Are you still keep your credential in your code?
This session will show you how to do secrets management in best practices with Hashicorp Vault with a demo on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/kBgePhkmRMA
TD Tech - Open House: The Technology Playground @ Sathorn Square
October 29, 2022
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
Ray Kao and Kevin Harris from Microsoft presenting ‘Kubernetes Security with Calico and Open Policy Agent’ at the spring 2019 Kubernetes and Cloud Native meetup in Toronto.
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Kubernetes have been widely adopted. The next challenge of scaling Kubernetes through the organization is multi-tenancy. This session will walk through how we can do multi-tenancy on Kubernetes with access control, fair sharing, and isolation.
Youtube Recorded: https://youtu.be/oCEL-nWhc-w
TechTalkThai Conference: Kubernetes Trends
September 16, 2021
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
Ray Kao and Kevin Harris from Microsoft presenting ‘Kubernetes Security with Calico and Open Policy Agent’ at the spring 2019 Kubernetes and Cloud Native meetup in Toronto.
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Kubernetes have been widely adopted. The next challenge of scaling Kubernetes through the organization is multi-tenancy. This session will walk through how we can do multi-tenancy on Kubernetes with access control, fair sharing, and isolation.
Youtube Recorded: https://youtu.be/oCEL-nWhc-w
TechTalkThai Conference: Kubernetes Trends
September 16, 2021
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
https://thinkcloudly.com/
This is a presentation I held at "DevOps and Security" -meetup on 5th of April 2016 at RedHat.
Source is available at: https://github.com/jerryjj/devsec_050416
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
Kubernetes has two simple but powerful network concepts: every Pod is connected to the same network, and Services let you talk to a Pod by name. Bryan will take you through how these concepts are implemented - Pod Networks via the Container Network Interface (CNI), Service Discovery via kube-dns and Service virtual IPs, then on to how Services are exposed to the rest of the world.
Securing and Automating Kubernetes with KyvernoSaim Safder
Kyverno is a CNCF Sandbox Project Created by Nirmata.
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
In this session Shuting Zhao and Jim Bugwadia, both of whom are Kyverno maintainers will provide an overview of Kyverno and describe how you can get started with using it.
Evolution of kubernetes and uses cases is more valuable when your team can manage secrets in more secure context for all teams!! Involve secure team and dev team for this process is very essential because you need broke this dependency with external-secrets!!
In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points:
1.Challenges of security and secret keys in containers
2.Best practices for saving and securing distribution of secrets in Docker Containers
3.Managing secrets in Kubernetes using volumes and sealed-secrets
4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz
Learn from HashiCorp Vault engineer Nick Cabatoff how you can ensure that you actually use Vault effectively to allow no potential leaks of secret credentials, apis, or certs.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
https://thinkcloudly.com/
This is a presentation I held at "DevOps and Security" -meetup on 5th of April 2016 at RedHat.
Source is available at: https://github.com/jerryjj/devsec_050416
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
Kubernetes has two simple but powerful network concepts: every Pod is connected to the same network, and Services let you talk to a Pod by name. Bryan will take you through how these concepts are implemented - Pod Networks via the Container Network Interface (CNI), Service Discovery via kube-dns and Service virtual IPs, then on to how Services are exposed to the rest of the world.
Securing and Automating Kubernetes with KyvernoSaim Safder
Kyverno is a CNCF Sandbox Project Created by Nirmata.
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
In this session Shuting Zhao and Jim Bugwadia, both of whom are Kyverno maintainers will provide an overview of Kyverno and describe how you can get started with using it.
Evolution of kubernetes and uses cases is more valuable when your team can manage secrets in more secure context for all teams!! Involve secure team and dev team for this process is very essential because you need broke this dependency with external-secrets!!
In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points:
1.Challenges of security and secret keys in containers
2.Best practices for saving and securing distribution of secrets in Docker Containers
3.Managing secrets in Kubernetes using volumes and sealed-secrets
4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
Managing secrets in a distributed cloud world requires a new approach to security. Applications and systems are now frequently created and destroyed. The network between distributed clouds, applications, and systems is low-trust, furthering the complexities of secrets sprawl. So, what is the solution?
