This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
BPF is one of the fastest emerging technologies of the Linux kernel. The talk provides an introduction to Cilium which brings the powers of BPF to Kubernetes and other orchestration systems to provide highly scalable and efficient networking, security and load balancing for containers and microservices. The talk will provide an introduction to the capabilities of Cilium today but also deep dives into the emerging roadmap involving networking at the socket layer and service mesh datapath capabilities to provide highly efficient connectivity between cloud native apps and sidecar proxies.
Zero downtime deployment of micro-services with KubernetesWojciech Barczyński
Talk on deployment strategies with Kubernetes covering kubernetes configuration files and the actual implementation of your service in Golang and .net core.
You will find demos for recreate, rolling updates, blue-green, and canary deployments.
Source and demos, you will find on github: https://github.com/wojciech12/talk_zero_downtime_deployment_with_kubernetes
These are the slides for a talk/workshop delivered to the Cloud Native Wales user group (@CloudNativeWal) on 2019-01-10.
In these slides, we go over some principles of gitops and a hands on session to apply these to manage a microservice.
You can find out more about GitOps online https://www.weave.works/technologies/gitops/
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
BPF is one of the fastest emerging technologies of the Linux kernel. The talk provides an introduction to Cilium which brings the powers of BPF to Kubernetes and other orchestration systems to provide highly scalable and efficient networking, security and load balancing for containers and microservices. The talk will provide an introduction to the capabilities of Cilium today but also deep dives into the emerging roadmap involving networking at the socket layer and service mesh datapath capabilities to provide highly efficient connectivity between cloud native apps and sidecar proxies.
Zero downtime deployment of micro-services with KubernetesWojciech Barczyński
Talk on deployment strategies with Kubernetes covering kubernetes configuration files and the actual implementation of your service in Golang and .net core.
You will find demos for recreate, rolling updates, blue-green, and canary deployments.
Source and demos, you will find on github: https://github.com/wojciech12/talk_zero_downtime_deployment_with_kubernetes
These are the slides for a talk/workshop delivered to the Cloud Native Wales user group (@CloudNativeWal) on 2019-01-10.
In these slides, we go over some principles of gitops and a hands on session to apply these to manage a microservice.
You can find out more about GitOps online https://www.weave.works/technologies/gitops/
The new RAML 1.0 specification provides new features and additional flexibilty that makes it easier to design and create great APIs. In this session we will review some best practices for RESTful APIs and show how to add these features to your own APIs using the RAML specification. We will also cover common design patterns and address FAQs such as how to use annotations and add metadata to APIs.
Presentation in IBM Cloud Meet-up of Toronto
https://www.meetup.com/IBM-Cloud-Toronto/events/253903913/?_xtd=gatlbWFpbF9jbGlja9oAJGU3NmM3ZjdmLWE2NzgtNGVlNC1iNGZiLTBlZGE5ZWM0NDZjOQ
In this session we will be learning Bitbucket features, defining branching strategies, automating build,test, release and deployment process. Further will be creating multibranch pipelines.
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...KCDItaly
Many companies are experiencing a dramatic increase in the number of their Kubernetes clusters, for
reasons such as geographical/legislative constraints, data/service replication, etc.
However, when the number of clusters increases, the complexity of deploying apps, managing the entire
multi-cluster infrastructure, and keeping its state under control, becomes rapidly an unmanageable
problem.
A possible solution is Liqo, an open-source project that simplifies the creation of multi-cluster topologies
by replicating the Kubernetes “cattle” model also to clusters.
Liqo creates a virtual cluster that spans multiple real clusters, either on-prem or managed (AKS, EKS,
GKE), and instantiates the desired applications seamlessly in the appropriate cluster.
This talk will discuss the potentials and roadblocks of this vision and highlight how Liqo brings multi-
cluster transparency to the users.
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
Related Source Code https://github.com/abdennour/meetup-deployment-k8s
Intro
Why Deployment ?
What’s Deployment ?
How Deployment?
Deployment Strategies ( in general & in k8s )
Deployment Features
Demo ( distributed )
OpenShift is Red Hat's Platform-as-a-Service (PaaS) that lets developers quickly develop, host, and scale Docker container-based applications. OpenShift enables a uniform and standardised approach to container management across all hosting options including AWS/EC2 and other private/public cloud and on/off-premise variants. At this session, you will learn how Red Hat's enterprise clients are using OpenShift to enable their digital transformation initiatives. Examples will cover how realising a hybrid cloud strategy can simplify and reduce the risk of migrating and transitioning application workloads to containers in the cloud.
