Everyone is doing continuous integration today. In this workshop we will explore ways how to deploy applications to production kubernetes clusters using build runners on kubernetes and kaniko as well as practices to implement deployments into your pipelines.
Kubernetes has become the de-facto standard to run you containerized applications in the cloud: over the past years, we have seen a very steep adoption curve and many interesting projects around it. This workshop aims to give an introduction to Kubernetes. We will start by understanding Kubernetes' basics concepts and principles and step by step move to more advanced topics. By the end of this workshop, you will have a grasp on how Kubernetes works under the hood and what you can achieve with it. Also, you will be able to deploy a simple application to Kubernetes and scale it. This workshop includes: - Kubernetes introduction - How to containerize your workloads - Pods, Services, ConfigMaps and Secrets - Deployments and StatefulSets - Strategies for deployments - Scaling your applications
Istio is a new open platform to connect, manage, and secure micro-services jointly launched by IBM, Google, and Lyft. This session will provide a technical overview of the Istio project and demonstrations of using Istio with microservices and Kubernetes. Istio is a new open platform to connect, manage, and secure micro-services jointly launched by IBM, Google, and Lyft. This session will provide a technical overview of the Istio project and demonstrations of using Istio with microservices and Kubernetes. Specifically: Service mesh - what it is, why, and who is using it Making the deployment more secure (Using istio to get mutual tls authentication between services) Rolling out a new version to 1% of users (Using istio for traffic splitting) Making the deployment more robust (Using istio for circuit breaking and automatic request retries) Controlling the front door (Using Istio-ingressgateway instead of default Kubernetes Ingress)
This workshop explains the concepts and best practices of containerization of the entire development flow of projects written in different programming languages. Spawn a complete development environment on-demand, running entirely in Docker - a programming language itself, helper tools like debuggers and static analyzers, but also a complete desktop editor running in a web browser, anywhere. See how to efficiently utilize Docker to work on your project and how to prepare it for the orchestration, get the maximum out of possibilities that Dockerfile and docker-compose.yml files give. Learn how to monitor and (remotely) debug your containers, diagnose individual build steps and misbehaving entrypoint, dump the network traffic or even bring up an entire Kali Linux Desktop in your browser and use its tools for analysis. Ease your everyday work - analyze, test, build, monitor, debug your Docker project and prepare it for unexpected - all presented to you by Docker Captain.
Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this workshop you will deploy your first application which consists of multiple Micro-Services to Kubernetes and learn how you can use Persistant Storage and set upsensible Monitoring and Logging tooling.
This talk provides an overview on usage of the Open Service Broker API in practice. We show the fundamental concepts how to develop, publish and consume services using a service broker. We report from our experience and present lessons learned based on a real-world project.
Brand new for 2019, this is the workshop to attend if you want to harden your Kubernetes clusters, configure a service mesh, securely deploy internal and external workloads and implement security metrics and observability to catch malicious behaviour in the act. Each attendee will have a GKE cluster and a microservices-based web app deployed into it. Attackers have compromised your app and are mining cryptocurrency on your public cloud bill. Your job is to identify how they got in, get them out and keep them out. You will install and configure a range of native Kubernetes security features and cloud native tools including Istio, OpenTracing, Elasticsearch, Prometheus, Weave Flux and more as we power through this intensive, hands-on workshop. Delegates will need: * Understanding of Kubernetes basics such as connecting to a cluster and deploying workloads * Understanding of networking, PKI and HTTP * Laptop with kubectl, git and a code editor installed * WiFi Internet access to connect to their training clusters on Google Cloud
Current security solutions that worked in the VM age aren't adequate anymore to securing our workloads in containers, or their delivery to our environments. How do you deal with patch management, virus scans, vulnerability management, secure application delivery in a containerized world. More and more companies are required to secure their data due to regulations, while more and more companies are being compromised too. This lab will walk through how to secure the delivery pipeline system, and how to secure your containers during runtime. We'll start by focusing on the container build process and how to simplify patch management for containers; also, container security scanning and how to know if your container is void of malicious code and vulnerabilities. We'll then move on to registries, how to create an environment that developers can use in their workflow and how to secure that for production ready containers. Finally we'll focus on runtime, how to make sure our containers are doing what they're supposed to do, and not what they shouldn't be doing. There isn't any reason to be afraid of adapting a containerized solution because of security. You can be secure and use a containerized workflow too. This will be using all open source solutions, you'll be able to see how the world of security continues to improve with open source.