HashiCorp Vault seeks to solve the problem of secret sprawl by centralizing secrets management in a scalable, repeatable workflow to be able to create, manage, and revoke secrets as needed.
Watch this webinar to learn:
- How Vault addresses today’s security threats
- How security teams can use Vault to store and manage all their secrets across their private and public infrastructure, globally.
- How Adobe reduced secret sprawl, increased operational performance of a key security process, and processes 100 trillion transactions with Vault
For full webinar recording: https://hashicorp.com/resources/eliminating-secret-sprawl-in-the-cloud
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
Secret-based protocols are the most popular methods for establishing trust in authentication. Unfortunately, they are also one of the first attack surfaces to be probed when system compromise is attempted. Today’s digital services often focus on scalability, high-availability, and fault tolerance, leading to a shift towards microservices on cluster-based architectures. Secret management has evolved as well, leading to the development of cluster-compatible, open-source SM tools such as HashiCorp’s Vault. This talk is designed to help SecOps professionals leverage security concepts such as spatial and temporal attack surfaces, trust, and risk acceptance to secure their cluster credential management.
Apache CloudStack Integration with HashiCorp VaultCloudOps2005
Khosrow Moosavi presented how to integrate HashiCorp Vault into your Apache CloudStack Infrastructure-as-Code at the CloudStack Collab Conference of ApacheCon 2018.
Containers deployments in Kubernetes clusters create both familiar and new security challenges. Given the ephemeral nature of containers, the speed and agility goals of microservices architecture, a preliminary detection of potential risks, and early discovery of viable threats yield the best security outcomes.
Successfully addressing the Kubernetes security challenges requires integrating security into each phase of the container lifecycle: build, deploy, and run.
This webinar will throw light on how to:
* Stay on top of ongoing Kubernetes hygiene by hardening your nodes, employing best practices
* Implement role-based access control of users
* Manage Kubernetes Secrets
* Thwart an attack, with a live demo
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
Codemotion Madrid 2023 - Sealed Secrets_ protegiendo tus Secretos de Kubernet...Alfredo García Lavilla
Hay muchas alternativas para gestionar Secretos en Kubernetes, pero pocas tienen la sencillez de uso de Bitnami Sealed Secrets. La idea es sencilla: permitir a los usuarios cifrar sus Secretos localmente. Como los Sealed Secrets están cifrados, se pueden almacenar sin problemas junto con el resto de la configuración de las aplicaciones. Esto habilita un modelo de trabajo GitOps muy popular en la comunidad Open Source.
Sealed Secrets hace una gestión de secretos en un cluster realmente sencilla, pero ¿qué ocurre cuando tienes muchos secretos que gestionar? ¿o cuándo tienes que gestionar no un cluster sino cientos de ellos?
En la charla veremos cómo se pueden hacer una gestión de Secretos a escala con Sealed Secrets.
Similar to Kubernetes Secrets Management on Production with Demo (20)
Deploy 22 microservices from scratch in 30 mins with GitOpsOpsta
- What do you need to deploy microservices?
- What is Docker, Kubernetes, Infrastructure, and GitOps?
- Why can GitOps help us to improve the DevOps process?
- Demo GitOps
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Google DevFest 2022
- What are Internal Developer Portal (IDP) and Platform Engineering?
- What is Backstage?
- How Backstage can help dev to build developer portal to make their job easier
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/u_nLbgWDwsA?t=850
Dev Mountain Tech Festival @ Chiang Mai
November 12, 2022
This is a hands-on lab to introduce you to CCE and DevCloud on Huawei Cloud to build a DevSecOps Platform.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
HUAWEI CONNECT 2022 Bangkok: Hands-on Lab
September 21, 2022
How to build DevSecOps Platform on Huawei CloudOpsta
We will show how to build a DevSecOps Platform with various components on Huawei Cloud.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
HUAWEI CONNECT 2022 Bangkok
September 20, 2022
- What is GitOps?
- Why can GitOps help us to improve the DevOps process?
- Demo GitOps
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/ThaiProgrammerSociety/videos/1413812212460478
Coder Live by Thai Programmer Association
August 29, 2022
- What is Kubernetes
- Why we need Kubernetes
- Demo how to deploy application on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/ThaiProgrammerSociety/videos/1908659749331066
Coder Live with Thai Programmer Association
June 6, 2022
Platform Engineering is the practice of building and operating a common platform as a product for technology teams.