Alex Smith, Solutions Architect, Amazon Web Services, ASEAN
Stephen Bylo, Senior Solution Architect, Red Hat Asia Pacific Pte Ltd
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
This presentation by Serhii Abanichev (System Architect, Consultant, GlobalLogic) was delivered at GlobalLogic Kharkiv DevOps TechTalk #1 on October 8, 2019.
In this talk were covered:
- Full coverage of DevOps with Azure DevOps Services:
- Create, test and deploy in any programming language, to any cloud or local environment.
- Run concurrently on Linux, macOS, and Windows, deploying containers for individual hosts or Kubernetes.
- Azure DevOps Services: a Microsoft solution that replaces dozens of tools ensuring smooth delivery to end users.
Event materials: https://www.globallogic.com/ua/events/kharkiv-devops-techtalk-1/
KMIP stands for key management interoperability protocol. Provides simple binary and TTLV variant protocol to manage various cryptographic key cycles for enterprise needs viz., for enterprise applications, data encryption etc.
In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
This is part 1 of my Kubernetes architecture deep-dive slide series.
I have been working with Kubernetes for more than a year, from v1.3.6 to v1.6.7, and I am a CNCF certified Kubernetes administrator. Before I move on to something else, I would like to summarize and share my knowledges and take-aways about Kubernetes, from a software engineer perspective.
This set of slides is a humble dig into one level below your running application in production, revealing how different components of Kubernetes work together to orchestrate containers and present your applications to the rest of the world.
The slides contains 80+ external links to Kubernetes documentations, blog posts, Github issues, discussions, design proposals, pull requests, papers, source code files I went through when I was working with Kubernetes - which I think are valuable for people to understand how Kubernetes works, Kubernetes design philosophies and why these design came into places.
The new RAML 1.0 specification provides new features and additional flexibilty that makes it easier to design and create great APIs. In this session we will review some best practices for RESTful APIs and show how to add these features to your own APIs using the RAML specification. We will also cover common design patterns and address FAQs such as how to use annotations and add metadata to APIs.
Presentation in IBM Cloud Meet-up of Toronto
https://www.meetup.com/IBM-Cloud-Toronto/events/253903913/?_xtd=gatlbWFpbF9jbGlja9oAJGU3NmM3ZjdmLWE2NzgtNGVlNC1iNGZiLTBlZGE5ZWM0NDZjOQ
In this session we will be learning Bitbucket features, defining branching strategies, automating build,test, release and deployment process. Further will be creating multibranch pipelines.
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...KCDItaly
Many companies are experiencing a dramatic increase in the number of their Kubernetes clusters, for
reasons such as geographical/legislative constraints, data/service replication, etc.
However, when the number of clusters increases, the complexity of deploying apps, managing the entire
multi-cluster infrastructure, and keeping its state under control, becomes rapidly an unmanageable
problem.
A possible solution is Liqo, an open-source project that simplifies the creation of multi-cluster topologies
by replicating the Kubernetes “cattle” model also to clusters.
Liqo creates a virtual cluster that spans multiple real clusters, either on-prem or managed (AKS, EKS,
GKE), and instantiates the desired applications seamlessly in the appropriate cluster.
This talk will discuss the potentials and roadblocks of this vision and highlight how Liqo brings multi-
cluster transparency to the users.
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
Related Source Code https://github.com/abdennour/meetup-deployment-k8s
Intro
Why Deployment ?
What’s Deployment ?
How Deployment?
Deployment Strategies ( in general & in k8s )
Deployment Features
Demo ( distributed )
OpenShift is Red Hat's Platform-as-a-Service (PaaS) that lets developers quickly develop, host, and scale Docker container-based applications. OpenShift enables a uniform and standardised approach to container management across all hosting options including AWS/EC2 and other private/public cloud and on/off-premise variants. At this session, you will learn how Red Hat's enterprise clients are using OpenShift to enable their digital transformation initiatives. Examples will cover how realising a hybrid cloud strategy can simplify and reduce the risk of migrating and transitioning application workloads to containers in the cloud.
