The document discusses running a multi-tenant Kubernetes cluster for over 1000 users at a university. It describes initially using VMs which had scaling issues. The cluster now uses Kubernetes with containers for improved flexibility and efficiency. Authentication uses LDAP via a webhook. Authorization integrates with Gitlab to map users and roles. Admission control currently allows free usage but will add quotas. The cluster provides services like CEPH storage, GPU nodes, and logging via Graylog. Initial usage identified control plane issues which were addressed by increasing API server and etcd resources and switching etcd to SSD storage.
Cloud foundry: The Platform for Forging Cloud Native ApplicationsChip Childers
It wasn’t too long ago that artisans, bathed in the glow of molten metal, forged parts that would go on to make up bigger, more powerful machines. Today, we call those artisans developers. Instead of metal, they use bits and bytes in the cloud to forge a modern application architecture that supports public, private and hybrid application deployment. One that enables users and developers to move their applications wherever they need to go. And it’s built on a growing, vibrant ecosystem.
Nowhere is this epic shift in how things are made more visible than the meteoric adoption of Cloud Foundry. In this talk, Chip Childers, VP of Technology for Cloud Foundry Foundation, will give attendees an inside look at the industry movements and the technological requirements that are driving Cloud Foundry's rapid adoption. Most importantly, he will walk through how organizations are responding to the challenge of continuous innovation, what's driving modern application architectures, and how the Cloud Foundry platform uses specific constraints in order to fulfill it's promise to application owners.
You think Docker is awesome - well than we have something for you: Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.
In our first MeetUp we will give you a high-level overview on this tool and give you the chance to chat with other intersted people.
Cloud foundry: The Platform for Forging Cloud Native ApplicationsChip Childers
It wasn’t too long ago that artisans, bathed in the glow of molten metal, forged parts that would go on to make up bigger, more powerful machines. Today, we call those artisans developers. Instead of metal, they use bits and bytes in the cloud to forge a modern application architecture that supports public, private and hybrid application deployment. One that enables users and developers to move their applications wherever they need to go. And it’s built on a growing, vibrant ecosystem.
Nowhere is this epic shift in how things are made more visible than the meteoric adoption of Cloud Foundry. In this talk, Chip Childers, VP of Technology for Cloud Foundry Foundation, will give attendees an inside look at the industry movements and the technological requirements that are driving Cloud Foundry's rapid adoption. Most importantly, he will walk through how organizations are responding to the challenge of continuous innovation, what's driving modern application architectures, and how the Cloud Foundry platform uses specific constraints in order to fulfill it's promise to application owners.
You think Docker is awesome - well than we have something for you: Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.
In our first MeetUp we will give you a high-level overview on this tool and give you the chance to chat with other intersted people.
Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.
Introduction to Kubernetes and Google Container Engine (GKE)Opsta
Kubernetes is an open-source system for automating
deployment, scaling, and management of containerized
applications. This presentation will show you overview of Kubernetes concept and benefit with Google Container Engineer (GKE)
GDG DevFest Bangkok 2017 at Ananda UrbanTech FYI Center on October 7, 2017
See Facebook Live here
https://www.facebook.com/gamez.always/videos/10204052467627401/
Webinar: Using Litmus Chaos Engineering and AI for auto incident detectionMayaData Inc
Chaos engineering tools offer a great way to test an application’s resiliency in a Kubernetes deployment. But chaos experiments can induce failure modes that have never been seen before, causing incidents to slip through existing alert rules.
Detecting these failures can be tricky, and Zebrium solves this with unassisted machine learning.
Our interactive panel discusses, in the context of a demo, a set of Litmus chaos engineering experiments against a distributed Kubernetes app and will use Zebrium Autonomous Log Monitoring to auto-detect incidents and provide an indication of the root cause.
Save 60% of Kubernetes storage costs on AWS & others with OpenEBSMayaData Inc
With features like thin provisioning, per workload replication and snapshots, using OpenEBS can lower your storage TCO on any Kubernetes cloud by up to 60%. In this webinar you will see with in depth examples of the method a MayaData OpenEBS Enterprise customer used to save $ 75,000 a month.
PuppetConf 2017: Kubernetes in the Cloud w/ Puppet + Google Container Engine-...Puppet
Today there's a multitude of ways to get up and running with Kubernetes in the Cloud. In this talk we'll look at how easy it is to operationalize your K8s cluster deployments using the new gcontainer puppet module for Google Container Engine (GKE), Google’s Managed Kubernetes service. We'll walk you through an end to end deployment of a demo application using the gcontainer puppet module and the kubernetes module. We'll also take a deep dive into the unique value proposition that GKE brings to Kubernetes deployments, including security, scaling, federation, automated container builds, integrated private container registry and GPUs.
