How kubernetes works community, velocity, and contribution - osls 2017 (1)Brian Grant
Kubernetes is a very successful project today, based on stars analysis it is in top 0.01% of all github projects. Why is it successful? The technology is part of it. But we think that what makes Kubernetes special and successful is it’s community. In this talk we will describe the organization and evolution of the Kubernetes community. How we organize technical decision making and overall project roadmap. What makes it possible to have an open and growing community. What ensures the quality and timeliness of our releases. Most importantly, mistakes we made and what learnt from them in the 2.5 years of rapid growth.
Dockercon 2019 Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
Cloud native applications are composed of containers, serverless functions and managed cloud services.
What is the best set of tools on your desktop to provide a rapid, iterative development experience and package applications using these three components?
This hand-on talk will explain how you can complement Docker Desktop, with it’s local Docker engine and Kubernetes cluster, with open source tools such as the Virtual Kubelet, Open Service Broker, the Gloo hybrid app gateway, Draft, and others, to build the most productive development inner-loop for these type of applications.
It will also cover how you can use the Cloud Native Application Bundle (CNAB) format and it’s implementation in the Docker app experimental tool to package your application and manage it with container supply chain tooling such as Docker Hub.
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeployAmazon Web Services
The .NET Platform is undergoing a revolution with a new modularized .NET Framework and CoreCLR, a new cross platform runtime. ASP.NET 5 gives .NET developers the ability to develop and run their applications outside of Windows. In this session we will explore how to develop and deploy ASP.NET 5 applications on Windows with AWS CodeDeploy and Linux with Docker. For Docker we will explore using Docker with both Elastic Beanstalk and EC2 Container Service.
Using Rancher and Docker with RightScale at Industrie IT RightScale
Many early Docker users are also now looking at clustering solutions such as Rancher. Industrie IT is using Docker, Rancher, and RightScale to help clients build digital applications using continuous integration (CI) and continuous delivery (CD) practices.
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
Organizations around the globe are leveraging the cloud to accomplish world-changing missions. This session will address how AWS can help organizations put more money toward their mission and scale outreach and operations to achieve more with less. Hear some of AWS’s most advanced customers on how their organizations handle DevOps, continuous integration and deployment. Learn how these practices allow them to rapidly develop, iterate, test and deploy highly-scalable web applications and core operational systems on AWS. The discussion will focus on best practices, lessons learned, and the specific technologies and services they use.
4Developers 2018: Zero-Downtime deployments with Kubernetes (Mateusz Dymiński)PROIDEA
W prezentacji postaram się pokazać kilka technik, dzięki którym końcowy użytkownik naszej aplikacji nie zorientuje się, że właśnie wykonaliśmy deployment, a wersja, której używa właśnie się zmieniła. Niektóre z nich będą dotyczyły stricte aplikacji(przykłady w Go i Javie), a część będzie związana z platformą Kubernetes.
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
Cloud native applications are increasingly composed of containers, serverless functions responding to events and managed cloud services. What is the best workflow and set of tools to provide a rapid, iterative development experience and to package applications using these three components?
This hand-on talk will compare and contrast several sets of tools and their associated workflows:
Using Docker Desktop, with its local Docker engine and Kubernetes cluster, with open source tools such as the Virtual Kubelet, or the Gloo hybrid app gateway, to build the most productive development inner-loop for these type of applications
OpenFaaS, Fn, or Nuclio open source serverless framework to run functions in containers locally
Telepresence to run a container locally, connected to a remote cluster
Helm and Draft
Knative
The talk will also cover how you can use the Cloud Native Application Bundle (CNAB) format and tools to package your applications and share them using a container registry.
How kubernetes works community, velocity, and contribution - osls 2017 (1)Brian Grant
Kubernetes is a very successful project today, based on stars analysis it is in top 0.01% of all github projects. Why is it successful? The technology is part of it. But we think that what makes Kubernetes special and successful is it’s community. In this talk we will describe the organization and evolution of the Kubernetes community. How we organize technical decision making and overall project roadmap. What makes it possible to have an open and growing community. What ensures the quality and timeliness of our releases. Most importantly, mistakes we made and what learnt from them in the 2.5 years of rapid growth.
Dockercon 2019 Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
Cloud native applications are composed of containers, serverless functions and managed cloud services.
What is the best set of tools on your desktop to provide a rapid, iterative development experience and package applications using these three components?
This hand-on talk will explain how you can complement Docker Desktop, with it’s local Docker engine and Kubernetes cluster, with open source tools such as the Virtual Kubelet, Open Service Broker, the Gloo hybrid app gateway, Draft, and others, to build the most productive development inner-loop for these type of applications.
It will also cover how you can use the Cloud Native Application Bundle (CNAB) format and it’s implementation in the Docker app experimental tool to package your application and manage it with container supply chain tooling such as Docker Hub.
(DEV302) Hosting ASP.Net 5 Apps in AWS with Docker & AWS CodeDeployAmazon Web Services
The .NET Platform is undergoing a revolution with a new modularized .NET Framework and CoreCLR, a new cross platform runtime. ASP.NET 5 gives .NET developers the ability to develop and run their applications outside of Windows. In this session we will explore how to develop and deploy ASP.NET 5 applications on Windows with AWS CodeDeploy and Linux with Docker. For Docker we will explore using Docker with both Elastic Beanstalk and EC2 Container Service.
Using Rancher and Docker with RightScale at Industrie IT RightScale
Many early Docker users are also now looking at clustering solutions such as Rancher. Industrie IT is using Docker, Rancher, and RightScale to help clients build digital applications using continuous integration (CI) and continuous delivery (CD) practices.
