware attack, one of the most damaging in history. It began on a Friday in May 2017, infecting over 216,000 machines worldwide in just one day by exploiting an SMB vulnerability. The ransomware used the EternalBlue exploit leaked from the ShadowBrokers to spread rapidly through networks. Microsoft had released a patch for the vulnerability in March 2017 but many systems remained unpatched. The attack was stopped when a researcher registered a domain name hard-coded in the ransomware. The document examines the technical details and impact of the attack, and recommends steps to prevent future ransomware infections like keeping systems updated with the latest security patches.

DCSF 19 Building Your Development Pipeline

Docker, Inc.

Oliver Pomeroy, Docker & Laura Tacho, Cloudbees Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.

Introduction to Docker

Knoldus Inc.

What's hot

What Have Namespaces Done for you Lately? Liz Rice, Aqua Security

Docker, Inc.

Docker Runtime Security

Sysdig

Container Security Mmanagement

Suresh Thivanka Rupasinghe

Stop disabling SELinux!

Maciej Lasyk

SBA Live Academy - Secure Containers for Developer by Mathias Tausig

SBA Research

Continuous integration and deployment with docker

pebble {code}

Watch How The Giants Fall: Learning from Bug Bounty Results

jtmelton

Kubernetes - Security Journey

Jerry Jalava

What is Google Cloud Good For at DevFestInspire 2021

Robert John

BlueHat v17 || Dangerous Contents - Securing .Net Deserialization

BlueHat Security Conference

Docker

A.K.M. Ahsrafuzzaman

Container security

Anthony Chow

Demo of security tool nessus - Network vulnerablity scanner

Ajit Dadresa

Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH

Erica Windisch

Wocker: Create a WordPress Development Environment in Seconds

Kite Koga

Csw2016 wang docker_escapetechnology

CanSecWest

Docker, Linux Containers (LXC), and security

Jérôme Petazzoni

The State of Kubernetes Security

Jimmy Mesta

JupyterHub + kubernetes

Carol Willing

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

BlueHat Security Conference

What's hot (20)

What Have Namespaces Done for you Lately? Liz Rice, Aqua Security

Docker Runtime Security

Container Security Mmanagement

Stop disabling SELinux!

SBA Live Academy - Secure Containers for Developer by Mathias Tausig

Continuous integration and deployment with docker

Watch How The Giants Fall: Learning from Bug Bounty Results

Kubernetes - Security Journey

What is Google Cloud Good For at DevFestInspire 2021

BlueHat v17 || Dangerous Contents - Securing .Net Deserialization

Docker

Container security

Demo of security tool nessus - Network vulnerablity scanner

Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH

Wocker: Create a WordPress Development Environment in Seconds

Csw2016 wang docker_escapetechnology

Docker, Linux Containers (LXC), and security

The State of Kubernetes Security

JupyterHub + kubernetes

BlueHat v17 || Wannacrypt + Smbv1.0 Vulnerability = One of the Most Damaging ...

Similar to DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Docker socket security concern

DCSF 19 Building Your Development Pipeline

Docker, Inc.

Introduction to Docker

Knoldus Inc.

Docker: do's and don'ts

Paolo Tonin

Docker has some issues that make it unsuitable for certain environments: (1) It has a fast release cycle that introduces breaking changes, making it difficult to maintain infrastructure over years. (2) Managing a fleet of Docker containers is harder than a single host. Modern infrastructure problems need to be resolved, like sharing permissions between containers and hosts. (3) While containers provide benefits like isolation and reproducibility, debugging is difficult and monitoring containers is not easy. Security also requires securing multiple Docker components.

Boycott Docker

Paolo Tonin

Docker has several issues that make it unsuitable for managing infrastructure over many years, including frequent breaking changes in new releases, difficulty cleaning up old images, and lack of kernel support. While containers provide benefits like isolation and reproducible environments, monitoring and debugging containers is challenging. Docker also adds security risks compared to traditional infrastructure stacks due to additional layers like registries and daemons.

