✭✭ NOTE: a revised version of this lab is available at https://www.slideshare.net/williamyeh/rd-kubernetes-gdg-cloud-kh-201908-version ✭✭
90-Minute Workshop held at Taiwan Cloud Edge Summit 2019 (台灣雲端大會).
* 課程簡介
Kubernetes 是目前雲端環境的顯學。可是,傳統的程式,並不是原封不動搬上去,就能夠自動享受 Kubernetes 所宣稱的種種好處。 新的環境,不僅需要新的 Ops 思維,也需要新的 Dev 思維。我們將以一個半小時的時間,從軟體研發者的角度,探討軟體的設計該做哪些最起碼的改變,從實作中體驗 Kubernetes 引進的新觀念及新效益。
* 課程目標
從實例中體驗,傳統 web 應用程式在搬上 Kubernetes 時,可能會經歷哪些架構面的調整,才能享受新架構的效益:
- 容器化
- 微服務
- 組態管理
- 多重環境管理:本機端與雲端(以 GKE 為例)
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...MayaData Inc
If you were not at the GitLab Commit conferences in New York and London, here’s an opportunity to attend our popular talk on using chaos engineering in Gitlab pipelines for faster hardening. As cloud native applications are coming to life faster than anyone could have imagined, the explosion of microservices empowers developers while also making it increasingly difficult to build pipelines that validate changes outside of their (or their SREs') control.
Chaos engineering has emerged as a way to introduce faults into systems to increase their resiliency and Litmus, part of OpenEBS Enterprise Platform, can shake out a lot of bugs.
We are also glad to announce that OpenEBS 1.3 has been released and we will review the new features added.
JDD2015: Kubernetes - Beyond the basics - Paul BakkerPROIDEA
KUBERNETES - BEYOND THE BASICS
Kubernetes has answers to many questions related to clustering and the required low-level networking. When using Kubernetes for real live deployments we need more than those lower-level solutions however. We need things like automated deployments, load balancing for web applications, blue/green deployments and monitoring.
This is all possible with Kubernetes when we start to look at Kubernetes as an API. In this talk you will learn to embrace the Kuberentes API and some of the patterns, tools and mechanisms we developed and use around Kubernetes to prepare for production grade deployments.
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti
PyCon Ireland - Python DevOps flows with Ansible, Packer & Kubernetes - Mihai Criveti
https://www.youtube.com/watch?v=lO884XAdddQ
1 Packer: Image Build Automation
2 OpenSCAP: Automate Security Baselines
3 Ansible: Provisioning and Configuration Management
4 Molecule: Test your Ansible Playbooks on Docker, Vagrant or Cloud
5 Vagrant: Test images with vagrant
6 Package Python Applications with setuptools
7 Kubernetes: Container Orchestration at Scale
8 DevOps Culture and Practice
✭✭ NOTE: a revised version of this lab is available at https://www.slideshare.net/williamyeh/rd-kubernetes-gdg-cloud-kh-201908-version ✭✭
90-Minute Workshop held at Taiwan Cloud Edge Summit 2019 (台灣雲端大會).
* 課程簡介
Kubernetes 是目前雲端環境的顯學。可是,傳統的程式,並不是原封不動搬上去,就能夠自動享受 Kubernetes 所宣稱的種種好處。 新的環境,不僅需要新的 Ops 思維,也需要新的 Dev 思維。我們將以一個半小時的時間,從軟體研發者的角度,探討軟體的設計該做哪些最起碼的改變,從實作中體驗 Kubernetes 引進的新觀念及新效益。
* 課程目標
從實例中體驗,傳統 web 應用程式在搬上 Kubernetes 時,可能會經歷哪些架構面的調整,才能享受新架構的效益:
- 容器化
- 微服務
- 組態管理
- 多重環境管理:本機端與雲端(以 GKE 為例)
Use GitLab with Chaos Engineering to Harden your Applications + OpenEBS 1.3 ...MayaData Inc
If you were not at the GitLab Commit conferences in New York and London, here’s an opportunity to attend our popular talk on using chaos engineering in Gitlab pipelines for faster hardening. As cloud native applications are coming to life faster than anyone could have imagined, the explosion of microservices empowers developers while also making it increasingly difficult to build pipelines that validate changes outside of their (or their SREs') control.
Chaos engineering has emerged as a way to introduce faults into systems to increase their resiliency and Litmus, part of OpenEBS Enterprise Platform, can shake out a lot of bugs.
We are also glad to announce that OpenEBS 1.3 has been released and we will review the new features added.
JDD2015: Kubernetes - Beyond the basics - Paul BakkerPROIDEA
KUBERNETES - BEYOND THE BASICS
Kubernetes has answers to many questions related to clustering and the required low-level networking. When using Kubernetes for real live deployments we need more than those lower-level solutions however. We need things like automated deployments, load balancing for web applications, blue/green deployments and monitoring.