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
Organizations around the globe are leveraging the cloud to accomplish world-changing missions. This session will address how AWS can help organizations put more money toward their mission and scale outreach and operations to achieve more with less. Hear some of AWS’s most advanced customers on how their organizations handle DevOps, continuous integration and deployment. Learn how these practices allow them to rapidly develop, iterate, test and deploy highly-scalable web applications and core operational systems on AWS. The discussion will focus on best practices, lessons learned, and the specific technologies and services they use.
4Developers 2018: Zero-Downtime deployments with Kubernetes (Mateusz Dymiński)PROIDEA
W prezentacji postaram się pokazać kilka technik, dzięki którym końcowy użytkownik naszej aplikacji nie zorientuje się, że właśnie wykonaliśmy deployment, a wersja, której używa właśnie się zmieniła. Niektóre z nich będą dotyczyły stricte aplikacji(przykłady w Go i Javie), a część będzie związana z platformą Kubernetes.
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
Cloud native applications are increasingly composed of containers, serverless functions responding to events and managed cloud services. What is the best workflow and set of tools to provide a rapid, iterative development experience and to package applications using these three components?
This hand-on talk will compare and contrast several sets of tools and their associated workflows:
Using Docker Desktop, with its local Docker engine and Kubernetes cluster, with open source tools such as the Virtual Kubelet, or the Gloo hybrid app gateway, to build the most productive development inner-loop for these type of applications
OpenFaaS, Fn, or Nuclio open source serverless framework to run functions in containers locally
Telepresence to run a container locally, connected to a remote cluster
Helm and Draft
Knative
The talk will also cover how you can use the Cloud Native Application Bundle (CNAB) format and tools to package your applications and share them using a container registry.
Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Docker, Inc.
What is the right balance between moving fast, innovating, experimenting with new technology, and protecting the personal data of our customers and interests of our stakeholders? How can we safely try new ideas in production without risking costly downtime? Does the utopia where developers are free from lock-in and operators enjoy the calm of a steadily running system exist in the real world? Is it possible to have open platforms with better security? At Kroger Digital we are still working through these questions every day but are redesigning our systems with the goals of true operational maturity and security. Discover how we are building capabilities for monitoring, A/B testing, and continuous delivery with Docker Datacenter, plugins, and open source building blocks such as NGiNX, ElasticSearch, and more.
DockerCon SF 2015: Using Docker to Keep Houses Warm: Highly Distributed Micro...Docker, Inc.
Eric Feliksik's Slides from his DockerCon presentation:
Nerdalize is a Dutch start-up that provides affordable and green computing power with an innovative approach. We heat living rooms with CPUs, as high-performance computer hardware is fit into a beautiful design radiator. While home owners heat for free, a massive distributed compute infrastructure becomes available.
In this talk, we give a detailed overview of how Docker, Rancher and other tools in the ecosystem enable us to leverage such a highly distributed micro-datacenter architecture. We discuss how our approach drastically eliminates data center infrastructure costs, and how we aim to change the environmental impact of the compute industry.
** Devops CI-CD pipeline using Containers **
by Priyanka Dive, DevOps Engineer/Senior Solutions Architect.
Priyanka will briefly introduce DevOps practices and technologies. She will also give a demo of an end-to-end DevOps pipeline using Git (source code management), Jenkins ( continuous integration), Sonarqube (code analysis) with Docker & Kubernetes.
Presented at Nulab Drinking Code meetup (30 August 2019): https://www.meetup.com/DrinkingCodeSG/events/263412142/
Meet Puppet's new product lineup.
As we enter a new age of automation — where every company needs to be able to deliver better software, faster — our goal is to provide the tools you need to iterate faster, ship sooner and deliver more customer value.
Earlier this month, we announced brand new products, Puppet Tasks™ and Puppet Discovery™, to give you greater control and end-to-end visibility over your software delivery. We also introduced exciting updates to Puppet Enterprise and a new integration with Splunk.
Join Nigel Kersten, Chief Technical Strategist, and Tim Zonca, VP of Marketing, on 26 October from 4:30 - 5:30 p.m. PT for an in-depth look at what’s new:
Puppet Discovery is a new offering that lets you see everything you have in real time across your on-premises, cloud and container infrastructure, and know what you need to automate next.
Puppet Tasks, a new family of offerings that encompass both Puppet Bolt™ and Puppet Enterprise Task Management, makes it simple to automate ad hoc tasks, deploy one-off changes, and execute sequenced actions in an imperative way.
Our new integration with Splunk provides a unified workflow between the intelligence provided by Splunk and the automation provided by Puppet, giving you the power to turn insights into action faster.
With Distelli joining Puppet, we’re uniting the entire software delivery lifecycle, to bring you a platform built for the enterprise, that integrates with a wide variety of tools and helps you avoid vendor lock-in.
Priming Your Teams For Microservice Deployment to the CloudMatt Callanan
You think of a great idea for a microservice and want to ship it to production as quickly as possible. Of course you'll need to create a Git repo with a codebase that reuses libraries you share with other services. And you'll want a build and a basic test suite. You'll want to deploy it to immutable servers using infrastructure as code that dev and ops can maintain. Centralised logging, monitoring, and HipChat notifications would also be great. Of course you'll want a load balancer and a CNAME that your other microservices can hit. You'd love to have blue-green deploys and the ability to deploy updates at any time through a Continuous Delivery pipeline. Phew! How long will it take to set all this up? A couple of days? A week? A month?
