See how Kubernetes-native security differs from traditional security approaches.
We'll talk about how you can find and fix blind spots, critical vulnerabilities, and misconfigurations that are unique to Kubernetes to increase protection. And to get your team to adopt this, you'll also see how to help shorten the learning curve for them. Lastly, you'll see how to minimize operational risk by using scalable enforcement functions, while keeping operations simple.
The demo will be on how to use Red Hat Advanced Cluster Security/Stackrox to implement Kubernetes-native security on containers that are running across k8s/OpenShift clusters and implement best practices across use cases like visibility, vulnerability management, and more.
Presented by Krishnan Narayana Swamy, Specialist Solution Architect, Red Hat
Watch the presentation: https://youtu.be/s-0dXfjfPkA
The eternal struggle of application development is choosing to pay down technical debt or adding new features. Why not both! This meetup will explore modernization strategies enabled by open-source project KubeVirt that will help you do just that.
Legacy applications are usually monolithic and run on one or more virtual machines. Some applications are easier to modernize if they have well established counterparts in the containerized world (EAP, Spring Boot, etc). Large classic .Net applications running on IIS in Windows server are a lot harder to modernize in one shot. KubeVirt allows you to import your existing VM workloads into Kubernetes and modernize your application in stages.
With KubeVirt, Virtual Machines are first-class citizens in Kubernetes and have access to all the artifacts that pods do, including being able to access and be accessed using service endpoints. Once you have the VM running in your Kubernetes project, you can start to modernize and extend the functionality of your application.
We will import a .Net application running on IIS on a Windows Server VM into KubeVirt. Then we will go through the stages of containerizing each of the logical layers of the application. Note that this strategy can be used with other OS and Middleware combinations.
Presenter: Arvin Amirian, Principal Consultant for Container Infrastructure @ Red Hat
Automate Workflows With The Open-source Cloud-native Tool Boomerang FlowKonveyor Community
In the cloud-native workflow automation world, there are many great open-source projects such as Argo, Airflow, and Brigade.
These tools require technical expertise to be used by business users, or they are aligned with a specific use case such as CI/CD. Boomerang Flow is an alternative tool that is usable by a business user but also provides an extensible framework developers can use for new use cases.
It aims to replace Robotic Process Automation flows, which don’t necessarily need to be full-blown bots.
And it doesn’t try to tackle use cases such as screen-scraping legacy green text applications. Instead, it tries to solve the problem where enterprises are using bots to perform tasks such as receiving a service now ticket and automatically moving it to a special status or workflow queue. These types of scenarios can be automated using Boomerang Flow. And the cost of running these workflows in Kubernetes is fractions of the cost of running an RPA bot for licensing.
Presenters: Tyson W Lawrie, head of engineering - IBM, Marcus D Roy, Senior Lead Software engineer - IBM, and Benjamin Ruby, Analytics Consultant - IBM
Recording link: https://youtu.be/-lOninwMoz4
Mass Migrate Virtual Machines to Kubevirt with Tool Forklift 2.0Konveyor Community
There are 6Rs that can help you have Cloud-native workloads running in your Kubernetes deployments: Refactor, Replatform, Rehost, Retire, Retain or Repurchase.
Rehosting virtual machines provides less friction than others, while still providing some advantages.
One of those advantages being that you can have workloads you don't want to or cannot containerize yet sit alongside your containers through KubeVirt.
In this meetup, we'll show you how Forklift 2.0 makes it easy to move them to their new home. And explain why this is a small step for your workloads but a giant leap on your path to the cloud.
Presenters: Miguel Pérez Colino, Senior Principal Product Manager & Fabien Dupont, Manager, Software Engineering & Senior Principal Engineer.
YouTube recording: https://youtu.be/-w4Afj5-0_g
Cost Control and Rapid Innovation in Kubernetes with OpenRewriteKonveyor Community
Presentation recording: https://youtu.be/6wZhwAZWs84
There's no good way currently to make consistent, structural changes to Kubernetes manifests but still ensure YAML correctness and repeatability. OpenRewrite is somewhat unique in this space.
OpenRewrite is an OSS project which can be leveraged to make large and significant changes to a Kubernetes cluster in a concise and repeatable way. Integrating Rewrite into workflows is easy, making adoption straightforward.
Jon Brisbin, software engineer at OpenRewrite, will give a demonstration of this tool at this meetup.
If you want to try the getting started or any of the tutorials: https://github.com/openrewrite
Rehosting apps between k8s clusters and automating deployment using craneKonveyor Community
Watch the presentation: https://youtu.be/kp5vFIg0BhQ
With Crane 2.0, application owners can migrate Kubernetes workloads and their state between clusters of different Kubernetes distributions, remove environment-specific configuration, and automate application deployments along the way.
The community has distilled several years of experience performing large-scale production Kubernetes migrations into this tool. It’s designed to drive a migration via a pipeline of non-destructive tasks that dump their results to disk so the operation can be easily audited and versioned without impacting live workloads. The tasks can be run repeatedly and will output consistent results given the same inputs without side-effects on the system at large.
These projects can be large, complex, error-prone, and usually must be performed under a limited window of time. Because of that challenge, it's paramount that a migration tool be designed with transparency and ease-of-diagnostics in mind.
Presenters: Marco Berube and Erik Nelson
Automate The Creation/Transformation of Infrastructure as Code Artifacts with...Konveyor Community
Watch the demo: https://youtu.be/tmGSqK3BahU
Konveyor Move2Kube helps automate your migration from various platforms such as cloud foundry, docker swarm, VM based applications, or from your custom framework to Kubernetes. With the latest release of Move2Kube, v0.3.0, it has acquired extensive customization capabilities to help create the target artifacts as per your organization requirements.
In this session, the Move2Kube team will demonstrate the migration of a typical application to run on Kubernetes. It will be followed by a demonstration of customization capabilities of Move2Kube, such as customizing the generated Dockerfile, the directory structure, the helm chart and custom artifacts.
Website: https://move2kube.konveyor.io/
GitHub repo: https://github.com/konveyor/move2kube/
[Konveyor] introduction to cloud native chaos engineering with litmus chaos (1)Konveyor Community
Chaos Engineering is revolutionizing testing means and doing it the cloud-native way is the best way in today's rapidly changing world with a huge shift in the paradigm of Kubernetes resiliency.
Karthik S, one of the maintainers for LitmusChaos, will be introducing how to carry out Chaos Engineering, the cloud-native way.
He will also touch upon observability considerations for chaos engineering and what hooks Litmus provides for the same.
Zero-Touch Declarative Rehosting of Legacy Monolith Applications to Kubernete...Konveyor Community
Recording on YouTube: https://youtu.be/t0pu4iqTil0
While a lot can be modernized in the form of containers, it may not be feasible to containerize all of them at the same time due to time or technical or budget constraints.
With KubeVirt, we can bring those virtualized workloads side by side with containerized workloads into a common platform. Forklift operator can bring those virtualized workloads in bulk to Kubernetes platform.
In this meetup, we will show a live demo on how monolith applications can be moved, without touching the source legacy side, to Kubernetes platform.
Presenter: Vishal Anand, Thought Leader Architect & Sr. Inventor - IBM
Watch the presentation: https://youtu.be/s-0dXfjfPkA
The eternal struggle of application development is choosing to pay down technical debt or adding new features. Why not both! This meetup will explore modernization strategies enabled by open-source project KubeVirt that will help you do just that.
Legacy applications are usually monolithic and run on one or more virtual machines. Some applications are easier to modernize if they have well established counterparts in the containerized world (EAP, Spring Boot, etc). Large classic .Net applications running on IIS in Windows server are a lot harder to modernize in one shot. KubeVirt allows you to import your existing VM workloads into Kubernetes and modernize your application in stages.
With KubeVirt, Virtual Machines are first-class citizens in Kubernetes and have access to all the artifacts that pods do, including being able to access and be accessed using service endpoints. Once you have the VM running in your Kubernetes project, you can start to modernize and extend the functionality of your application.
