How to grant permission to your Kubernetes cluster for another users. - Stanislav Kolenkin
•
0 likes•91 views
Talk at Kuberton, 02/03/2019 How to grant permission to your Kubernetes cluster for another users. - Stanislav Kolenkin, Senior DevOps
Report
Share
Report
Share
Download to read offline
Recommended
Box connector Mule ESB Integration
This document provides instructions for configuring and using a Box connector in Mule to authorize with a Box developer account, get folder item details from Box in JSON format, and then unauthorize from Box. The flow authorizes with Box using the client ID and secret, gets folder items details, transforms the result to JSON, logs the payload, and then unauthorizes from Box. Source code is provided to configure the Box connector and create a flow to perform these actions.
Dev suite integration
This document outlines the integration between DevSuite and a community web server.
1) DevSuite stores project and document data that needs to be synced to the web server. A sync service handles uploading changed data from DevSuite databases to the web server.
2) The admin configures settings like the community URL and sync log levels. Documents checked into DevSuite are uploaded by the sync service.
3) The sync service monitors for changes in DevSuite databases and uploads new/updated documents and data to the web server using Kloud APIs. iPads can also download documents from the web server.
GKE vs OpenStack Magnum
This document compares Google Container Engine (GKE) and OpenStack Magnum. It summarizes that while Magnum provides container orchestration using Kubernetes similar to GKE, it has some usability disadvantages compared to GKE due to being integrated with OpenStack. The document demonstrates using Magnum and GKE to deploy similar Kubernetes clusters and discusses some areas Magnum could improve like integrating additional OpenStack services and improving node management capabilities.
GCP - GCE, Cloud SQL, Cloud Storage, BigQuery Basic Training
This document provides an introduction to Google Cloud Platform services including Google Cloud Storage, Cloud SQL, BigQuery, and Compute Engine. It includes steps to get started with each service through tutorials and labs. The document demonstrates how to create buckets and load data to Cloud Storage, set up databases in Cloud SQL, load CSV data to BigQuery, and create virtual machines on Compute Engine along with networking configurations. Quick start links are also provided for each service.
Ci/CD - Stop wasting time, Automate your deployments
- Using CI/CD (continuous integration and continuous delivery) automates deployments and saves time and money while improving reliability.
- There are multiple CI/CD tool options with different capabilities for source code management, target systems like Kubernetes, and deployment approaches. Consider your specific code, infrastructure, and deployment needs.
- Google Cloud Build is demonstrated for automating builds, tests, and deployments to Cloud Run and Kubernetes Engine from source code in a Git repository with triggers on code changes.
Install Kubernetes Cluster on Azure Platform using kubespray
A step by step guide to Install Kubernetes Cluster on Azure Platform using kubespray. I hope It will help to people who want to work on kubernetes on azure platform.
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.
Get started with Kubernetes on GKE
Learn how to get Kubernetes up and running on Google Cloud Platform with GKE. Go over why you should use Kubernetes, and why using a managed service like GKE is important. After that we will go over how to deploy both simple and advanced applications to your cluster.
Recommended
Box connector Mule ESB Integration
This document provides instructions for configuring and using a Box connector in Mule to authorize with a Box developer account, get folder item details from Box in JSON format, and then unauthorize from Box. The flow authorizes with Box using the client ID and secret, gets folder items details, transforms the result to JSON, logs the payload, and then unauthorizes from Box. Source code is provided to configure the Box connector and create a flow to perform these actions.
Dev suite integration
This document outlines the integration between DevSuite and a community web server.
1) DevSuite stores project and document data that needs to be synced to the web server. A sync service handles uploading changed data from DevSuite databases to the web server.
2) The admin configures settings like the community URL and sync log levels. Documents checked into DevSuite are uploaded by the sync service.
3) The sync service monitors for changes in DevSuite databases and uploads new/updated documents and data to the web server using Kloud APIs. iPads can also download documents from the web server.
GKE vs OpenStack Magnum
This document compares Google Container Engine (GKE) and OpenStack Magnum. It summarizes that while Magnum provides container orchestration using Kubernetes similar to GKE, it has some usability disadvantages compared to GKE due to being integrated with OpenStack. The document demonstrates using Magnum and GKE to deploy similar Kubernetes clusters and discusses some areas Magnum could improve like integrating additional OpenStack services and improving node management capabilities.