What if you could do all of this within 30 minutes? And with a click of a button soon be receiving production traffic?
Matt introduces "Primer", Expedia's microservice generation and deployment platform that enables rapid experimentation in the cloud, how it's caused unprecedented rates of learning, and explain tips and tricks on how to build one yourself with practical takeaways for everyone from the startup to the enterprise.
Video: https://www.youtube.com/watch?v=Xy4EkaXyEs4
Meetup: http://www.meetup.com/Devops-Brisbane/events/225050723/
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
By,
Sajith Ainikkal
In this brief talk I will touch up on how Pivotal & CloudFoundry Foundation driving a Cloud Agnostic Platform based approach towards building modern cloud native applications without worrying about the hassles of 'Day 2' issues of managing VM and Container clusters and its adoption across enterprise segments. I will also talk about few of the latest stuff in the market including the developments in BOSH, Open Service Broker APIs initiative and OCI (Open Container Initiative). Today Cloud Foundry Garden and Docker are two implementations of OCI and Garden containers can run a Cloud Foundry / Docker /Windows container image.
Building a CI/CD Pipeline for Containers - DevDay Los Angeles 2017Amazon Web Services
What to expect:
- Review continuous integration, delivery, and deployment
- Using Docker images, Amazon ECS, and Amazon ECR for CI/CD
- Deployment strategies with Amazon ECS
- Building Docker container images with AWS CodeBuild
- Orchestrating deployment pipelines with AWS CodePipeline
DockerCon SF 2015: Docker in the New York Times NewsroomDocker, Inc.
Eric Buth's Presentation at DockerCon SF 2015:
Talk Description: In the New York Times newsroom you’ll find a deeply heterogeneous technology environment that exists – by necessity – outside of the larger, more well-defined development pipelines of the rest of the organization. On the Interactive News team, part of our mission is providing a reliable path to production for designers/developers/reporters who need to be able to make their own technology choices on what can be extremely tight deadlines.
Containerization is becoming increasingly important to these efforts, and we’re ready to share our experience working with Docker and crafting complementary orchestration, communication, and organization solutions.
Kubernetes and the Rise of Application-centric ComputingBitnami
There is an ongoing transition in server-side infrastructure as successive technology layers emerge, evolve and mature. This talk introduces the architecture and features of Kubernetes and describes how Kubernetes is the natural “next step” in this changing landscape. We look at the new challenges in a world where the building blocks are “applications” rather than “servers” and finish with a glimpse into future function-centric serverless frameworks.
WSO2Con USA 2015: Getting More 9s from Your DeploymentWSO2
Managing a highly available and highly reliable deployment has always been challenging. To obtain more 9s from your deployment you need to focus the technology as well as on proper architecture, correct tooling, discipline, intelligent monitoring, and effective communication. This session will discuss how to mitigate risks with a fail-proof architecture, the importance of devops, monitoring the deployment, effective communication and best practices and know-hows of deployment.
Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Docker, Inc.
What is the right balance between moving fast, innovating, experimenting with new technology, and protecting the personal data of our customers and interests of our stakeholders? How can we safely try new ideas in production without risking costly downtime? Does the utopia where developers are free from lock-in and operators enjoy the calm of a steadily running system exist in the real world? Is it possible to have open platforms with better security? At Kroger Digital we are still working through these questions every day but are redesigning our systems with the goals of true operational maturity and security. Discover how we are building capabilities for monitoring, A/B testing, and continuous delivery with Docker Datacenter, plugins, and open source building blocks such as NGiNX, ElasticSearch, and more.
DockerCon SF 2015: Using Docker to Keep Houses Warm: Highly Distributed Micro...Docker, Inc.
Eric Feliksik's Slides from his DockerCon presentation:
Nerdalize is a Dutch start-up that provides affordable and green computing power with an innovative approach. We heat living rooms with CPUs, as high-performance computer hardware is fit into a beautiful design radiator. While home owners heat for free, a massive distributed compute infrastructure becomes available.
In this talk, we give a detailed overview of how Docker, Rancher and other tools in the ecosystem enable us to leverage such a highly distributed micro-datacenter architecture. We discuss how our approach drastically eliminates data center infrastructure costs, and how we aim to change the environmental impact of the compute industry.
** Devops CI-CD pipeline using Containers **
by Priyanka Dive, DevOps Engineer/Senior Solutions Architect.
Priyanka will briefly introduce DevOps practices and technologies. She will also give a demo of an end-to-end DevOps pipeline using Git (source code management), Jenkins ( continuous integration), Sonarqube (code analysis) with Docker & Kubernetes.
Presented at Nulab Drinking Code meetup (30 August 2019): https://www.meetup.com/DrinkingCodeSG/events/263412142/
Meet Puppet's new product lineup.
As we enter a new age of automation — where every company needs to be able to deliver better software, faster — our goal is to provide the tools you need to iterate faster, ship sooner and deliver more customer value.
Earlier this month, we announced brand new products, Puppet Tasks™ and Puppet Discovery™, to give you greater control and end-to-end visibility over your software delivery. We also introduced exciting updates to Puppet Enterprise and a new integration with Splunk.
Join Nigel Kersten, Chief Technical Strategist, and Tim Zonca, VP of Marketing, on 26 October from 4:30 - 5:30 p.m. PT for an in-depth look at what’s new:
Puppet Discovery is a new offering that lets you see everything you have in real time across your on-premises, cloud and container infrastructure, and know what you need to automate next.
