This document discusses how to secure a Kubernetes platform. It covers setting up authentication and authorization using RBAC and certificates. It also discusses implementing network policies and pod security policies to restrict traffic and resources. Additional topics include integrating Vault for secrets management and using admission controllers and auditing to intercept and modify API requests for security purposes.
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
Google DevFest2019 Presentation at Infosys Campus Bangalore. Application deployment in Kubernetes with Helm is demo'ed in Google Kubernetes Engine (GKE). This is an introductory session on Helm. Several references are given in it to further explore helm3 as it is in Beta state now.
Deploy 22 microservices from scratch in 30 mins with GitOpsOpsta
- What do you need to deploy microservices?
- What is Docker, Kubernetes, Infrastructure, and GitOps?
- Why can GitOps help us to improve the DevOps process?
- Demo GitOps
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Google DevFest 2022
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Helm - Application deployment management for KubernetesAlexei Ledenev
Use Helm to package and deploy a composed application to any Kubernetes cluster. Manage your releases easily over time and across multiple K8s clusters.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
Administrators and developers are increasingly seeking ways to improve application time to market and improve maintainability. Containers and Red Hat® OpenShift® have quickly become the de facto solution for agile development and application deployment.
Red Hat Training has developed a course that provides the gateway to container adoption by understanding the potential of DevOps using a container-based architecture. Orchestrating a container-based architecture with Kubernetes and Red Hat® OpenShift® improves application reliability and scalability, decreases developer overhead, and facilitates continuous integration and continuous deployment.
In this webinar, our expert will cover:
An overview of container and OpenShift architecture.
How to manage containers and container images.
Deploying containerized applications with Red Hat OpenShift.
An outline of Red Hat OpenShift training offerings.
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
Here you can find the slides that accompany my “SPA Secure Coding Guide”, this presentation go through a set of security best practices specially targeted towards developing Angular applications with ASP.Net Web Api backends.
It comes with a WebApi example project available on GitHub that provides several code examples of how to defend yourself. The example app is based on the famous "Tour of Heroes" Angular app used throughout the Angular documentation.
It first introduce general threat modelling before explaining the most current type of attacks Asp.Net Web API are vulnerable to .
It is designed to serve as a secure coding reference guide, to help development teams quickly understand Asp.Net Core secure coding practices.
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
Google DevFest2019 Presentation at Infosys Campus Bangalore. Application deployment in Kubernetes with Helm is demo'ed in Google Kubernetes Engine (GKE). This is an introductory session on Helm. Several references are given in it to further explore helm3 as it is in Beta state now.
Deploy 22 microservices from scratch in 30 mins with GitOpsOpsta
- What do you need to deploy microservices?
- What is Docker, Kubernetes, Infrastructure, and GitOps?
- Why can GitOps help us to improve the DevOps process?
- Demo GitOps
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Google DevFest 2022
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Helm - Application deployment management for KubernetesAlexei Ledenev
Use Helm to package and deploy a composed application to any Kubernetes cluster. Manage your releases easily over time and across multiple K8s clusters.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
Administrators and developers are increasingly seeking ways to improve application time to market and improve maintainability. Containers and Red Hat® OpenShift® have quickly become the de facto solution for agile development and application deployment.
Red Hat Training has developed a course that provides the gateway to container adoption by understanding the potential of DevOps using a container-based architecture. Orchestrating a container-based architecture with Kubernetes and Red Hat® OpenShift® improves application reliability and scalability, decreases developer overhead, and facilitates continuous integration and continuous deployment.
In this webinar, our expert will cover:
An overview of container and OpenShift architecture.
How to manage containers and container images.
Deploying containerized applications with Red Hat OpenShift.
An outline of Red Hat OpenShift training offerings.
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
Here you can find the slides that accompany my “SPA Secure Coding Guide”, this presentation go through a set of security best practices specially targeted towards developing Angular applications with ASP.Net Web Api backends.
It comes with a WebApi example project available on GitHub that provides several code examples of how to defend yourself. The example app is based on the famous "Tour of Heroes" Angular app used throughout the Angular documentation.