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017Codemotion
Creating a single microservice is a well-understood problem. Creating a cluster of load-balanced microservices that are resilient and self-healing is not so easy. Managing that cluster with rollouts and rollbacks, scaling individual services on demand, securely sharing secrets and configuration among services is even harder. Kubernetes, an open source container management system, can help with this. In this talk, we will learn what makes Kubernetes a great system for automating deployment, operations, and scaling of containerized applications.
Deploying containerized applications with KubeappsJanakiram MSV
Kubeapps is a Kubernetes dashboard that supercharges your Kubernetes cluster with simple browse and click deployment of apps in any format. Building on Bitnami’s contributions to leading open source projects, Kubeapps provides a complete application delivery environment that empowers users to launch, review and share applications.
Getting started with Azure Container Service (AKS)Janakiram MSV
Microsoft has launched managed Kubernetes cluster offering called Azure Container Service (AKS). Learn everything about AKS - architecture, integration with Azure services, and managing deployments.
Kubernetes intro public - kubernetes user group 4-21-2015reallavalamp
Kubernetes Introduction - talk given by Daniel Smith at Kubenetes User Group meetup #2 in Mountain View on 4/21/2015.
Explains the basic concepts and principles of the Kubernetes container orchestration system.
An overview of the Kubernetes architectureIgor Sfiligoi
This talk provides a 101 introdution to Kubernetes from a user point of view.
Aimed at service providers, it was presented at the GPN Annual Meeting 2019. https://conferences.k-state.edu/gpn/
We are on the cusp of a new era of application development software: instead of bolting on operations as an after-thought to the software development process, Kubernetes promises to bring development and operations together by design.
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
Developers and operators tend to build and develop different ways to set up a Kubernetes cluster due to its complexity and openness. Most of the time, it's quite confusing for the newcomers to get started with the Kubernetes. In this short talk, I'll introduce you some popular ways of Kubernetes deployment and briefly talk about pros and cons of each solution.
Kubernetes Helm makes application deployment easy, standardized and reusable. Use of Kubernetes Helm leads to better developer productivity, reduced Kubernetes deployment complexity and enhanced enterprise production readiness.
Enterprises using Kubernetes Helm can speed up the adoption of cloud native applications. These applications can be sourced from open-source community provided repositories, or from an organization’s internal repository of customized application blueprints.
Developers can use Kubernetes Helm as a vehicle for packaging their applications and sharing them with the Kubernetes community. Kubernetes Helm also allows software vendors to offer their containerized applications at “the push of a button.” Through a single command or a few mouse clicks, users can install Kubernetes apps for dev-test or production environments.
Introduction to Kubernetes for .NET developers with discussion around key features and using managed Kubernetes providers such as Azure Container Service (AKS) and serverless containers such as Azure Container Instances (ACI)
Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.
Introduction to Kubernetes and Google Container Engine (GKE)Opsta
Kubernetes is an open-source system for automating
deployment, scaling, and management of containerized
applications. This presentation will show you overview of Kubernetes concept and benefit with Google Container Engineer (GKE)
GDG DevFest Bangkok 2017 at Ananda UrbanTech FYI Center on October 7, 2017
See Facebook Live here
https://www.facebook.com/gamez.always/videos/10204052467627401/
Webinar: Using Litmus Chaos Engineering and AI for auto incident detectionMayaData Inc
Chaos engineering tools offer a great way to test an application’s resiliency in a Kubernetes deployment. But chaos experiments can induce failure modes that have never been seen before, causing incidents to slip through existing alert rules.
Detecting these failures can be tricky, and Zebrium solves this with unassisted machine learning.
Our interactive panel discusses, in the context of a demo, a set of Litmus chaos engineering experiments against a distributed Kubernetes app and will use Zebrium Autonomous Log Monitoring to auto-detect incidents and provide an indication of the root cause.
Save 60% of Kubernetes storage costs on AWS & others with OpenEBSMayaData Inc
With features like thin provisioning, per workload replication and snapshots, using OpenEBS can lower your storage TCO on any Kubernetes cloud by up to 60%. In this webinar you will see with in depth examples of the method a MayaData OpenEBS Enterprise customer used to save $ 75,000 a month.
