This document provides an overview and agenda for a presentation on secure multitenancy in Kubernetes. It discusses what Kubernetes multitenancy is, available solutions, architectural models for multitenancy including namespace grouping and virtual Kubernetes clusters. It also covers community initiatives for multitenancy control plane including tenant controllers and hierarchical namespaces. The document outlines benchmarking categories and a proposed baseline reference implementation for multitenancy including control plane, data plane, and network isolation techniques.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Tell the history of Container/Docker/Kubernetes, and show the key elements of them.
After view this document, you could know the main feature of Container Docker and Kubernetes.
Very basic infomation about how these technique work together.
Introduction of Kubernetes - Trang NguyenTrang Nguyen
This presentation provides the basic concepts of the Kubernetes for Beginners.
1) Introduction of Kubernetes
Before Kubernetes
What is Kubernetes
What Kubernetes can do?
What Kubernetes can't do?
Features of Kubernetes
Kubernetes Architecture
Kubernetes vs Docker Swarm
Kubernetes 7 use cases
...
2) Kubernetes Component
What is Kubelet?
What is Kubectl?
What is Kubeadm?
3) Nodes in Kubernetes
What is a node in Kubernetes?
Master node
Worker node
4) Kubernetes Development Process
What is blue green deployment?
How to automate the deployment?
5) Networking in Kubernetes
Kubernetes networking model
Ingress networking in Kubernetes
6) Security Measures in Kubernetes
Best security measures in Kubernetes
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
Building CI/CD Pipelines with Jenkins and KubernetesJanakiram MSV
Learn how to configure CI/CD pipelines with Jenkins and Kubernetes. We will show you to how to automate deployments from source code to production clusters.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Helm - Application deployment management for KubernetesAlexei Ledenev
Use Helm to package and deploy a composed application to any Kubernetes cluster. Manage your releases easily over time and across multiple K8s clusters.
Kubernetes can be complex to manage at enterprise scale! Cloud provider services like Amazon EKS solves the challenge of bringing up a Kubernetes control plane. However, production Kubernetes requires multi-layer security, access controls, load-balancing, monitoring, logging, governance, secrets management, policy management, and several other considerations. In this fast paced talk, we will cover how enterprises can address each of these areas and discuss best practices to fast track deployments.
Tell the history of Container/Docker/Kubernetes, and show the key elements of them.
After view this document, you could know the main feature of Container Docker and Kubernetes.
Very basic infomation about how these technique work together.
Introduction of Kubernetes - Trang NguyenTrang Nguyen
This presentation provides the basic concepts of the Kubernetes for Beginners.
1) Introduction of Kubernetes
Before Kubernetes
What is Kubernetes
What Kubernetes can do?
What Kubernetes can't do?
Features of Kubernetes
Kubernetes Architecture
Kubernetes vs Docker Swarm
Kubernetes 7 use cases
...
2) Kubernetes Component
What is Kubelet?
What is Kubectl?
What is Kubeadm?
3) Nodes in Kubernetes
What is a node in Kubernetes?
Master node
Worker node
4) Kubernetes Development Process
What is blue green deployment?
How to automate the deployment?
5) Networking in Kubernetes
Kubernetes networking model
Ingress networking in Kubernetes
6) Security Measures in Kubernetes
Best security measures in Kubernetes
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
Building CI/CD Pipelines with Jenkins and KubernetesJanakiram MSV
Learn how to configure CI/CD pipelines with Jenkins and Kubernetes. We will show you to how to automate deployments from source code to production clusters.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Helm - Application deployment management for KubernetesAlexei Ledenev
Use Helm to package and deploy a composed application to any Kubernetes cluster. Manage your releases easily over time and across multiple K8s clusters.
Kubernetes can be complex to manage at enterprise scale! Cloud provider services like Amazon EKS solves the challenge of bringing up a Kubernetes control plane. However, production Kubernetes requires multi-layer security, access controls, load-balancing, monitoring, logging, governance, secrets management, policy management, and several other considerations. In this fast paced talk, we will cover how enterprises can address each of these areas and discuss best practices to fast track deployments.
Simplify Your Way To Expert Kubernetes ManagementDevOps.com
Kubernetes is a deep and complex technology that is evolving fast with new functionality and a growing ecosystem of cloud-native solutions. While the public cloud delivers an almost frictionless user experience, configuring and managing a production Kubernetes environment is an enormous technical challenge for the majority of enterprises that choose to do so on premises. Without the right approach, operationalizing Kubernetes in the data center can take upwards of 6 months, jeopardizing developer productivity and speed-to-market.
