REVIEW THE TALKS 2020 IN VIDEOS AND SLIDES
DAVID PILATO – Visualize Your Threats
Knowing what is going on in your environment is an important part of staying on top of security issues. But how do you capture relevant metrics and visualize them? One widely-used tool for that job is the Elastic Stack, formerly known as the ELK stack. This talk shows how to ingest relevant metrics from your network and hosts as well as how to easily visualize them to find suspicious patterns and behaviors. We will be also using the latest tool named SIEM.
PAOLO MAINARDI – The path to a Serverless-native era with Kubernetes
Serverless is one of the hottest design patterns in the cloud today, i’ll cover how the Serverless paradigms are changing the way we develop applications and the cloud infrastructures and how to implement Serveless-kind workloads with Kubernetes.
We’ll go through the latest Kubernetes-based serverless technologies, covering the most important aspects including pricing, scalability, observability and best practices.
JAN-HENDRIK PETERS – Enterprise CI/CD Integration Testing Environments Done Right
This talk will dive into automatically building fresh, enterprise-ready testing environments with AutomatedLab to better support integration testing in your build and release process. We will explore how AutomatedLab can help Dev and Ops people easily build their own highly-customizable, idempotent lab environment that is able to fully resemble their existing infrastructure.
After this session you will be able to test better and with more confidence.
SEBASTIAN GUMPRICH – Ignite talk: So you want to deploy stuff into MY infrastructure?
This ignite talk is about high-level requirements that I, as an operations-person, talk about with developers when they want to deploy their new software in “my” platform and how I’ll help them achieve these. They include (among other things) topics like software-architecture, backup and recovery, monitoring, logging and high availability.
STEFAN SELS – Ignite talk: Build your own S3 storage with min.io
min.io allows you to setup an S3 storage on your private cloud infrastructure that is 100% compatible with AWS (you can use the AWS S3 client to interact with min.io). It has a wide range of authentication and notification options. For instance you trigger a webhook to your REST API if a file is created and automatically process them. It is optimized for high performance and is used in production.
MARIUS GEBERT – Ignite talk: Monitoring is a Critical Mess
Everyone has an opinion about monitoring. But let’s be honest, whether consciously or not, we all know our monitoring is out of control. In this talk we’ll discuss how crazy monitoring can get while we struggle to stay sane. In 20 slides I will show you all the things that will drive you crazy one day or another – if not already.
MONIKA KHANNA – How to get Customer Retention
High level of customer satisfaction is a business goal for every brand and a key to success.And, you know what? This actually makes me extremely happy and excited. I love the fact that companies are taking efforts to make their customers happy in addition to thinking about the product and services offered. Businesses now know the importance of maintaining a good relationship with customers.While it is relatively easy to say, it is much more difficult to maintain and actually keep your customers happy and satisfied with the services or products you provide.
FALK STERN – DevOps im Mittelstand
It’s Monday. The door flies open, your boss enters the room and shouts: “We need DevSecNetOps now! Otherwise we are doomed!” Apparently he has met someone on the golf course over the weekend… What is DevOps any way and how to start your journey when you are a medium sized company – this session will give some insights from a consultant perspective and talk about actual roadblocks, which you will encounter, one way or the other.
DENIS ROSA – Databases on Kubernetes: Why you should care
Developers always expected databases to work out-of-the-box, but historically it is the exact opposite.
With the rise of Kubernetes StatefullSets and CRDs, we started thinking about running databases on it. But why should I do that in the first place? How hard is it? Which are the challenges? Is it production already? All those questions will be answered during a live demo where we will deploy a database, deploy an operator, fail nodes, scale up and down with nearly no manual intervention.
MARTIN HINSHELWOOD – Agile Evolution: An Enterprise transformation that shows that you can too
“That would never work here.” You’ve likely heard this sentiment (or maybe you’ve even said it yourself). Good news: change is possible. Martin Hinshelwood explains how Microsoft’s Azure DevOps Services formerly VSTS went from a three-year waterfall delivery cycle to three-week iterations and open sourced the Azure DevOps task library and the Git Virtual File System.
There is a lot we can learn both from Microsoft’s success and failures in moving towards Scrum, Agile, & Continuous Delivery.
PAUL STACK – Infrastructure as Software
In this talk, Paul will demonstrate why writing infrastructure in general programming languages is a better way to is a better choice for infrastructure management. Pulumi is an open source tool that allows users to write their infrastructure code in TypeScript, Python, DotNet or Go.