It first introduce general threat modelling before explaining the most current type of attacks Asp.Net Web API are vulnerable to .
It is designed to serve as a secure coding reference guide, to help development teams quickly understand Asp.Net Core secure coding practices.
Presentation done at the November meeting of the Sudoers Barcelona group (https://www.meetup.com/sudoersbcn/).
HashiCorp Vault (https://www.vaultproject.io/)
"Vault és una eina per emmagatzemar i gestionar secrets. Veurem què ofereix, com instal·lar-la, utilitzar-la i operar-la, i la nostra experiència."
Securing Microservices using Play and Akka HTTPRafal Gancarz
Going down the microservices route makes a lot of things around creating and maintaining large systems easier but it comes at a cost too, particularly associated with challenges around security. While securing monolithic applications was a relatively well understood area, the same can't be said about microservice based architectures.
This presentation covers how implementing microservices affects the security of distributed systems, outlines pros and cons of several standards and common practices and offers practical suggestions for securing microservice based systems using Play and Akka HTTP.
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
You can find the first part of this presentation here: https://www.slideshare.net/secret/pAvK8Qd9f07oa
This presentation takes a deep dive into how the Million Song Library, a microservices-based application, was built using the Netflix Stack, Cassandra and Datastax.
To learn more about Million Song Library and its components visit the project on GitHub: https://github.com/kenzanlabs/million-song-library
Lea
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
Centralizing Kubernetes and Container OperationsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
These meetup slides go over what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc., and how to set up reliable clusters and multi-master configuration without a load balancer. It also outlines how these components should be combined into an operations-friendly enterprise Kubernetes management platform with centralized monitoring and log collection, identity and access management, backup and disaster recovery, and infrastructure management capabilities. This presentation will show real-world open source projects use cases to implement an ops-friendly environment.
Check out this and more webinars in our BrightTalk channel: https://goo.gl/QPE5rZ
Dans ce document vous trouverez les dernières améliorations faites sur OpenStack et comment certaines technologies Intel dopent la performance et la sécurité de l'environnement Cloud. Quelques exemple avec :
Comment créer des "pool" de VM sécurisées avec possibilité de géo tagging (technologies Intel présentent dans les serveurs HP, DELL, IBM… + Folsom, Nova, Horizon, Open Attestation)
Comment doper la sécurité du nouveau module de gestion des clés d'OpenStack (technologies Intel + Barbican)
Comment benchmarker le stockage object Swift avec COSBench (qui supporte maintenant Ceph, S3 et Amplidata)
Auteurs:
Girish Gopal - Strategic Planning, Intel Corporation
Malini Bhandaru - Security Architect, Intel Corporation
We are sharing our process of migrating to the container based DroneCI platform and our lessons learned when scaling it up for an active open source project like ownCloud. Our journey started with a static legacy CI system, which was gradually replaced with, at first, a static DroneCI infrastructure. Over the course of half a year, we further more migrated to a cloud provider in order to dynamically scale the CI system based on the build volume. The lessons learned during this journey, were transformed and contributed to the DroneCI project and resulted in the DroneCI autoscaler - which allows for automatic scaling of infrastructure resources with common cloud providers.
Kubernetes – An open platform for container orchestrationinovex GmbH
Datum: 30.08.2017
Event: GridKA School 2017
Speaker: Johannes M. Scheuermann
Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Mehr Tech-Artikel: https://www.inovex.de/blog/
Deploying Kubernetes without scaring off your security team - KubeCon 2017Major Hayden
Kubernetes provides plenty of enhancements for deploying software, but it can cause anxiety on the corporate security team. This talk explains how to approach your security team and how to push them to provide guardrails, not deployments.
The presentation was given on 11/12/2018 on CloudExpo NY. The presentation talks about software portability approaches and technologies on Kubernetes, microservices, service mesh, and serverless platforms
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset
This talk is an update of container security in 2016. It describes the security measures that containers provide, shows how containers provide security measures out of box that are prone to configuration errors when running applications directly on host, and finally lists the ongoing in container security in the community.