Kubernetes celebrates 5 years since the commit #1. Ihor Dvoretskyi, Developer Advocate at the Cloud Native Computing Foundation will highlight the most notable achievements of the Kubernetes community, together with the wide Cloud Native ecosystem
Kubernetes is a highly extensible framework, where each of the cluster services can be customized depending on the use case. The extensibility also comes from the standardization of interfaces for various infrastructure components like compute/runtime, network or storage using the CRI, CNI, CSI etc., To get a clear understanding or to make a comparative study of various available options is only possible by trying each. To try these options, we require a multi-node cluster or more than one cluster. The platforms such as Raspberry-Pi, LePotato presents itself a viable option to build such multi-node home grown clusters as Kubernetes can be easily compiled and deployed on ARM architectures. In this talk, Harshvardhan Karn and Sumit Lalwani will present the usage of Raspberry-Pi, LePotato to evaluate the different CNI options like calico, flannel, cilium.
Security is a challenge for most companies. Especially those in periods of rapid growth. It is often taken for granted as we trust the frameworks we use to implement the necessary security protocols for us. However, one only needs to pick up the paper to find out that this simply isn't true. Information security is now a chief concern of many small and mid-size companies as well. We'll show you how we use AWS, Calico, OWASP Dependency Checker, CoreOS’s Clair, and Notary to achieve reliable observable security at the code level, container level, cluster level, and even the AWS account level to maintain the Gold Standard of security (authentication, authorization, and auditing.) We will focus on the security mindset and the specific implementation we have at Ygrene to keep data secure.
The current industrial environments are mainly not dealing with the potentials AI can bring to those industries. The session will deal with practice examples of the potential usage of AI based technology in the industrial environments. At the beginning we will show how we started in this area and what our main learnings in the beginning were about. We will face issues in the engineering and construction area and go deeper to the methods of how AI can be used to prevent claims and changes and moreover how AI can be used to automate partial engineering tasks along the customer requirements. We will show how our AI technology is able to learn about the historical engineering processes and products and how we integrated those knowledge in the future process and especially the client infrastructure environment.
With Kubernetes emerging as the de facto standard for service orchestration, discussion is shifting from 'How does Kubernetes work?' to more specific concerns such as 'How do I achieve an optimal development workflow?' The answer lies in finding combinations of tools that work together in synergy. They should produce end to end workflows that perform effectively in the real world, while also covering a wide range of development stages—building, deploying, debugging, and so on. Goal in mind, let's dive into the tooling available in the current landscape—tools such as Helm, Draft, Skaffold, Forge, Telepresence, Garden, and Tilt. We'll map their capabilities to developer needs, then outline workflows developers can use in practice right away.
The HanseMerkur have been running Kubernetes over a year in production. In this talk, I would like to give you an insight into our tour to an on premises Kubernetes infrastructure. What does our way looks like and which experiences did we made.
IT priorities are shifting. In the past, consolidation and cost reduction were priorities. Nowadays agility and speed are getting more and more important. To give you one example. In the past you have been developing solutions for a single system. Today it is essential that applications are able to be deployed on multiple platforms. This is one example of why the spread of container technology continues to grow rapidly. Both developers and IT operations departments use containers for different reasons. In this presentation you will learn best practice approaches on how container technology can be used purposefully and profitably in your company.
In this session, we’ll discuss how we combine Docker , Ansible and Jfrog Artifactory to achieve more streamlined continuous integration . We’ll cover: * A quick history of our deployment challenges and what led us to Docker. * The benefits of our new deployment approach — easy to Setup and minimal investment * Our Experience in running Integration tests on docker containers * How we combine Docker and the Jfrog products like Artifactory for more streamlined continuous integration and deployment
Writing and maintaining Kubernetes deployment YAMLs can become quite messy with a growing number of services and environments. This talk will introduce you to Kustomize which is the Kubernetes SIG CLI answer and follows a purely declarative and template-free approach. It works without any in-cluster components and encourages a fork / modify / rebase workflow. With its overlay concept, redundancies between similar service and environment deployments can be drastically reduced.
Dig into the buzz around service mesh. Get the details on current challenges with micro-services architectures, what Istio is and how it works to address those challenges.