General purpose languages allow infrastructure code to have integrated testing, compile time checks as well as being able to create infrastructure APIs and is more suited to infrastructure management than DSLs, JSON or YAML. In addition, he will demonstrate how to build infrastructure that manages Serverless, Kubernetes, PaaS and IaaS systems across multiple cloud providers.
AIKO KLOSTERMANN – Artificial Intelligence? – more like Artificial Stupidity!
Nowadays “Artificial Intelligence” is everywhere! And rightly so, it does enable us to do really cool things, things we couldn’t even imagine doing just a decade ago. In fact, it sometimes just feels like magic. This ‘magic’ behind it is often powered by “Machine Learning”. But even “AI” has its limitations.
I’ll show examples where “AI” and ML have failed (sometimes with horrible consequences) and will explain why failures are unavoidable in ML but also mention what we can do to reduce them in the future.
Furthermore, I’ll showcase how current AI implementations discriminate against minorities and how that in some cases even leads to a higher risk of death for those groups.
I’ll cover the bias that humans introduce and I’ll explain how poor choice of data makes our world even more unjust than it already is.
JORGE MARÍN – Testing in production: Ideas, experiences, limits, roadblocks
Are you afraid of testing in production? Do you test in production? Do you use real data? By definition testing in production is hard. This talk puts together my experience testing in production a large scale backend system and APIs that affects millions of users. Experience, ideas, limits, roadblocks, tips and more.
MICHAEL COTÉ – The blinking cursor or kubernetes for people who aren´t supposed to use it
You’ve got kubernetes up and running, and you’re ready for it to change your life! But, all you see now is a blinking cursor. What do you do now?!
This talk explains what cloud native development is, how kubernetes supports it, and give you a toolkit to start planning for how you’ll use kubernetes to improve the way your organization builds, runs, and manages your software. Drawing on case studies, you’ll get a brief introduction to what kubernetes is from a developer’s perspective and then guidance on how to use kubernetes as the basis for your organization’s development stack.
Large organizations that are managing and modernizing thousands of applications are planning out their new application platform, likely to be used for the next decade. This talk covers how to start planning for that platform:
- Understanding what kubernetes does and what you’ll need to add on.
- Planning for large scale app modernization, like the 2,000+ apps at AirFrance-KLM.
- Meatware re-platforming – to take advantage of your new platform, like The Home Depot & Daimler, you’ll need to change how you work.
After this talk, you’ll have a better idea of what to do next once you’re faced with the blinking cursor.
SAYANTIKA BANIK – Let’s Debug Django like pro
Writing clean code, with good logic is important.
But how about debugging the same like a pro and build pretty graphs?
“Debug like a pro just like you code”
Print statements though easy and powerful don’t help in understanding the behavioral aspects. In order to perform functionalities like visualizing the error/warning rates, we need an advanced debugging tool.
Through my talk, I aim to introduce debugging libraries like “logger”. Logger can be incorporated with Django with a couple of lines of code, which not only helps us understand the errors, but also the possible areas of improvement.
ABHIJEET KASURDE – Ansiblizing your VMware REST API
VMware recently released REST APIs for automating various day1 and day2 activities in VMware infrastructure. This session shades a light on using Ansible – configuration management tool to automate VMware infrastructure using REST APIs. Attendees will get a clear picture how they can easily and reliably automate the VMware infra using Ansible.
PRANAV PARIKH – Scalable testing infrastructure with Kubernetes and Concord
# Testing at scale
Genuine CI/CD can’t be accomplished without continous testing. At organizations like Walmart, where about 50k deployments happen every day, we need a robust and scalable test infrastructure to execute these tests.
## Concord
We use Concord (http://concord.walmartlabs.com/) for deployments.It is an orchestration engine that connects different systems together using scenarios and plugins.
## Testing challenges
The teams at Walmart excel at automated testing and with about 1M of CI jobs running 24X7 (many of them run end-to-end tests for an hour or two), we’re at risk of hoarding the resources on our CI/CD servers. We needed a flexible and scalable solution which can meet the needs of the teams who run long end-to-end tests.
## Solution
We created a Concord plugin which will allow the users to leverage the Kubernetes infrastructure to run their end-to-end tests. Users can submit their Docker image for tests to Concord. It spins up a container called `Orchestra` which in turn spins up the jobs and suspends the Concord process. Once the jobs complete, it resumes the Concord process and users can continue with their flow.