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Tom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Lucas Jellema
Focus on Cloud Operations - on monitoring, automation through infrastructure as code and on secure management of keys and secrets. We discuss Audit and Log, Monitor and Healthcheck, Alarms and Notifications, Vaults with Keys and Secrets and the Terraform OCI provider and Resource Manager with custom and pre built stacks.
lldb kann mehr als nur einfache Breakpoints oder po. In dem Vortrag zeigt Oliver Bayer, wie sich mit Hilfe von lldb Programmcode zur Ausführungszeit manipulieren lässt, ohne das hierfür der Sourcecode anzupassen ist. Sei es, damit Test- oder Debugcode nicht in die produktiv App gelangt, oder weil der Sourcecode für einen Teil der App nicht vorliegt.
Event: macoun, 04.10.2019
Speaker: Oliver Bayer, inovex
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Are you sure about that?! Uncertainty Quantification in AIinovex GmbH
With the advent of Deep Learning (DL), the field of AI made a giant leap forward and it is nowadays applied in many industrial use-cases. Especially critical systems like autonomous driving, require that DL methods not only produce a prediction but also state the certainty about the prediction in order to assess risks and failure.
In my talk, I will give an introduction to different kinds of uncertainty, i.e. epistemic and aleatoric. To have a baseline for comparison, the classical method of Gaussian Processes for regression problems is presented. I then elaborate on different DL methods for uncertainty quantification like Quantile Regression, Monte-Carlo Dropout, and Deep Ensembles. The talk is concluded with a comparison of these techniques to Gaussian Processes and the current state of the art.
Speaker: Dr. Florian Wilhelm, Simon Bachstein, inovex
Event: PyCon/PyData Berlin 2019
Datum: 10.10.2019
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Why natural language is next step in the AI evolutioninovex GmbH
In 2010 ImageNet finally ended the AI winter and gave machines the sense of sight. Within the following years dramatic improvements in tasks such as image classification and object detection lead to innovations like face ID and autonomous driving. Recently, similar developments happened in the field of natural language. Using Attention mechanism and transformers tasks such as question answering and text summarization reached new benchmarks.
This talk will not only explain those, but point out how Transfer Learning and open source models such as Google Bert will open the field to new innovations in AI.
Speaker: Nico Kreiling, inovex
Event: AIxIA, 01.10.2019
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Die Worldwide Developers Conference (WWDC) ist eine von Apple jährlich durchgeführte Konferenz für Software-Entwickler (MacOS, iOS und WatchOS). Um die WWDC 2019 nochmal Revue passieren zu lassen, wurde beim Mobile Development Karlsruhe Meetup zu einer offenen Diskussionsrunde eingeladen. Die Slides fassen die für inovexler Philipp interessantesten Neuigkeiten der WWDC2019 zusammen und dienten beim Meetup als Diskussionsgrundlage.
Event: 9. Mobile Development Meetup (WWDC Edition)
Speaker: Philipp Wallrich, inovex
Datum: 17.06.2019
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Trust is good, control is better – A short story about Network Policies.
Abstract:
Probably everybody who uses Kubernetes in a productive environment with multiple users possibly has looked at policies. Often the operators of the cluster(s) just trust the policies but in some cases it might be useful to control if the policies actually have taken action and often there are just to many Policies in the cluster setup to manually test them all (and obviously you don’t want to do this). Testing the effectiveness of the Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose. Also we will show you some other tools and how they complement our solution. As a takeaway you will get an overview of different testing strategies for policies, as well as understanding challenges in testing policies in general and the Kubernetes ecosystem.
Event: ContainerDays 2019
Datum: 26.06.2019
Speaker: Johannes M. Scheuermann, Maximilian Bischoff (beide inovex)
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Interpretierbarkeit von ML-Modellen hat die Zielsetzung, die Ursachen einer Prognose offenzulegen und eine daraus abgeleitete Entscheidung für einen Menschen nachvollziehbar zu erklären. Durch die Nachvollziehbarkeit von Prognosen lässt sich beispielsweise sicherstellen, dass deren Herleitung konsistent zum Domänenwissen eines Experten ist. Auch ein unfairer Bias lässt sich durch die Erklärung aussagekräftiger Beispiele identifizieren.