This is all possible with Kubernetes when we start to look at Kubernetes as an API. In this talk you will learn to embrace the Kuberentes API and some of the patterns, tools and mechanisms we developed and use around Kubernetes to prepare for production grade deployments.
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti
PyCon Ireland - Python DevOps flows with Ansible, Packer & Kubernetes - Mihai Criveti
https://www.youtube.com/watch?v=lO884XAdddQ
1 Packer: Image Build Automation
2 OpenSCAP: Automate Security Baselines
3 Ansible: Provisioning and Configuration Management
4 Molecule: Test your Ansible Playbooks on Docker, Vagrant or Cloud
5 Vagrant: Test images with vagrant
6 Package Python Applications with setuptools
7 Kubernetes: Container Orchestration at Scale
8 DevOps Culture and Practice
Effective Platform Building with Kubernetes. Is K8S new Linux?Wojciech Barczyński
I will tell you war stories from Kubernetes implementations in two startups: a fashion ecommerce - Lykehq - and Fintech/Machine Learning - SMACC. Getting them to Continuous Deployment, mistakes I made, and how we solve them. Show why K8S is such a powerful tool and -- most important for me -- it gives you learn-as-you-go experience. The new linux, the new application server some say.
Check: https://github.com/wojciech12/talk_cloudnative_and_kubernetes_waw
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...Wojciech Barczyński
I will tell you two stories about two different implementations of Kubernetes. One from Fashion mobile ecomerce. One from a Fintech. Kubernetes is not a silver bullet. But damn close ;).
Docker and Cloud - Enables for DevOps - by ACA-ITStijn Wijndaele
DevOps is gericht op het tot stand brengen van een cultuur binnen organisaties waardoor het ontwikkelen, valideren en releasen van software sneller, meer betrouwbaar en frequenter kan verlopen. Om dit te realiseren staan het automatiseren van het 'software delivery process' en de bijhorende infrastructurele veranderingen centraal. Door de opkomst van 'Microservice Architecture' neemt het belang hiervan nog verder toe.
Sprekers: Stijn Van den Enden & Stijn Wijndaele (ACA IT-Solutions) DevOps is gericht op het tot stand brengen van een cultuur binnen organisaties waardoor het ontwikkelen, valideren en releasen van software sneller, meer betrouwbaar en frequenter kan verlopen. Om dit te realiseren staan het automatiseren van het 'software delivery process' en de bijhorende infrastructurele veranderingen centraal. Door de opkomst van 'Microservice Architecture' neemt het belang hiervan nog verder toe.
In deze avondconferentie werd, na een korte toelichting over DevOps, nagegaan wat Docker en de Cloud kunnen betekenen voor uw business, en hoe zij als enablers kunnen dienen voor het tot stand brengen van een DevOps-cultuur. Het container-landschap waarvan tools zoals Kubernetes, Docker Swarm, ...een belangrijk onderdeel vormen, wordt toegelicht en er wordt ingegaan op de wijze waarop deze tools aangewend kunnen worden om 'development' en 'operations' efficiënt te laten samenwerken.
Containerizing your Security Operations CenterJimmy Mesta
AppSec USA 2016 talk on using containers and Kubernetes to manage a variety of security tools. Includes best practices for securing Kubernetes implementations.
Chicago Docker Meetup Presentation - MediaflyMediafly
Bryan Murphy's presentation from the 2nd Chicago Docker meetup on March 12, 2014 at Mediafly HQ. In his presentation, Bryan explains how we use Docker right now at Mediafly in production.
Cloud-native .NET Microservices mit KubernetesQAware GmbH
BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware).
Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.
At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.
Enhancing the application development process in all its phases—building, scaling, shipping, deploying
and running—plays a vital role in today’s competitive IT industry by shortening the time between writing
code and running it.
Ed Seymour
Containerisation Lead – Red Hat
Ed has over 20 years experience working in software development and IT automation. With a career that started with a small software start-up, working efficiently and with agility was a necessity, and through his experience working at a global IT services company, gained valuable experience in promoting and effecting organisational change, adoption of agile methods, and automation of the software development life-cycle. At Red Hat, Ed’s role has focused on enabling customers as they embrace new organisational behaviours and structures, for example DevOps, and developing new IT services through adoption of emerging technologies, such as Cloud Management, OpenStack; Ed specialises in solutions based on containers through Docker, Kubernetes and OpenShift.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Effective Platform Building with Kubernetes. Is K8S new Linux?Wojciech Barczyński
I will tell you war stories from Kubernetes implementations in two startups: a fashion ecommerce - Lykehq - and Fintech/Machine Learning - SMACC. Getting them to Continuous Deployment, mistakes I made, and how we solve them. Show why K8S is such a powerful tool and -- most important for me -- it gives you learn-as-you-go experience. The new linux, the new application server some say.