Cloud Native Specialist Staff Systems Engineer, VMware
Oren Penso (@openso on Twitter) is a Staff Specialist in VMware's Cloud Native Application BU. Before VMware and for more than 10 years Oren has been on the customer side in various senior positions, in his last position, he was the Head of IT & CTO of a large insurance company. Oren... Read More →
Tuesday June 25, 2019 12:15pm - 12:50pm CEST
MS BleichenHafenmuseum Hamburg Kopfbau des Schuppens 50A Australiastraße 20457 Hamburg
This talk gives an overview of Knative and its subcomponents: 'Knative build' brings the build aspect to Kubernetes. It adds an abstraction for building OCI images directly from within a Kubernetes cluster. We will also talk about the follow-up project 'Tekton pipelines'. 'Knative serving' provides primitives for serverless frameworks. It especially knows how to scale-to-zero and is already used in several FaaS frameworks. 'Knative eventing' is an eventing specification for sending CloudEvents, an emerging CNCF standard, from sources to sinks.
With Rancher labs release of k3s distribution, there is a new game changer for Edge Computing and Embedded Setups running kubernetes. Does k3s run on raspberry pi? Do you need a lot compute resources? Can it be used of IOT? Michael Vogeler Teamhead and System Administrator at PlusServer GmbH will have a close look at k3s. He will show some insights regarding the management and use cases of k3s.
DNS is one of the core components making Kubernetes run. It’s essential for most services and service discovery. It’s critical, underappreciated and overlooked at the same time. With the recent switch from Kube-DNS to CoreDNS as the main engine for DNS we wanted to take a retrospective look at the improvements and a future look at new possibilities. In this talk I’ll discuss common DNS issues such as UDP packet loss and resulting tail latency issues, compare the performance and reliability of Kube-DNS and CoreDNS, plus spec out and test possible iterative setups with advanced CoreDNS features such as local Daemonset caching, TCP support, prefetching, DNS over GRPC and GRPC based watches.
Platforms such as Kubernetes offer huge benefits in terms of reducing operations efforts and encapsulating complexity. Due to this attractiveness, we built up a large-scale Kubernetes cluster to be used for our public and internal services. However with every new cloud native service deployed we found a new obstacle preventing it from going live. So we had to solve a number of unexpected challenges. In particular coupling cloud native services to the large existing application landscape turned out to be difficult. Also moving artifacts into the container platform comes with challenges. Consequently in the first 12 months we only moved very few services as many users were disillusioned. We iteratively identified the obstacles - technical and cultural - and developed strategies to resolve them. This presentation will discuss them and help you guide your project to success.
Kubernetes has become the orchestrator of choice to deploy applications. But what about developer's day to day job of developing those applications? Developing with containers is not always easy nor enjoyable. Google has launched a set of Open-Source projects that focus on Developer Experience in a world of containers. Whether you'd like to continuously deploy to Kubernetes with Skaffold, safely build images on a cluster with Kaniko or build images much faster with Jib and Bazel, come learn how to setup a great CI/CD.
This lab will walk through how to secure the delivery pipeline system, and how to secure your containers during runtime. We'll start by focusing on the container build process and how to simplify patch management for containers; also, container security scanning and how to know if your container is void of malicious code and vulnerabilities. We'll then move on to registries, how to create an environment that developers can use in their workflow and how to secure that for production ready containers. Finally we'll focus on runtime, how to make sure our containers are doing what they're supposed to do, and not what they shouldn't be doing. his will be using all open source solutions, you'll be able to see how the world of security continues to improve with open source.
Etcd goes 'store', kube-proxy goes 'route', API server goes '418', what does the kubelet say? Kubelet is one of the central components in the kubernetes cluster. Most of us are taking it for granted that is would just work and start our containers. CNI handles the networking part, kube-proxy the service part, but kubelet does more than just starting containers. In this talk, I cover kubelet on a high level before deep diving in the belly of the beast and its interfacing with CNI, container runtime and ultimately Linux kernel.
For a long time we've managed our infrastructure and Kubernetes clusters using various imperative scripts and tools. The question that often arises is can we manage our clusters the same way we manage our workload? Cluster-API is a Kubernetes SIG-Cluster-Lifecycle project focused on bringing declarative, Kubernetes-style APIs for the most common cluster lifecycle operations—create, destroy, update and repair. In this talk you'll learn what is Cluster-API and how it works. You'll see how you can integrate it in your workflow and build tooling around it, regardless of are you running on one of the most popular cloud providers, or on on-premise or bare-metal.