We will import a .Net application running on IIS on a Windows Server VM into KubeVirt. Then we will go through the stages of containerizing each of the logical layers of the application. Note that this strategy can be used with other OS and Middleware combinations.
Presenter: Arvin Amirian, Principal Consultant for Container Infrastructure @ Red Hat
Automate Workflows With The Open-source Cloud-native Tool Boomerang FlowKonveyor Community
In the cloud-native workflow automation world, there are many great open-source projects such as Argo, Airflow, and Brigade.
These tools require technical expertise to be used by business users, or they are aligned with a specific use case such as CI/CD. Boomerang Flow is an alternative tool that is usable by a business user but also provides an extensible framework developers can use for new use cases.
It aims to replace Robotic Process Automation flows, which don’t necessarily need to be full-blown bots.
And it doesn’t try to tackle use cases such as screen-scraping legacy green text applications. Instead, it tries to solve the problem where enterprises are using bots to perform tasks such as receiving a service now ticket and automatically moving it to a special status or workflow queue. These types of scenarios can be automated using Boomerang Flow. And the cost of running these workflows in Kubernetes is fractions of the cost of running an RPA bot for licensing.
Presenters: Tyson W Lawrie, head of engineering - IBM, Marcus D Roy, Senior Lead Software engineer - IBM, and Benjamin Ruby, Analytics Consultant - IBM
Recording link: https://youtu.be/-lOninwMoz4
Mass Migrate Virtual Machines to Kubevirt with Tool Forklift 2.0Konveyor Community
There are 6Rs that can help you have Cloud-native workloads running in your Kubernetes deployments: Refactor, Replatform, Rehost, Retire, Retain or Repurchase.
Rehosting virtual machines provides less friction than others, while still providing some advantages.
One of those advantages being that you can have workloads you don't want to or cannot containerize yet sit alongside your containers through KubeVirt.
In this meetup, we'll show you how Forklift 2.0 makes it easy to move them to their new home. And explain why this is a small step for your workloads but a giant leap on your path to the cloud.
Presenters: Miguel Pérez Colino, Senior Principal Product Manager & Fabien Dupont, Manager, Software Engineering & Senior Principal Engineer.
YouTube recording: https://youtu.be/-w4Afj5-0_g
Cost Control and Rapid Innovation in Kubernetes with OpenRewriteKonveyor Community
Presentation recording: https://youtu.be/6wZhwAZWs84
There's no good way currently to make consistent, structural changes to Kubernetes manifests but still ensure YAML correctness and repeatability. OpenRewrite is somewhat unique in this space.
OpenRewrite is an OSS project which can be leveraged to make large and significant changes to a Kubernetes cluster in a concise and repeatable way. Integrating Rewrite into workflows is easy, making adoption straightforward.
Jon Brisbin, software engineer at OpenRewrite, will give a demonstration of this tool at this meetup.
If you want to try the getting started or any of the tutorials: https://github.com/openrewrite
Rehosting apps between k8s clusters and automating deployment using craneKonveyor Community
Watch the presentation: https://youtu.be/kp5vFIg0BhQ
With Crane 2.0, application owners can migrate Kubernetes workloads and their state between clusters of different Kubernetes distributions, remove environment-specific configuration, and automate application deployments along the way.
The community has distilled several years of experience performing large-scale production Kubernetes migrations into this tool. It’s designed to drive a migration via a pipeline of non-destructive tasks that dump their results to disk so the operation can be easily audited and versioned without impacting live workloads. The tasks can be run repeatedly and will output consistent results given the same inputs without side-effects on the system at large.
These projects can be large, complex, error-prone, and usually must be performed under a limited window of time. Because of that challenge, it's paramount that a migration tool be designed with transparency and ease-of-diagnostics in mind.
Presenters: Marco Berube and Erik Nelson
Automate The Creation/Transformation of Infrastructure as Code Artifacts with...Konveyor Community
Watch the demo: https://youtu.be/tmGSqK3BahU
Konveyor Move2Kube helps automate your migration from various platforms such as cloud foundry, docker swarm, VM based applications, or from your custom framework to Kubernetes. With the latest release of Move2Kube, v0.3.0, it has acquired extensive customization capabilities to help create the target artifacts as per your organization requirements.
In this session, the Move2Kube team will demonstrate the migration of a typical application to run on Kubernetes. It will be followed by a demonstration of customization capabilities of Move2Kube, such as customizing the generated Dockerfile, the directory structure, the helm chart and custom artifacts.
Website: https://move2kube.konveyor.io/
GitHub repo: https://github.com/konveyor/move2kube/
[Konveyor] introduction to cloud native chaos engineering with litmus chaos (1)Konveyor Community
Chaos Engineering is revolutionizing testing means and doing it the cloud-native way is the best way in today's rapidly changing world with a huge shift in the paradigm of Kubernetes resiliency.
Karthik S, one of the maintainers for LitmusChaos, will be introducing how to carry out Chaos Engineering, the cloud-native way.
He will also touch upon observability considerations for chaos engineering and what hooks Litmus provides for the same.
Zero-Touch Declarative Rehosting of Legacy Monolith Applications to Kubernete...Konveyor Community
Recording on YouTube: https://youtu.be/t0pu4iqTil0
While a lot can be modernized in the form of containers, it may not be feasible to containerize all of them at the same time due to time or technical or budget constraints.
With KubeVirt, we can bring those virtualized workloads side by side with containerized workloads into a common platform. Forklift operator can bring those virtualized workloads in bulk to Kubernetes platform.
In this meetup, we will show a live demo on how monolith applications can be moved, without touching the source legacy side, to Kubernetes platform.
Presenter: Vishal Anand, Thought Leader Architect & Sr. Inventor - IBM
Tackle Containerization Advisor (TCA) for Legacy ApplicationsKonveyor Community
Recording of presentation: https://youtu.be/VapEooROERw
With the adoption of cloud services and the reliability and resiliency it offers, enterprises are eager to understand how many of their legacy applications can be containerized.
We propose Tackle Containerization Advisor (TCA), a framework that provides a containerization advisory for legacy applications.
Given an application description in terms of its technical components, TCA proposes a multi-step process that standardizes the raw inputs and curates technology stack into various components, detects missing components and finally recommends the best possible containerization approach.
Presenter: Anup Kalia, Research Staff Member @ IBM Research
GitHub: https://github.com/konveyor/tackle-container-advisor
Migrating Java JBoss EAP Applications to Kubernetes With S2IKonveyor Community
Watch presentation: https://youtu.be/9hDdg_Beui4
Despite the incredible pace of adoption of container orchestration platforms, the vast majority of EAP workloads are still running on VMs or bare metal. In a lot of cases enterprise operation teams are mandated to modernize and move these workloads to the cloud, and containerization and migration to Kubernetes is the natural destination. When talking about this migration path, we're often asked questions like:
What's involved?
How easy is it to move these workloads?
How can you be sure of no code changes?
What tools are there to assist with this effort?
What are the benefits of moving workloads to Kubernetes?
In this meetup, Philip Hayes, Runtimes Practice Lead at Red Hat, will provide answers to these questions and also include a step-by-step guide to migrating an EAP 7 application to Kubernetes.
Tackle-test: An Automatic Unit-level Test Case GeneratorKonveyor Community
Watch recording on YouTube: https://youtu.be/qThqTFh2PM4
Take a look at the latest tool contributed to Konveyor at this meetup, Tackle-test. It performs automatic unit test generation for Java applications.
It automatically adds assertions to test cases for more effective use of the tests to detect behavioral differences between two application versions;
e.g., in the context of application modernization, these could be the legacy and modernized application versions.
Assertion generation is done by executing the synthesized test sequences on the legacy application version, recording observed program states, and translating them to test-case assertions.