What is this "docker"

Jean-Marc Meessen

Docker containers provide isolation at the system resource level using namespaces and control groups. This allows each container to run applications packaged with dependencies without conflict. Docker solves issues around dependency management and allows for fast iterative development. To use Docker, a container-enabled kernel is needed along with installing Docker on Windows or Linux. Images contain application code and dependencies and are obtained from Docker Hub or built locally. Docker Compose allows defining multi-container applications and their dependencies. Security with Docker includes capability dropping, namespaces, and profiles with AppArmor and SELinux to control access. Trusted registries and image scanning help ensure secure images.

Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016

Manideep Konakandla

The document provides an agenda for a presentation on breaking and securing Docker container environments. The presentation covers introducing containers and Docker, risks areas for containers like images and runtimes, how to break and secure images, runtimes, daemons, and hosts. It also discusses securing the entire container pipeline including communication and registries. The presentation concludes with discussing the future of container security and references.

Dock ir incident response in a containerized, immutable, continually deploy...

Shakacon

This document discusses incident response strategies in a containerized and immutable infrastructure environment like Docker. It addresses challenges like lack of system and software inventory visibility due to rapid container changes, and lack of agent-based security due to single-purpose containers. It proposes solutions like establishing managed base container OSs, whitelisting allowed containers and files, and leveraging logs and sidecar containers to monitor for detections. Response challenges around long investigation timeframes due to short container lifetimes and lack of access are addressed with strategies like comprehensive logging, filesystem artifact preservation, and automating remote response capabilities.

Dockers & kubernetes detailed - Beginners to Geek

wiTTyMinds1

Docker is a platform for building, distributing and running containerized applications. It allows applications to be bundled with their dependencies and run in isolated containers that share the same operating system kernel. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups Docker containers that make up an application into logical units for easy management and discovery. Docker Swarm is a native clustering tool that can orchestrate and schedule containers on machine clusters. It allows Docker containers to run as a cluster on multiple Docker hosts.

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...

Codemotion

In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.

Docker for developers

andrzejsydor

This document provides an overview of Docker for developers. It discusses Docker's capabilities for solving portability issues, its advantages over traditional virtualization through operating system-level virtualization using containers that share the same kernel, and how it addresses challenges like slow development times and inefficient resource usage. It also covers Docker concepts like images, containers, registries, networking, security best practices using tools like Docker Bench Security, and cluster management using Docker Swarm.

codemotion-docker-2014

Carlo Bonamico

This document discusses Docker, an open source project that automates the deployment of applications inside software containers. It begins by describing common problems in application deployment and how virtual machines address some issues but introduce overhead. It then summarizes the history and rapid growth of Docker since its launch in 2013. The rest of the document dives into technical aspects of Docker like how images and containers work, comparisons to virtual machines, security considerations, the Docker workflow, and how Docker relates to DevOps and continuous delivery practices.

PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...

Puppet

“Docker, Docker, Docker.” It’s a phrase we hear often, but what are containers, what can they be used for, and why should you know more about them? In this session, Grace (Puppet) and Tricia (AppDynamics) will introduce attendees to Docker and help them build and deploy their first container with Puppet. They will leverage the docker_image_build module from the Puppet Forge and take attendees through the proper workflow for coupling Docker and Puppet together. The session will focus on how to use some of the newest Docker features, such as multi-stage build files and password stores within Docker so you can pass "secrets" to a swarm for login credentials. The goal is to provide newcomers with a working proficiency of how to get started deploying containers using Puppet as their automation tool.

Dockerizing stashboard - Docker meetup at Twilio

dotCloud

Dockerizing Stashboard

Docker, Inc.

The document discusses dockerizing Stashboard, an open-source status dashboard for APIs and software services. It provides instructions for downloading Docker and the necessary Stashboard Dockerfiles. The Data Dockerfile creates a volume container to store status data. The Stashboard Dockerfile installs Stashboard and its dependencies in an Ubuntu container. Finally, it explains how to build and run the dockerized Stashboard application using the data volume container to persist status updates.

Docker workshop

Michał Kurzeja

Securing the Socks Shop

Jason Smith

This document discusses securing microservices by exploring security in the open source Sock Shop application. It covers container security concepts like restraint, immutability and provenance. It demonstrates adding a user to container Dockerfiles and making the filesystem read-only. It also discusses network segmentation and limiting network access between internal services and externally. The document encourages exploring security failures and limiting attack surfaces.

