When you are designing a production environment security is essential. All the Docker ecosystem but in particular Docker Swarm allows us to ship our containers out of our laptop, how can we make this process safe? During my talk, I will share tips around production environment, immutability and how troubleshooting common attack as code injection with Docker. Static analysis of our images, content trust with Notary to make our journey secure.
How can we setup a cluster on the main cloud providers with VPN and node labeling to expose only a portion of our cluster? I will also show what Docker provides (Content Trust, Static Analysis) but also open source alternatives as Notary, centos/clair and Cilium.
In the end of this talk, we had a better idea around how manage Docker in production.
MongoDB.local DC 2018: MongoDB Ops Manager + KubernetesMongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long
This webinar gets you started using the Kubernetes Ingress controllers for NGINX & NGINX Plus to load balance, route, and secure Kubernetes applications
Join this webinar to learn:
- The benefits of using Kubernetes and why it's become the de facto container scheduler
- About the Kubernetes Ingress resource and Ingress controllers
- How to use NGINX and NGINX Plus Ingress controllers to load balance, route traffic to, and secure applications on Kubernetes
- How to monitor the NGINX Plus Ingress controller with Prometheus
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Openshift. A powerful policy-based management that makes networking on large scale easy. We will see some code examples, use cases and an easy tutorial on the web. This session is a follow up to the successful sessions at Codemotion Rome and Amsterdam in 2016: we'll go deeper into the architecture and the use cases.
Load Balancing Applications on Kubernetes with NGINXAine Long
Slides from Michael Pleshavkov - Platform Integration Engineer, NGINX about HTTP load balancing on Kubernetes with NGINX. You will learn how to configure load balancing for a web application using a Kubernetes Ingress resource and how to deploy and use NGINX Ingress controller.
MongoDB.local DC 2018: MongoDB Ops Manager + KubernetesMongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long
This webinar gets you started using the Kubernetes Ingress controllers for NGINX & NGINX Plus to load balance, route, and secure Kubernetes applications
Join this webinar to learn:
- The benefits of using Kubernetes and why it's become the de facto container scheduler
- About the Kubernetes Ingress resource and Ingress controllers
- How to use NGINX and NGINX Plus Ingress controllers to load balance, route traffic to, and secure applications on Kubernetes
- How to monitor the NGINX Plus Ingress controller with Prometheus
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Openshift. A powerful policy-based management that makes networking on large scale easy. We will see some code examples, use cases and an easy tutorial on the web. This session is a follow up to the successful sessions at Codemotion Rome and Amsterdam in 2016: we'll go deeper into the architecture and the use cases.
Load Balancing Applications on Kubernetes with NGINXAine Long
Slides from Michael Pleshavkov - Platform Integration Engineer, NGINX about HTTP load balancing on Kubernetes with NGINX. You will learn how to configure load balancing for a web application using a Kubernetes Ingress resource and how to deploy and use NGINX Ingress controller.
Presented by: Jason Mimick
Technical Director, MongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache.
NGINX Plus is a software load balancer, web server, and content cache built on top of open source NGINX.
Nginx is used to
~ Improve Application Performance
~ Improve End‑User Satisfaction
~ Traffic Management
~ Better Security
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX, Inc.
On-Demand Link: https://www.nginx.com/resources/webinars/nginx-101-web-traffic-encryption-ssl-tls/
85% of all web traffic is encrypted. This now standard practice helps ensure that data (sensitive or not) sent over the Internet remains private and out of the hands of eavesdroppers and hackers. But how do you encrypt traffic? The answer is with SSL/TLS, an encryption protocol that protects Internet communication.
Join this NGINX 101 foundational webinar to learn more about the importance of and best practices for encrypting your web, application, and API traffic. Our presenters show you how to create or procure a certificate to ensure transactions are authenticated, as well as demo how straightforward it is to encrypt and secure your web traffic using NGINX. We also answer attendee questions about NGINX and encryption.
Robert Haynes
Technical Marketing Manager
F5
Interconnecting containers at scale #Dockercon sarahnovotny
Or, how NGINX can act as your stevedores properly routing and accelerating HTTP and TCP traffic to pods of containers across a globally distributed environment.
NGINX can be used to manage and route your traffic across your distributed micro services architecture offering a seamless interface to your customers and giving you granular management of backend service scaling and versions. Add in some caching and load balancing and the efficiencies of an application delivery platform become apparent.