Vendor lock-in is a major worry for many engineers . A new innovative approach, will for the first time, allow open-source serverless to run on AWS Lambda or Kubernetes using the same deployment artifact, packaged using the tools we love: containers. Worried about vendor lock-in with serverless computing, but enjoy the scale, price and simplicity of AWS Lambda? OpenFaaS is an open-source function as a service (FaaS) platform on the CNCF serverless landscape. With OpenFaaS you can package anything as a serverless function and deploy to Kubernetes using containers. Due to UNIX-like primitives in the core architecture, it was possible to extend the system to run functions on both Kubernetes and AWS Lambda depending on user preference. The core components of OpenFaaS still run on Kubernetes but the functions are deployed and invoked on AWS Lambda In this talk we explain how the provider model in OpenFaaS separates the control plane from the function execution plane. The live demonstration deploys a function to Kubernetes using kubectl, then invokes the deployed function via Kubernetes on AWS Lambda.
A service mesh adds new qualities to your container orchestration: It connects, secures, observes and controls service invocations in a language agnostic way that doesn't require any code changes. This presentation starts with a gentle intro to service meshes. Starting with the shortcomings of Docker and Kubernetes. I will show in a live demo how a service mesh implements cross cutting concerns like traffic shifting, blue/green deployments, and observability. We then have a look at how a service mesh bridges to the world of chaos engineering by giving us the possibility to inject errors at a certain rate. As a practical example I will use Envoy with Istio and AWS App Mesh. To conclude I will critically analyze if and how a service mesh should evolve into becoming a standard component of a managed container service.
(Fedora/CentOS) Atomic Host is an immutable operating system for hosting containers. It's based upon rpm-ostree which is a hybrid packet manager for managing bootable, immutable, versioned filesystem trees from upstream RPM content. This talk gives you a first introduction about what Atomic Host exactly is and how you can use it correspondingly and most important what are the common use cases. After you're familiar with the key concepts, we'll build our very own simple custom OSTree within a quick demo session and learn, how we can integrate it into an Atomic Host-based distribution. To finish this talk, I'll give some insights about the limitations and best practices of Atomic Host and rpm-ostree.
The Update Framework (and its sister project from the CNCF, Notary) are a little known gems in the cloud native community. These projects are however extremely vital for making rigorous guarantees about the contents of your software package (read container image) when it is deployed into an environment like Kubernetes. We'll demystify TUF/Notary at the beginning of this talk, and then do a demonstration for setting up image signing through your build pipeline finally ending in Kubernetes where we will restrict the container images that can be deployed to just ones signed by us (using Validating/Mutating Admission Webhook Controllers.) Our goal is to empower you to take the skills you learn from the talk and implement a similar process in your own CI/CD pipeline.
Kubernetes is very powerful in orchestrating where your services are running, but building docker images, writing and updating all the necessary YAML files and applying them to your cluster can still become an annoying maintenance overhead. In this talk you will learn how to create a fast, low friction development workflow with Kubernetes and tools like Telepresence and Forge which enables you to quickly and safely build, test and deploy your services.
Cloud platforms provide flexibility of creating Spark clusters for short duration either as Function as a server or on Kubernetes. But, it is important to ensure that the spark jobs are written and executed in a way as to get the best mileage from these clusters. Given that the Clusters are billed on the duration of time used, performance of jobs becomes critical not only to improve efficiency but to reduce the Total Cost. This talk covers practical tips and hints on how to tune Spark jobs on popular Resource Managers like Yarn,Kubernetes for best performance. This talk will also address some of the FAQs by users and customers on Spark Clusters on popular Cloud platforms.
Security is often overlooked when organizations move quickly to the cloud. So how do you maintain the speed and flexibility of application delivery and build security into your CI/CD pipeline and operations? Hybrid cloud teams focused on DevOps need to embrace security that integrates into their pipeline and runtime environments making it easier to improve both your security and development speed.
This talk explains, how the required skills and mindset of developers changed in the last years and continue to change. It will bring Containers, Kubernetes, CloudFoundry, CI/CD, DevOps, Security and Automation in context and shows, how much a developers needs to be aware of today. It explains why traditional development approaches are outdated and why modern development approaches are fundamentally different to those executed and practised just a few years ago.