Puppet Tasks, a new family of offerings that encompass both Puppet Bolt™ and Puppet Enterprise Task Management, makes it simple to automate ad hoc tasks, deploy one-off changes, and execute sequenced actions in an imperative way.
Our new integration with Splunk provides a unified workflow between the intelligence provided by Splunk and the automation provided by Puppet, giving you the power to turn insights into action faster.
With Distelli joining Puppet, we’re uniting the entire software delivery lifecycle, to bring you a platform built for the enterprise, that integrates with a wide variety of tools and helps you avoid vendor lock-in.
Priming Your Teams For Microservice Deployment to the CloudMatt Callanan
You think of a great idea for a microservice and want to ship it to production as quickly as possible. Of course you'll need to create a Git repo with a codebase that reuses libraries you share with other services. And you'll want a build and a basic test suite. You'll want to deploy it to immutable servers using infrastructure as code that dev and ops can maintain. Centralised logging, monitoring, and HipChat notifications would also be great. Of course you'll want a load balancer and a CNAME that your other microservices can hit. You'd love to have blue-green deploys and the ability to deploy updates at any time through a Continuous Delivery pipeline. Phew! How long will it take to set all this up? A couple of days? A week? A month?
What if you could do all of this within 30 minutes? And with a click of a button soon be receiving production traffic?
Matt introduces "Primer", Expedia's microservice generation and deployment platform that enables rapid experimentation in the cloud, how it's caused unprecedented rates of learning, and explain tips and tricks on how to build one yourself with practical takeaways for everyone from the startup to the enterprise.
Video: https://www.youtube.com/watch?v=Xy4EkaXyEs4
Meetup: http://www.meetup.com/Devops-Brisbane/events/225050723/
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
By,
Sajith Ainikkal
In this brief talk I will touch up on how Pivotal & CloudFoundry Foundation driving a Cloud Agnostic Platform based approach towards building modern cloud native applications without worrying about the hassles of 'Day 2' issues of managing VM and Container clusters and its adoption across enterprise segments. I will also talk about few of the latest stuff in the market including the developments in BOSH, Open Service Broker APIs initiative and OCI (Open Container Initiative). Today Cloud Foundry Garden and Docker are two implementations of OCI and Garden containers can run a Cloud Foundry / Docker /Windows container image.
Building a CI/CD Pipeline for Containers - DevDay Los Angeles 2017Amazon Web Services
What to expect:
- Review continuous integration, delivery, and deployment
- Using Docker images, Amazon ECS, and Amazon ECR for CI/CD
- Deployment strategies with Amazon ECS
- Building Docker container images with AWS CodeBuild
- Orchestrating deployment pipelines with AWS CodePipeline
DockerCon SF 2015: Docker in the New York Times NewsroomDocker, Inc.
Eric Buth's Presentation at DockerCon SF 2015:
Talk Description: In the New York Times newsroom you’ll find a deeply heterogeneous technology environment that exists – by necessity – outside of the larger, more well-defined development pipelines of the rest of the organization. On the Interactive News team, part of our mission is providing a reliable path to production for designers/developers/reporters who need to be able to make their own technology choices on what can be extremely tight deadlines.
Containerization is becoming increasingly important to these efforts, and we’re ready to share our experience working with Docker and crafting complementary orchestration, communication, and organization solutions.
Kubernetes and the Rise of Application-centric ComputingBitnami
There is an ongoing transition in server-side infrastructure as successive technology layers emerge, evolve and mature. This talk introduces the architecture and features of Kubernetes and describes how Kubernetes is the natural “next step” in this changing landscape. We look at the new challenges in a world where the building blocks are “applications” rather than “servers” and finish with a glimpse into future function-centric serverless frameworks.
WSO2Con USA 2015: Getting More 9s from Your DeploymentWSO2
Managing a highly available and highly reliable deployment has always been challenging. To obtain more 9s from your deployment you need to focus the technology as well as on proper architecture, correct tooling, discipline, intelligent monitoring, and effective communication. This session will discuss how to mitigate risks with a fail-proof architecture, the importance of devops, monitoring the deployment, effective communication and best practices and know-hows of deployment.
WSO2Con USA 2015: WSO2 Cloud: What it is, How it Works, and Where it’s GoingWSO2
WSO2 Cloud stands out in the cloud market by delivering a comprehensive platform including not only application hosting but also integration, API management, application development and more.
In this session we will look into the current state of WSO2 Cloud and its future roadmap. We will discuss both public shared and dedicated managed cloud options.
WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity ...WSO2
This session will focus on understanding the capabilities of WSO2 Identity Server and how you can leverage SAML for Single Sign-on. We will show how to use WSO2 Identity Server to enable single sign-on on the Salesforce platform and also how to enable seamless single sign-on for multiple applications.
WSO2Con EU 2016: Getting Started with App Cloud and API Cloud for SMEsWSO2
A lot of SMEs (small and medium-sized enterprises) are willing to IT enable their businesses to attract more customers and also to reduce the amount of manual work. One of the challenges they face during this is the cost of IT infrastructure such as maintaining data centers, deployments and license fees among other things. WSO2 Cloud offers an app cloud and an API cloud that are hosted and maintained by the WSO2 Cloud Team.
In this session, Amila will show you how easily you can get started with the WSO2 App Cloud and API Cloud, what it offers and how it can make things easy for SMEs.
WSO2Con USA 2015: Decide and Do By Knowing With WSO2 CEPWSO2
This session will present how Complex Event Processing(CEP) along with Business Activity Monitoring (BAM) can help build real-time analytics based forecasting for the retail industry. We will talk about
The Aspire Solution – How CEP and BAM can help a restaurant chain
What can be done with CEP?