Docker best Practices

jeetendra mandal

Docker development Best Practices recommends using Docker Hub or CI/CD pipelines to build and tag Docker images on pull requests. Images should be signed by development, security, and testing teams before production. Different environments should be used for development and testing. Docker should be updated to the latest version for security features. Docker container Best Practices include frequently backing up a single manager node for restoration. Cloud deployment of containers on AWS or Azure uses Kubernetes. Load balancers like NGINX help control Docker containers for availability and scalability. Dockerfile Best Practices are to not use Dockerfiles as build scripts, define environment variables, commit Dockerfiles to repositories, be mindful of base image size, do not expose secrets

Docker: A New Way to Turbocharging Your Apps Development

msyukor

Docker is a platform for developing, shipping, and running applications. It provides containers that package applications and dependencies together allowing them to run seamlessly on any infrastructure. The document discusses Docker concepts like containers, images, and the Docker ecosystem. It also provides examples of using Docker with various applications and frameworks like PHP, Java, .NET, Nginx, and Apache. Managing Docker containers at scale can be done with tools like Kubernetes, Docker Datacenter, Rancher, and Prometheus for monitoring.

Docker and-daily-devops

Satria Ady Pradana

Docker & Daily DevOps

Satria Ady Pradana

Similar to DevOpsDaysRiga 2017 Ignite: Daniel Houston - Thinking outside the box: The Docker socket security concern (20)

DCSF 19 Building Your Development Pipeline

Introduction to Docker

Docker: do's and don'ts

Boycott Docker

What is this "docker"

Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016

Dock ir incident response in a containerized, immutable, continually deploy...

Dockers & kubernetes detailed - Beginners to Geek

Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...

Docker for developers

codemotion-docker-2014

PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...

Dockerizing stashboard - Docker meetup at Twilio

Dockerizing Stashboard

Docker workshop

Securing the Socks Shop

Docker best Practices

Docker: A New Way to Turbocharging Your Apps Development

Docker and-daily-devops

Docker & Daily DevOps

More from DevOpsDays Riga

DevOpsDaysRiga 2017: Mark Smalley - Kill DevOps

DevOpsDays Riga

A fast-moving, outside-in talk that 'sells' the value of DevOps to business executives, finds the weakest link in the value stream and explores the often troubled relationship between IT people and normal people (the business). There is much hype around DevOps, so what are we actually talking about? DevOps improved Agile by speeding up deployment (and more). But how do you 'sell' DevOps to business executives who don't understand IT? No business value is realized until the users actually use the systems well. This is often the weakest link in the IT value chain, so you need to extend your scope. Collaboration is difficult and collaboration between business and IT even more so. What kind of behaviour is effective? Learn from workshop results from practitioners in 11 countries. But why "Kill DevOps"? This refers to an ancient Zen saying about a monk’s journey towards enlightenment and awakening. If you think that you’ve found Buddha, think again, because you never will. It’s the same with DevOps: it’s about continuous experimentation and learning.

DevOpsDaysRiga 2018: Serhat Can - The Rocky Path to Migrating Production Appl...

DevOpsDays Riga

DevOpsDaysRiga 2018: Uldis Karlovs-Karlovskis - DevOpsDays Ignite Karaoke - S...

DevOpsDays Riga

DevOpsDaysRiga 2018: Anton Babenko - What you see is what you get… for AWS in...

DevOpsDays Riga

DevOpsDaysRiga 2018: Juris Puce - GDPR and other security regulation imposed ...

DevOpsDays Riga

How and what effects does the GDPR have on software development? What kind of specific requirements does the security regulatory frameworks impose and different ways to try to solve them. Would there be a need for extensive redesign of existing systems and in which areas? Find out more by Juris Pūce. He has an experience in running software development teams in both standardised software development scenarios, as well as in implementations of DeepLearning, AI and Machine Vision solutions.

DevOpsDaysRiga 2018: Heather Wild - Keep Yourself Alive -Stopping the effects...