How is your organization protecting users and data in a microservice setting? For authorization, the microservices community has typically adopted the API Gateway pattern. In contrast, a fully distributed approach has been recently growing through Open Policy Agent (OPA) which places access control rules storage and enforcement in front of each individual service. In this talk, we want to introduce Ditto, an open source IAM system developed at real.digital, that sits in between API Gateways and OPA. We will showcase Ditto's attributes and how it has been designed to shine in a microservice architecture. Finally, we will show how you can integrate it into your services with examples of integrations with Kubernetes and Istio.
Until Kubernetes and containers came up, applications were run in virtual machines on a range of virtual machine management platforms. These virtual machines are not going away soon, and the question is how operators and users can run both - the new container and legacy virtual machine - workloads in their environment.
In this talk the audience will learn how - KubeVirt extends Kubernetes to run virtual machines - This simplifies your infrastructure stack - This simplifies resource management and provisioning - KubeVirt is installed - VMs can be started and stopped - Storage and networking can be provided to VMs
What if we decided to solve, once and for all, the problem of underrepresentation of women, gender minorities, people of color, or any other group the same way we handle our problems in production, by identifying the problems and then fixing them?
The talk will introduce Jenkins-X basics from an operations point of view. Then it will cover the GitOps methodology and how it is realized by JX. Besides, it will show what other benefits JX brings to a development team by simplifying the setup of new, or importing existing microservice applications to k8s.
This session discusses concepts and integrates latest DevOps enabler tools to inspect source code and its packaged binaries as part of a holistic Continuous Delivery pipelines. The comprehensive, interactive live demo is derived from couple of real-world success stories. Often real-world success stories, interactive, practical demos, and integrations of state-of-the-art tools are missing to underpin Continuous Delivery concepts. Also reality-checks are often missing since presentations usually promote textbook approaches. This session fills the gap. After setting the stage with some few slides, this session delivers lot of tips and tricks while going through a holistic live demo to bring a new change from a Git push to the Cloud.
Container virtualization has become the tool of choice for running isolated applications in cloud environments. Linux-Containers virtualize at the operating system level, with multiple containers running atop the operating system kernel directly. Therefore, threats to one container are potentially threats to many others. Especially for PaaS and Serverless providers, the secure execution of untrusted workloads on their platform in order to mitigate software vulnerabilities from spreading has high priority. Containers face a variety of different threats, vulnerabilities and historical weaknesses that need to be considered and defended against. In this talk we will look at different approaches for securing container workloads. gVisor, Kata Containers, Nabla Containers and Firecracker are presented and compared with each other.
Developing everything in containers? Then you might be ready for Fedora Silverblue — an immutable desktop OS built for container workflows! Silverblue is built on top of rpm-ostree providing atomic upgrades, easy rollbacks, and even installing individual packages when necessary. Come for a quick overview covering the basics of rpm-ostree, Flatpak (containerized graphical application), and the overall experience of using a container-oriented desktop.
Everyone wants to do DevOps. But only few understand what DevOps is and what it does with your company. When you want to introduce DevOps in a company you need to convince decision makers that it is worth to invest money / time / resources into the DevOps transformation. They will ask you about the business case and the return on investment of DevOps. In this talk I will show you how to convince the decision maker about the business case and the return on investment of DevOps, so that you get the money / time and resources for your DevOps transformation.
The intent of this talk is to share the experience of building such a service and deploying it on a Kubernetes cluster. In this talk we will discuss all the requirements which an enterprise grade Hadoop/Spark cluster running on containers bring in for a container orchestrator. This talk will cover in details how Kubernetes orchestrator can be used to meet all our needs of resource management, scheduling, networking and network isolation, volume management etc.
For developers, the benefits of a cloud native approach are quickly clear. However, these advantages are not as readily apparent to people who don’t code - yet those same people usually hold decision making and budgetary power. This talk seeks to explain the what, why, and business benefits of being cloud native without diving into code. Audience members will learn how to explain cloud native technologies to non-coders and give the business case for a cloud native approach at the organizational level.
The world of IT and technology is moving faster than ever before. Cloud native technology and application architecture have been influencing and disrupting the software engineering discipline for the past years and there is no end in sight. But according to Gardner we are currently entering the trough of disillusionment. So does this mean we followed the wrong path and that we should turn back? Hell no!!! Despite of all disbelievers and trolls: cloud native is neither a failure nor a hype anymore! It will become mainstream. We already see widespread adoption at all our customers. Of course there still is a lot of room for improvement. No doubt about that. Technology, methodology, processes, operations, cloud native architecture and software development need to mature even further to become boring and ready for the enterprise. This is software industrialization in its purest form. And our skills and expertise are required to make this happen.