CEP-as-a-Service
Integration of CEP engine with different event-driven systems
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
The WSO2 ecosystem consists of several types of identities with different characteristics. Among them are customer identities, open-source community identities and the employee identities. The objective of this project was to design and implement a secure, state of the art identity and access management (IAM) system using WSO2 technology.
There are many systems in WSO2 that require authentication, authorization and provisioning. Users have to maintain many complex passwords; administrators have to manage a large number of authorizations and provisioning. Another problem with current architecture is that it is tightly bound to email addresses. If the user changes the email address, his identity will be lost.
This session will discuss how we built a state of the art identity and access management program that addresses the above problems using WSO2 Identity Server.
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...WSO2
Ever since the turn of the century, the IT industry is discussing new economic models powered by the omnipresent internet connectivity. Enterprises are no longer at the heart of the traditional value chain, but woven in an intricate, often dynamic web of suppliers, partners, customers and authorities. With all these dynamics, identity management becomes an increasingly important asset. In this session Hans explains how WSO2’s unique platform strategy is an excellent fit for those companies that are opening up to the reality of a connected enterprises. Vattenfall, one of Europe’s largest generators of electricity, has used this technology to migrate from multiple existing identity stores with different technologies, to centralized stores managed by the WSO2 Identity Server. With the new platform, Vattenfall has modernized its identity infrastructure by leveraging its cloud first strategy and significantly lowering its cost of ownership.
WSO2Con EU 2016: Integration in the Home (For Less Than $50), Internet of Th...WSO2
Devices are increasingly getting connected to the Internet. Nowadays even some water boilers can be controlled remote and more people are building their own home automation solutions using Arduinos, Particle Photons, iBeacons and more. A lot of these devices come with sensors, that tell us anything from the temperature and brightness to location and water level. This session will show how with a little bit of hardware, and WSO2 middleware we can integrate, monitor and control these solutions as well as collect data from them. Adding the IoT platform and combining the features of various WSO2 products allows us to aggregate and analyze this data, turning our normal homes into smart homes. Learning when to turn the lights on or off, turning off the heat when there is no one in the house and letting us know how long the light has been on with no one in the room are just a few of the capabilities.
WSO2Con USA 2015: Safe for Work: The Internet of Dirty ThingsWSO2
The Internet of Things is deep in Trimble’s DNA. This session will discuss how Trimble combines positioning with domain expertise in construction, agriculture, and fleet management to improve the efficiency, productivity and transparency of our customers’ businesses through a connected network of things. Big things, that like to play in the mud.
WSO2Con EU 2016: On the dot – Deliveries When You Want ThemWSO2
According to a report published by Temando, 78% of consumers want same-day shipping, 86% of consumers have used or would like timeslot deliveries, 89% of consumers expect to see multiple shipping options at the checkout and 96% of consumers want the visibility to track their deliveries online, but only 65% of retailers are offering it. Shipping and fulfilment is now in the limelight! Customer demand for choice and mobility is increasing exponentially having become a key differentiator for competitive advantage. Based on these stats, convenience is key. CitySprint On the dot’s new product is set on a path to disrupt the timed delivery space and deliver the convenience consumers require.
To view recording of the webinar please use below URL:
http://wso2.com/library/webinars/2016/05/wso2-cloud-platform-vision-and-roadmap/
WSO2 Cloud is a public shared service run by WSO2 and based on WSO2 technology. Used by thousands of customers around the world, it currently offers API and application hosting and management, with more services in the works.
In this webinar Dmitry Sotnikov, the vice president of Cloud at WSO2, will discuss
Vision behind WSO2 public cloud services
Overview of WSO2 App Cloud and its new Docker/Kubernetes based architecture
Overview of WSO2 API Cloud
Future cloud services including Integration Cloud and Identity Cloud
How APIs Can Be Secured in Mobile EnvironmentsWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/how-apis-can-be-secured-in-mobile-environments/
In this session, Shan, director of mobile architecture at WSO2 will discuss:
What makes mobile API authentication different from traditional API authentication
Best practices for implementing mobile API security
What WSO2 API Manager provides for mobile developers
WSO2Con EU 2016: Enterprise Mobility Management: Moving Beyond Traditional MDMWSO2
Enterprises have always needed a clear strategy when adopting mobility. However, these strategies have drastically evolved during the last couple of years. They are no longer centered around traditional device management problems like whether to allow BYOD (bring your own device) or COPE (corporately owned, personally enabled), or which device platform to operating system to use. Instead, the focus has now shifted to much more advanced strategies that enable organizations to build connected businesses that allow agility through digital transformation. Hence, they need a device management tool that’s flexible, simple and extensible enough to complement such business strategies.
In this session Prabath will discuss the modern needs of enterprise mobility management that move beyond traditional mobile device management (MDM). He will also share his views and experiences of how enterprise mobility management can be made a part of your connected business ecosystem by having the right tool for the right task.
WSO2Con USA 2015: End-to-end Microservice Architecture with WSO2 Identity Ser...WSO2
During the first half of 2015, iJET Labs used WSO2 Identity Server and API Gateway to help deliver its next generation products. Using WSO2 middleware, iJET now offers secure Federated access to RESTful APIs backed by a scalable microservices architecture. During the course of this journey, iJET Labs worked with WSO2 to extend open source products to meet our unique needs. In this session, we will talk about
WSO2 API Gateway and Identity Server integration
Federated SSO using WSO2 Identity Server
Microservices
Security
AWS deployment automation
On Friday 5 June 2015 I gave a talk called Cluster Management with Kubernetes to a general audience at the University of Edinburgh. The talk includes an example of a music store system with a Kibana front end UI and an Elasticsearch based back end which helps to make concrete concepts like pods, replication controllers and services.