DevOpsDays Riga

Burnout often has been seen as an indicator of success and working hard, when it’s actually harming the growth of our developer communities and teams. Heather Wilde will talk about burnout culture. She is CTO of ROCeteer, personal and professional growth expert, executive coach, author, and speaker. As a founding employee of Evernote, she oversaw the company’s growth from thousands to 100,000,000 customers. Wilde’s writing as a columnist for Inc and Forbes spans social media, entrepreneurialism, startups, leadership, fundraising, and diversity issues.

DevOpsDaysRiga 2018: Philipp Krenn - Building Distributed Systems in Distribu...

DevOpsDays Riga

"Building distributed systems is notoriously hard … building a distributed team even more so. At Elastic — the company behind the open source tools Elasticsearch, Kibana, Beats, and Logstash — everything is distributed; both the company and all our products. I will tell you how we do it," promises Philipp Krenn from Vienna, Austria. He is part of the infrastructure team and a developer advocate at Elastic.

DevOpsDaysRiga 2018: Antonio Pigna - Put the brAIn into your DevOps workflow

DevOpsDays Riga

Artificial Intelligence (AI) becomes more and more an element of differentiation to manage the increasing complexity of information. What steps you should do to get your infrastructure AI ready? The presentation will focus on the opportunities of using AI to make DevOps ecosystem efficient. Presentation is going to be lead by Antonio Pigna, Automation Architect @ Accenture, based in Naples, Italy.

DevOpsDaysRiga 2018: Christina Aldan - Fearing the Robot Overlords

DevOpsDays Riga

We fear robot overlords as we do vampires, werewolves, and other baddies that go bump in the night. We worry that their intelligence will take our jobs, our livelihood, our freedom, and enslave us to their bidding; or at least that’s how it happens in the movies. This talk addresses our relationship with computers as tools and how we should allow computers to do the work, so people can do the innovating. Talk by Christina Aldan, TEDx speaker, trainer, and digital advertising consultant whose boutique agency, LG Designs, offers businesses brand consulting and creative content for everyday media.

DevOpsDaysRiga 2018: Jan de Vries - Realising the power of antifragility is l...

DevOpsDays Riga

In early 2018 Nassim Nicholas Taleb, one of the foremost thinkers of our time, published a new book: Skin in the game. About hidden asymmetries in daily life. Jan de Vries translates this book towards DevOps, as he did before with Taleb’s book Antifragile. It explains why some concepts work and others don’t. It’s like turning on the light in your DevOps environment. And it helps you to improve your (IT) organisation in the right direction. This talk contains practical tips and tricks that can be applied instantly.

DevOpsDaysRiga 2018: Ken Mugrage - DevOps and DevOpsDays - Where it started, ...

DevOpsDays Riga

The term DevOps was created for DevOpsDays in 2009. Since that time, the term has grown into a worldwide phenomenon. Ken Mugrage, one of the current global organizers for DevOpsDays, will talk about the history of DevOps - where it is today, and where it’s going. He has more than 25 years of experience in the IT industry, spending the last 9 at ThoughtWorks. Ken has been focused on Continuous Delivery and DevOps for most of the past decade working with organizations all over the world ranging from startups to Fortune 50 companies. Link: https://www.devopsdays.org/events/2018-riga/program/ken-mugrage-talk-1

DevOpsDaysRiga 2018: Matty Stratton - How Do You Infect Your Organization Wit...

DevOpsDays Riga

Richard Dawkins described memes as being a form of cultural propagation, which is a way for people to transmit social memories and cultural ideas to each other. Not unlike the way that DNA and life will spread from location to location, a meme idea will also travel from mind to mind. Getting your organization to take a step back and look at how ops affects people (awareness of alert fatigue, burnout risk, proactive/reactive approaches) can be a tough challenge. In this talk, I will discuss how the very DNA of an organization can evolve through the use of actionable communications from all levels - management, strategy, and practitioners. The “virus” of humane ops will infect your organization, providing a more sustainable approach to on-call, incident resolution, post-mortems, and more. There also will be copious references to the Neal Stephenson classic novel, Snow Crash. After this talk, you will have ideas of practical approaches to effect change in your organization, regardless of your level of influence. While not every group will use the same “viruses”, you will take away a good understanding of where to get started as Patient Zero.

DevOpsDaysRiga 2018: Eric Skoglund, Lars Albertsson - Kubernetes as data plat...