Alex Smith, Solutions Architect, Amazon Web Services, ASEAN
Stephen Bylo, Senior Solution Architect, Red Hat Asia Pacific Pte Ltd
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
This presentation by Serhii Abanichev (System Architect, Consultant, GlobalLogic) was delivered at GlobalLogic Kharkiv DevOps TechTalk #1 on October 8, 2019.
In this talk were covered:
- Full coverage of DevOps with Azure DevOps Services:
- Create, test and deploy in any programming language, to any cloud or local environment.
- Run concurrently on Linux, macOS, and Windows, deploying containers for individual hosts or Kubernetes.
- Azure DevOps Services: a Microsoft solution that replaces dozens of tools ensuring smooth delivery to end users.
Event materials: https://www.globallogic.com/ua/events/kharkiv-devops-techtalk-1/
KMIP stands for key management interoperability protocol. Provides simple binary and TTLV variant protocol to manage various cryptographic key cycles for enterprise needs viz., for enterprise applications, data encryption etc.
In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
This is part 1 of my Kubernetes architecture deep-dive slide series.
I have been working with Kubernetes for more than a year, from v1.3.6 to v1.6.7, and I am a CNCF certified Kubernetes administrator. Before I move on to something else, I would like to summarize and share my knowledges and take-aways about Kubernetes, from a software engineer perspective.
This set of slides is a humble dig into one level below your running application in production, revealing how different components of Kubernetes work together to orchestrate containers and present your applications to the rest of the world.
The slides contains 80+ external links to Kubernetes documentations, blog posts, Github issues, discussions, design proposals, pull requests, papers, source code files I went through when I was working with Kubernetes - which I think are valuable for people to understand how Kubernetes works, Kubernetes design philosophies and why these design came into places.
국내 미디어 고객사의 AWS 활용 사례 - POOQ서비스 그리고 마이크로서비스 아키텍처, 콘텐츠연합플랫폼 - 박명순부장, 콘텐츠연합플랫폼 ...Amazon Web Services Korea
국내 미디어 고객사의 AWS 활용 사례 - POOQ서비스 그리고 마이크로서비스 아키텍처, 콘텐츠연합플랫폼
박명순부장, 콘텐츠연합플랫폼
Content Alliance Platfrom (CAP)는 2017년 POOQ 서비스 전체 - OTT플랫폼과 Live/VoD 전체 Headend - 를 AWS로 이전하였고, 2018년 4월에 Kubernetes 기반의 마이크로서비스 아키텍처를 적용한 POOQ 3.0 서비스를 론치하였습니다. 본 세션에서는 POOQ 3.0에 적용된 마이크로서비스의 도입 목적과 전환 과정 및 운영상에서 경험하신 Lesson&Learn 및 향후 계획에 대해서 소개해 드리고자 합니다.
[Games on AWS 2019] AWS 사용자를 위한 만랩 달성 트랙 | 코드 기반으로 인프라 운영하기 - 박성훈 NEOWIZ 팀장,...Amazon Web Services Korea
자체적으로 운영하던 인프라를 클라우드로 옮기면 속도와 운영 편의성에서 큰 진보를 할 수 있습니다. 하지만 여기서 끝내지 않고 전체 인프라 관리를 코드로 자동화할 수 있게 되면 한번 더 도약할 수 있습니다.네오위즈에서는 2017년부터 Infrastructure as Code 를 활용하기 시작하여 상당한 성과를 얻었습니다. 코드 기반 자동화로 어떤 것을 얻을 수 있는지와 성공적인 정착을 위해서 필요한 것들에 대해 실제 경험에서 얻은 정보를 공유해드릴 예정입니다.
모바일 게임과 앱을 위한 오픈소스 게임서버 엔진 프로젝트 CloudBread 프로젝트Dae Kim
CloudBread
클라우드 기반 무료 오픈소스 프로젝트로, 모바일 게임과 모바일 앱에 최적화된 게임 서버 엔진입니다. 모든 서비스는 마이크로소프트의 클라우드 서비스인 Azure에 최적화되어 동작하며, 안정성과 확장성을 목표로 개발 중입니다.