Presenters:
Saurabh Sinha - IBM Research
Rachel Brill - IBM Research
[Konveyor] address technical risks when implementing workload modernization u...Konveyor
See examples of how you can approach technical decisions when migrating to Kubernetes at our next meetup. We'll start by stating our target architectural design then talk through how you can bring legacy software to the desired design.
This is the slide deck of the previous webinar to give you reminder of what we covered then.
Presented by Andrea Battaglia, EMEA Technical Partner Development Manager - DX And Cloud-Native Dev. Middleware Evangelist
How Docker EE is Finnish Railway’s Ticket to App ModernizationDocker, Inc.
VR Group-Finnish Railways is responsible for 118 million passenger rides and moving 41 million tons of cargo a year and is seeing overall growth in rail transit throughout Finland. A priority for the organization is to provide improved customer services, including an improved seat reservation system and bringing modern experiences like next generation mobile apps to their passengers. These improvements require looking at their application portfolio and deciding to either:
Revise: Transform legacy applications to more cost efficient solutions
Redesign: Redesign and rewrite mainframe-based solutions to microservices
In this session, Markus Niskanen, Integration Manager at VR Group, and Oscar Renalias, Sr. Technology Architect at Accenture will discuss how they leveraged Docker EE and the public cloud to be the common platform for these different application modernization projects. They will cover how they are leveraging Docker and the cloud to renew and optimize their application portfolio for greater ROI, leading to organization-wide adaptation of DevOps principles and cultural change in an industry that is over 150 years old.
Building Your NoSQL Ship: How an Enterprise Transitioned from a RDBMS to NoSQ...Docker, Inc.
How do you bring a NoSQL DB into a production Docker Environment? What are key orchestration challenges? How can you design a portable solution that can lift and shift into any environment? What are pro’s and con’s to containerizing your database? By establishing a set of best practices and proper testing you can ensure that your infrastructure design can be resilient in any global environment. The challenge is identifying what works best for your organization. Disruptive testing and partnering with other teams within your company can ensure success when implementing a global application. In this session you will learn from a member of MetLife’s ModSquad innovation team firsthand what challenges MetLife overcame using a NoSQL DB in a Docker environment. You will learn about key decisions impacting orchestration, availability, database replication, and disaster recovery. Additionally, you will understand key differences in classic and swarm mode and how Kubernetes and Docker teaming up will help your Production Design.
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsKonveyor Community
Watch the presentation: https://youtu.be/E3LeAmH6Ems
At the beginning of 2019, Chris Nuland and team were tasked with migrating a large mesosphere DC/OS cluster with hundreds of running containers to Kubernetes for a large fortune 100 healthcare company. One of the key challenges with this migration was the need to finish it within a 7 month timeframe to allow the sunsetting of DC/OS before the cluster’s end of life. In conjunction with this migration, there was also the need to containerize a couple hundred applications and deploy them into the newly built cluster. These tasks were completed in the desired time frame using a variety of migration and onboarding techniques, including the use of a few migration tools, like pathfinder, that would eventually be part of the Konveyor suite of applications.
This presentation will go over many of the challenges of that migration, how certain tooling aided in the process, and how the process would look differently now given many of the migration tooling advantages found in the Konveyor suite of applications.
Presenter: Christopher Nuland, Architect at Red Hat
#bigwhale: An Unexpected Journey into Containerization @ Lockheed Martin - Pa...Docker, Inc.
2017 was a banner year for change and disruption at Lockheed Martin. Specifically Enterprise IT, moving to cloud and taking a chance on Containerization as a Service with Docker. As innovation accelerates and customer needs rapidly evolve, Lockheed Martin must become increasingly agile. Rapidly responding to customer requirements is key, and to facilitate overall business goals, Enterprise IT needs to be agile. We are experiencing software development lifecycles moving from waterfall to agile models of development. These changes are moving downstream toward Enterprise IT operations with the evolution of DevOps.
In order to meet the demands of the customer and make significant progress on our cloud journey, we needed to look at changing how we manage infrastructure, how we change our IT culture and ultimately how we innovate at scale. That’s where the story of i2 labs begins.
This presentation will focus on the creation of i2 labs at Lockheed Martin, which inspired and enabled people and processes to invest in Docker as a company, Containerization as a technology and DevOps as a methodology. How we went from labs testing to building Agile Development Teams to preparing to enter our BETA phase of our Enterprise Containerization as a Service to deploy applications in a consistent, repeatable, and reliable manner.
Migrating from oracle soa suite to microservices on kubernetesKonveyor Community
Watch presentation recording: https://youtu.be/cxH6WjDZc2c
In this session, we’ll explore how Randoli helped a Postal Technology company migrate their payment gateway applications off Oracle SOA Suite to Camel/Springboot on Kubernetes.
The primary drivers for the migration were: move to cloud-native technologies in keeping with the organizational digital transformation mandate; move away from an outdated centralized platform to a decentralized architecture for efficiency, scalability, and manageability; and very high licensing costs of the existing platform.
We’ll discuss:
- The high-level approach we took during the migration including architecture and design decisions.
- How we used Camel/Springboot to implement the services.
- Why and how we used Drools for implementing business rules.
- The test-driven approach using Camel testing framework and how it helped reduce issues.
- CI/CD and build process on Kubernetes.
- How we tackled logging, monitoring, and tracing challenges.
Presenter: Rajith Attapattu, Managing Partner & CTO @ Randoli Inc.
Create a One Click Migration (OCM) process to Automate Repeatable Infrastruct...Quantyca - Data at Core
In his speech at SaltConf19 our Lead Site Reliability Engineer Giandomenico Avelluto talked about how we managed part of LastMinute infrastructure migration using SaltStack capabilities such as Salt Orchestration system and how a “Flight Plan” and the Salt Reactor system can help you to trace all these steps in a very simple way.
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Docker, Inc.
At JCPenney, Black Friday is one of our most critical shopping periods, both in stores and increasingly online. Hundreds of millions of dollars are on the line for us in a narrow shopping window so scaling to handle the traffic and being able to deploy promotions and fix issues without disruption to the website and our business are critical. Our prior way of delivering applications was built on a waterfall model, locked in to a set of ISV vendor dependencies, with rigid silos. It was too slow and expensive to deploy changes and keep pace with our business. We needed an application delivery platform that can handle the scale of Black Friday, and allow us to adapt our systems as our business continues to evolve. In our DockerCon session, we will tell you how we are transforming JCPenney’s omnichannel business with Docker and open solutions like Jenkins, Spring cloud, Netflix OSS and Ansible. We went live in our first iteration in just two months, and then on-boarded over 30 services in the first 6 months. We learned quite a bit along the way and you'll hear why we made an important decision to switch from Docker Community Edition to Docker Enterprise Edition. Our new cloud-native, Dockerized systems handle over 100,000 deployments per year and can scale to handle events like Black Friday with zero issues.
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Daniel Krook
Presentation at the OpenStack Summit in Barcelona, Spain on October 25, 2016.
http://bit.ly/os-kub-oci-cncf
Containers along with next generation topics such as orchestration and serverless computing continue to draw interest across the application developer and data center operator communities because of the enormous potential of the technology and the rapid pace of change.
As the potential of Docker continues to evolve, Kubernetes emerges as the leading orchestration technology, and the OpenStack Magnum project has matured, many want to see shared governance over the baseline container specification and associated runtime and format/image to protect investments and enable confident adoption of this emerging technology.
Join this session to learn the latest about the Open Container Initiative (www.opencontainers.org) and the Cloud Native Computing Foundation (cncf.io) - both collaborative projects of the Linux Foundation - that drive the latest cloud native technologies and projects and see how they relate to Magnum and Kuryr.
Daniel Krook, Senior Software Engineer, IBM
Jeffrey Borek, Program Director, Open Tech, IBM
Sarah Novotny, Senior Kubernetes Community Manger, Google
Docker has become extremely popular in China. Since October of 2016, Alibaba Cloud and Docker partnered to drive adoption of containerized applications in China. In this talk, I will share the status for this program and will present the latest survey of container adoption in China. We'll take a deep analysis of the current landscape and what is different about China's market.