A list of action items you want to keep in mind when you're devsecops'ing for your cloudnative environments. Given as a part of a talk on the Modern Security series (
https://info.signalsciences.com/securing-cloud-native-ten-tips-better-container-security).
Get the inside scoop on how Kubernetes evolved within Google, and why it might be the right container orchestration engine for your enterprise microservices. K8s is one of the most popular production grade container orchestration engines used by large scale systems such as Ebay, viacom, and even Apigee ! Allan will go over specific use cases around web-scale that influenced Kubernetes’ design principles, and delve into the technical merits of using Kubernetes for developers. This session is a must for any developer or architect.
Mete Atamel "Resilient microservices with kubernetes"IT Event
Talk description: Creating a single microservice is a well understood problem. Creating a cluster of load-balanced microservices that are resilient and self-healing is not so easy. Managing that cluster with rollouts and rollbacks, scaling individual services on demand, securely sharing secrets and configuration among services is even harder.
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...Oleg Shalygin
Kubernetes provides an automated platform to deployment, scaling and operations of applications across a cluster of hosts. Complementing Kubernetes with a series of build scripts in conjunction with Travis-CI, GitHub, Artifactory, and Google Cloud Platform, we can take code from a merged pull request to a deployed environment with no manual intervention on a highly scaleable and robust infrastructure.
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
Kubernetes: від знайомства до використання у CI/CD
Олександр Занічковський
Technical Lead у компанії SoftServe
14+ років досвіду розробки різноманітного програмного забезпечення, як для десктопа, так і для веб
Працював фріланс-програмістом та в команді
Цікавиться архітектурою ПЗ, автоматизацією процесів інтеграції та доставки нових версій продукту, хмарними технологіями
Віднедавна займається менторінгом майбутніх техлідів
У вільний від роботи час грає на гітарі і мріє про велику сцену
Олександр поділиться власним досвідом роботи з Kubernetes:
ознайомить з базовими поняттями та примітивами K8S
опише можливі сценарії використання Kubernetes для CI/CD на прикладі GitLab
покаже, як можна використовувати постійне сховище, збирати метрики контейнерів, використовувати Ingress для роутинга запитів за певними правилами
покаже, як можна самому встановити K8S для ознайомлення чи локальної роботи
The path to a serverless-native era with Kubernetessparkfabrik
In this talk we'll talk about how the Serverless paradigms are changing the way we develop applications and cloud infrastructure and how we can implement them in a
efficient and seamless way with Kubernetes.
We'll go through the latest Kubernetes Serverless technologies, talking about all the aspects
including pricing, scalability, observability and best practices.
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
If you'd like to watch along with the recording of the webinar, visit: http://bitn.am/2u5bOnA
Serverless computing has given back loads of time and money to developers whose focus is to create new, popular and disruptive applications. Without serverless computing, developers would still be spending most of their time on infrastructure rather than building new features to improve their users' experience.
With the move to containers and increased market share for Kubernetes, Bitnami has wanted to stay one step ahead by providing a serverless tool that is also Kubernetes-native, ... Kubeless! Kubeless tackles the challenge of integrating cloud services through small logical units. When creating your new project or application on Kubernetes, Kubeless will allow you to focus on creating a great application with a lightweight and flexible infrastructure.
In this video, you will watch and learn:
-The benefits of serverless computing on Kubernetes
- How to link several cloud services together with small, lightweight pieces of code
- How to install Kubeless into your GKE cluster
- How to deploy Python and Node.js functions with a straightforward CLI call
- An introduction to the Kubeless UI and how to write, update, delete, and deploy functions through it
Kube Overview and Kube Conformance Certification OpenSource101 RaleighBrad Topol
This is my Introduction to Kubernetes and Overview of the Kubernetes Conformance Certification Program talk presented at OpenSource101 Raleigh on Feb 17, 2018
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
2. Google confidential │ Do not distribute
Kubernetes: a platform for
automating deployment,
scaling, and operations
WSO2Con 2015
Brian Grant
@bgrant0607
4. Google confidential │ Do not distribute
Old way: install applications on host
kernel
libs
app
app app
Application and OS share filesystem
Use OS distribution package manager
Entangled with each other and with host
• Executables
• Configuration
• Shared libraries
• Process and lifecycle management
Immutable VM images provide predictable
rollouts and rollbacks
• but are not portable and heavyweight
app
5. Google confidential │ Do not distribute
New way: deploy containers
libs
app
kernel
libs
app
libs
app
libs
app
OS-level virtualization
Isolated, from each other and from the host
• filesystems
• processes
• resources
Small and fast ⇒ enables 1:1 app to image
• Unlocks benefits of microservices
• Decouple build (Dev) from deployment (Ops)
• Consistency from development to production