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0NGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/whats-new-nginx-ingress-controller-kubernetes-version-150/
Kubernetes is the leading orchestration platform for deploying, scaling, and managing containerized applications. Infrastructure operators constantly impose new application delivery requirements as they adopt Kubernetes for production workloads. The NGINX Ingress controller is the most popular ingress load balancer for Kubernetes, providing a complete and supported solution for delivering your containerized applications to clients.
Attend this webinar to learn about the latest developments in NGINX Ingress Controller for Kubernetes Release 1.5.0.
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
Deep dive into container networking for Docker EE (Enterprise Edition) using open source Contiv networking solution. Talk + demo of Docker EE Swarm mode + Contiv.
Video recording of the talk is at the Cisco Live web site. www.ciscolive.com
NGINX ADC: Basics and Best Practices – EMEANGINX, Inc.
In this webinar we help you get started with NGINX, industry’s most ubiquitous web server and API gateway. We cover best practices for installing, configuring, and troubleshooting both NGINX Open Source and the enterprise-grade NGINX Plus. We provide insights about using NGINX Controller to manage your NGINX Plus instances.
Watch this webinar to learn:
- How to create NGINX configurations for web server, load balancer, etc.
- About improving performance using keepalives and other NGINX directives
- How the NGINX Controller Load Balancing Module can manage NGINX Plus instances at scale
- About augmenting your existing ADC with NGINX
https://www.nginx.com/resources/webinars/nginx-adc-basics-best-practices-emea/
On-demand recording: nginx.com/resources/webinars/nginx-basics-best-practices
You’ve heard of NGINX and the benefits it can provide to your web application, but maybe you’re not sure how to get started. There are a lot of tutorials online, but they can be outdated and contradict each other, making things more challenging. In this webinar we’ll cover the basics of NGINX to help you effectively begin using it as part of your existing or new web app.
This webinar covers how to:
* Install NGINX and verify it's properly running
* Create NGINX configurations for reverse proxy, load balancer, etc.
* Improve performance using keepalives and other NGINX directives
* Debug and troubleshoot using NGINX logs
Watch this Tech Talk: https://do.co/video_pgupta
An introduction into the world of containers and the orchestration ecosystem, and how Kubernetes can help software developers and cloud infrastructure engineers be more agile, efficient, and productive.
Containers and Kubernetes have changed the infra world for good, bringing agility, efficiency, and more productivity. Still thinking about how to get started with Kubernetes? This talk is designed to give you an introduction into the world of containers and the orchestration ecosystem.
What You'll Learn
- Introduction to containers and microservices
- Introduction to Kubernetes and how it can help
- Essential Kubernetes building blocks (“primitives”) for getting started
About the Presenter
Peeyush Gupta is a cloud enthusiast with 5+ years of experience in developing cloud platforms and helping customers migrate their legacy applications to cloud. He has also been a speaker at multiple meetups and serves the developer community as part of Kubernetes contributor experience group. He is currently working with DigitalOcean as a Senior Developer Advocate.
New to DigitalOcean? Get US $100 in credit when you sign up: https://do.co/deploytoday
To learn more about DigitalOcean: https://www.digitalocean.com/
Follow us on Twitter: https://twitter.com/digitalocean
Like us on Facebook: https://www.facebook.com/DigitalOcean
Follow us on Instagram: https://www.instagram.com/thedigitalocean/
We're hiring: http://do.co/careers
Code Days, February 2021, talk by Mario-Leander Reimer (@LeanderReimer, Chief Software Architect at QAware)
== Please download slides if blurred! ==
Abstract: Use the right tool (and language) for the job! That is the general motto of this hands-on session. Go has established itself as a simple, reliable and efficient programming language, especially in the Ops and cloud-native area: Docker, Kubernetes and many other well-known tools and infrastructure components are all implemented in Go. This session is packed with many practical use cases and examples to illustrate and explore the power of the Go language universe.
In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.
In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Presented by: Jason Mimick
Technical Director, MongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache.
NGINX Plus is a software load balancer, web server, and content cache built on top of open source NGINX.
Nginx is used to
~ Improve Application Performance
~ Improve End‑User Satisfaction
~ Traffic Management
~ Better Security
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX, Inc.
On-Demand Link: https://www.nginx.com/resources/webinars/nginx-101-web-traffic-encryption-ssl-tls/
85% of all web traffic is encrypted. This now standard practice helps ensure that data (sensitive or not) sent over the Internet remains private and out of the hands of eavesdroppers and hackers. But how do you encrypt traffic? The answer is with SSL/TLS, an encryption protocol that protects Internet communication.