In this session, we will also share some use cases for container usage in enterprises - i.e. how Alibaba group build the core business application platform based on scalable container infrastructure and how local enterprises run their business with container technologies in a hybrid cloud environment.
This presentation will introduce you to Container, Docker, Kubernetes, and Google Kubernetes Engine (GKE) with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
See the recorded session on Facebook live here (min 46.49):
https://www.facebook.com/gdgcloudkl/videos/1013942759041907
There's also recorded session on Youtube here (min 46.49):
https://www.youtube.com/watch?v=ht0ynVjkDcI
GDG Cloud KL July Webinar on July 12, 2020
[Konveyor] roles & processes that make application modernization projects...Konveyor Community
Digital Transformation engagements are definitely the most complex projects you can work on.
And even though we stated many times that it’s possible to minimize the risks through tools for automated analysis and strong skills, it’s still important to keep in mind that collaboration is the key to succeed.
Usually the success of a digital transformation project derives from the collaboration of some actors:
- Technology vendors
- Consulting companies
- Customer
Let’s discuss the complexity and the methodology for teaming properly and successfully.
Presenter: Andrea Battaglia, Technical Partner Development Manager EMEA
CICD Pipelines for Microservices: Lessons from the TrenchesCodefresh
You have finally split your big monolith into microservices built on top of Kubernetes! Now what? How do you validate a more complex application? And how do you make it scale? In this live talk, we look at two case studies, Expedia’s journey to microservices, and Codefresh. If you try to treat microservices like monoliths you’ll end up with thousands of broken pipelines that are impossible to maintain. Learn from the mistakes of the past and let us show you how we fought our way to something much better! This live talk has everything, tech tips, best practices, and yes, even the fabled business value that our bosses all seem to care so much about!
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
Presented at CloudDevelop 2016
Building cloud native applications in containers is a new hot topic. Netflix and Google are two prime examples that have been doing it successfully for some time. Some of the new exciting projects like Docker and Kubernetes are focused on cloud native applications in containers. There are supposed to be numerous benefits including the ability to scale applications out easily while doing development on small systems like laptops, the ability for the system to handle some operational problems, and the capability to safely deploy updates to production many times per day. But, what does this look like in practice and how do you start the move to cloud native and containerized applications? In this session we'll look at what makes up a cloud native application, how they work, and how you can start small. We'll look at applications from an architecture and process point of view along with how you can deploy them to AWS, Azure, or Google Cloud. You'll walk away ready to start development on a cloud native app.
Best Practices for Running and Implementing KubernetesDevOps.com
Kubernetes has become the de-facto orchestration platform for the cloud-native era. However, the expensive trial-and-error and proof-of-concept activities associated with the transition can be daunting for many organizations. Join Fairwinds’ Site Reliability Engineers Ivan Fetch and Luke Reed, and President Kendall Miller as they discuss the best practices for running and implementing Kubernetes. They’ll also cover how engineering leaders are successfully using Kubernetes to improve the reliability, security, and scalability of their applications and the key differences between Enterprise and SME Environments.
Are you considering Kubernetes, but don't know where to start? Are you running Kubernetes in development, but the complexity is keeping you from pushing to production? This webinar will provide you with the right knowledge and insights for adopting Kubernetes at your organization.
Topics include:
Considerations and common pitfalls when implementing Kubernetes,
Best practices for running Kubernetes in production,
Security and cultural implications when adopting Kubernetes,
Key differences between Enterprise and SME Environments.
Tackle Containerization Advisor (TCA) for Legacy ApplicationsKonveyor Community
Recording of presentation: https://youtu.be/VapEooROERw
With the adoption of cloud services and the reliability and resiliency it offers, enterprises are eager to understand how many of their legacy applications can be containerized.
We propose Tackle Containerization Advisor (TCA), a framework that provides a containerization advisory for legacy applications.
Given an application description in terms of its technical components, TCA proposes a multi-step process that standardizes the raw inputs and curates technology stack into various components, detects missing components and finally recommends the best possible containerization approach.
Presenter: Anup Kalia, Research Staff Member @ IBM Research
GitHub: https://github.com/konveyor/tackle-container-advisor
Migrating Java JBoss EAP Applications to Kubernetes With S2IKonveyor Community
Watch presentation: https://youtu.be/9hDdg_Beui4
Despite the incredible pace of adoption of container orchestration platforms, the vast majority of EAP workloads are still running on VMs or bare metal. In a lot of cases enterprise operation teams are mandated to modernize and move these workloads to the cloud, and containerization and migration to Kubernetes is the natural destination. When talking about this migration path, we're often asked questions like:
What's involved?
How easy is it to move these workloads?
How can you be sure of no code changes?
What tools are there to assist with this effort?
What are the benefits of moving workloads to Kubernetes?
In this meetup, Philip Hayes, Runtimes Practice Lead at Red Hat, will provide answers to these questions and also include a step-by-step guide to migrating an EAP 7 application to Kubernetes.
Tackle-test: An Automatic Unit-level Test Case GeneratorKonveyor Community
Watch recording on YouTube: https://youtu.be/qThqTFh2PM4
Take a look at the latest tool contributed to Konveyor at this meetup, Tackle-test. It performs automatic unit test generation for Java applications.
It automatically adds assertions to test cases for more effective use of the tests to detect behavioral differences between two application versions;
e.g., in the context of application modernization, these could be the legacy and modernized application versions.
Assertion generation is done by executing the synthesized test sequences on the legacy application version, recording observed program states, and translating them to test-case assertions.
Presenters:
Saurabh Sinha - IBM Research
Rachel Brill - IBM Research
[Konveyor] address technical risks when implementing workload modernization u...Konveyor
See examples of how you can approach technical decisions when migrating to Kubernetes at our next meetup. We'll start by stating our target architectural design then talk through how you can bring legacy software to the desired design.
This is the slide deck of the previous webinar to give you reminder of what we covered then.
Presented by Andrea Battaglia, EMEA Technical Partner Development Manager - DX And Cloud-Native Dev. Middleware Evangelist
How Docker EE is Finnish Railway’s Ticket to App ModernizationDocker, Inc.
VR Group-Finnish Railways is responsible for 118 million passenger rides and moving 41 million tons of cargo a year and is seeing overall growth in rail transit throughout Finland. A priority for the organization is to provide improved customer services, including an improved seat reservation system and bringing modern experiences like next generation mobile apps to their passengers. These improvements require looking at their application portfolio and deciding to either:
Revise: Transform legacy applications to more cost efficient solutions
Redesign: Redesign and rewrite mainframe-based solutions to microservices
In this session, Markus Niskanen, Integration Manager at VR Group, and Oscar Renalias, Sr. Technology Architect at Accenture will discuss how they leveraged Docker EE and the public cloud to be the common platform for these different application modernization projects. They will cover how they are leveraging Docker and the cloud to renew and optimize their application portfolio for greater ROI, leading to organization-wide adaptation of DevOps principles and cultural change in an industry that is over 150 years old.
Building Your NoSQL Ship: How an Enterprise Transitioned from a RDBMS to NoSQ...Docker, Inc.
How do you bring a NoSQL DB into a production Docker Environment? What are key orchestration challenges? How can you design a portable solution that can lift and shift into any environment? What are pro’s and con’s to containerizing your database? By establishing a set of best practices and proper testing you can ensure that your infrastructure design can be resilient in any global environment. The challenge is identifying what works best for your organization. Disruptive testing and partnering with other teams within your company can ensure success when implementing a global application. In this session you will learn from a member of MetLife’s ModSquad innovation team firsthand what challenges MetLife overcame using a NoSQL DB in a Docker environment. You will learn about key decisions impacting orchestration, availability, database replication, and disaster recovery. Additionally, you will understand key differences in classic and swarm mode and how Kubernetes and Docker teaming up will help your Production Design.