GCP - GCE, Cloud SQL, Cloud Storage, BigQuery Basic Training
This document provides an introduction to Google Cloud Platform services including Google Cloud Storage, Cloud SQL, BigQuery, and Compute Engine. It includes steps to get started with each service through tutorials and labs. The document demonstrates how to create buckets and load data to Cloud Storage, set up databases in Cloud SQL, load CSV data to BigQuery, and create virtual machines on Compute Engine along with networking configurations. Quick start links are also provided for each service.
Ci/CD - Stop wasting time, Automate your deployments
- Using CI/CD (continuous integration and continuous delivery) automates deployments and saves time and money while improving reliability.
- There are multiple CI/CD tool options with different capabilities for source code management, target systems like Kubernetes, and deployment approaches. Consider your specific code, infrastructure, and deployment needs.
- Google Cloud Build is demonstrated for automating builds, tests, and deployments to Cloud Run and Kubernetes Engine from source code in a Git repository with triggers on code changes.
Install Kubernetes Cluster on Azure Platform using kubespray
A step by step guide to Install Kubernetes Cluster on Azure Platform using kubespray. I hope It will help to people who want to work on kubernetes on azure platform.
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.
Get started with Kubernetes on GKE
Learn how to get Kubernetes up and running on Google Cloud Platform with GKE. Go over why you should use Kubernetes, and why using a managed service like GKE is important. After that we will go over how to deploy both simple and advanced applications to your cluster.
Google Cloud CLI - CCD Bhopal.pptx
Community Day will be held on September 25, 2022 at Hotel Vigyashree in Bhopal. The speaker, Aditya Shah from Incsub LLC, will discuss using the Google Cloud CLI for better control, navigation, speed, memory usage, and automation compared to the GUI. Attendees will learn how to install, authenticate, configure, and use the CLI to list, create, and delete virtual machines on Google Cloud.
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
A look at historical Kubernetes breaches, the high level security primitives, and an overview of multi-tenancy models in Kubernetes.
Artem Zhurbila - docker clusters (solit 2015)
About docker cluster management tools
1. Base concepts of cluster
management and docker
2. Docker Swarm
3. Amazon EC2 Container Service
4. Kubernetes
5. Mesosphere
Raspberry pi and Google Cloud
This document discusses connecting a Raspberry Pi to Google Cloud services like Cloud IoT Core and Cloud Pub/Sub. It provides steps to install the Google Cloud SDK on the Raspberry Pi, register a device in Cloud IoT Core, and use an MQTT client on the Raspberry Pi to publish sensor data to Cloud Pub/Sub. The document also introduces Google Cloud Messaging architecture and services in the Google Cloud IoT platform.
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Slides of the talk presented at DEF CON Cloud Village on August 12th, 2022 by Alexandre Sieira. Contains research content from Glaysson Tomaz and Marcelo Lima as well.
Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.
The timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.
In this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.
The objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
This document discusses how cloud service provider marketplaces can help with white hat and black hat vulnerability research. It provides examples of analyzing images from AWS Marketplace, Azure Marketplace, and Google Cloud Marketplace. The key findings are that AWS Marketplace most strongly protects seller intellectual property, while Azure and GCP Marketplaces have advantages for security researchers by allowing low-cost access and analysis of listed products with few restrictions. The document cautions that legal risks must be considered before conducting any security research activities.
Top 3 reasons why you should run your Enterprise workloads on GKE
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Earth Engine on Google Cloud Platform (GCP)
This document provides an overview of using Earth Engine and Google Cloud Platform. It discusses how to get started with GCP and use command line tools like gcloud, gsutil, and earthengine to manage assets, files, buckets, and permissions. It also describes how to export Earth Engine data like images, tables, videos, and map tiles directly to Cloud Storage for further use or sharing.
Google compute engine - overview
Google Compute Engine allows users to launch and manage virtual machine instances on Google's infrastructure. Key features include quotas on resources, creation of instances specifying zone, machine type, and boot options. The Google Cloud SDK and gcutil command can be used to automate tasks like creating instances. Startup scripts enable running custom commands when an instance boots. Backups can be done using disk snapshots, images, or by bundling a disk. VPN services can also be set up on Google Compute Engine using OpenVPN.