Join this NGINX 101 foundational webinar to learn more about the importance of and best practices for encrypting your web, application, and API traffic. Our presenters show you how to create or procure a certificate to ensure transactions are authenticated, as well as demo how straightforward it is to encrypt and secure your web traffic using NGINX. We also answer attendee questions about NGINX and encryption.
Robert Haynes
Technical Marketing Manager
F5
Interconnecting containers at scale #Dockercon sarahnovotny
Or, how NGINX can act as your stevedores properly routing and accelerating HTTP and TCP traffic to pods of containers across a globally distributed environment.
NGINX can be used to manage and route your traffic across your distributed micro services architecture offering a seamless interface to your customers and giving you granular management of backend service scaling and versions. Add in some caching and load balancing and the efficiencies of an application delivery platform become apparent.
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0NGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/whats-new-nginx-ingress-controller-kubernetes-version-150/
Kubernetes is the leading orchestration platform for deploying, scaling, and managing containerized applications. Infrastructure operators constantly impose new application delivery requirements as they adopt Kubernetes for production workloads. The NGINX Ingress controller is the most popular ingress load balancer for Kubernetes, providing a complete and supported solution for delivering your containerized applications to clients.
Attend this webinar to learn about the latest developments in NGINX Ingress Controller for Kubernetes Release 1.5.0.
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
Deep dive into container networking for Docker EE (Enterprise Edition) using open source Contiv networking solution. Talk + demo of Docker EE Swarm mode + Contiv.
Video recording of the talk is at the Cisco Live web site. www.ciscolive.com
NGINX ADC: Basics and Best Practices – EMEANGINX, Inc.
In this webinar we help you get started with NGINX, industry’s most ubiquitous web server and API gateway. We cover best practices for installing, configuring, and troubleshooting both NGINX Open Source and the enterprise-grade NGINX Plus. We provide insights about using NGINX Controller to manage your NGINX Plus instances.
Watch this webinar to learn:
- How to create NGINX configurations for web server, load balancer, etc.
- About improving performance using keepalives and other NGINX directives
- How the NGINX Controller Load Balancing Module can manage NGINX Plus instances at scale
- About augmenting your existing ADC with NGINX
https://www.nginx.com/resources/webinars/nginx-adc-basics-best-practices-emea/
On-demand recording: nginx.com/resources/webinars/nginx-basics-best-practices
You’ve heard of NGINX and the benefits it can provide to your web application, but maybe you’re not sure how to get started. There are a lot of tutorials online, but they can be outdated and contradict each other, making things more challenging. In this webinar we’ll cover the basics of NGINX to help you effectively begin using it as part of your existing or new web app.
This webinar covers how to:
* Install NGINX and verify it's properly running
* Create NGINX configurations for reverse proxy, load balancer, etc.
* Improve performance using keepalives and other NGINX directives
* Debug and troubleshoot using NGINX logs
Watch this Tech Talk: https://do.co/video_pgupta
An introduction into the world of containers and the orchestration ecosystem, and how Kubernetes can help software developers and cloud infrastructure engineers be more agile, efficient, and productive.
Containers and Kubernetes have changed the infra world for good, bringing agility, efficiency, and more productivity. Still thinking about how to get started with Kubernetes? This talk is designed to give you an introduction into the world of containers and the orchestration ecosystem.
What You'll Learn
- Introduction to containers and microservices
- Introduction to Kubernetes and how it can help
- Essential Kubernetes building blocks (“primitives”) for getting started
About the Presenter
Peeyush Gupta is a cloud enthusiast with 5+ years of experience in developing cloud platforms and helping customers migrate their legacy applications to cloud. He has also been a speaker at multiple meetups and serves the developer community as part of Kubernetes contributor experience group. He is currently working with DigitalOcean as a Senior Developer Advocate.
New to DigitalOcean? Get US $100 in credit when you sign up: https://do.co/deploytoday
To learn more about DigitalOcean: https://www.digitalocean.com/
Follow us on Twitter: https://twitter.com/digitalocean
Like us on Facebook: https://www.facebook.com/DigitalOcean
Follow us on Instagram: https://www.instagram.com/thedigitalocean/
We're hiring: http://do.co/careers
Code Days, February 2021, talk by Mario-Leander Reimer (@LeanderReimer, Chief Software Architect at QAware)
== Please download slides if blurred! ==
Abstract: Use the right tool (and language) for the job! That is the general motto of this hands-on session. Go has established itself as a simple, reliable and efficient programming language, especially in the Ops and cloud-native area: Docker, Kubernetes and many other well-known tools and infrastructure components are all implemented in Go. This session is packed with many practical use cases and examples to illustrate and explore the power of the Go language universe.