Ashutosh will present the quirks of scaling up Custom Controllers - around implementing mutex, handling upgrades and best practices around versioning of the CRs. The talk is based on the experiences of running Custom Controllers in openebs project. CRs are crucial part of Kubernetes ecosystem enabling projects to put their own sauce within Kubernetes environment. Whenever it comes to access/modify a resource in the world of concurrent programming the very first thing that would come to our mind is mutexes to avoid undesired behaviours. This talk will walk through live examples of code and CR YAMLs.
One of the most popular tools among data scientists are Jupyter Notebooks. The open source web application provides an environment to document and execute code, inspect the results and visualize data without leaving the environment. We show, how Docker and kubernetes enable the deployment of a pre-configured data science environment, the so-called JupyterHub. The shared resources of the multi-user version of the notebooks can be managed efficiently by kubernetes. This makes it easy for business analysts and data scientist to access computational environments and resources in the cloud without having to worry about dependency management, installation and maintenance tasks. #kubernetes #jupyterhub #datascience
Over those past two years we’ve deployed a new platform based on Kubernetes for developing, testing and deploying XING's applications. Today most of our workloads run on this platform but the road sometimes felt a bit bumpy. From misconfiguration, to software bugs in the Kubernetes ecosystem or even Kernel race conditions, we encountered a variety of problems. In this talk we will discuss some of those issues and how we fixed, mitigated or worked around them.
Kubernetes has become the de-facto standard to run you containerized applications in the cloud: over the past years, we have seen a very steep adoption curve and many interesting projects around it. This workshop aims to give an introduction to Kubernetes. We will start by understanding Kubernetes' basics concepts and principles and step by step move to more advanced topics. By the end of this workshop, you will have a grasp on how Kubernetes works under the hood and what you can achieve with it. Also, you will be able to deploy a simple application to Kubernetes and scale it.
At Lunar Way we have been running Kubernetes in production for over two years. This presentation will be an experience report of the challenges we faced and how we overcome them. We started running Kubernetes in March 2017 to support at that time, 7 microservices. Today we manage around 80 microservices in production. In this presentation, Kasper will touch upon topics such as; finding the right abstraction (do developers need to care about Docker and Kubernetes?), Release Management with Git as the single source of truth (GitOps), and lastly Kubernetes Operations (kops) and the quirks that it comes with.
Kasper is a Cloud Native Computing Foundation Ambassador, and co-founder of the Nordic meetup alliance, Cloud Native Nordics, where he serves as Community Lead. He works as Lead Platform Architect at Lunar. He has worked at Lunar for 6 years, and is one of the architects behind the... Read More →
Wednesday June 26, 2019 9:45am - 10:20am CEST
Big TentHafenmuseum Hamburg Kopfbau des Schuppens 50A Australiastraße 20457 Hamburg
When it comes to adopting containers in the enterprise, Security is the highest adoption barrier. Is your organization ready to address the security risks with containers for your DevOps environment? In this presentation, you'll learn about best practices for: - Addressing the top container security risks in a container environment including images, builds, registry, deployment, hosts, network, storage, APIs, monitoring & logging, and federation. - Integrating continuous security for containers in the CI/CD pipeline - Deployment strategies for deploying container security updates including recreate, rolling, blue/green, canary and a/b testing.
Good APIs are the center piece of any successful digital product and cloud native application architecture. But for complex systems with many API consumers the proper management of these APIs is of utmost importance. The API gateway pattern is well established to handle and enforce concerns like routing, versioning, rate limiting, access control, diagnosability or service catalogs in a microservice architecture. So this session will have a closer look at the cloud native API gateway ecosystem: Ambassador, Gloo, Kong, Tyc, KrakenD, et.al. But which one of these is the right one to use in your next project? Let's find out. Leander will start off by briefly explaining the API gateway pattern and derive a simple criteria catalog. He will then continue by comparing and showcasing the most promising ones.
By applying some essential security measures, you can make your Azure Kubernetes Service solution a much harder target for hackers. But how do you do that, while still deploying to production multiple times a day? You can do this by embedding application security into your development process. For example, you model threats your application may face and add countermeasures up front. And inside the delivery pipeline, you monitor your repository for vulnerabilities. But there's more! In this talk I'll show you what you need to know.