Globus Connect Server Deep Dive - GlobusWorld 2024
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
[Kotlin Serverless 工作坊] 單元 1 - 開發環境建置
在這場工作坊裡,我們使用 Kotlin 以 Serverless 的方式撰寫一個 JSON API 服務,並部署到 GCP Cloud Functions 服務。本章為第一單元,帶著學員完成開發環境的安裝。
詳細步驟可參考講義:http://bit.ly/ktsvless
Introduction to Kubernetes RBAC
Incredibly powerful and flexible, Kubernetes role-based access control (RBAC) is an essential tool to effectively manage production clusters. Yet many Ops and DevOps engineers are still facing barriers to efficiently use it at scale. These include a steep learning curve, YAML-based configuration, lack of standardized best practices, and the general complexity of this functionality at large -- it truly can be somewhat overwhelming.
During this meetup Oleg, CTO at Kublr, will discuss Kubernetes RBAC concepts and objects. He'll explore different use cases ranging from simple permission management for in-cluster application accounts to integrations with external identity providers for SSO and enterprise user access management.
Leveraging the Kublr Platform, Oleg will demonstrate how it simplifies the management of access and RBAC rules in a cloud native environment while staying vendor-independent and compatible with any Kubernetes distribution.
30 Days of Google Cloud
The document outlines a 30-day Google Cloud program for university students to prepare them for cloud careers. It includes two tracks: Cloud Engineering and Data Science & Machine Learning. The Cloud Engineering track covers foundational infrastructure tasks like deploying and managing cloud environments and Kubernetes. It also covers networking and security. The Data Science track covers data, machine learning, and AI tasks to prepare students for roles in data and business. Completing the tracks earns students participation certificates, skill badges, and prizes like t-shirts and laptop bags. The document provides an agenda for an introductory session that orients students to Google Cloud and walks through several hands-on labs.
Idea to Production - with Gitlab and Kubernetes
Setting up a continuous delivery pipeline form scratch with gitlab.com and Kubernetes (Google Container Service GKE) on Google Cloud Platform.
The entire source code is available at https://github.com/Pindar/gcloud-k8s-express-app
Blog post https://www.itnotes.de/gitlab/kubernetes/k8s/gke/gcloud/2017/03/05/idea-to-production-with-gitlab-and-kubernetes/
ClickHouse on Kubernetes, by Alexander Zaitsev, Altinity CTO
The document discusses Altinity and their ClickHouse operator for Kubernetes. Altinity provides software and services for ClickHouse including 24/7 support, Kubernetes software, and training. The ClickHouse operator allows users to deploy and manage ClickHouse clusters on Kubernetes through declarative YAML configurations. It handles complex tasks like provisioning, networking, and persistence so that ClickHouse can be easily deployed and managed on Kubernetes.
Learn kubernetes in 90 minutes
This document provides an agenda and instructions for learning Kubernetes in 90 minutes. The agenda includes exercises on running a first web service in Kubernetes, revisiting pods, deployments and services, deploying with YAML files, and installing a microservices application called Guestbook. Key Kubernetes concepts covered include pods, deployments, services, YAML descriptors, and using deployments to scale applications. The document also provides background on containers, Docker, and the Kubernetes architecture.
Comandos - Evento - Virtual Lab Despliegue de aplicaciones en Kubernetes
This document provides instructions for completing a lab tutorial on getting started with IBM Cloud container services. It includes steps to check version numbers for required tools, clone a GitHub repository, log in to IBM Cloud, build and push a Docker image, configure a Kubernetes cluster, deploy a sample application, and expose it via a service. The lab is split into two parts - the first focuses on building and pushing a container image, while the second covers deploying it on Kubernetes and making the application accessible.
GCP Deployment Manager Demo
Using Deployment Manager and YAML/JINJA templates, this document provides steps to deploy VM instances across different regions along with associated firewall rules and networking resources on GCP. Key steps include creating YAML and JINJA template files defining the infrastructure resources and properties, previewing the deployment, correcting any errors, and running the actual deployment. Templates allow infrastructure to be defined declaratively and deployed consistently rather than manually creating each resource individually on the GCP console.