Prognosemodelle lassen sich grob in intrinsisch interpretierbare Modelle und nicht-interpretierbare (auch Blackbox-) Modelle unterscheiden. Intrinsisch interpretierbare Modelle sind dafür bekannt, dass sie für einen Menschen leicht nachvollziehbar sind. Ein typisches Beispiel für ein solches Modell ist der Entscheidungsbaum, dessen regelbasierter Entscheidungsprozess intuitiv und leicht zugänglich ist. Im Gegensatz dazu gelten Neuronale Netze als Blackbox-Modelle, deren Prognosen durch die komplexe Netzstruktur schwer nachvollziehbar sind.
In diesem Talk erläuterte Marcel Spitzer das Konzept von Interpretierbarkeit im Kontext von Machine Learning und stellte gängige Verfahren zur Interpretation von Modellen vor. Besonderen Fokus legte er dabei auf modellunabhängige Verfahren, die sich auch auf prognosestarke Blackbox-Modelle anwenden lassen.
Event: M3 Minds Mastering Machines
Speaker: Marcel Spitzer
Blog-Artikel: https://www.inovex.de/blog/machine-learning-interpretability/
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Jenkins X – CI/CD in wolkigen Umgebungeninovex GmbH
Das Ökosystem rund um Kubernetes wächst täglich. Insbesondere cloud-native Continuous-Deployment-Strategien stehen Hoch im Kurs und werden in diversen Open-Source-Projekten vorangetrieben. In einer Reihe von Evalutionen nimmt inovex diese Tools genauer unter die Lupe - den Anfang macht Jenkins X.
Jenkins X wurde im März 2018 veröffentlicht. Das Konzept hinter dem Tool ist primär, bestehende Teillösungen (Helm, Skaffold, Prow, Tekton) einzusetzen, um sie abstrahiert in ein Kommandozeilen-Interface zu packen. Der Vortrag beschreibt sowohl die klassische Architektur als auch den "Severless"-Ansatz. Des weiteren werden das Kommandozeilen-Tool "jx", der allgemeine Entwicklungs-Workflow sowie diverse Features vorgestellt.
Bei unseren Tests im Rahmen der Evaluation sind uns einige Stolpersteine aufgefallen. Es sind vor allem die vielen eingesetzten Dritt-Tools, die den Betrieb und den Upkeep eines mit Jenkins X erstellten Clusters verkomplizieren. Als Fazit stellen wir Jenkins X im Mai 2019 ein "befriedigend" aus und beobachten gespannt, wie sich das Tool in den kommmenden Monaten und Jahren weiterentwickeln wird.
Event: Talk4Nerds, 29.04.2019
Speaker: Simon Kienzler, Johannes M. Scheuermann (beide inovex)
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Neben dem großen Machine-Learning-Trend in der Cloud zeichnet sich zunehmend die Tendenz ab, bestimmte Aufgaben direkt auf Edge-Geräten auszuführen. Wir erkunden die Vorteile von Auswertungen direkt an der Quelle der Daten und die damit verbundenen Herausforderungen. Denn die Rechenleistung der Cloud steht uns hier leider nicht zur Verfügung.
Zur Lösung stehen uns verschiedene Hardwareoptionen wie CPUs, GPUs, FPGAs oder spezielle ASICs und Frameworks zur Verfügung, die wir am Beispiel von einem Convolutional Neural Network evaluieren. Dabei gibt es praktische Tipps und Erfahrungen aus realen Projekten sowie anschauliche Demos auf verschiedenen Hardwareplattformen.
Vorkenntnisse:
Vorkenntnisse über tiefe neuronale Netze sind von Vorteil.
Lernziele:
- Verständnis über die Vorteile von AI auf Edge-Geräten und den damit verbundenen Herausforderungen.
- Wissen über die verschiedenen Hard- und Softwarelösungen erlangen, um diese in eigenen Projekten einzusetzen.