When deciding for Kubernetes as a general purpose platform and a general architectural shift to microservices, service meshes provide important functionality for managing and securing the communication (between services). We'll show general properties of service meshes and specifically how Istio implements them. A core feature we are interested in is the integration of legacy services by using mesh expansion. We'll share our learnings about the restrictions and caveats we found during this evaluation and the general findings about using Istio in a multi-tenancy environment.
Kubernetes in general, and Istio in particular, have changed a lot the way we look at Ops-related constraints: monitoring, load-balancing, health checks, etc. Before those products became available, there were already available solutions to handle those constraints. Among them is Hystrix, a Java library provided by Netflix. In particular, Hystrix provides an implementation of the Circuit Breaker pattern, which prevents a network or service failure from cascading to other services. But now Istio also provides the same capability. In this talk, we will have a look at how Istio and Hystrix implement the Circuit Breaker pattern, and what pros/cons each of them has.
My name is Egor Balyshev, and I am a proud member of the team who built the new platform for XING on top of Kubernetes. In this session I will walk you through the design of our internal PaaS, talk about problems we encountered and solutions we found, reflect on Kubernetes programming interface and provide real examples of making developers' lives easier with automation and closed feedback loops. Keywords: Kubernetes, PaaS, GitHub, Jenkins, Golang, Groovy, custom controllers, Prometheus, CLI, lessons learned.
Getting Kubernetes up and running on Microsoft Azure can be as easy as a couple of clicks. Preparing the environment for handling highly sensitive workload requires a bit more work. Starting with a fully automated setup of all Azure and Kubernetes components down to restricting communication of system components and workload to the bare minimum. We will show you how to combine different Azure and Kubernetes security features to achieve a setup you can trust with your data.
Integration tests are extremely valuable but very hard to maintain and to write. You need to provision and manage the lifecycle for the dependencies that your application uses such as caches and databases. Testcontainer is an open source community all focused on solving this kind of problems across many languages. Gianluca is the maintainer of the Golang implementation that uses the Docker API to expose a test-friendly library that you can use in your test cases. During this talk, he will show you how to use testcontainer to write unit tests in Go with very low overhead.
This talk suggests to perform automatic testing of the release candidate against other real services started in Docker. TestContainers library facilitates simple start up of services and their dependencies, i.e. (No)SQL databases in containers. The lib has a list of valuable features which significantly simplify a developer’s life. In the demo part a simplified version of a SMS platform is emulated. Apart from Spring Cloud Eureka there are 3 more business services built on Spring Boot. One of them is Acceptor which accepts clients requests, consults Billing on a decision whether to proceed with a request or not. Eventually Sender does an actual submit of an SMS to a mobile operator. Later the operator pushes a delivery report to Sender’s endpoint which should be matched to the submitted message and forwarded to Acceptor and then to client.
Probably everybody who uses Kubernetes in a productive environment with multiple users possibly has looked at policies. Often the operators of the cluster(s) just trust the policies but in some cases it might be useful to control if the policies actually have taken action and often there are just to many Policies in the cluster setup to manually test them all (and obviously you don’t want to do this). Testing the effectiveness of the Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose. Also we will show you some other tools and how they complement our solution. As a takeaway you will get an overview of different testing strategies for policies, as well as understanding challenges in testing policies in general and the Kubernetes ecosystem.
Helm provides excellent application portability and makes a whole new engineering workflow possible that eliminates bottlenecks, saves money, and is enabling teams to become high-velocity engineering machines. See how real companies are using Helm to build software faster with downloadable slides to help you make the business case back at HQ.
With Rancher labs release of k3s distribution, there is a new game changer for Edge Computing and Embedded Setups running kubernetes. Does k3s run on raspberry pi? Do you need a lot compute resources? Can it be used of IOT? Michael Vogeler will have a close look at k3s. He will show some insights regarding the management and use cases of k3s.
My talk is about some common anti-patterns seen with React. I teach React at an evening coding bootcamp and also work as Lead Front-End developer during my day job. Over the last 2 years, I have taught tens of people how to write applications in React and spotted some mistakes and anti-patterns people often make. These include unnecessary state and props fields, visibility props, non-generic “generic” components, controlled components used in a non-controlled manner, directory location disparity between related components and many others… This talk will summarise my experience and observations dealing and resolving such anti-patterns and what we can do to avoid them.