Vincent Ruijter - ~Securing~ Attacking Kubernetes
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Cloudstack interfaces to EC2 and GCE
This document discusses various ways to interface Apache CloudStack with other cloud platforms like AWS and GCE. It provides examples of using CloudStack's native AWS and GCE interfaces to manage resources on those platforms. It concludes that CloudStack has a strong API and ecosystem for building hybrid cloud solutions, and coverage of the AWS API is expanding.
Using Sentry for error collection and analysis in a distributed system - Yevg...
Using Sentry for error collection and analysis in a distributed system - Eugene Lysenko, CTO & Co-Founder of Concert.ua, Co-Founder of №1 VIRUS Music, Co-Owner of BelEtage
Monitoring&Logging - Stanislav Kolenkin
Microservices add complexity to monitoring that was not present with monolithic architectures. While microservices provide benefits, they also introduce significant monitoring challenges around communication between services. Prometheus has emerged as a powerful open source solution for monitoring microservices as it was designed to address issues of scale and flexibility that monitoring microservices requires.
More Related Content
Similar to How to grant permission to your Kubernetes cluster for another users. - Stanislav Kolenkin
Google Cloud CLI - CCD Bhopal.pptx
Community Day will be held on September 25, 2022 at Hotel Vigyashree in Bhopal. The speaker, Aditya Shah from Incsub LLC, will discuss using the Google Cloud CLI for better control, navigation, speed, memory usage, and automation compared to the GUI. Attendees will learn how to install, authenticate, configure, and use the CLI to list, create, and delete virtual machines on Google Cloud.
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
A look at historical Kubernetes breaches, the high level security primitives, and an overview of multi-tenancy models in Kubernetes.
Artem Zhurbila - docker clusters (solit 2015)
About docker cluster management tools
1. Base concepts of cluster
management and docker
2. Docker Swarm
3. Amazon EC2 Container Service
4. Kubernetes
5. Mesosphere
Raspberry pi and Google Cloud
This document discusses connecting a Raspberry Pi to Google Cloud services like Cloud IoT Core and Cloud Pub/Sub. It provides steps to install the Google Cloud SDK on the Raspberry Pi, register a device in Cloud IoT Core, and use an MQTT client on the Raspberry Pi to publish sensor data to Cloud Pub/Sub. The document also introduces Google Cloud Messaging architecture and services in the Google Cloud IoT platform.
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Slides of the talk presented at DEF CON Cloud Village on August 12th, 2022 by Alexandre Sieira. Contains research content from Glaysson Tomaz and Marcelo Lima as well.
Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.
The timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.
In this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.
The objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
This document discusses how cloud service provider marketplaces can help with white hat and black hat vulnerability research. It provides examples of analyzing images from AWS Marketplace, Azure Marketplace, and Google Cloud Marketplace. The key findings are that AWS Marketplace most strongly protects seller intellectual property, while Azure and GCP Marketplaces have advantages for security researchers by allowing low-cost access and analysis of listed products with few restrictions. The document cautions that legal risks must be considered before conducting any security research activities.
Top 3 reasons why you should run your Enterprise workloads on GKE
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Earth Engine on Google Cloud Platform (GCP)
This document provides an overview of using Earth Engine and Google Cloud Platform. It discusses how to get started with GCP and use command line tools like gcloud, gsutil, and earthengine to manage assets, files, buckets, and permissions. It also describes how to export Earth Engine data like images, tables, videos, and map tiles directly to Cloud Storage for further use or sharing.
Google compute engine - overview
Google Compute Engine allows users to launch and manage virtual machine instances on Google's infrastructure. Key features include quotas on resources, creation of instances specifying zone, machine type, and boot options. The Google Cloud SDK and gcutil command can be used to automate tasks like creating instances. Startup scripts enable running custom commands when an instance boots. Backups can be done using disk snapshots, images, or by bundling a disk. VPN services can also be set up on Google Compute Engine using OpenVPN.
Globus Connect Server Deep Dive - GlobusWorld 2024
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
[Kotlin Serverless 工作坊] 單元 1 - 開發環境建置
在這場工作坊裡,我們使用 Kotlin 以 Serverless 的方式撰寫一個 JSON API 服務,並部署到 GCP Cloud Functions 服務。本章為第一單元,帶著學員完成開發環境的安裝。
詳細步驟可參考講義:http://bit.ly/ktsvless
Introduction to Kubernetes RBAC
Incredibly powerful and flexible, Kubernetes role-based access control (RBAC) is an essential tool to effectively manage production clusters. Yet many Ops and DevOps engineers are still facing barriers to efficiently use it at scale. These include a steep learning curve, YAML-based configuration, lack of standardized best practices, and the general complexity of this functionality at large -- it truly can be somewhat overwhelming.