In this webinar, you’ll learn from Nutanix cloud native experts on how to fast-track your way to operationalizing a production-ready Kubernetes environment on-prem.
Specifically, we’ll talk about:
How containerized applications use IT resources (and why legacy infrastructure isn’t built for Kubernetes);
The main advantages of running Kubernetes on prem (as part of a multi-cloud strategy);
Key aspects of Kubernetes lifecycle management that greatly benefit from automation.
Meetup 12-12-2017 - Application Isolation on Kubernetesdtoledo67
Here are the slides I presented on 12-12-2017 at the Bay Area Microservices Meeting. I presented some of the best practices to achieve application isolation on Kubernetes
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer.
Join this session to learn about:
- The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow
- Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols
- Strategies for exposing Kubernetes services and APIs at the edge of your system
- A brief guide to the (potential) future of cloud native API gateways
Credit to Richard Li's QCon talk, which contains more information on this topic: https://www.infoq.com/presentations/api-gateways-history/
SoftwareCircus 2020 "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer.
Join this session to learn about:
– The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow
– Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols
– Strategies for exposing Kubernetes services and APIs at the edge of your system
– A brief guide to the (potential) future of cloud native API gateways
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
Kubernetes: від знайомства до використання у CI/CD
Олександр Занічковський
Technical Lead у компанії SoftServe
14+ років досвіду розробки різноманітного програмного забезпечення, як для десктопа, так і для веб
Працював фріланс-програмістом та в команді
Цікавиться архітектурою ПЗ, автоматизацією процесів інтеграції та доставки нових версій продукту, хмарними технологіями
Віднедавна займається менторінгом майбутніх техлідів
У вільний від роботи час грає на гітарі і мріє про велику сцену
Олександр поділиться власним досвідом роботи з Kubernetes:
ознайомить з базовими поняттями та примітивами K8S
опише можливі сценарії використання Kubernetes для CI/CD на прикладі GitLab
покаже, як можна використовувати постійне сховище, збирати метрики контейнерів, використовувати Ingress для роутинга запитів за певними правилами
покаже, як можна самому встановити K8S для ознайомлення чи локальної роботи
Virtual Kubernetes Clusters on Amazon EKSJim Bugwadia
From AWS Community Day 2019!
Learn how to use Kubernetes native constructs to build Virtual Clusters, so that your teams can focus on delivering business value.
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...Altinity Ltd
Over the last few years Kubernetes has transitioned from an object of curiosity and fear to a robust platform for big data. Watch this webinar and you will learn how the Altinity Kubernetes Operator for ClickHouse enables users to run high performance analytics on ClickHouse. You will see a simple installation and teach you how to scale it into a cluster that can analyze 100s of terabytes of data. Along the way we’ll share our lessons for ClickHouse on Kubernetes in Altinity.Cloud. We built it on Kubernetes using the Altinity Operator and now run hundreds of clusters in the cloud. You can too!
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
Many engineers are confused about how a cloud-native API gateway relates to Kubernetes Ingress or a Service load balancer. This talk will unravel this confusion.
An API gateway is at the core of how APIs are managed, secured and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud-native space.
Join the expert to experts Daniel Bryant in uncovering the evolution of API gateways over the past ten years and how the original problems they were solving have shifted in relation to cloud-native technologies and workflow.
Current challenges of using an API gateway within Kubernetes: scaling the developer workflow, and supporting multiple architecture styles and protocols
In this talk, you'll learn:
How the evolution of API gateways looks
Strategies for exposing Kubernetes services and APIs at the edge of your system
A brief guide to the (potential) future of cloud-native API gateways
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale
Kubernetes adoption is growing and more companies are leveraging Terraform. At RightScale, we combine Kubernetes, Terraform, RightScale, and cloud. In this webinar, find out how we are combining these solutions to create a fully automated DevOps process.
Kubernetes have been widely adopted. The next challenge of scaling Kubernetes through the organization is multi-tenancy. This session will walk through how we can do multi-tenancy on Kubernetes with access control, fair sharing, and isolation.
Youtube Recorded: https://youtu.be/oCEL-nWhc-w
TechTalkThai Conference: Kubernetes Trends
September 16, 2021
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDaniel Bryant
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer.
Join this session to learn about:
– The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow
– Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols
– Strategies for exposing Kubernetes services and APIs at the edge of your system
– A brief guide to the (potential) future of cloud native API gateways
Similar to Kubecon US 2019: Kubernetes Multitenancy WG Deep Dive (20)
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
Deep dive into container networking for Docker EE (Enterprise Edition) using open source Contiv networking solution. Talk + demo of Docker EE Swarm mode + Contiv.