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsKonveyor Community
Watch the presentation: https://youtu.be/E3LeAmH6Ems
At the beginning of 2019, Chris Nuland and team were tasked with migrating a large mesosphere DC/OS cluster with hundreds of running containers to Kubernetes for a large fortune 100 healthcare company. One of the key challenges with this migration was the need to finish it within a 7 month timeframe to allow the sunsetting of DC/OS before the cluster’s end of life. In conjunction with this migration, there was also the need to containerize a couple hundred applications and deploy them into the newly built cluster. These tasks were completed in the desired time frame using a variety of migration and onboarding techniques, including the use of a few migration tools, like pathfinder, that would eventually be part of the Konveyor suite of applications.
This presentation will go over many of the challenges of that migration, how certain tooling aided in the process, and how the process would look differently now given many of the migration tooling advantages found in the Konveyor suite of applications.
Presenter: Christopher Nuland, Architect at Red Hat
#bigwhale: An Unexpected Journey into Containerization @ Lockheed Martin - Pa...Docker, Inc.
2017 was a banner year for change and disruption at Lockheed Martin. Specifically Enterprise IT, moving to cloud and taking a chance on Containerization as a Service with Docker. As innovation accelerates and customer needs rapidly evolve, Lockheed Martin must become increasingly agile. Rapidly responding to customer requirements is key, and to facilitate overall business goals, Enterprise IT needs to be agile. We are experiencing software development lifecycles moving from waterfall to agile models of development. These changes are moving downstream toward Enterprise IT operations with the evolution of DevOps.
In order to meet the demands of the customer and make significant progress on our cloud journey, we needed to look at changing how we manage infrastructure, how we change our IT culture and ultimately how we innovate at scale. That’s where the story of i2 labs begins.
This presentation will focus on the creation of i2 labs at Lockheed Martin, which inspired and enabled people and processes to invest in Docker as a company, Containerization as a technology and DevOps as a methodology. How we went from labs testing to building Agile Development Teams to preparing to enter our BETA phase of our Enterprise Containerization as a Service to deploy applications in a consistent, repeatable, and reliable manner.
Migrating from oracle soa suite to microservices on kubernetesKonveyor Community
Watch presentation recording: https://youtu.be/cxH6WjDZc2c
In this session, we’ll explore how Randoli helped a Postal Technology company migrate their payment gateway applications off Oracle SOA Suite to Camel/Springboot on Kubernetes.
The primary drivers for the migration were: move to cloud-native technologies in keeping with the organizational digital transformation mandate; move away from an outdated centralized platform to a decentralized architecture for efficiency, scalability, and manageability; and very high licensing costs of the existing platform.
We’ll discuss:
- The high-level approach we took during the migration including architecture and design decisions.
- How we used Camel/Springboot to implement the services.
- Why and how we used Drools for implementing business rules.
- The test-driven approach using Camel testing framework and how it helped reduce issues.
- CI/CD and build process on Kubernetes.
- How we tackled logging, monitoring, and tracing challenges.
Presenter: Rajith Attapattu, Managing Partner & CTO @ Randoli Inc.
Create a One Click Migration (OCM) process to Automate Repeatable Infrastruct...Quantyca - Data at Core
In his speech at SaltConf19 our Lead Site Reliability Engineer Giandomenico Avelluto talked about how we managed part of LastMinute infrastructure migration using SaltStack capabilities such as Salt Orchestration system and how a “Flight Plan” and the Salt Reactor system can help you to trace all these steps in a very simple way.
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Docker, Inc.
At JCPenney, Black Friday is one of our most critical shopping periods, both in stores and increasingly online. Hundreds of millions of dollars are on the line for us in a narrow shopping window so scaling to handle the traffic and being able to deploy promotions and fix issues without disruption to the website and our business are critical. Our prior way of delivering applications was built on a waterfall model, locked in to a set of ISV vendor dependencies, with rigid silos. It was too slow and expensive to deploy changes and keep pace with our business. We needed an application delivery platform that can handle the scale of Black Friday, and allow us to adapt our systems as our business continues to evolve. In our DockerCon session, we will tell you how we are transforming JCPenney’s omnichannel business with Docker and open solutions like Jenkins, Spring cloud, Netflix OSS and Ansible. We went live in our first iteration in just two months, and then on-boarded over 30 services in the first 6 months. We learned quite a bit along the way and you'll hear why we made an important decision to switch from Docker Community Edition to Docker Enterprise Edition. Our new cloud-native, Dockerized systems handle over 100,000 deployments per year and can scale to handle events like Black Friday with zero issues.
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Daniel Krook
Presentation at the OpenStack Summit in Barcelona, Spain on October 25, 2016.
http://bit.ly/os-kub-oci-cncf
Containers along with next generation topics such as orchestration and serverless computing continue to draw interest across the application developer and data center operator communities because of the enormous potential of the technology and the rapid pace of change.
As the potential of Docker continues to evolve, Kubernetes emerges as the leading orchestration technology, and the OpenStack Magnum project has matured, many want to see shared governance over the baseline container specification and associated runtime and format/image to protect investments and enable confident adoption of this emerging technology.
Join this session to learn the latest about the Open Container Initiative (www.opencontainers.org) and the Cloud Native Computing Foundation (cncf.io) - both collaborative projects of the Linux Foundation - that drive the latest cloud native technologies and projects and see how they relate to Magnum and Kuryr.
Daniel Krook, Senior Software Engineer, IBM
Jeffrey Borek, Program Director, Open Tech, IBM
Sarah Novotny, Senior Kubernetes Community Manger, Google
Docker has become extremely popular in China. Since October of 2016, Alibaba Cloud and Docker partnered to drive adoption of containerized applications in China. In this talk, I will share the status for this program and will present the latest survey of container adoption in China. We'll take a deep analysis of the current landscape and what is different about China's market.
In this session, we will also share some use cases for container usage in enterprises - i.e. how Alibaba group build the core business application platform based on scalable container infrastructure and how local enterprises run their business with container technologies in a hybrid cloud environment.
This presentation will introduce you to Container, Docker, Kubernetes, and Google Kubernetes Engine (GKE) with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
See the recorded session on Facebook live here (min 46.49):
https://www.facebook.com/gdgcloudkl/videos/1013942759041907
There's also recorded session on Youtube here (min 46.49):
https://www.youtube.com/watch?v=ht0ynVjkDcI
GDG Cloud KL July Webinar on July 12, 2020
[Konveyor] roles & processes that make application modernization projects...Konveyor Community
Digital Transformation engagements are definitely the most complex projects you can work on.
And even though we stated many times that it’s possible to minimize the risks through tools for automated analysis and strong skills, it’s still important to keep in mind that collaboration is the key to succeed.
Usually the success of a digital transformation project derives from the collaboration of some actors:
- Technology vendors
- Consulting companies
- Customer
Let’s discuss the complexity and the methodology for teaming properly and successfully.
Presenter: Andrea Battaglia, Technical Partner Development Manager EMEA
CICD Pipelines for Microservices: Lessons from the TrenchesCodefresh
You have finally split your big monolith into microservices built on top of Kubernetes! Now what? How do you validate a more complex application? And how do you make it scale? In this live talk, we look at two case studies, Expedia’s journey to microservices, and Codefresh. If you try to treat microservices like monoliths you’ll end up with thousands of broken pipelines that are impossible to maintain. Learn from the mistakes of the past and let us show you how we fought our way to something much better! This live talk has everything, tech tips, best practices, and yes, even the fabled business value that our bosses all seem to care so much about!