• Portable across OS distros and clouds
• Application-centric management
6. Google confidential │ Do not distribute
Need container-centric infrastructure
Scheduling: Decide where my containers should run
Lifecycle and health: Keep my containers running despite failures
Scaling: Make sets of containers bigger or smaller
Naming and discovery: Find where my containers are now
Load balancing: Distribute traffic across a set of containers
Storage volumes: Provide data to containers
Logging and monitoring: Track what’s happening with my containers
Debugging and introspection: Enter or attach to containers
Identity and authorization: Control who can do things to my containers
7. Google confidential │ Do not distribute
Want to automate orchestration for velocity & scale
Diverse workloads and use cases demand still more functionality
• Rolling updates and blue/green deployments
• Application secret and configuration distribution
• Continuous integration and deployment
• Workflows
• Batch processing
• Scheduled execution
• Application-specific orchestration
…
A composable, extensible Platform is needed
8. Google confidential │ Do not distribute
Kubernetes
Greek for “Helmsman”; also the root of the
words “governor” and “cybernetic”
• Infrastructure for containers
• Schedules, runs, and manages containers
on virtual and physical machines
• Platform for automating deployment,
scaling, and operations
• Inspired and informed by Google’s
experiences and internal systems
• 100% Open source, written in Go
9. Google confidential │ Do not distribute
Deployment
$ kubectl run my-nginx --image=nginx
replicationcontroller "my-nginx" created
$ kubectl get po
NAME READY STATUS RESTARTS AGE
my-nginx-wepbv 1/1 Running 0 1m
10. Google confidential │ Do not distribute
Scaling
$ kubectl scale rc my-nginx --replicas=2
replicationcontroller "my-nginx" scaled
$ kubectl get po
NAME READY STATUS RESTARTS AGE
my-nginx-wepbv 1/1 Running 0 1m
my-nginx-yrf3u 1/1 Running 0 20s
11. Google confidential │ Do not distribute
Shutdown
$ kubectl delete rc my-nginx
replicationcontroller "my-nginx" deleted
$ kubectl get po
NAME READY STATUS RESTARTS AGE
my-nginx-wepbv 0/1 Terminating 0 4m
my-nginx-yrf3u 0/1 Terminating 0 3m
$ kubectl get po
$
13. Google confidential │ Do not distribute
users control plane nodes
Kubernetes architecture
CLI
API
UI
kubelet
kubelet
kubelet
apiserver
scheduler
controllers
14. Google confidential │ Do not distribute
Post desired state (aka spec) via API
kubelet
kubelet
kubelet
Run nginx
Replicas = 2
CPU = 2.5
Memory = 1Gi
apiserver
scheduler
controllers
15. Google confidential │ Do not distribute
Placement (aka scheduling)
kubelet
kubelet
kubelet
apiserver
scheduler
controllers
Which nodes
for nginx ?
16. Google confidential │ Do not distribute
Assignment (aka binding)
kubelet
kubelet
kubelet
Run
nginx
apiserver
scheduler
controllers
Run
nginx
17. Google confidential │ Do not distribute
Fetch container image
kubelet
kubelet
kubelet
Registry
Pull
nginx
Pull
nginx
apiserver
scheduler
controllers
18. Google confidential │ Do not distribute
Execution and lifecycle management
kubelet
kubelet
kubelet
Status
nginx
nginx
nginx
apiserver
scheduler
controllers
Status
nginx
19. Google confidential │ Do not distribute
Get current status via API
kubelet
kubelet
kubelet
GET
nginx
apiserver
scheduler
controllers
nginx
nginx
20. Google confidential │ Do not distribute
kubelet
kubelet
kubelet
Status
nginx
apiserver
scheduler
controllers
nginx
nginx
Get current status via API
21. Google confidential │ Do not distribute
Kubernetes uses the same APIs as users
kubelet
kubelet
kubelet
apiserver
scheduler
controllers
22. Google confidential │ Do not distribute
Modularity
Modularity facilitates
• composability
• extensibility
APIs - no shortcuts or back doors
• ensures extensions are on equal footing
Example: Scheduler
Example: Controllers
23. Google confidential │ Do not distribute
Control loops
Drive current state → desired state
Observed state is truth
Act independently
• choreography rather than
orchestration
Recurring pattern in the system
Example: Scheduler
Example: Controllers
observe
diff
act
26. Google confidential │ Do not distribute
Pods
Small group of containers & volumes
Tightly coupled
• the atom of replication & placement
“Logical” host for containers
• each pod gets an IP address
• share data: localhost, volumes, IPC, etc.
Facilitates composite applications
• mix and match components, languages, etc.
• preserves 1:1 app to image
Example: data puller & web server
Consumers
Content
Manager
File
Puller
Web
Server
Volume
Pod
27. Google confidential │ Do not distribute
Volumes
Storage automatically attached to pod
• Local scratch directories created on demand
• Cloud block storage
• GCE Persistent Disk
• AWS Elastic Block Storage
• Cluster storage
• File: NFS, Gluster, Ceph
• Block: iSCSI, Cinder, Ceph
• Special volumes
• Git repository
• Secret
Critical building block for higher-level
automation
28. Google confidential │ Do not distribute
Secrets
How to grant a pod access to a secured
something?
• secrets: credentials, tokens, passwords, ...
• don’t put them in the container image!
12-factor says should come from the
environment
Inject them as “virtual volumes” into Pods
• not baked into images nor pod configs
• kept in memory - never touches disk
• not coupled to non-portable metadata API
Manage secrets via the Kubernetes API
Node
Pod Secret
API
29. Google confidential │ Do not distribute
User-provided key-value attributes
Attached to any API object
Generally represent identity
Queryable by selectors
• think SQL ‘select ... where ...’