Video recording of the talk is at the Cisco Live web site. www.ciscolive.com
Presentation + demo at Triangle Kubernetes and Openshift Meetup June 2017. Architecture overview and live demo of Contiv open container networking project working with Red Hat Openshift Container platform.
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
Container networking & policies across mixed cloud environments (containers, VMs, bare metal). Talk & demo at Openstack Summit 2017 Boston.
Video recording of talk: https://www.openstack.org/videos/boston-2017/cisco-networking-policies-across-containers-and-vms
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
3. • Overview and Architecture
• What is Kubernetes Multitenancy ?
• Architectural models for Multitenancy
• Community initiatives: Multitenancy control plane
• Tenant controller & namespace grouping
• Hierarchical namespaces
• Virtual clusters
• Community initiatives: Data plane and benchmarking
• Benchmarking
• Data plane models
• Demo
• Q & A
Agenda
5. • What is it ?
• Ability to share a Kubernetes cluster between multiple independent teams
• Why is it useful ?
• Improved resource efficiencies (esp when move to containers on BM)
• Reduced cluster sprawl
• Lower capex and opex for the cluster operator
• Resource usage burstability -> Higher application performance
• Essentially a bin-packing & statistical multiplexing problem
• Potential challenges
• Kubernetes not designed for Multitenancy at its core
• Unlike say Openstack, there are no core K8s resources for ”Users”, “Tenants”, “Projects”
• Wide spectrum of loosely defined scenarios and potential use case
• Defining “Standardization” vs best practice vs implementation choice
What is Kubernetes Multitenancy ?
6. The community feels this area needs work
• The New Stack poll (newstack.io November 2019)
7. • Categories of Multitenancy (high level use cases)
• “Soft” Multitenancy
• Ex. Multiple teams within the same enterprise sharing a K8S cluster
• “Hard” Multitenancy
• Ex. Service provider hosting multiple independent tenants on a shared cluster
• “Coke & Pepsi on the same K8s cluster”
• Other
• SaaS multitenancy
What is Kubernetes Multitenancy ? …
8. • Available solutions
1. Community Kubernetes + DIY solution using namespaces, network
policies etc
2. Vendor/ commercial distributions with features built on these
• E.g. Openshift “Projects”, Rancher “Projects”
3. Emerging community initiatives tracked within K8s Multitenancy
Working group & others
What is Kubernetes Multitenancy ? …
9. Architectural Models
VM VM VM
Hypervisor
k8s1 k8s2 k8s3
IaaS
ex. vSphere
k8s
cluster
mgmt
T1 T2 T3
BM BM BM BM
BM BMBMBM
ns1 ns2 ns3 ns-a ns-b ns-x ns-y
K8S
T1 T2 T3
Super K8S
BM BM BM BM
k8s1 k8s2 k8s3
T1 T2 T3
BM BMBMBM
K8S T1 T2 T3
A
B
C
D
10. Architecture Options
Multitenancy
Architecture Model
Resource
efficiency
Level of
Tenant
isolation
Tenant/
application
Config
restrictions
All “Cloud
Native”
architecture
Architecture maturity &
production readiness
A: Multiple K8S
clusters on top of a
Virtualization IaaS
Low-
medium
High No No (multiple
separate
platforms,
orch.)
Medium-High
B: Namespace
grouping with
Tenant resources
High Medium-
High
Some
restrictions
eg cluster
scoped rescs.
Yes Medium
C: Virtual
Kubernetes Clusters
High High No (?) Yes Early
D: Core Kubernetes
change (Tenant as
1st class resource)
High High No (?) Yes (in
theory)
Very low (design does
not exist)
11. Mapping Tenants, Applications, Services
Tenant-1
Application-1
Namespace-1
S1 S2 S3
Tenant-1
Application-1
N1
S1 S2 S3
N2 N3
Tenant-1
Application-1
N1
S1 S2 S3
N2
Virtual
Cluster1
Application-2
S4
N3 N4 N5 N6
1 tenant <> 1 app <> 1 NS
(M micro-services all in 1 NS)
Need to resolve naming conflicts
1 tenant <> 1 app <> M NS
(1 service per NS)
Better service portability
1 tenant <> M apps <> mix of H-NSs & VCs
12. Tenant vs Application Security Responsibility Model
Tenant-A
resources
Tenant-B
resources
Cluster control
Plane resources
(k8s, monitoring etc)
Cluster and provider infrastructure resources
Application Security tools
e.g. Aqua
14. Operational Model: Personas and workflows
Cluster-admin provisions K8S
cluster with 1 (of N)
recommended security profiles
Cluster-admin provisions
Tenant template and
Namespace template objects
Cluster-admin Tenant-admin Tenant-user
Tenant-admin provisions a
new tenant referring to
these templates
Tenant-admin provisions access
controls for the new tenant including
other admins & non-admin user RBAC
Tenant-user provisions
namespace scoped k8s
resources within tenant
Tenant-admin performs CRUD
operations and tenant life cycle
mgmt. on the tenant resource itself
15. Tenant Operator Model
• Self-service or Admin-
provisioned Tenants
• Each Tenant-CR manages a
collection of namespaces,
virtual clusters and associated
resources via corresponding
CRs that eventually own those
K8s resouces
• Named admins + named
resource RBAC
17. Team NS
Hierarchical Namespace Controller
• Propagates policy objects from parents to
children
• Hardcoded list in v0.1 (Nov), aim to be
configurable in v0.3 (early 2020)
• Self-service subnamespaces
• No need for cluster-level privileges to create
subnamespaces
• Hierarchical authz checks
• “Subadmins” cannot deprive “superadmins”
of access
• Integrations via K8s labels
• Namespaces receive labels indicating the
subtrees they’re in.