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
Presented at CloudDevelop 2016
Building cloud native applications in containers is a new hot topic. Netflix and Google are two prime examples that have been doing it successfully for some time. Some of the new exciting projects like Docker and Kubernetes are focused on cloud native applications in containers. There are supposed to be numerous benefits including the ability to scale applications out easily while doing development on small systems like laptops, the ability for the system to handle some operational problems, and the capability to safely deploy updates to production many times per day. But, what does this look like in practice and how do you start the move to cloud native and containerized applications? In this session we'll look at what makes up a cloud native application, how they work, and how you can start small. We'll look at applications from an architecture and process point of view along with how you can deploy them to AWS, Azure, or Google Cloud. You'll walk away ready to start development on a cloud native app.
Best Practices for Running and Implementing KubernetesDevOps.com
Kubernetes has become the de-facto orchestration platform for the cloud-native era. However, the expensive trial-and-error and proof-of-concept activities associated with the transition can be daunting for many organizations. Join Fairwinds’ Site Reliability Engineers Ivan Fetch and Luke Reed, and President Kendall Miller as they discuss the best practices for running and implementing Kubernetes. They’ll also cover how engineering leaders are successfully using Kubernetes to improve the reliability, security, and scalability of their applications and the key differences between Enterprise and SME Environments.
Are you considering Kubernetes, but don't know where to start? Are you running Kubernetes in development, but the complexity is keeping you from pushing to production? This webinar will provide you with the right knowledge and insights for adopting Kubernetes at your organization.
Topics include:
Considerations and common pitfalls when implementing Kubernetes,
Best practices for running Kubernetes in production,
Security and cultural implications when adopting Kubernetes,
Key differences between Enterprise and SME Environments.
✭✭ NOTE: a revised version of this lab is available at https://www.slideshare.net/williamyeh/rd-kubernetes-gdg-cloud-kh-201908-version ✭✭
90-Minute Workshop held at Taiwan Cloud Edge Summit 2019 (台灣雲端大會).
* 課程簡介
Kubernetes 是目前雲端環境的顯學。可是,傳統的程式,並不是原封不動搬上去,就能夠自動享受 Kubernetes 所宣稱的種種好處。 新的環境,不僅需要新的 Ops 思維,也需要新的 Dev 思維。我們將以一個半小時的時間,從軟體研發者的角度,探討軟體的設計該做哪些最起碼的改變,從實作中體驗 Kubernetes 引進的新觀念及新效益。
* 課程目標
從實例中體驗,傳統 web 應用程式在搬上 Kubernetes 時,可能會經歷哪些架構面的調整,才能享受新架構的效益:
- 容器化
- 微服務
- 組態管理
- 多重環境管理:本機端與雲端(以 GKE 為例)
An Introduction to Container Organization with Docker Swarm, Kubernetes, Meso...Neo4j
Interest in Docker has increased significantly since its inception. According to a report compiled by a leading cloud-scale monitoring company, Datadog, two-thirds of the companies that try Docker adopt it, and the adopters have increased their container count by five times over a period of nine months. Neo4j has also embraced Docker by supporting official images and also offering specific images of its own.
While the interest in container technology is growing rapidly, so is the need to deploy containers over a cluster of machines to allow scalability and fault-tolerance. This highlights the need for orchestration which refers to the idea of automating the manual process of deploying, configuring and scaling the containers in an automated manner.
In this talk, we provide a hands-on introduction to the three most popular Docker orchestration tools: Kubernetes, Docker Swarm and Mesos. This talk offers a conceptual understanding of each of these technologies along with an insight into the concepts learned through a series of three demos. The demos will illustrate how to deploy and automatically scale a Neo4j container using each of the three orchestration platforms.
We realize that the scope of the topic in terms of the orchestration tools is too broad. The rationale behind choosing the three specific tools is based on the following two reasons: First is their potential use in our cluster at Cincinnati Children’s Hospital (CCHMC). Secondly, they also fall under the leading orchestration tools.
DevOps Training | DevOps Training in Hyderabad TalluriRenuka
DevOps Online Training in Hyderabad - Visualpath is the Leading and Best Software Online DevOps Training institute in Ameerpet. Avail complete DevOps Training Course by simply enrolling in our institute.You will get the best course at an affordable cost. Call on - +91-9989971070.
Visit : https://www.visualpath.in/devops-online-training.html
Best online kubernetes course in H2KInfosys.pdfabhayah2k
H2K Infosys is a proven industry leader in delivering online training programs in a wide range of technologies ever since 2005. Listed below are the numerous advantages of choosing us for Kubernetes online training.
Driving Business and Technical Agility in the Enterprise!
Container World 2017 is the only independent conference offering an exploration of the entire container ecosystem. Over 3 days, you’ll hear from the innovative enterprises, tech giants and startups who are transforming enterprise IT and driving business innovation on such topics as:
Containers and legacy infrastructure
Operations/DevOps
Orchestration & Workloads
Security
Storage/Persistent storage
Standardization and Certification
Emerging technology like serverless, unikernel and beyond
View the brochure for more information: https://goo.gl/OpnoEr
Whether a startup or a large corporation, employing containerization technology can provide significant advantages in terms of agility, portability, flexibility, and speed. Here are some examples from the real world of how containers are used in various business use cases.
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...Edureka!
***** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification *****
This Edureka tutorial on "What is Kubernetes" will give you an introduction to one of the most popular Devops tool in the market - Kubernetes, and its importance in today's IT processes. This tutorial is ideal for beginners who want to get started with Kubernetes & DevOps. The following topics are covered in this training session:
1. Need for Kubernetes
2. What is Kubernetes and What it's not
3. How does Kubernetes work?
4. Use-Case: Kubernetes @ Pokemon Go
5. Hands-on: Deployment with Kubernetes
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Five Strategies for Enterprises to Secure their Kubernetes Clusters.pdfEnterprise Insider
Kubernetes comes with its own set of security issues. However, companies can overcome these challenges and increase their security by utilizing proper awareness and the platform’s built-in features.
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
There’s a constant rise of the container usage in the existing cloud ecosystem.
Most companies are evaluating how to migrate to newer, flexible and automated platform for content and application delivery.
The containers are building themselves alone across the business, but who's securing them?
This presentation discusses the evolution of infrastructure solutions from servers to containers, how can they be secured.
What opensource security options are available today?
Where is the future leading towards container security?
What will come after containers?
Why is Kubernetes considered the next generation application platformCalidad Infotech
There are several application platforms in the modern-day world that one can use for cloud services, DevOps services, and application & software testing. Amidst all the application platforms, the one platform that has stood out is “Kubernetes.” Kubernetes is one of the best next-generation application platforms and will be in trend in 2023. In this… Continue reading Why is Kubernetes considered the next-generation application platform?
An RSVP app designed to be deployed by the dockers on the Kubernetes Minikube Cluster. Front end with flask framework and MongoDB as a backend database.
Youtube video:https://youtu.be/KnjnQj-FvfQ
Microsoft: Enterprise search for cloud native applicationsElasticsearch
Not everything should go into a container, and the heavy lifting of enterprise search is no exception to this. In this talk, we will explore Elastic Cloud on Azure, discussing its benefits and showing how Elastic fits within the cloud native ecosystem outside of the ELK Stack.
How to Secure Containerized ApplicationsDevOps.com
Containers, Kubernetes, and Docker - oh my! These innovative tools have exploded in popularity over the last ten years, and with good reason - allowing for containerized applications gives development teams the flexibility they need to move and deploy quickly. But in the rush to modernize, it’s easy to forget about security. Although applications are now distributed across containers, they are still vulnerable to Layer-7 attacks and malicious activity.
In this webinar, Doug Coburn, Director of Professional Services at Signal Sciences, will walk through:
An overview on containerized applications and how it fits into a DevOps workflow
Where and how containers are vulnerable to Layer 7 attacks
Evaluating tools and processes for deploying security across containers and containerized apps
Konveyor community member Red Hat partnered with research firm Illuminas to better understand how organizations plan to approach application modernization and migration—and what they consider success to look like. In all, 1,000 responses were gathered with half coming from the US and the balance split evenly between the United Kingdom and English-speaking Asia-Pacific.