Finding your place and grasping the idea of DevOps is very much depending on the personal motivation and the environment you work. They do not teach you this in schools or trainings. In this talk, I am going to share my journey. You will see the representation of a story that adopts DevOps as a mindset rather than team structures or tools. The talk will be a story-line that is supported by real-world examples from the experiences of an engineer’s road-map to DevOps.
Bootstrapping a Kubernetes cluster is easy, rolling it out to nearly 200 engineering teams and operating it at scale is a challenge. In this talk, we are presenting our approach to Kubernetes provisioning on AWS, operations and developer experience for our growing Zalando developer base. We will walk you through our horror stories of operating 100+ clusters and share the insights we gained from incidents, failures, user reports and general observations. Our failure stories will be sourced from recent and past incidents, so the talk will be up-to-date with our latest experiences.
The story of transitioning a large financial company to practice Continuous Delivery on top of Openshift using only open source solutions. Cloud Native is new and rapidly evolving, which makes enterprise clients anxious -- so they jump to large, monolithic vendor solutions in search of an automatic “right answer.” These solutions can be over complicated and rigid, ultimately stifling innovation. This financial institution needed a system flexible enough to support about fifty development teams independently deploying microservices while enforcing strict security and compliance requirements. Using open source tools we were able to give our client exactly the security and flexibility they needed, without locking them into a one size fits all solution. Our solution is built using the Gitops pattern, Jenkins, Docker and Openshift/Kubernetes - all open tools which can be used at any other company. I will explain the design decisions, the technical solution and the challenges of onboarding development teams to the new platform.
Few months ago I met a team: 8 developers working on a B2C app of car renting. They were tired, so tired ... Their vagrant was slow, the server crashed two or three times a week without restarting and without any logs, a roll out to production took 2 days to be tested, by hand ... Together we decided to react, let's have the Roll's Royce of the development environnement! Thus I've dockerized the app, I've created a Kubernetes cluster, I've added Spinnaker to the loop and some other stuff. We had some up and down, some smile and tear, but we finally did it and we have no regret. That what's I want to tell you with all the thing we learned along the way.
What to do in integrating classic, monolithic structures with the dynamic demands of a modern, container-based microservices platform? Just get on with it and 'turn a sports car into a steamroller'? Or is there a path to 'peaceful' coexistence? We offer an experience report.
The latest container orchestrators have finally driven us to think for abstraction without worrying about the underlying concrete implementation: until we're talking about containers we know the 'black magic' behind the hood (namespaces, cgroups, overlayfs). Even the container approach helped the world to leverage applications delivery it has become obsolete (sic) since the newest cloud-native architectures require complex patterns such as Ambassador, Configurator, Adapter and much more. People assume that a Pod is just a container, often: obviously this is not true... and by the way, who knows what is a Pod exactly, how is made of, and how Kubernetes orchestrates it? The goal of this talk is to provide a low-level description of what a Pod is and how Kubernetes help us to work with this kind of resource in order to approach container patterns, demonstrating with a live coding demo how to build a simple Pod in order to understand the Kubernetes internals that provides this computational resources abstractions.
This talk provides an overview on usage of the Open Service Broker API in practice. We show the fundamental concepts how to develop, publish and consume services using a service broker. We report from our experience and present lessons learned based on a real-world project.
One of the best features of Akka is Akka Cluster. Akka cluster allows for building distributed applications, where one application or service spans multiple nodes. From its initial release in 2013, Akka Cluster needed a node management system to manage the Akka nodes and to provide a resilient and elastic platform. With Kubernetes Akka finally has the node management system that is has been waiting for. Akka Cluster has been designed to gracefully handle nodes leaving and joining a running cluster while continuing to run. Kubernetes adds and removes nodes as needed to increase capacity or to recover from failures. In effect, there is a perfect symbiosis between Akka Cluster and Kubernetes. In this talk, we will look at and demonstrate how Akka Java Cluster and Kubernetes work together and how together they form a beautiful relationship.
This talk will cover the most common primitives in Kubernetes from defining a Pod to networking. After the talk, you will know its objects well enough to deploy your application to a Kubernetes cluster with confidence. You will get a solid understanding of the mechanics and components and be equipped with a Kubernetes vocabulary.
This session will show what makes big data and big computing facilities different from traditional containerized environments and why that hinders container adoption. After highlighting the problems Christian will discuss how the lack of easy data and hardware access can be overcome and how the delicacies of kernel and user-land drivers are addressable using the OCI image specification and CI/CD showcasing tensorflow workloads.