In this session, we will talk about why and when we need a platform. How to build Platform Engineering and demo.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/brBZYbNbnAo
Dev Mountain Tech Festival 2022 @ Khaoyai
March 19, 2022
Manage Kubernetes Clusters with Cluster API and ArgoCDOpsta
Opsta and VMware will talk about Cluster API and ArgoCD. Let's learn how to create Kubernetes Cluster faster with Cluster API and ArgoCD in the world of application modernization
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Piyapol Permpongpaiboon
DevOps Engineer
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/vmugthailand/videos/469577308221545
VMUG Thailand
February 23, 2022
DevSecOps is a word that combines development, security, and operations. DevSecOps deals with software development, operations, security, and services. It emphasizes communication, collaboration, and integration between software developers, security teams, and information technology operations personnel.
In this session, you will learn how to integrate security techniques into the DevOps process.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/mi8Zo9O6OUY
TechTalkThai Conference: Enterprise Cybersecurity 2021
October 5, 2021
We already seen the important and start to transform our organization to DevSecOps Culture to prepare response for quickly change in business.
This session will explain how you can scale DevSecOps on Enterprise Organization from pilot team and project to org-wide adoption with 5 techniques.
Youtube Recorded: https://youtu.be/7s-evWxFSIQ
TechTalkThai Conference 2021: Enterprise Software Development on July 16, 2021
This presentation will introduce you to Container, Docker, and Kubernetes with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
Facebook Live: https://www.facebook.com/imcinstitute/videos/4199946253380670
Youtube Recorded: https://youtu.be/vW1Yq5ftWZ4
IMC Live Webinar on July 17, 2020
This presentation will introduce you to Container, Docker, Kubernetes, and Google Kubernetes Engine (GKE) with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
See the recorded session on Facebook live here (min 46.49):
https://www.facebook.com/gdgcloudkl/videos/1013942759041907
There's also recorded session on Youtube here (min 46.49):
https://www.youtube.com/watch?v=ht0ynVjkDcI
GDG Cloud KL July Webinar on July 12, 2020
This presentation will show you overview of Google Cloud Service and show step-by-step example with Wordpress to introduce each service on GCP
Google Cloud Study Jam Bangkok 2019 #1 and #2 at ITKMITL and CPE KU on October 19-20, 2019
All you have to know about Google Cloud Certified. Study path plus with tips to pass the certification exams.
Google Cloud Bangkok Meetup at Skooldio on September 27, 2019
Facebook Live here (min 1:20:00) https://www.facebook.com/groups/115166445851226/permalink/408079266559941/
DevOps is the future and next step for developer that need to learn. This session will explain why DevOps is important. The concept of DevOps and related technology and tools. Then how to start DevOps
Guest Speaker at IT@KMITL on March 20, 2019
DevOps is the future and next step for developer that need to learn. This session will explain why DevOps is important. The concept of DevOps and related technology and tools. Then how to start DevOps
Guest Speaker at ICT Mahidol on December 24, 2018
In this slide. We will explain about what is DevOps, Docker, Kubernetes and CI/CD. We will show problem of development in real world and solution. You can watch live here https://www.facebook.com/devopsbkk/videos/294665554682243/ from minute 56
DevOps BKK 2018 at Bitec Bangna on September 8, 2018
What are you going to do if you have 60,000 jobs coming in a blink of an eye? It's normal in the Machine Learning world that you are going to process a huge load of the jobs that coming instantly in no time. We are going to walk you through our journey to scale out Kubernetes cluster to handle them. The tools we used, load testing, how to measure it and our solution.
DevOps is the next buzz word that all organization have to apply. This presentation will show you overview of all DevOps Technology you need to learn to transform your organization to DevOps organization.
OSEDA 2017 Seminar at Kasetsart University on December 16, 2017
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Kubernetes Secrets Management on Production with Demo
1. Jirayut Nimsaeng (Dear)
CEO & Founder, Opsta (Thailand) Co.,Ltd.