Tackle 2: New capabilities for modernizing applications to leverage KubernetesKonveyor Community
With the open-source tool Tackle, you can streamline the modernization of your application portfolio to leverage Kubernetes.
- Tackle Hub 2.0 offers new capabilities to help deliver on that promise.
- An almost-no-effort, operator-driven installation helps you get started quickly.
- Additions to the application inventory lets you categorize apps by multiple dimensions to better manage your portfolio. You can add app descriptions through extensible metadata to make categorization meaningful for your organization.
Integrating the application inventory with repositories lets you analyze the source code to get data about your app portfolio and estimate migration cost. You manage and assign credentials to enable access to corporate repositories.
- A questionnaire-based assessment provides information about suitability of the applications for containerization, highlighting risks and producing an adoption plan informed by effort, priority and dependencies.
Tackle Hub is the central interface from where you manage your application portfolio and integrate with other Tackle tools. We’ll go over a demo and highlight the other interrelated tools that help with modernizing applications to Kubernetes.
To learn more about how enterprises plan to or have started modernizing their existing applications to run on Kubernetes, Konveyor contributor Red Hat commissioned a study.
Now, Konveyor is sharing the results of this study to help you learn from others who’ve adopted or plan to adopt Kubernetes.
In this deck, we’ll cover:
- Respondents' main motivations for modernizing existing applications to run on Kubernetes.
- How respondents will measure the success of their modernization projects.
- Hurdles before and during the project.
- Migration strategies and the type of existing applications respondents will modernize first.
- Workloads respondents are using today and how those will shift in two years.
[Konveyor] migrate and modernize your application portfolio to kubernetes wit...Konveyor Community
Meetup recording: https://youtu.be/S8ISWz87rlk
Bringing legacy applications to Kubernetes can have a significant boost on software delivery performance – even without a complete rearchitecture and rewrite of your applications.
The bigger question is, “How can an organization succeed in the daunting task of moving their legacy application portfolio to Kubernetes?”
In this session, you’ll learn about Tackle, the Open Source toolkit designed to help organizations safely migrate and modernize their application portfolio to leverage Kubernetes.
We will be discussing the benefits of bringing applications to Kubernetes, a common approach for migrating and modernizing them, and how Tackle can streamline the adoption process. We will also have a live demo for the first release of the tool!
Presenter: Ramon Roman Nissen, Product Manager - Red Hat
Data-centric Application Analysis with Open-source Tool Tackle-DiVAKonveyor Community
To modernize your application, you first need to understand database operations and transaction processes inside the application.
Tackle-DiVA helps you do that easily with automatic data-centric code analysis. It extracts database/transaction dependencies and suggests refactored transaction processes.
Learn how this new tool contributed by IBM Research works and how you can use it in your next modernization project at this meetup.
Presenter: Yasu Katsuno, Ph.D - Research Staff Member,
IBM Research - Tokyo
Modern Security Pain Points with Application Modernization - With Jermaine Ed...Konveyor Community
Companies are preparing to modernize many business-to-consumer, business-to-business, and business-to-employee apps to the cloud in support of their digital transformation.
As a result, what are apps modernization security problems to account for during Design and DevSecOps?
This session will present security pain points with app modernization concerning confidentiality, integrity, and availability with a few real examples.
Presented by Jermaine Edwards, Distinguished Engineer, CTO at IBM
[Konveyor] address technical risks when implementing workload modernization u...Konveyor Community
See examples of how you can approach technical decisions when migrating to Kubernetes at our next meetup. We'll start by stating our target architectural design then talk through how you can bring legacy software to the desired design.
Presented by Andrea Battaglia, EMEA Technical Partner Development Manager - DX And Cloud-Native Dev. Middleware Evangelist
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
2. 2
Accelerate your journey to Kubernetes
with the Konveyor Community
A community of people passionate about
helping others modernize and migrate
their applications to the hybrid cloud by
building tools and best practices on
how to break down monoliths, adopt
containers, and embrace Kubernetes.
www.konveyor.io
4. 4
About Me
▸ Krishnnan Narayana swamy
▸ Specialist Solutions Architect, ANZ
▸ Based in Melbourne, Australia
▸ https://github.com/krnaraya
▸ https://www.linkedin.com/in/nkrishnan/
5. 5
Bake Security into Dev & Ops
What we’ll discuss today...
▸ Kubernetes Security Best Practices
▸ Kubernetes Native Security through
StackRox
▸ StackRox Kubernetes Security
Platform Architecture
▸ Demo
12. 13
KubeLinter
StackRox Shifted Left
▸ Open source Apache 2.0 license
▸ Checks Kubernetes YAML files and
Helm charts
▸ 16 default checks
▸ Extensible with custom checks
▸ Integrates with any CI tool
KubeLinter as a GitHub action
https://github.com/stackrox/kube-linter
13. 14
Welcome to StackRox.io community
Open source version
▸ Join our Slack Channel
▸ Participate
▸ Contribute
Hello All, Welcome and Thank you for taking your time and joining us today
I am Krishnan Narayana swamy, started my career as a software developer and right after my graduation, few bunch of college mates, we Founded a startup named telesto based on open source lucene search project in 2008 and i have had great association and passion with open source technologies since then. I have in the past and continue to help lot of customers to innovate and adopt open source technologies, especially kubernetes and applications that run on kubernetes, in the best way possible and that is exactly my role as a Specialist Solutions Architect at Redhat ANZ. I am based out of Melbourne in Australia. Feel free to connect with me on linked in and explore my github repositories for my experimentations or demos in the kubernetes space.
I’m a developer and I worked in infrastructure before and I don’t think I thought about security a single time. Basically, what I would do was develop code, make sure it worked on docker containers, push it, and hope for the best; and now looking at it from a security point-of-view, it probably wasn’t the best way to go. So, how do we build security into rolling out our software?
How to bake security into your Dev and Ops processes for your applications running in our kubernetes clusters. Kubernetes is Awesome, but the out of the box open source version has little for security. We will discuss why container security is important, some of the kubernetes security best practices and how stackrox kind of bridges the gap here.
Stackrox is a recent acquisition by Red hat and we have decided to open source and we are in the process of making the platform open source soon.
We will look at the architecture of the platform and its components and how it enables cloud native security for kubernetes clusters and the applications that run in them
We will see a demonstration of the product and how it helps in continuous security across your DevOps process and how it integrates into your CI/CD process enabling your Shift Left on security.
Let us assume, you have a kubernetes native application deployed and have a solid DevOps practice set up
Continuous Integration = Development practice in which developers integrate code into a shared repository (main code path/trunk) every commit; Automated build and unit tests are run to validate the changes. In this way, defects and integration errors are verified and remedied earlier in the process.
Continuous Delivery = Orchestrating your build through a series of quality gates with automated/manual approval processes, however the build stops before reaching production - typically additional validations are required (manual, compliance)
Continuous Deployment = And extension of Continuous Delivery where the build is pushed automatically from commit to production if all the quality gates are met
DevOps-driven adoption of new technologies and processes may leave security as an afterthought or, in some instances, expose new gaps in security coverage and risk management.
Let us assume, you have a kubernetes native application deployed and have a solid DevOps practice set up
Continuous Integration = Development practice in which developers integrate code into a shared repository (main code path/trunk) every commit; Automated build and unit tests are run to validate the changes. In this way, defects and integration errors are verified and remedied earlier in the process.
Continuous Delivery = Orchestrating your build through a series of quality gates with automated/manual approval processes, however the build stops before reaching production - typically additional validations are required (manual, compliance)
Continuous Deployment = And extension of Continuous Delivery where the build is pushed automatically from commit to production if all the quality gates are met
DevOps-driven adoption of new technologies and processes may leave security as an afterthought or, in some instances, expose new gaps in security coverage and risk management.