PuppetConf 2017: Kubernetes in the Cloud w/ Puppet + Google Container Engine-...Puppet
Today there's a multitude of ways to get up and running with Kubernetes in the Cloud. In this talk we'll look at how easy it is to operationalize your K8s cluster deployments using the new gcontainer puppet module for Google Container Engine (GKE), Google’s Managed Kubernetes service. We'll walk you through an end to end deployment of a demo application using the gcontainer puppet module and the kubernetes module. We'll also take a deep dive into the unique value proposition that GKE brings to Kubernetes deployments, including security, scaling, federation, automated container builds, integrated private container registry and GPUs.
Resilient microservices with Kubernetes - Mete Atamel - Codemotion Rome 2017Codemotion
Creating a single microservice is a well-understood problem. Creating a cluster of load-balanced microservices that are resilient and self-healing is not so easy. Managing that cluster with rollouts and rollbacks, scaling individual services on demand, securely sharing secrets and configuration among services is even harder. Kubernetes, an open source container management system, can help with this. In this talk, we will learn what makes Kubernetes a great system for automating deployment, operations, and scaling of containerized applications.
Deploying containerized applications with KubeappsJanakiram MSV
Kubeapps is a Kubernetes dashboard that supercharges your Kubernetes cluster with simple browse and click deployment of apps in any format. Building on Bitnami’s contributions to leading open source projects, Kubeapps provides a complete application delivery environment that empowers users to launch, review and share applications.
Getting started with Azure Container Service (AKS)Janakiram MSV
Microsoft has launched managed Kubernetes cluster offering called Azure Container Service (AKS). Learn everything about AKS - architecture, integration with Azure services, and managing deployments.
Kubernetes intro public - kubernetes user group 4-21-2015reallavalamp
Kubernetes Introduction - talk given by Daniel Smith at Kubenetes User Group meetup #2 in Mountain View on 4/21/2015.
Explains the basic concepts and principles of the Kubernetes container orchestration system.
An overview of the Kubernetes architectureIgor Sfiligoi
This talk provides a 101 introdution to Kubernetes from a user point of view.
Aimed at service providers, it was presented at the GPN Annual Meeting 2019. https://conferences.k-state.edu/gpn/
We are on the cusp of a new era of application development software: instead of bolting on operations as an after-thought to the software development process, Kubernetes promises to bring development and operations together by design.
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
Developers and operators tend to build and develop different ways to set up a Kubernetes cluster due to its complexity and openness. Most of the time, it's quite confusing for the newcomers to get started with the Kubernetes. In this short talk, I'll introduce you some popular ways of Kubernetes deployment and briefly talk about pros and cons of each solution.
Kubernetes Helm makes application deployment easy, standardized and reusable. Use of Kubernetes Helm leads to better developer productivity, reduced Kubernetes deployment complexity and enhanced enterprise production readiness.
Enterprises using Kubernetes Helm can speed up the adoption of cloud native applications. These applications can be sourced from open-source community provided repositories, or from an organization’s internal repository of customized application blueprints.
Developers can use Kubernetes Helm as a vehicle for packaging their applications and sharing them with the Kubernetes community. Kubernetes Helm also allows software vendors to offer their containerized applications at “the push of a button.” Through a single command or a few mouse clicks, users can install Kubernetes apps for dev-test or production environments.
Introduction to Kubernetes for .NET developers with discussion around key features and using managed Kubernetes providers such as Azure Container Service (AKS) and serverless containers such as Azure Container Instances (ACI)
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt dasNico Meisenzahl
Lernen Sie, wie Sie mit containerisierten Pipelines Abhängigkeiten in Ihren CI/CD-Umgebung eliminieren, um sich nicht mit verschiedenen Versionen Ihrer Toolchain und Abhängigkeiten herumschlagen zu müssen.
Nutzen Sie die containerisierten Gitlab CI/CD-Pipelines und Kaniko, um Build- und Deployment-Workloads in Ihrem Kubernetes-Cluster zu verlagern. Stellen Sie Ihre Microservices und/oder Infrastruktur ohne externe Abhängigkeiten und Einschränkungen bereit.
Nico wird Sie auch in Tekton einführen - ein Open-Source-Projekt, das Ihnen hilft, eine Cloud-native Toolchain aufzubauen, indem Sie Ihr gesamtes CI/CD (Workload sowie Konfiguration) in Kubernetes verlagern.