DevOpsDays Riga

This document discusses using Kubernetes as a data platform. It describes using use case driven development to build the initial platform, focusing on simple use cases that provide value. The platform is designed to facilitate collaboration and democratize data access. Pipelines are used to process and transform data in the data lake. The platform supports features like continuous deployment, autoscaling, and compliance with GDPR for data retention and deletion. Lessons learned include selecting cloud infrastructure based on data locations and using Kubernetes for its support and to avoid managing separate clusters.

DevOpsDaysRiga 2018: Jon Hall - DevOps in the enterprise: how "swarming" can ...

DevOpsDays Riga

As DevOps becomes increasingly established in enterprises, and its outputs become widely adopted, DevOps practitioners increasingly find themselves absorbed into traditional, large scale IT support structures. Often this means becoming “tier 3” in a multi-layered support structure. The shortcomings of this structure make it the antithesis of DevOps: the siloed nature of tiered support creates work-in-progress queues. Cross-functional collaboration is limited, communication is disjointed, and knowledge sharing is difficult. In this presentation we will discuss Swarming: an alternative methodology now emerging in forward-looking enterprises, which sets out to dismantle the tiered approach, replacing it with a dynamic, lean, and cross-functional methodology which is a much better fit for DevOps.

DevOpsDaysRiga 2018: Stas Zvinyatskovsky - Transformation: how big can you dr...

DevOpsDays Riga

DevOpsDaysRiga 2018: Joep Piscaer - Reducing inertia with Public Cloud and Op...

DevOpsDays Riga

"I have a strategy to solve the DevOps transitional challenge. It is called reducing inertia that can be seen on daily basis in finances, team behavior and tech stacks. Reducing the friction in these areas is key to successfully move to the DevOps way of work. For me, ‘inertia’ is a good way of making value flow visible and I’ve been using it as the principle underlying my work. This approach can be applied especially successfully in more complex environments, such as enterprises." Joep Piscaer is a technologist with team building skills. He likes all things infrastructure (cloud, storage, virtualization), but really shines when it comes to DevOps and Infra-as-Code. Currently, Joep is building the Jumbo Tech Campus. It is the second biggest supermarket in the Netherlands and the fastest growing online supermarket there.

DevOpsDaysRiga 2018: Andrey Adamovich - DevOps Transformations: Tools vs Culture

DevOpsDays Riga

SysAdmins are obsolete, we need more DevOps engineers! Or do we? In this talk, the author will give several use cases from his personal experience helping organizations to implement DevOps initiatives and automation of software delivery and testing. Why technology X is not what you need right now Why ignoring skills that are already present in the team may be a huge risk Why everything-as-code is an effective approach Why not investing in team member education may be very destructive Why not having time is a bad excuse for not automating Why process improvement effects may not be observable immediately Why cost of automation sometimes is higher than the time invested in writing the scripts

DevOpsDaysRiga 2018: Thiago de Faria - Chaos while deploying ML and making su...

DevOpsDays Riga

AI is such a buzzword, with its futuristic implementations and sophisticated machine learning algorithms (Hello, Deep learning!). We are using ML when we need external data to reach a working product because it would be impossible to solve it with the regular for/if/loops. What are the next steps? Moreover, what about Test, Release and Deployment? We always value data and call our organizations “data-driven”, but now the impact is even bigger. If you are using a ML component, misused/dirty/problematic data will affect not your internal reports as before… but your application deployment and quality of service. Let’s hear discuss some AI implementations stories (its advantages/problems) finding common mistakes and future challenges for such a hyped theme.

DevOpsDaysRiga 2018: Anton Arhipov - Build pipelines with TeamCity

DevOpsDays Riga

Build engineering is fun, especially with the awesome choice of tools we have today! In this showcase I’m building a build pipeline with TeamCity. You are going to learn why build pipelines are useful (yes, not only for the sake of eye candy!), and how the CI server can optimise when properly configured. In this talk I’m going to start with the simple scenarios and gradually introduce the complexity: scaling the project by adding constraints and requirements. This will result in changing the build process and revealing the tips & tricks alongside.

DevOpsDaysRiga 2018: Neil Crawford - Trunk based development, continuous depl...

DevOpsDays Riga

More from DevOpsDays Riga (20)