Org NS
Service 1 NS Service 2 NS
SRE RBAC Network Policy
SRE RBAC Network Policy
Dev RBAC Team secrets
SRE RBAC Network Policy
Dev RBAC Team secrets
SRE RBAC Network Policy
Dev RBAC Team secrets
Original objects
Propagated
objects
Hierarchical config
Hierarchical configHierarchical config
21. Multitenancy Benchmarks
• Goals: validate whether multi-tenancy has been achieved, independently of how its configured
• Decouple how multi-tenancy is provisioned and managed from the desired state.
• Define the desired states for multi-tenancy
• Provide automated tests for validating the desired states
MT Profile Level Intent
Level 1 Uses K8s API objects; can be manually configured; limited tenancy features
Level 2 Level 1 + allow extensions for self-service DevOps i.e. namespace creation, etc.
Level 3 Level 2 + ability to create CRDs,etc. (virtual control plane)
22. • Categories:
1. Control Plane Isolation (CPI)
2. Tenant Isolation (TI)
3. Network Isolation (NI)
4. Host Isolation (HI)
5. Data Isolation (DI)
6. Fairness (FNS)
7. Self-Service Operations (OPS)
• Formatted similar to CIS benchmarks
• Test suite implemented using k8s e2e tests framework
• Open development model: community submits PRs for candidate benchmark
tests and implementations
Benchmark Categories & Formal Definition
23. • Profile Applicability:
• Level 1
• Type:
• Behavioral Check
• Category:
• Control Plane Isolation
• Description:
• Tenants should not be able to …
• Rationale:
• Tenants should not be able to access control
plane resources ...
Example: MTB-PL1-CC-CPI-1
• Audit:
• Run the following commands to retrieve
the list of non-namespaced resources:
• kubectl --kubeconfig cluster-admin api-
resources --namespaced=false For all non-
namespaced resources, and each verb
(get, list, create, update, patch, watch,
delete, and deletecollection) issue the
following commands:
• kubectl --kubeconfig tenant-a auth can-i
<verb> <resource> Each command must
return 'no'
24. Example Baseline Reference Implementation:
• Control Plane:
• Namespace Grouping Model (Tenant Operator based)
• Data Plane:
• containerD/ CRI-O runtime
• Container sandboxing
• Pod Security Policy (+Apparmor, Seccomp)
• Kata containers
• K8s Network Policy
• (CNI vendor specific) Global Network Policy
• Supported by Calico, Cisco ACI, Cilium, (others ?)
• Dynamic policy admission controller/ framework
• Open Policy Agent/ Gatekeeper/ Kyverno/ K-rail ..
25. Network Policy: Global Policy + K8s Policy
• Current K8s Network Policy is namespace scoped only non-ideal for Multi-tenancy
• Recommendation: Use a combo of K8s Network Policy + (CNI-specific) Global Network Policy
• Global Network Policy: Tool for Cluster Admin to isolate tenants
• K8s Network Policy: Developers, Devops use for micro-segmentation
Tenant-1 Tenant-2
Global nw policy rule
For tenant isolation
K8s nw policy rules for
App team microsegmentation
29. Where to find us
• Home page: https://github.com/kubernetes-sigs/multi-tenancy/
• https://github.com/kubernetes/community/tree/master/wg-
multitenancy
• Slack channel: Kubernetes Slack, #wg-multitenancy
• Google Group: https://groups.google.com/forum/#!forum/kubernetes-
wg-multitenancy
• Bi-weekly meeting (join google group for invite)
• Tuesday 11am Pacific Time