기능
•PaaS / DaaS 서버 엔진•PaaS, DaaS 로 손쉬운 개발 및 서비스 즉시 배포
•Real Auto Scale - PaaS
•개발/테스트/배포 = 통합 환경
•서비스 규모에 따른 앱 변경 없음
글로벌 론칭 아키텍처
•글로벌 론칭+데이터 동기화
•설계 부터 클라우드에 최적화된 아키텍처 및 프레임워크로 개발
•오픈소스 프레임워크 활용 개발
보안, 관리, 기술교육
•저장/통신에 표준 암호화 기술 적용
•기본 관리자 서비스 및 커스터마이징
•분석/관리 배치 작업 추가 제작 가능
개발자 그룹
•페이스북 사용자 그룹 : https://www.facebook.com/groups/cloudBreadProject/
지원되는 모바일 & 클라이언트환경
•iOS, Android, Windows Phone, Windows 스토어앱, Xamarin, PhoneGap, Sencha 등
•Microsoft Azure Mobile Service가 지원하는 모바일 및 다양한 클라이언트 플랫폼 지원 : http://azure.microsoft.com/ko-kr/documentation/services/mobile-services/
설치
•Wiki의 튜토리얼 설치 참조
프로젝트 설명
•모바일게임과 모바일 앱에서 사용되는 사용자의 패턴과 액션을 기록해 기능들을 제공
•클라이언트 모바일 디바이스는 게임서버로 JSON 방식의 데이터를 요청하고 서버가 해당 데이터를 처리 후 응답
•약 100여개의 비즈니스 로직이 기본제공(Wiki 참조)
•클라이언트는 마이크로소프트가 오픈소스로 직접 만들어 제공하는 라이브러리를 통해 서버로 API를 호출
실행 예제와 API 리스트는 Wiki 참조
Contribute/질문/토론
•페이스북 사용자 그룹 : https://www.facebook.com/groups/cloudBreadProject/
Meetup tools for-cloud_native_apps_meetup20180510-vsminseok kim
마이크로서비스로 시스템을 구성하면 서비스간에 연관관계가 줄어들면서 서비스 릴리즈 속도가 높아지고 유연하게 대처할 수 있지만, 관리포인트가 늘어나게 되어 운영상에 많은 어려움을 마주치게 됩니다. 배포 될 때마다 생성되고 소멸되는 마이크로서비스를 다른 마이크로서비스가 쉽게 참조하게 하고 마이크로서비스들의 설정 정보를 일관되게 관리하는 일은 쉬운일이 아닙니다. 이러한 문제를 해결하기 위해 Spring Cloud 프로젝트와 같은 도구를 비롯하여 Pivotal Cloud Foundry와 같은 클라우드 플랫폼등이 있습니다. 이번 밋업에서는 마이크로서비스를 운영할 때의 어려운점과 도움을 주는 다양한 도구들에 대해 알아보도록 하겠습니다.
2018년 10월 19일 금요일, 오픈스택 한국 커뮤니티 정기 세미나에서 발표주셨던 자료입니다.
- 행사 정보: http://festa.io/events/118
- 발표자: 김용기 부장님
> Sr. Solution Architect, Red Hat
> Administrator, Ansible Facebook Usergroup
9. 02 FreeIPA 이용방안
OS 계정 통합
사용용도
1. Linux OS 계정통합
Linux의 OS계정을 통합이 가능하다.
단 ipa client 모듈을 설치해야 됨.
** IPA는 SSSD가 꼭 설치되어야 하므로 Linux OS버전
에 따라 사용이 제한 5.x 6.x초반버전은 사용이 안될 수
있음
** ipa client모듈이 설치 없이 쓰기 위해서는 직접 설정을
하면 됨
10. 02 FreeIPA 이용방안
Windows AD 연동 : Sync , Trust
Windows AD 연동
1. Sync
AD -> IPA (389)
IPA (389) -> AD
계정동기화 가능 : AD -> IPA(389)일 경우
AD DC에 모듈 설치 필요
2. Trust
Sync
Trust
12. 03 System Login SSO
Kerberos 이용한 사용자 로그인
SSH LOGIN
ipa-client
ipa-server
ID/PW
kinit
SSH LOGIN
자동로그인
SSO
1. ipa-client 로 첫 로그인 시도
ID/PW로 로그인
kinit으로 Kerberos 티켓 요청 및 획득
( 이부분을 Script를 통해 자동화 하면 좀 편함)
2. ipa-server로 두번째 로그인
kerberos 티켓을 받은 상황이라 이후 로그인은 자동
으로 로그인
1
2