Begleiten Sie Nico auf einem Deep Dive in die Geheimnisse von containerisierten Build und Deployment Pipelines mit Gitlab CI/CD, Kaniko und Tekton.
Cloud Native Night, April 2018, Munich: Talk by Sebastian Scheele (@hrscheele, CEO & co-founder of Loodse GmbH)
Join our Meetup: https://www.meetup.com/de-DE/cloud-native-muc
Abstract:
Imagine a world in which a Kubernetes control plane could govern and control node infrastructure in Kubernetes. In this talk, Sebastian will take the user on an adventurous journey through the Kubernetes API and into the infrastructure layer of the stack.
Sebastian will introduce the idea of Machine API, talk about the patterns behind declarative nodes and look at the role of the cloud provider within these patterns. The participants will learn how the project integrates cleanly and effortlessly with the Kubernetes API and works out of the box with kubectl. Also, Sebastian will present the work of the official Cluster API effort and the concept of bring-your-own-node-controller.
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
Kubernetes is an open source container cluster orchestration platform founded by Google. This presentation covers an overview of it's main concepts, plus how it fits into Google Cloud Platform. This was delivered by Kit Merker at DevNexus 2015 in Atlanta.
DevOpsCon London: How containerized Pipelines can boost your CI/CDNico Meisenzahl
Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton – an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CDNico Meisenzahl
Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines! Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton - an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
If you'd like to watch along with the recording of the webinar, visit: http://bitn.am/2u5bOnA
Serverless computing has given back loads of time and money to developers whose focus is to create new, popular and disruptive applications. Without serverless computing, developers would still be spending most of their time on infrastructure rather than building new features to improve their users' experience.
With the move to containers and increased market share for Kubernetes, Bitnami has wanted to stay one step ahead by providing a serverless tool that is also Kubernetes-native, ... Kubeless! Kubeless tackles the challenge of integrating cloud services through small logical units. When creating your new project or application on Kubernetes, Kubeless will allow you to focus on creating a great application with a lightweight and flexible infrastructure.
In this video, you will watch and learn:
-The benefits of serverless computing on Kubernetes
- How to link several cloud services together with small, lightweight pieces of code
- How to install Kubeless into your GKE cluster
- How to deploy Python and Node.js functions with a straightforward CLI call
- An introduction to the Kubeless UI and how to write, update, delete, and deploy functions through it
Google Sheets is a great frontend on its own, but paired with a Python backend, it allows you to quickly get data apps up and running that are both developer and end-user friendly and that can leverage all (data science) Python packages. For the backend, you can choose anything that is able to run Python, such as Google Cloud Run and to make the integration easy, we're going to use xlwings.
xlwings is an Open Source project to automate Microsoft Excel and has recently added a server version that also works with Google Sheets. Essentially, you can replace Google Apps Script with Python. While xlwings Server is part of the PRO offering, it is source-available and free for non-commercial use.
A list of action items you want to keep in mind when you're devsecops'ing for your cloudnative environments. Given as a part of a talk on the Modern Security series (
https://info.signalsciences.com/securing-cloud-native-ten-tips-better-container-security).
Kubernetes 1.16 and rancher 2.3 enhancementsSaiyam Pathak
This presentation talks about the recent kubernetes 1.16 enhancements and Rancher 2.3 new features. It also has the references section that was used as a motivation for this presentation.
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
The AT&T team recently embarked on a journey with CloudStack and has since deployed a solution which encompasses multiple data-centers. This talk focuses on how they are using open source tools like CloudStack, FreeIPA, and Metal as a Service (MaaS) to support KVM-based VM provisioning at an enterprise scale within a GitOps model.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
Elevate Your Builds: Next-Gen CI/CD with Azure Container Apps and KEDAPhilip Welz
Virtual machines are still the most common way to build and deploy applications via CI/CD. This session explores a new approach: KEDA, a cloud-native autoscaler that will drive the on-demand scaling of containerized build agents running on Azure Container Apps. By leveraging both technologies, we can build highly scalable, cost-efficient and sustainable CI/CD pipelines.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
One cluster to serve them all
1. One Cluster to Serve
Them All
How to run a multi-tenant K8s cluster for 1000+ users in
research and education at a University
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 1
5. University Requirements
• Flexible compute resources for Research & Teaching purposes
• Students: Try technologies, host small services etc.
• Research projects: Host project websites, services and run
large workloads in the cloud
• Must be simple to use but allow for complex setups!