Event: building IoT, 03.04.2019
Speaker: Dominik Helleberg, inovex
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Blog-Artikel: inovex.de/blog
Der Talk auf der Konferenz „Talk4Nerds“ der R+V Versicherung bot eine Einführung in Prometheus als Monitoring-Lösung. Dabei ging inovexler Christoph auf die Anforderungen an ein modernes Monitoring Tool ein, wie Prometheus diesen Anforderungen entspricht und warum es zum defacto Standard im Kubernetes-Umfeld geworden ist. Abschließen beleuchtete Christoph die Non-Goals und wie man diese mit zusätzlichen Tools dennoch erreichen kann.
Speaker: Christoph Petrausch (inovex)
Event: Talk4Nerds
Datum: 29.04.2019
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Recommender systems support the decision making processes of customers with personalized suggestions. These widely used systems influence the daily life of almost everyone across domains like ecommerce, social media, and entertainment. However, the efficient generation of relevant recommendations in large-scale systems is a very complex task. In order to provide personalization, engines and algorithms need to capture users’ varying tastes and find mostly nonlinear dependencies between them and a multitude of items. Enormous data sparsity and ambitious real-time requirements further complicate this challenge. At the same time, deep learning has been proven to solve complex tasks like object or speech recognition where traditional machine learning failed or showed mediocre performance.
Join Marcel Kurovski to explore a use case for vehicle recommendations at mobile.de, Germany’s biggest online vehicle market. Marcel shares a novel regularization technique for the optimization criterion and evaluates it against various baselines. To achieve high scalability, he combines this method with strategies for efficient candidate generation based on user and item embeddings—providing a holistic solution for candidate generation and ranking.
The proposed approach outperforms collaborative filtering and hybrid collaborative-content-based filtering by 73% and 143% for MAP@5. It also scales well for millions of items and users returning recommendations in tens of milliseconds.
Event: O'Reilly Artificial Intelligence Conference, New York, 18.04.2019
Speaker: Marcel Kurovski, inovex GmbH
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
In seinem Meetup Talk berichtete Maximilian von den aktuellen Problemen von Cloud Computing – insbesondere im Internet of Things – und wie diese durch Edge Computing mitigiert werden können. Er erklärte, wie eine generische Edge-Computing-Architektur aussehen kann und zeigte Anwendungsfälle, von denen manche auch schon in existierenden Produkten umgesetzt sind.
Im Anschluss stellte er Azure IoT Edge vor und erläuterte, wie es das bestehende IoT Framework von Microsoft erweitert sowie die Grundkonzepte, die IoT Edge bereitstellt. Auch die Probleme in dem noch jungen Produkt wurden angesprochen, aber auch die Vorteile und Features, die es liefert.
In der gemeinsamen Demo mit Eli haben dann beide Speaker die technischen Details von Azure IoT Edge gezeigt und demonstriert, beispielsweise wie Code automatisiert von einer CI/CD-Pipeline in Azure DevOps auf ein IoT-Gerät deployed werden kann.
Event: inovex Meetup, 12.03.& 19.03.2019
Speaker: Maximilian Bischoff, inovex
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Es liegt in der Natur des Menschen das Unvorhersehbare vorherzusagen: Wetter, Aktienkurse, Krankheitsverläufe, die Reaktion eines Menschen. Neueste Deep Learning Ansätze sind in der Lage solche sequentielle Sachverhalte immer genauer zu prognostizieren, setzen aber auch immer größere Datenmengen und Rechenleistungen voraus, die sowohl in Forschung als auch in der Praxis häufig nicht vorliegen. Wie kann man gute Ergebnisse erreichen, wenn nur wenig Daten vorliegen?
Marisa Mohr stellte in ihrem Vortrag einen neuen und vielversprechenden informationstheoretischen Ansatz zum Feature Learning von sequentiellen Daten vor, der potenziell auch mit wenigen Daten auskommt. Dabei ging es speziell um ordinale Muster in Zeitreihen, wie sie beispielsweise als Veränderung von Emotionen im Gesprächsverlauf zu finden sind. Eine solche Entwicklung ist für Menschen in der Regel leicht zu erkennen. Chatbots hingegen können nicht intuitiv auf solche Emotionsverläufe reagieren, sondern müssen entsprechend programmiert werden.