The defaults in upstream Kubernetes can not be assumed to provide adequate protection based on our use case
A common reason for attacking containers today is to abuse compute resources, for example, for cryptocurrency mining. can also offer access to customer or workload data.
But attacking the container chance to propagate to other nodes in the cluster and also gain persistent access to valuable user code, compute and/or data
receives privileged access, they could potentially access information running in the other containers.
The Kubernetes master controls your cluster. An attacker that can compromise the master can control the environment, including the ability to take it offline. And a compromised etcd can mean the ability to modify or destroy the cluster, steal secrets and credentials, or gain enough information about the application it’s running to go recreate it somewhere else.
Lets discuss some of the best practices out there At the infrastructure level, i recommend keeping the kubernetes cluster up to date,
Make sure that your network access is firewalled off correctly. Make sure the Kubernetes API server (which is basically the entry point into all of your infrastructure) is locked down. (I know a lot of people will restrict it to a VPC or VPN. Just ensure that the traffic to the API server is protected.) Lastly, let’s make sure that the actual host itself is locked down.
Leverage a matured CI/CD processes to deploy applications to kubernetes cluster. One service account authorized against your API server. Obviously, you still have people who need access to the cluster, you still need to debug and fix, but now since you have fewer users and groups, you have a much smaller number of people you need to manage in RBAC.
From an application / container stand point,
It starts with building your image, which means looking at the dependencies, the packages, and most importantly analyzing the vulnerabilities to discover what we already know is bad.
Then, you look at how the app is configured:
What privileges does it have on host os?
What privileges does it have against the API server?
Are there weak secrets or other sensitive data (API keys for registries, sensitive databases)?
What labels and annotations are used? This is key because it allows you to to answer the question of who owns a given service (annotation of owner, email, or team) and is very valuable for debugging for operations. This also allows you to route the issue quickly to the right owner as opposed to playing a game of murder mystery and trying to figure out who owns this application and who deployed it.
Some of the most important configurations best practices that I we highly recommend for containers and Kubernetes are as follows:
Mount host-sensitive directories as read-only - this means no one can write to your file system.
Set up appropriate SELinux profiles to limit containers mounting unix socket. This gives permissions to run containers, create images and so on..
Use capabilities to grant fine-grained privileges - use CAP DROP and CAP ADD to limit what Linux capabilities containers are allowed to run.
Do not run ssh services inside a container.
Ensure that there are no unnecessary ports exposed
ensure that the container’s ports are not mapped to host ports
Network policies – use network policies to limit ingress and egress network communication between Pods (east-west) and from outside to Pods (north-south).
Secure the host OS - SELinux
RESTRICT A CONTAINER FROM ACQUIRING NEW PRIVILEGES
So, the last thing to always remember is that security is hard, more akin to a marathon than a sprint. There’s no such thing as perfect security; it’s always about monitoring, iterating, and making sure that the tools are available for people who are building the code to integrate it into their process and drive security.
Throwing another Buzz word here , the DevSecOps.
The idea here is to embed Security early in your development process to prevent any security incidents and enabling continuous security in a cloud native fashion.
Another key is the constant feedback loop between the build/deploy phase and the runtime phase.
Enable Developers and provide them with the security issues during development and educate them on how they can be fixed.
Culture change when it comes to security right, how do we fix a container image that has vulnerability? , we don’t kill the container process and leave it there, we go back and fix them in our source, build and push a new image into production. Cloud native CI/CD processes allow us to do that.
Stackbox runs in kubernetes, supports declarative style and same Cloud native way of doing things, does remediate using kubernetes constructs ..leverages most of the kubernetes out of the box flexibility to achieve things.
protection
Eliminate blinspots
Threats unique kubernetes vulnerabilities
Time to implement security and learning cost
Remediates in the kubernetes way
Operational security - greater uptime
Operational conflict - inconsistent configurations
Ability to bring security to your build phase, deploy phase and Run phase
It supports all kubernetes
Disconnected installs on prem and runs anywhere
Highly flexible and Integrates with some of the platforms
For example, for package scanning scanning for vulnerabilities, it can work with tenable, Quay or anchore or you can use inbuilt scanning. Supports number of different languages including .NET core
Integrate with your CI/CD tools including jenkins,
DevOps notifications for Jira, slack pagerduty and others..
SIEM toold it can
Central
Core function: UI and API server; policy engine
How it works: Runs as a Kube service in cluster/VM/cloud; must be able to receive inbound connections from all monitored clusters
What it does:
Facilitates all UI and customer-facing API interactions
Performs policy evaluation
Facilitates multi-cluster management of all services environments across various providers and data centers
Sensor
Core function: Point of integration with Kubernetes; processing engine
How it works: Runs as a Kube service with permissions to listen to orchestrator events and CRUD rights for enforcement
What it does:
Inventories cloud-native components (namespaces, running services, network policies, and orchestrator secrets)
Performs detection rule processing
Facilitates enforcement
Collector a Daemonset
Core function: syscall-level data collector
How it works: Runs as a container on each host and inserts a kernel module for syscall visibility
What it does:
Facilitates collection of data for runtime detection
Scanner (Optional)
Core function: Vulnerability scanning of images
How it works: Runs as a Kube HPA in the same cluster as Central.
What it does:
Handles requests to scan image layers from Central
Pulls image layers from registry using configured image integrations
Retrieves updated CVE data from stackrox.io or from Central
Scanner-db
Core function: Database for caching image layer data.
How it works: Runs as a single Kube pod with PostgreSQL DB
What it does:
Caches results of layer scanning
Customers do not need to provide redundancy / backup
AdmissionController
Core function: Plugin to Kube AdmissionController to approve / deny API actions
How it works: Runs as a Replicaset, registered as ValidatingWebhookConfiguration
What it does:
Examines Kubernetes API commands that create pods, deployments, daemonsets, etc.
Offer stackrox admins the ability to reject these API requests based on policy.
Can also examine Update API commands to reject changes for already deployed
Can examine & prevent ‘exec’ and ‘port-forward’ API requests
Sensor talks to kube apis to get data , what deployments, what configuration
Collector - one pod at the node level, what process. What network traffic
From a cluster level, most of the kubernetes distributions, you can leverage out of the box functionalities to extend it for applying security best practices.
For example., From OKE, the upstream open source version of OpenShift few security aspects comes default
Secure OS/Infrastructure
The core components of the Linux kernel that are used for containers are cgroups — control groups, which define the resources like CPU and memory which are available to a given process — and namespaces, which are a way of separating processes by restricting what each process can see, so that system resources “appear” isolated to the process. Along with cgroups and namespaces, you can also use a Linux Security Module (LSM) like SELinux to configure a container’s capabilities. SELinux. Both deny undesirable default capabilities, like the ability to write to the proc filesystem
RHEL CoreOS
Cri-o container runtime - provides a smaller footprint and reduced attack surface
SELinux
Security Built-In
Identity & Access Management
Compliance Operator - describe the desired compliance state of a cluster and provides them with an overview of gaps and ways to remediate them
Volume Encryption
File Integrity Operator
Security Context Constraints - allow administrators to control permissions for pods
Secrets Management
All the above from a more cluster level security
Stackrox elevates it to the next level or application level and brings in the ability to customize your policies and gives a better visibility and ability respond to those events through notifications.
Build Security
Vulnerability scanning
Vulnerability management
CI/CD integration to fail builds
Registry integration to block deployments
CI/CD Integration for CIS Docker checks/failures
Image Content Analysis
Deploy Security
Declarative Policy Creation
Multi-factor risk profiling
Compliance benchmarks
RBAC analysis for Kubernetes
Network policy enforcement
Service Configuration
Admission Controls
Posture Management
Kubernetes Events (Execs/Forwards)
Runtime Security
Intrusion detection & behavioral analysis
Network policy visibility/incident detection
Deep data collection and correlation for forensics
Baselines/whitelists of runtime activity profiles
Killing of compromised pods
Detection of real-time intrusions, cryptojacking, and orchestrator threats