• Large variety in technologies!
• 1000+ students
• AWS, Azure, GKE etc. not an option due to administrative
restrictions
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 5
6. Multi-Tenancy @ HAW
• Lab & Research projects each buy their own resources:
• Setup consumes too much time Project elapsed before anything runs
• Large vendor variety very hard to maintain
• Objectives:
• Consolidate heterogeneous compute resources
• Datacenter De-Fragmentation Due to scarcity of power, cooling and space
• Goals:
• Democratize Compute Resources
• Increase Research & Development ramp-up speed and efficiency
• Improve Resource Utilization
• Simplify usage
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 6
8. Worked well, but...
• VMWare at scale is too expensive
• Resources became scarce as people demanded larger VM
instances
• Also: lack of flexibility
• VMs are never returned
• VMs never get patched Users need to maintain Operating
Systems (hint: they won’t)
• Problems with security rules: Either too hard or too weak
Users unsatisfied
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 8
9. Containers to the Rescue!
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 9
• Lightweight
• Fast
• Flexible
• Resource Efficient
… you know it
• But:
Requires Orchestration
• Enter Kubernetes
10. Multiple Clusters?
• Requires the skill to run K8s
• Even if setup is automated:
• Still leaves configuration of cluster to the users
• Does not help in error cases
• Does not help with special setups
• Essentially same provisioning problem as with VMs
• aka: Who gets how many ressources and when?
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 10
11. Other reasons for single-cluster
• “(…) Not needing to deploy and monitor multiple clusters (i.e.
build all the tooling we did to run GKE at Google)” – David
Oppenheimer
• “(…) with the increasing emergence of "secure container"
technologies, this tendency will only increase, primarily driven
by resource cost considerations” – Quinton Hoole
• Source: https://goo.gl/ypCtzg
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 11
12. To the multi-tenant cluster we go!
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 12
13. Initial Cluster Setup
• Kubernetes the Hard Way (https://github.com/kelseyhightower/kubernetes-the-hard-way)
ICC the Hard Way (https://github.com/christianhuening/kubernetes-the-haw-hamburg-way)
• 3 Master Nodes
• VM, 1 Core, 4 GB
• 3 Worker Nodes
• Bare Metal, 8 Core, 128GB
• 5 Node etcd cluster
• VM, 1 Core, 8 GB, HDD Storage
• Canal + Flannel (Calico) as Overlay Network Solution
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 13
14. We need AAA
• AuthN
• Who?
• AuthZ
• What?
• Admission
• How much?
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 14
15. AuthN
• Login via HAW Accounts through LDAP
• „Let‘s key in LDAP settings into the K8s LDAP module“
• ...oh... wait...
• Auth Token Webhook in API-Servers
• kubernetes-ldap service forked & extended from Apprenda/Kismatic
• Code: https://github.com/christianhuening/kubernetes-ldap
• API-Server Config:
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 15
--authentication-token-webhook-config-file=/etc/kubernetes/ssl/ldap-webhook-config.yaml
--authentication-token-webhook-cache-ttl=30m0s
--runtime-config=authentication.k8s.io/v1beta1=true
16. AuthN
• Kubernetes-ldap service hosts two endpoints:
• /ldapAuth: Listens for login requests and returns JWT token, exposed
via Ingress
• /authenticate: Endpoint for API-Server to validate incoming tokens
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 16
kubeloginkubectl K8s-api K8s-ldap HAW-IDM
/ldapAuth
200, JWT token
Write kube/config
Any API call /authenticate
OK / NOK
proceed
LDAP bind
Bind ok
17. AuthN
• Users use kubelogin to authenticate
• Creates/Updates ~/.kube/config file
• Set default namespace
• Activate Context
• Stored token is valid for 12 hours
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 17
19. AuthZ
• Source of Truth required
• Majority of project and course work at HAW is done via Gitlab
• We built a Gitlab Integrator Service which:
• maps Groups, Projects and Personal Repos to Namespaces
• maps User roles from Gitlab to RoleBindings
• also applies PodSecurityPolicies & Docker Registry Secrets
• supports Webhook feature and full-sync every 3 hours
• allows for namespaces to be excluded from synchronization
• kube-system “cleaned up” , whooops
• sets up K8s Integration in Gitlab (i.e. for Continuous Delivery)
• can run inside of cluster or externally
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 19
20. AuthZ - Custom Roles and Bindings
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 20
• Special permissions are
granted through a ConfigMap
• Integrator ensures these are
present in the cluster
• Code: https://github.com/k8s-
tamias/gitlab-k8s-integrator
21. AuthZ
• Service at a point where it does too many things
• Reengineering:
• Tenant Operator/Controller
• Adapters for sources of truth like Gitlab, Github, LDAP, etc…
• Discussion at https://goo.gl/CQFvd8
• And in Multi-Tenancy Workgroup:
• Mailing List: https://goo.gl/fZ8g6B
• Slack: https://kubernetes.slack.com/messages/wg-multitenancy
• Come in, join the fun ☺ !