Details:
Deep-Learning-Ansätze wie LSTMs, RNNs oder TCNs haben sich im Umgang mit sequentiellen Daten bewährt. Neuronale Netzwerke sind tief im technischen Sinn, weil sie mehrere (verborgene) Schichten besitzen, aber nicht weil sie ein tiefes Verständnis von Problemen entwickeln. In diesem Vortrag stellte Marisa einen symbolischen informationstheoretischen Ansatz des Representation Learnings von Zeitreihen vor und damit eine Möglichkeit, konzeptionelle Schichten zu konstruieren. Die Idee hinter der sogenannten Permutationsentropie besteht darin, anstelle der Werte einer Zeitreihe die Ordnungsrelation zwischen den Werten zu betrachten, und so auf das natürliche Auf und Ab des zugrundeliegenden dynamischen Systems zurückzugreifen.
Event: inovex Meetup: Das Unvorhersehbare vorhersagen: Zeitreihen und Chatbots, 26.03.2019
Speakerin: Marisa Mohr (inovex)
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Talk to me – Chatbots und digitale Assistenteninovex GmbH
Menschliche Kommunikation folgt zwar einer ganzen Reihe von Regeln, diese lassen sich aber schwer formalisieren. Nicht zuletzt deshalb, weil in unseren Interaktionen immer auch eine Fülle von Welt- und implizitem Kontextwissen eine Rolle spielt. Rein regelbasierte Chatbots sind daher nicht nur äußert komplex in der Programmierung, sondern stoßen in vielen Anwendungsbereichen schnell an ihre Grenzen.
In diesem Vortrag gab Anna Weißhaar einen Überblick über die aktuellen Lösungen und Herausforderungen im Bereich digitale Assistenten. Der Fokus lag dabei auf Ansätzen, die Chatbots „chatty“ machen, sie also möglichst adäquat auf im Voraus unbekannte Nutzereingaben reagieren zu lassen.
Event: inovex Meetup: Das Unvorhersehbare vorhersagen: Zeitreihen und Chatbots, 26.03.2019
Speaker: Anna Weißhaar (inovex)
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Nicht zuletzt durch die medienwirksame Erfolge des maschinellen Lernens durch DeepMind, OpenAI und Kollegen ist Künstliche Intelligenz im Moment wieder in aller Munde. Einerseits locken zahlreiche neue, vorher undenkbare Anwendungen wie die automatische Diagnose von Krankheiten, autonome Fahrzeuge und Drohnen, oder die automatische Übersetzung gesprochener Wörter. Andererseits warnen mahnenden Stimmen wird vor dem zunehmendem Einflussnahme der „Algorithmen“ auf fast alle Bereiche unseres Lebens sowie vor unerwünschten Folgen von sich verselbstständigenden Computern gewarnt. Einige träumen von – oder fürchten sich vor – der vermeintlich unausweichlichen Singularität, an der sich nichts weniger als das Schicksal der gesamten Menschheit entscheiden wird. Doch was verbirgt sich hinter dem Begriff Künstliche Intelligenz? Je nachdem, wen man fragt, erhält man unterschiedliche, bisweilen gegensätzliche Antworten. Dieser Vortrag stellt einige dieser Antworten vor und versucht sie (nicht nur) anhand von Beispielen aus Forschung und Anwendung einzuordnen.
Event: Business Analytics Day, 07.03.2019
Speaker: Dr. Matthias Richter, Dr. Stefan Igel (inovex)
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
In den letzten drei Jahren haben wir die Infrastruktur der Fernseh-Plattform waipu.tv gebaut. Dabei haben wir angefangen Tools für den Betrieb in Golang zu schreiben. Aus einigen der Tools wurden Core-Services, die auch die Last einer Fußball-WM-Übertragung locker wegstecken. Wir wollen euch zeigen, wie wir mit der selben Tool-Chain (Golang & Co) Betriebs-Probleme lösen und kritische Business-Applikationen entwickeln. Klassisch DevOps oder Golden Hammer?