The only grouping mechanism
Labels
30. Google confidential │ Do not distribute
app: my-app
track: stable
tier: FE
app: my-app
track: canary
tier: FE
app: my-app
track: stable
tier: BE
app: my-app
track: canary
tier: BE
Selectors
31. Google confidential │ Do not distribute
app = my-app
Selectors
app: my-app
track: stable
tier: FE
app: my-app
track: canary
tier: FE
app: my-app
track: stable
tier: BE
app: my-app
track: canary
tier: BE
32. Google confidential │ Do not distribute
app = my-app, tier = FE
Selectors
app: my-app
track: stable
tier: FE
app: my-app
track: canary
tier: FE
app: my-app
track: stable
tier: BE
app: my-app
track: canary
tier: BE
33. Google confidential │ Do not distribute
app = my-app, tier = BE
Selectors
app: my-app
track: stable
tier: FE
app: my-app
track: canary
tier: FE
app: my-app
track: stable
tier: BE
app: my-app
track: canary
tier: BE
34. Google confidential │ Do not distribute
Selectors
app = my-app, track = stable
app: my-app
track: stable
tier: FE
app: my-app
track: canary
tier: FE
app: my-app
track: stable
tier: BE
app: my-app
track: canary
tier: BE
35. Google confidential │ Do not distribute
app = my-app, track = canary
Selectors
app: my-app
track: stable
tier: FE
app: my-app
track: canary
tier: FE
app: my-app
track: stable
tier: BE
app: my-app
track: canary
tier: BE
37. Google confidential │ Do not distribute
ReplicationControllers
Ensures N copies of a Pod
• if too few, start new ones
• if too many, kill some
• grouped by a label selector
Explicit specification of desired scale
• client doesn’t just create N copies
• enables self-healing
• facilitates auto-scaling
An example of a controller
• calls public APIs
ReplicationController
- selector = {“app”: “my-app”}
- template = { ... }
- replicas = 4
API Server
How
many?
3
Start 1
more
OK
How
many?
4
38. Google confidential │ Do not distribute
Services
A group of pods that work together
• grouped by a label selector
Publishes how to access the service
• DNS name
• DNS SRV records for ports (well known ports work, too)
• Kubernetes Endpoints API
Defines access policy
• Load-balanced: name maps to stable virtual IP
• “Headless”: name maps to set of pod IPs
Hides complexity - ideal for non-native apps
Decoupled from Pods and ReplicationControllers
Virtual IP
Client
39. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 3
- selector:
- app: my-app
- version: v1
Service
- app: my-app
$ kubectl rolling-update
my-app-v1 my-app-v2
--image=image:v2
Live-update an application
40. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 3
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 0
- selector:
- app: my-app
- version: v2
Service
- app: my-app
41. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 3
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 1
- selector:
- app: my-app
- version: v2
Service
- app: my-app
42. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 2
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 1
- selector:
- app: my-app
- version: v2
Service
- app: my-app
43. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 2
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 2
- selector:
- app: my-app
- version: v2
Service
- app: my-app
44. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 1
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 2
- selector:
- app: my-app
- version: v2
Service
- app: my-app
45. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 1
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 3
- selector:
- app: my-app
- version: v2
Service
- app: my-app
46. Google confidential │ Do not distribute
Rolling Updates
ReplicationController
- replicas: 0
- selector:
- app: my-app
- version: v1
ReplicationController
- replicas: 3
- selector:
- app: my-app
- version: v2
Service
- app: my-app
48. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
49. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
50. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
51. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
52. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
53. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
54. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
55. Google confidential │ Do not distribute
Jobs
Manages pods that run to completion
• differentiates number running at any one
time from the total number of completed
runs
Similar to ReplicationController, but for
pods that don’t always restart
• workflow: restart on failure
• build/test: don’t restart on app. failure
Principle: do one thing, don’t overload
Status: BETA in Kubernetes v1.1
Job
- parallelism: 3
- completions: 6
- selector:
- job: my-work
56. Google confidential │ Do not distribute
DaemonSets
Runs a Pod on every node
• or a selected subset of nodes
Not a fixed number of replicas
• created and deleted as nodes come and go
Useful for running cluster-wide services
• logging agents
• storage systems
DaemonSet manager is both a controller
and scheduler
Status: ALPHA in Kubernetes v1.1
57. Google confidential │ Do not distribute
Deployment
Rollouts as a service
• updates to pod template will be
rolled out by controller
• can choose between rolling update
and recreate
Enables declarative updates
• manipulates replication controllers
and pods so clients don’t have to
Status: ALPHA in Kubernetes v1.
1
Deployment
- strategy: {type: RollingUpdate}
- replicas: 3
- selector:
- app: my-app
...
59. Google confidential │ Do not distribute
Take away
• Decoupling applications from infrastructure creates new opportunities
• Kubernetes
• is container-centric infrastructure
• which includes a lot more than just running containers
• facilitates management of containers in production
• provides a foundation for building a workload-management ecosystem
• This has enabled Platform as a Service systems to be built on Kubernetes
• Apache Stratos
• Openshift 3: co-designed and co-developed with Kubernetes
• Deis: Heroku-inspired Docker-based PaaS
• Gondor: Python-aaS
60. Google confidential │ Do not distribute
Kubernetes is Open
- open community
- open design
- open source
- open to ideas
http://kubernetes.io
https://github.com/kubernetes/kubernetes
slack: kubernetes
twitter: @kubernetesio
62. Google confidential │ Do not distribute
Design principle summary
Declarative > imperative: State your desired results, let the system actuate
Control loops: Observe, rectify, repeat
Simple > Complex: Try to do as little as possible
Modularity: Components, interfaces, & plugins
Legacy compatible: Requiring apps to change is a non-starter
Network-centric: IP addresses are cheap
No grouping: Labels are the only groups
Cattle > Pets: Manage your workload in bulk
Open > Closed: Open Source, standards, REST, JSON, etc.