During this meetup Oleg, CTO at Kublr, will discuss Kubernetes RBAC concepts and objects. He'll explore different use cases ranging from simple permission management for in-cluster application accounts to integrations with external identity providers for SSO and enterprise user access management.
Leveraging the Kublr Platform, Oleg will demonstrate how it simplifies the management of access and RBAC rules in a cloud native environment while staying vendor-independent and compatible with any Kubernetes distribution.
30 Days of Google Cloud
The document outlines a 30-day Google Cloud program for university students to prepare them for cloud careers. It includes two tracks: Cloud Engineering and Data Science & Machine Learning. The Cloud Engineering track covers foundational infrastructure tasks like deploying and managing cloud environments and Kubernetes. It also covers networking and security. The Data Science track covers data, machine learning, and AI tasks to prepare students for roles in data and business. Completing the tracks earns students participation certificates, skill badges, and prizes like t-shirts and laptop bags. The document provides an agenda for an introductory session that orients students to Google Cloud and walks through several hands-on labs.
Idea to Production - with Gitlab and Kubernetes
Setting up a continuous delivery pipeline form scratch with gitlab.com and Kubernetes (Google Container Service GKE) on Google Cloud Platform.
The entire source code is available at https://github.com/Pindar/gcloud-k8s-express-app
Blog post https://www.itnotes.de/gitlab/kubernetes/k8s/gke/gcloud/2017/03/05/idea-to-production-with-gitlab-and-kubernetes/
ClickHouse on Kubernetes, by Alexander Zaitsev, Altinity CTO
The document discusses Altinity and their ClickHouse operator for Kubernetes. Altinity provides software and services for ClickHouse including 24/7 support, Kubernetes software, and training. The ClickHouse operator allows users to deploy and manage ClickHouse clusters on Kubernetes through declarative YAML configurations. It handles complex tasks like provisioning, networking, and persistence so that ClickHouse can be easily deployed and managed on Kubernetes.
Learn kubernetes in 90 minutes
This document provides an agenda and instructions for learning Kubernetes in 90 minutes. The agenda includes exercises on running a first web service in Kubernetes, revisiting pods, deployments and services, deploying with YAML files, and installing a microservices application called Guestbook. Key Kubernetes concepts covered include pods, deployments, services, YAML descriptors, and using deployments to scale applications. The document also provides background on containers, Docker, and the Kubernetes architecture.
Comandos - Evento - Virtual Lab Despliegue de aplicaciones en Kubernetes
This document provides instructions for completing a lab tutorial on getting started with IBM Cloud container services. It includes steps to check version numbers for required tools, clone a GitHub repository, log in to IBM Cloud, build and push a Docker image, configure a Kubernetes cluster, deploy a sample application, and expose it via a service. The lab is split into two parts - the first focuses on building and pushing a container image, while the second covers deploying it on Kubernetes and making the application accessible.
GCP Deployment Manager Demo
Using Deployment Manager and YAML/JINJA templates, this document provides steps to deploy VM instances across different regions along with associated firewall rules and networking resources on GCP. Key steps include creating YAML and JINJA template files defining the infrastructure resources and properties, previewing the deployment, correcting any errors, and running the actual deployment. Templates allow infrastructure to be defined declaratively and deployed consistently rather than manually creating each resource individually on the GCP console.
Vincent Ruijter - ~Securing~ Attacking Kubernetes
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Cloudstack interfaces to EC2 and GCE
This document discusses various ways to interface Apache CloudStack with other cloud platforms like AWS and GCE. It provides examples of using CloudStack's native AWS and GCE interfaces to manage resources on those platforms. It concludes that CloudStack has a strong API and ecosystem for building hybrid cloud solutions, and coverage of the AWS API is expanding.