TD Tech - Open House: The Technology Playground @ Sathorn Square
October 29, 2022 https://bit.ly/opsta-tdtech-vault
Secrets Management on
Production
2. Kubernetes Secrets Management
#whoami
Jirayut Nimsaeng (Dear)
Jirayut has been involved in DevSecOps, Container, Cloud Technology
and Open Source for over 10 years. He has experienced and
succeeded in transforming several companies to deliver greater
values and be more agile.
● He is Founder and CEO of Opsta (Thailand) Co.,Ltd.
● He is Cloud/DevSecOps Transformation Consultant and
Solution Architecture
● He is the first Certified Kubernetes Security Specialist (CKS)
and Certified Kubernetes Administrator (CKA) in Thailand
● He is first Thai Google Cloud Developer Expert (GDE) in
Thailand
16. Kubernetes Secrets Management
HashiCorp Vault
HashiCorp Vault is an identity-based secrets and encryption
management system. Vault provides encryption services that are
gated by authentication and authorization methods. Using Vault’s
UI, CLI, or HTTP API, access to secrets and other sensitive data
can be securely stored and managed, tightly controlled
(restricted), and auditable.
21. Kubernetes Secrets Management
How to use Kubernetes Secrets
apiVersion: v1
kind: Secret
metadata:
name: rabbitmq
namespace: default
type: Opaque
data:
RabbitPass: cmFiYml0bXE=
stringData:
RabbitPlain: P@ssw0rd
apiVersion: apps/v1
kind: Pod
metadata:
name: nginx
namespace: default
spec:
containers:
- name: nginx
image: nginx:latest
env:
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: rabbitmq
key: RabbitPass
Create Secret Inject Secret into Container
Environment Variable
Read Secret from Code
[NodeJS]
process.env.RABBITMQ_PASSWORD;
[Python]
import os
os.getenv('RABBITMQ_PASSWORD')
[Golang]
package main
import (
"os"
)
os.Getenv("RABBITMQ_PASSWORD")
22. Kubernetes Secrets Management
What we need
● Developer can self-manage secrets in non-production environment
● Admin/Security Team can manage secrets on production environment
● Kubernetes should sync secrets from HashiCorp Vault automatically
● Developer just config their application to use secret with agreed
variable name
● Developer should not directly access to Kubernetes Secrets
25. Kubernetes Secrets Management
External Secrets Operator
External Secrets Operator is a Kubernetes operator that integrates
external secret management systems like AWS Secrets Manager, HashiCorp
Vault, Google Secrets Manager, Azure Key Vault and many more. The
operator reads information from external APIs and automatically injects
the values into a Kubernetes Secret.
26. Kubernetes Secrets Management
Why External Secrets Operator?
● Support many Secrets Manager
● Easy to understand for Developer
● Easy to Maintain
● Secure
30. Kubernetes Secrets Management
Vault Production on Kubernetes Checklists
❏ Use Official Vault Helm Chart
❏ Don’t run as root
❏ Run with HA mode
❏ Configure End-to-End TLS
❏ Dedicated worker node if possible
❏ Ensure mlock is Enabled
https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-security-concerns
33. Kubernetes Secrets Management
Sample Kyverno Policy
validationFailureAction: enforce
background: true
rules:
- name: privileged-containers
match:
any:
- resources:
kinds:
- Pod
validate:
message: >-
Privileged mode is disallowed. The fields
spec.containers[*].securityContext.privileged
and spec.initContainers[*].securityContext.privileged
must be unset or set to `false`.
pattern:
spec:
containers:
- =(securityContext):
=(privileged): "false"
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: unmatched-key
spec:
validationFailureAction: enforce
rules:
- name: check-unmatch-namespace-and-key
match:
resources:
kinds:
- ExternalSecret
validate:
message: "key must prefix with namespace name"
pattern:
spec:
dataFrom:
- extract:
key: "{{request.namespace}}/?*"
34. Kubernetes Secrets Management
Further More
● Reloaded Pod when Secrets changed
https://github.com/stakater/Reloader
● Integrate HashiCorp Vault with Databases
● Dynamic or Rotate Secrets
● How to manage Kubernetes secrets with GitOps?
35. Kubernetes Secrets Management
Contact Us
Jirayut Nimsaeng (Dear)
Facebook:
Email:
Website:
fb.me/DearJirayut
jirayut@opsta.co.th
www.opsta.co.th
Founder & CEO