Speaker: Christoph Petrausch, Igor Lankin (beide inovex)
Event: DevOpsConference, 04.12.2018
Mehr Tech-Vorträge: inovex.de/vortraege
Mehr Tech-Artikel: inovex.de/blog
Das Android Open Source Project, kurz AOSP, ist das Betriebssystem, das auf den meisten heutigen und wahrscheinlich auch auf deinem Smartphone läuft. Es ist die Basis für das Android-App-Universum und wird von Millionen Nutzern und Entwicklern auf der Welt verwendet. Wegen der offenen Verfügbarkeit des Source Codes ist es auch die Basis für bekannte Custom ROMs wie LineageOS.
Der erste Teil des Talks gab eine Übersicht über die Architektur des Betriebssystems, das App-Ökosystem, den Hardware Abstraction Layer (HAL), die Sicherheitskonzepte und einige neue Betriebssystementwicklungen wie Project Treble in Android 8.0.
Der zweite Teil des Talks gab einen Einblick in den Quellcode und die Struktur des AOSP: Wie lädt man sich den Source Code herunter, wie baut man das AOSP für unterstützte Geräte und wie kann man die eigenen ROMs auf ein Smartphone flashen? Zum Spaß wurde auch noch in einige Implementierungsdetails von Android-App-API-Funktionen geblickt, die man als App Developer schon aufgerufen hat.
Speaker: Stefan Lengfeld, inovex
Event: inovex Meetup Köln, 23.10.2018
Mehr Tech-Vorträge: www.inovex.de/vortraege
Mehr Tech-Artikel: www.inovex.de/blog
Interpretable Machine Learning describes the process of revealing causes of predictions and explaining a derived decision in a way that is understandable to humans. The ability to understand the causes that lead to a certain prediction enables data scientists to ensure that the model is consistent to the domain knowledge of an expert. Furthermore, interpretability is critical to obtain trust in a model and to be able to tackle problems like unfair biases or discrimination against particular subgroups. This talk covers an introduction to the concept of interpretability and an overview of popular interpretability techniques.
Speaker: Marcel Spitzer, inovex
Event: Kaggle Munich Meetup, 20.11.2018
Mehr Tech-Vorträge: www.inovex.de/vortraege
Mehr Tech-Artikel: www.inovex.de/blog
Performance evaluation of GANs in a semisupervised OCR use caseinovex GmbH
Online vehicle marketplaces are embracing artificial intelligence to ease the process of selling a vehicle on their platform. The tedious work of copying information from the vehicle registration document into some web form can be automated with the help of smart text-spotting systems, in which the seller takes a picture of the document, and the necessary information is extracted automatically.
Florian Wilhelm details the components of a text-spotting system, including the subtasks of object detection and optical character recognition (OCR). Florian elaborates on the challenges of OCR in documents with various distortions and artifacts, which rule out off-the-shelf products for this task. After offering an overview of semisupervised learning based on generative adversarial networks (GANs), Florian evaluates the performance gains of this method compared to supervised learning. More specifically, for a varying amount of labeled data, he compares the accuracy of a convolution neural network (CNN) to a GANthat uses additional unlabeled data during the training phase, showing that GANs significantly outperform classical CNNs in use cases with a lack of labeled data.
What you'll learn:
Understand how semisupervised learning with GANs works
Explore beneficial semisupervised methods based on GANs for use cases with a limited amount of labeled data
Gain insight into an interesting OCR use case of an online vehicle marketplace
Event: O'Reilly Artificial Intelligence Conference, London, 11.10.2018
Speaker: Dr. Florian Wilhelm
Mehr Tech-Vorträge: www.inovex.de/vortraege
Mehr Tech-Artikel: www.inovex.de/blog
People & Products – Lessons learned from the daily IT madnessinovex GmbH
IT im 21. Jahrhundert – What a time to be alive! Es gibt einen (unüberschaubaren) Zoo an Methoden und Produkten die uns so viel Freude an der Arbeit bereiten! Sie sind modern, weil sie neu sind. Sie fordern unser Können heraus, weil sie komplex sind. Sie lösen einige Probleme, die wir vorher nicht hatten. Jeder will sie verwenden, weil Google, Netflix & Co. sie propagieren und Hand auf’s Herz: Will nicht jeder gerne so arbeiten wie Google, Netflix & Co.? Aber macht das wirklich Sinn?