Similar to How to grant permission to your Kubernetes cluster for another users. - Stanislav Kolenkin (20)
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
ClickHouse on Kubernetes, by Alexander Zaitsev, Altinity CTO
ClickHouse on Kubernetes, by Alexander Zaitsev, Altinity CTO
Comandos - Evento - Virtual Lab Despliegue de aplicaciones en Kubernetes
Comandos - Evento - Virtual Lab Despliegue de aplicaciones en Kubernetes
More from Kuberton
Using Sentry for error collection and analysis in a distributed system - Yevg...
Using Sentry for error collection and analysis in a distributed system - Eugene Lysenko, CTO & Co-Founder of Concert.ua, Co-Founder of №1 VIRUS Music, Co-Owner of BelEtage
Monitoring&Logging - Stanislav Kolenkin
Microservices add complexity to monitoring that was not present with monolithic architectures. While microservices provide benefits, they also introduce significant monitoring challenges around communication between services. Prometheus has emerged as a powerful open source solution for monitoring microservices as it was designed to address issues of scale and flexibility that monitoring microservices requires.
Security threats with Kubernetes - Igor Khoroshchenko
Talk at Kuberton, 02/03/2019
Security threats with Kubernetes - Igor Khoroshchenko, Security Researcher at UnderDefense
Chaos Testing of Microservices - Shalamov Maksym
Talk at Kuberton, 02/03/2019
Chaos Testing of Microservices - Shalamov Maksym, Senior QA Automation Engineer
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Talk at Kuberton, 02/03/2019
Cloud-native applications with Java and Kubernetes - Yehor Volkov, Senior Software Development Engineer в DataArt
Monolith vs Microservices with Golang at practice - Ivan Kutuzov
Talk at Kuberton, 02/03/2019
Monolith vs Microservices with Golang at practice - Ivan Kutuzov, Tech Lead at SoftServe
Kubernetes in Modern Application Architecture - Orkhan Gasimov
Talk at Kuberton, 02/03/2019
Description: Kubernetes has become a real buzzword and winner in the battle for container orchestration. However, the key point from application point of view is not the container orchestration, but the architecture. We tend to use well known and battle-tested architectural styles and patterns. But, does Kubernetes change the architectural approaches? Or, does Kubernetes enable new patterns to benefit from? Let's overview modern approaches to application architecture, and see how Kubernetes enable new patterns and empower architecture for building modern
More from Kuberton (7)
Using Sentry for error collection and analysis in a distributed system - Yevg...
Using Sentry for error collection and analysis in a distributed system - Yevg...
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov
Monolith vs Microservices with Golang at practice - Ivan Kutuzov
Monolith vs Microservices with Golang at practice - Ivan Kutuzov
Kubernetes in Modern Application Architecture - Orkhan Gasimov
Kubernetes in Modern Application Architecture - Orkhan Gasimov
Recently uploaded
UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
20 Comprehensive Checklist of Designing and Developing a Website
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsVideo Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Recently uploaded (20)
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
How to grant permission to your Kubernetes cluster for another users. - Stanislav Kolenkin
- 2. How to grant permission to your Kubernetes cluster for another users.
- 3. 1. Open Google console using the following link: https://console.cloud.google.com/iam-admin/iam
- 4. 2. Enter button +Add and add user and Grant Permissions on GKE 3. Input user Gmail accounts in field “New members” and Select Kubernetes role: 4. Enter button Save
- 6. Add user via gcloud command in CLI
- 7. # Login gcloud auth login # Get project-id kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user $(gcloud config get-value account) # Add users kubectl create clusterrolebinding your-user-cluster-admin-binding --clusterrole=cluster-admin --user=USER@gmail.com
- 8. #Create Kubernetes cluster: gcloud container clusters create "k8s-cluster" --zone "europe-west1-d" --machine-type "custom-1-1024" --image-type "GCI" --disk-size "100" --network "default" --no-enable-cloud-logging --no-enable-cloud-monitoring --enable-autoscaling --min-nodes="2" --max-nodes="10" --enable-legacy-authorization --cluster-version=1.11
- 9. # Authorization in your Kubernetes cluster gcloud container clusters get-credentials test-rbac --zone us-central1-a --project $PROJECT-ID kubectl get pods #Add users in IAM export PROJECT-ID=`gcloud config get-value project`
- 10. gcloud projects add-iam-policy-binding $PROJECT-ID --member=user:USER@gmail.com --role roles/container.admin #Check access to Kubernetes cluster kubectl get pods --all-namespaces
- 11. Thank you for your attention! Questions?