Check: https://github.com/wojciech12/talk_cloudnative_and_kubernetes_waw
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...Wojciech Barczyński
I will tell you two stories about two different implementations of Kubernetes. One from Fashion mobile ecomerce. One from a Fintech. Kubernetes is not a silver bullet. But damn close ;).
Docker and Cloud - Enables for DevOps - by ACA-ITStijn Wijndaele
DevOps is gericht op het tot stand brengen van een cultuur binnen organisaties waardoor het ontwikkelen, valideren en releasen van software sneller, meer betrouwbaar en frequenter kan verlopen. Om dit te realiseren staan het automatiseren van het 'software delivery process' en de bijhorende infrastructurele veranderingen centraal. Door de opkomst van 'Microservice Architecture' neemt het belang hiervan nog verder toe.
Sprekers: Stijn Van den Enden & Stijn Wijndaele (ACA IT-Solutions) DevOps is gericht op het tot stand brengen van een cultuur binnen organisaties waardoor het ontwikkelen, valideren en releasen van software sneller, meer betrouwbaar en frequenter kan verlopen. Om dit te realiseren staan het automatiseren van het 'software delivery process' en de bijhorende infrastructurele veranderingen centraal. Door de opkomst van 'Microservice Architecture' neemt het belang hiervan nog verder toe.
In deze avondconferentie werd, na een korte toelichting over DevOps, nagegaan wat Docker en de Cloud kunnen betekenen voor uw business, en hoe zij als enablers kunnen dienen voor het tot stand brengen van een DevOps-cultuur. Het container-landschap waarvan tools zoals Kubernetes, Docker Swarm, ...een belangrijk onderdeel vormen, wordt toegelicht en er wordt ingegaan op de wijze waarop deze tools aangewend kunnen worden om 'development' en 'operations' efficiënt te laten samenwerken.
Containerizing your Security Operations CenterJimmy Mesta
AppSec USA 2016 talk on using containers and Kubernetes to manage a variety of security tools. Includes best practices for securing Kubernetes implementations.
Chicago Docker Meetup Presentation - MediaflyMediafly
Bryan Murphy's presentation from the 2nd Chicago Docker meetup on March 12, 2014 at Mediafly HQ. In his presentation, Bryan explains how we use Docker right now at Mediafly in production.
Cloud-native .NET Microservices mit KubernetesQAware GmbH
BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware).
Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.
At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.
Enhancing the application development process in all its phases—building, scaling, shipping, deploying
and running—plays a vital role in today’s competitive IT industry by shortening the time between writing
code and running it.
Ed Seymour
Containerisation Lead – Red Hat
Ed has over 20 years experience working in software development and IT automation. With a career that started with a small software start-up, working efficiently and with agility was a necessity, and through his experience working at a global IT services company, gained valuable experience in promoting and effecting organisational change, adoption of agile methods, and automation of the software development life-cycle. At Red Hat, Ed’s role has focused on enabling customers as they embrace new organisational behaviours and structures, for example DevOps, and developing new IT services through adoption of emerging technologies, such as Cloud Management, OpenStack; Ed specialises in solutions based on containers through Docker, Kubernetes and OpenShift.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
2. 2
WHO AM I?