In diesem Vortrag blicken wir auf diverse Erkenntnisse aus dem Einsatz agiler Produktentwicklung, DevOps, Continuous Integration/Delivery, Infrastructure as Code, Immutable Infrastructure (bspw. Docker/Kubernetes), Application Logging und Service Monitoring.
Learning Goals:
- Wir müssen den Einsatz von Methoden und Tools an die Menschen ausrichten, die sie (weiter-)entwickeln und benutzen sollen.
- Manchmal lösen wir mit neuen Tools Probleme, die wir vorher nicht hatten.
- Die Suche nach einfachen Lösungen für komplexe Probleme ist essentiell, aber nicht immer einfach.
Event: Continuous Lifecycle, 15.11.2018
Speaker: Arnold Bechtoldt
Mehr Tech-Vorträge: www.inovex.de/vortraege
Mehr Tech-Artikel: www.inovex.de/blog
Infrastructure as (real) Code – Manage your K8s resources with Pulumiinovex GmbH
Pulumi (pulumi.io) offers an open source platform to create/manage and deploy your infrastructure in realy programming languages like JavaScript/TypeScript, Go and Python. As Cloud platforms the major 3 cloud providers are supported and additionally you can also use Pulumi with OpenStack and Kubernetes to deploy your applications in the cloud.
In this talk we will take a look how Pulumi is different to traditional solutions like Terraform or the Cloud Provider specific solutions (e.g. CloudFormation). The main focus will be on deploying your services on top of Kubernetes. The talk will contain a little theory part about Pulumi, the rest of the talk is more focused on demos and practical parts. One focus of the talk is the difference of Pulumi to kubectl and helm (or to be precise how they complement each other.
As a takeaway of this talk you should understand the basics of Pulumi and know what are the differences to the traditional deployment tools.
Event: CNCF Meetup Hamburg & Stuttgart, 29.10.2018 & 07.11.2018
Speaker: Johannes M. Scheuermann, inovex
Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Mehr Tech-Artikel: https://www.inovex.de/blog/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
7. • Secure all components with certificates
• Only talk over TLS
• Disable the insecure port (even on localhost)
• Disable anonymous authentication
• Or at least restrict it to uncritical resources
• Since 1.7 Kubernetes supports an Audit Log
Focus on the Platform
12. • Since 1.6
• Ingress policies
• Egress policies (1.8)
• Network segmentation (distributed firewall)
• CNI plugin must support it
Network Policies
13. • DENY all traffic to an application
• LIMIT traffic to an application
• DENY all non-whitelisted traffic in a namespace
• DENY all traffic from other namespaces
• ALLOW traffic from other namespaces
• ALLOW traffic from external clients
Network Policies (example)
15. • Needs to be explicitly activated
• Let you define what’s allowed
• There must be a default policy
• Activating “runAsNonRoot” will break many things
• Only activate if needed (multi-tenant)
• Can be combined with RBAC
Pod Security Policies
18. • Intercepts request to the Kubernetes API
• (Can) Perform modifications
• Many default controllers exists
• You can also write your own
Admission Controller(s)
22. • Since 0.9 Kubernetes auth backend
• Solves only the challenge of authentication
• Secret must be fetched
• Sidecare/init container
• Integrates with ServiceAccounts
Vault Integration (secret store)
23. • Open artifact metadata API
• Pluggable (multiple providers)
• ACL for the metadata
• Query-ability
• Integrates with Kubernetes
Grafeas
24. • Service Mesh
• Policy Enforcement (L4/L7)
• Integrated CA
• Transparent TLS
• Routing
• Language/Platform agnostic
Istio
26. • Many possibilities to make your cluster more secure
• Each with it’s benefits and drawbacks
• Generally à Security means (hard) work
• Depends on your Use Case what to use
• Play around with and get a feeling (in a playground)
Conclusions
31. Johannes M. Scheuermann
inovex GmbH
Johannes.scheuermann@inovex.de
CC BY-NC-ND inovex.de +JohannesScheuermann
github.com/johscheu
er
@johscheuer youtube.com/inovexGmb
H