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 21
28. Storage – CEPH & rook.io
• rook.io on ContainerLinux:
• Runs CEPH cluster as Pods in Kubernetes
• Same benefits for your storage cluster as you have for your apps
• Requires persistent storage for ceph-mon storage to be
shutdown/restart-safe
Mount /var/lib/rook to extra hard-drive
• BTW: No need for multiple pools due to single, large cluster! ☺
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 28
29. Also: Logging
• No OpenSource Logging solution capable of multi-tenancy out-
of-the-box
• Opt 1: Deploy a Graylog+ES to every namespace 2-4 GB mem
• Opt 2: Provide Helm chart for people who want it won‘t be used
• Option 3: Graylog can do it through Streams and Rules in
combination with User permissions
• However problems and slow
• Gets setup via gitlab-integrator
• As I said: it‘s doing too many things…
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 29
30. Even More:
• SSL Certificate auto-provisioning via kube-lego
• Discontinued: Need to migrate to cert-manager!
• Monitoring via Prometheus-Operator
• No multi-tenancy yet, suggestions?
• GPGPU pods via https://github.com/NVIDIA/k8s-device-plugin
• And special PSPs in Namespaces via Gitlab-Integrator
• Dynamic Nodes from PC-Pools
• Add up to 1.2 TB memory and 600 cores
• Utilizes the csrapproval-controller (since K8s 1.7)
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 30
31. Summary
• Everything worked fine!
• Without actual users…
• Go-Live in September 2017 (Winter-Semester)
• ~150 concurrent users
• 2 very heavy users (master theses)
• Sort of brought down the cluster several times ☺
• Several problems showed up:
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 31
32. Problems – Control Plane
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 32
API Server Metrics:
33. Problems - Control Plane
• API Servers were running out of capacity:
• Increased memory to 32GB
• Increased Cores to 4
• Increased API Server count to 6
• However: Problems persisted
• kubectl commands timed out
• Deployments didn’t start
• Nodes failed due to API-Servers not responding
• etcd?
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 33
34. Problems – etcd I
• Obviously etcd ran out of memory
• Disable Swap!
• Increase mem to 16 GB per Node
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 34
35. Problems – etcd II
• Switch to pure
SSD storage
recommended!
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 35
Dez 12 09:13:23 icc-etcd-1 etcd[3875]: failed to send out heartbeat on time (exceeded the 100ms timeout for 228.310831ms)
Dez 12 09:13:23 icc-etcd-1 etcd[3875]: server is likely overloaded
Dez 12 09:13:23 icc-etcd-1 etcd[3875]: failed to send out heartbeat on time (exceeded the 100ms timeout for 228.294797ms)
Dez 12 09:13:23 icc-etcd-1 etcd[3875]: server is likely overloaded
37. Problems – etcd III
• We hit etcds default storage limit of 2GB
• etcd only accepted READ and DELETE requests
• Increase the size via --quota-backend-bytes flag
• Max is 8GB
• Effectively caused downtime for 1 day; services remained up
• Recovery took about 7 hours at full utilization
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 37
38. Other Performance Impacts
• kube-state-metric‘s pod_nanny required higher settings
(extra_mem = 150Mi) per Node due to higher pod churn
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 38
39. Lessons Learned
• Large-Scale is not necessarily bound to #nodes
• etcd really is your Pet and you want to make it feel
good:
• Multi-Tenancy possible but complex
• Requires especially good monitoring, logging &
auditing
• Students are very curious and use
the new technologies
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 39
40. What’s next?
• Node Security & Container Isolation
• Network Policies
• Resource Management via Self-Service (tamias.io)
• Priorities / kube-arbitrator
• Improve usage of owned, but idle resources
• PodTolerationRestriction Controller
• IPv6 & multi-network setup (IoT research et al.)
06.02.18 christian.huening@haw-hamburg.de | Twitter: @chrishuen 40