In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.
In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share best practices (including ones followed internally at Amazon) and how you can bring them to your company by using open source and AWS services.
Speaker: Raghuraman Balachandran, Solutions Architect, Amazon India
DCSF 19 Building Your Development Pipeline Docker, Inc.
Oliver Pomeroy, Docker & Laura Tacho, Cloudbees
Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.
Open source security tools for Kubernetes.Michael Ducy
Cloud Native platforms such as Kubernetes help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important.
In this talk, we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain a secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.
DCEU 18: Building Your Development PipelineDocker, Inc.
Oliver Pomeroy - Solution Engineer, Docker
Laura Frank Tacho - Director of Engineering, CloudBees
Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges… Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and “how-to”s, Olly and Laura will guide you through common situations and decisions related to your pipelines. We’ll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.
Nisha introduces Tern, a utility for software package introspection in containers. This tool allows administrators to have the same level of confidence on what's in their containers as they currently do with VM images, including compliance audits, bill of materials, and exploit detection. Nisha is the primary author of Tern.
https://github.com/vmware/tern
CloudNativeTurkey - Lines of Defence.pdfKoray Oksay
Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment.
In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.
A presentation I gave on September 26 at the Melbourne Symfony developers group on using Environment Variables (envvars) in Symfony and managing secrets in your PHP applications.
For more information on these subjects, check out the supporting piece I wrote: https://samjarrett.com.au/swipe-right
Containerizing your Security Operations CenterJimmy Mesta
AppSec USA 2016 talk on using containers and Kubernetes to manage a variety of security tools. Includes best practices for securing Kubernetes implementations.
No more Dockerfiles? Buildpacks to help you ship your image!Anthony Dahanne
Do you always create a new Dockerfile for each new project?
Do you implement your own SSL certificate logic in this Dockerfile?
Do you forget to update your base image version?
Do you wonder how to generate a Bill Of Material to comply with your organization requirements?
Have you answered yes to any of those questions? Come and attend this talk to learn a new way to build your images, all use cases included - demos provided along the way!
Go fit perfectly inside containers, you can ship apps as tiny images on k8s, distributing them across the globe. Gianluca will show how InfluxData debugs containers running on Kubernetes to allow sysadmins and developers to troubleshoot and replicate issues using core dump, debuggers, and logs.
Go applications are perfect to be run inside a container. You can build a single binary, a tiny Docker image and you can ship them on your Kubernetes cluster. A successful production environment requires stability and simplicity, it needs to be easy to troubleshoot and operators need to be able to get all the information developers will need to fix a bug. During this talk, Gianluca will share what influxData is doing to allow developers and system administrator to work together, understanding problems running live at scale on Kubernetes and how to escalate them down to Software Engineer using logs, delve, gdb, core dumps, and traces to replicate and fix issues.
Modern software development is increasingly taking a “microservice” approach that has resulted in an explosion of complexity at the network level. We have more applications running distributed across different datacenters. Distributed tracing, events, and metrics are essential for observing and understanding modern microservice architectures.
This talk is a deep dive on how to monitor your distributed system. You will get tools, methodologies, and experiences that will help you to realize what your applications expose and how to get value out from all these information.
Gianluca Arbezzano, SRE at InfluxData will share how to monitor a distributed system, how to switch from a more traditional monitoring approach to observability. Stay focused on the server’s role and not on the hostname because it’s not really important anymore, our servers or containers are fast moving part and it’s easy to detach it from the right in case of trouble than call the server by name as a cute puppet. How to design a SLO for your core services and now to iterate on them. Instrument your services with tracing using tools like Zipkin or Jaeger to measure latency between in your network.
Value of your metrics: goodbye monitoring, welcome observabilityGianluca Arbezzano
Monitoring is not mainstream anymore, observability is. 10 minutes about why this shift is happening now and what's the purpose of that. Is it just another name for monitoring?
I would like to speak about what I am actually doing at InfluxData. Sharing with you some ideas about how an orchestrator should work. We will start from a bit of history about distributed system, containers, runtime and so on. Hoping to have a good chat about the future of scheduling and orchestrator.
Gianluca has been working on a project called Orbiter, an open source tool designed to be an easy to maintain autoscaler for Docker Swarm. He will present an overview about Docker Swarm & demo this project and take your questions and suggestions.