o Consultant at Ordina
o Software architect & developer background
o Interested in: Automation, public cloud in enterprises,
hyperscale software
o Company blog & LinkedIn
7. o Knowing when there is an update
o Knowing what to update
o Knowing how to update
o Validate that the update works
o Rollout to production
7
WHAT IS NEEDED
11. 11
HOW DOES IT WORK
Java project
repo/
├─ src/
├─ Dockerfile
├─ pom.xml
12. 12
HOW DOES IT WORK
Java project
Docker: amazoncorretto:18.0.0
Maven: org.apache.logging.log4j:log4j-core:2.12.2
13. 13
HOW DOES IT WORK
Java project
Docker: amazoncorretto:18.0.0
Maven: org.apache.logging.log4j:log4j-core:2.12.2
amazoncorretto:18.0.1
org.apache.logging.log4j:log4j-core:2.18.0
14. 14
HOW DOES IT WORK
Java project
Docker: amazoncorretto:18.0.0 -> 18.0.1
Maven: org.apache.logging.log4j:log4j-core:2.12.2 -> 2.18.0
15. 15
HOW DOES IT WORK
Java project
Docker: amazoncorretto:18.0.0 -> 18.0.1
Maven: org.apache.logging.log4j:log4j-core:2.12.2 -> 2.18.0
PR: amazoncorretto: 18.0.1
PR: log4j: 2.18.0
16. 16
HOW DOES IT WORK
Java project
PR: amazoncorretto: 18.0.1
PR: log4j: 2.18.0
Build: amazoncorretto: 18.0.1
Build: log4j: 2.18.0
24. 24
HOW DOES RENOVATE WORK
Deployment
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/deployment.yaml
- https://github.com/pietervincken/my-other-service?ref=0.0.0
25. 25
HOW DOES RENOVATE WORK
Deployment
Kubernetes: image: pietervincken/my-java-service:0.0.0
Kustomize: resource: github.com/pietervincken/my-other-service:0.0.0
26. 26
HOW DOES RENOVATE WORK
Deployment
Kubernetes: image: pietervincken/my-java-service:0.0.0
Kustomize: resource: github.com/pietervincken/my-other-service:0.0.0
27. HOW DOES RENOVATE WORK
Deployment
Kubernetes: image: pietervincken/my-java-service:0.0.0 -> 0.0.1
Kustomize: resource: github.com/pietervincken/my-other-service:0.0.0 -> 0.1.0
27
28. HOW DOES RENOVATE WORK
Deployment
my-java-service:0.0.0 -> 0.0.1
my-other-service:0.0.0 -> 0.1.0
PR: my-java-service: 0.0.1
PR: my-other-service: 0.1.0
28
29. HOW DOES RENOVATE WORK
Deployment
PR: my-java-service: 0.0.1
PR: my-other-service: 0.1.0
29
34. HOW DOES IT WORK
Deployment
Kubernetes: image: pietervincken/my-java-service:0.0.1
Kustomize: resource: github.com/pietervincken/my-other-service:0.1.0
34
35. HOW DOES IT WORK
Deployment
Kubernetes: image: pietervincken/my-java-service:0.0.1
Kustomize: resource: github.com/pietervincken/my-other-service:0.1.0
Repository
changed
35
36. HOW DOES IT WORK
Deployment
Build kustomization
36
41. o Inform about the update
o Build confidence in update sources
o Docker hub
o Maven central
o Internal sources
o Start with low impact
o Limit amount of concurrent updates
41
CONVINCE THE BRASS
Baby steps
43. • Conventional commits
• At least semver based tags
• Good automated testing
• -> high level of confidence for auto-merge
• Clear deployment process to (pre-) production
• Automation and configuration as code are key
43
NOT REQUIRED, BUT GOOD TO HAVE
Example of Log4Shell / Log4J vulnerabilty
TODO Embracing updates and upgrading frequently allow for small changes
And very little effort to update. Big bang upgrades are costly.
TODO Upgrading is inevitable. Having an (automated) process in place is key
https://www.comparitech.com/blog/information-security/cybersecurity-vulnerability-statistics/
https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
Too this day, still unpatched log4shell systems available…
Renovate -> not only what to update but also how -> Changelog!
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Fictive example!
Fictive example!
Fictive example!
Fictive example!
Fictive example!
You can allow Renovate to merge automatically on successful builds, but in general and definitely when starting to use this, you’ll merge these PRs by hand.
Grab a coffee and scroll through some Reddit posts about how automation makes your life easy!
Fictive example!
Dependency detection: https://docs.renovatebot.com/modules/manager/
Docker-compose, Ansible, Kubernetes, Flux, Helm, kustomize, Terraform, Tekton(?!?)
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Github, Bitbucket, Gitlab, …
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Either automated or manually
Moves through your normal development process
E.g. deploy it to a development environment first. After that’s validated, merge to main for production
Prevent copy paste errors by allowing renovate to update the different environment repositories
Fictive example!
Fictive example!
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
Dependency detection: https://docs.renovatebot.com/modules/manager/
Supported repository systems https://docs.renovatebot.com/#supported-platforms
Renovate:
Scans your repositories to detect package files and their dependencies
Checks if any newer versions exist
Raises Pull Requests for available updates
yaml file extension by Grafix Point from https://thenounproject.com/browse/icons/term/yaml-file-extension
ArgoCD performs API calls based on the YAML it has generated.
The only 2 manual actions we had to do was merge 2 PRs.
Everything else was automated.
Outdated versions
Security vulnerabilties
Only update when new feature needed
Update all depedencies at once -> not a good idea
Small updates, validated, one by one -> way to go
Possibility to limit type of updates
Major / minor / patch
Limit what to update
In/exclude update sources (E.g. only internal container registry)
Auto-merge trusted sources
E.g. in-house maintained libraries
Auto-merge low impact targets
E.g. supporting application
Limit number of PRs
Grouping similar updates
Limiting PRs by design
Custom/additional upgrade steps through scripts
Zalando’s, Netflixes and Tesla’s of the world are build to change.
The fast moving companies are able to adapt quickly and efficiently
The key to move fast is to often in small steps. Big leaps rarely work out.