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
That is this group? How does it work? What is the CNCF? After this short introduction I am going to show you what is Opentracing what it means and why the adoption is growing so much in a short amount of time. Use cases, possible implementations and so on.
Pull vs Push is the hot topic when you starts to evaluate a monitoring system. During this talk I showed how Prometheus and InfluxDB work and how you can get service discovery and pull mechanism with InfluxDB. The demo is linked as github repository.
Open Tracing, to order and understand your mess. - ApiConf 2017Gianluca Arbezzano
This about how many api calls your applications were doing 3-4 years ago, and think about how many integration and difference services your requests is crossing before to come back to the final destination. How do you know this step of your pipeline is taking too much time? What is taking 2 seconds to answer? Is it the authentication service? Maybe it's the invoice generation service or the notification platform. Open Tracing is a distributed tracing cross vendor and open source that help you to understand bottleneck and to profile the requests from where they arrive at the final user. In an ecosystem where microservices and as a service concept are growing this can be a real challenge. During this presentation, we will see how it works from a general point of view to land in some real implementation, examples, and demo.
There are a lot of Continuous Integration services but Jenkins is still one of the most used in most programming languages. In this talk I will share the CurrencyFair experience, how our IT Team made of 40 engineers manage CurrencyFair delivery with GitHub, Jenkins, Hubot and Slack on different environments. Artifact to guarantee the stability of your codebase, pipeline and some Jenkins’s plugins in order to create the most comfortable delivery flow for your projects.
Our application speaks, time series are one of their languages. During this talk I will share how to use the open source Tick Stack to spin up a modern monitoring system for your application and your infrastructure. DevOps, cloud computing and containers changed how we are writing and running our applications. This talk shows what InfluxData and the community is building to have a modern and flexible monitoring toolkit.
Tick Stack - Listen your infrastructure and please sleepGianluca Arbezzano
Our application and our infrastructure speak, time series are one of their languages, during this talk I will share my experience about InfluxDB and time series to monitor and know the status of our cloud infrastructure. We will show best practice and tricks to grab information from an application in order to understand the mains difference between logs and time series.
Docker released 1.13. As usual full of features and bug fixes. During the Dublin Meetup I presented news and I run a demo about image squash, stack and compose v3, secrets and so on.
There is a module for evenrything, zend framework is a modular framework. How can I write good code?
Packaging and reuse code is an important practice for write good application.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Hello!
I am Gianluca Arbezzano
Site Reliability Engineer at InfluxDB
oss maintainer and Docker Captain
You can find me:
@gianarb on Twitter and GitHub
3. Play Safe - a free ebook about Container Security.
What?
I wrote an ebook ~55 pages
about Docker and Container
Security. It comes from my
daily experience deploying and
making containers secure.
CoreOS Clair, Apparmor,
SwarmKit, Notary, Cilium and a
lot more...
Get it http://scaledocker.com
Leave your email and you will receive the ebook.
4. Make it
easy to do
the secure
things
Otherwise your colleagues
will be the perfect
vulnerability.
25. BPF - github.com/cilium/cilium
BPF is a highly flexible and efficient virtual
machine-like construct in the Linux kernel allowing to
execute bytecode at various hook points in a safe
manner. It is used in a number of Linux kernel
subsystems, most prominently networking, tracing and
security
http://cilium.readthedocs.io/en/latest/bpf/
37. COREOS Clair
1. In regular intervals, Clair ingests vulnerability
metadata from a configured set of sources and
stores it in the database.
2. Clients use the Clair API to index their container
images; this parses a list of installed source
packages and stores them in the database.
3. Clients use the Clair API to query the database;
correlating data is done in real time, rather than a
cached result that needs re-scanning.
4. When updates to vulnerability metadata occur, a
webhook containing the affected images can be
configured to page or block deployments.
42. SHA1 - First collision
https://security.googleblog.com/2017/02/
announcing-first-sha1-collision.html
43. GPG limitation
● Is it coming from the place
where I hope?
● Between the sender and the
receiver what happen?
● Are the signatures too old?
44. TUF - The update
framework
https://theupdateframework.github.io
45. The framework is inspired by
Thandy the Tor’s secure updating
system
46. Main principles:
◎ Responsibility Separation to decrease the
scope of a specific role.
◎ Survivable key compromise and scoped
keys.
◎ Multi-Signature thresholding
47. It doesn’t manage
your packages
It only manage identity and signatures in
a separate location.