## Advantages
1) Reliable and clean environment for testing
2) Scalable testing infrastructure with Kubernetes
3) Immutable and repeatable testing
PETAR RADOSAVLJEVIC – Ignite talk: Infrastructure-level solutions for modern Microservices
Modern data-intensive microservice applications live in cloud and containers, they use machine learning techniques and serverless functions in data pipelines. Microservices should be efficient, scalable and decoupled, but the integration of services is very challenging through the application’s code. I will show how this can be accomplished by using service mesh that
fundamentally changes how services are managed without changing the single line of code in services. Application’s code stays simpler and easier to maintain, which is preferable in many ways for both developers and operations, and on the other hand – scalability, security and observability increases.
DANIEL NEUBERGER – Ignite talk: Data&Service Quality First!
Fast like this ignite talk most of the Dev and OPs out there want to collect fast all information and events in one bulk. Better preparation before the ingest gives you less effort during the processing. Bee agog!
JJ ASGHAR – COBOL on Kubernetes
With Kubernetes owning the mind share of the next generation of applications, legacy applications are getting farther and farther behind. There is hesitation around moving these legacy applications to this new control plane and platform. They were developed at a time when there was a specific and consistent way of developing software allowing Developers to focus on the business value instead of the Operations requirements. The world is quickly moving on, and the software that runs a significant amount of the world is being left behind. This talk, I’ll walk through what I thought was originally a joke of a project, that became a perfect litmus test of why any developed application can run on this unified platform. With a measured amount of engineering effort, your company can move any language and any developed application to Kubernetes, gaining the power of both the shared control plane and Cloud Native velocity of development.
NICOLAS FRANKEL – Mgmt Config: Advanced demos and Internals for hackers
A couple of years ago, continuous integration in the JVM ecosystem meant Jenkins. Since that time, a lot of other tools have been made available. But new tools don’t mean new features, just new ways. Beside that, what about continuous deployment? There’s no tool that allows to deploy new versions of a JVM-based application without downtime. The only way to achieve zero downtime is to have multiple nodes deployed on a platform, and let that platform achieve that _e.g._ Kubernetes.
And yet, achieving true continuous deployment of bytecode on one single JVM instance is possible if one changes one’s way of looking at things. What if compilation could be seen as changes? What if those changes could be stored in a data store, and a listener on this data store could stream those changes to the running production JVM via the Attach API?
In that talk, I’ll demo exactly that using Hazelcast and Hazelcast Jet – but it’s possible to re-use the principles that will be shown using other streaming technologies.
PETER ZAITSEV – The Path to OpenSource DBaaS with Kubernetes
DBaaS is the fastest growing way to deploy databases. It is fast and convenient and it helps to reduce toil a lot, yet it is typically done using proprietary software and tightly coupled to the cloud vendor. We believe Kubernetes finally allows us to build fully OpenSource DBaaS Solution capable to be deployed anywhere Kubernetes runs – on the Public Cloud or in your private data center.
In this presentation, we will describe the most important user requirements and typical problems you would encounter building DBaaS Solution and explain how you can solve them using Kubernetes Operator framework.
FLORIAN WIETHOFF – SecDevOps in der Cloud
Public Clouds werden mittlerweile von fast allen Unternehmen genutzt. Viele Verantwortliche vergessen dabei jedoch, dass die Sicherheit ihrer Cloud-Umgebungen zu großen Teilen ihre Aufgabe ist – Stichwort Shared Responsibility. Die Security Features, die von den Cloud Anbietern zur Verfügung gestellt werden – Firewalls, Reverse Proxys, Web Application Firewalls – sind zudem nicht auf dem Niveau, das man von ausgereifen On-Premises Lösungen kennt.
Dieser Talk soll Erfahrungen aus Cloud-Projekten im Bankenumfeld weitergeben. Ich werde die wichtigsten Anforderungen und Best Practices vorstellen.
JOSE ORTEGA – SecDevOps containers
Jose will speak about main tips for integrating Security into DevOps. He will share my knowledge and experience and help people learn to focus more on DevOps Security.In addition to the so-called best practices, the development of efficient, readable, scalable and secure code, requires the right tools for security development.
These could be the main talking points:
-How to integrate security into iteration and pipeline application development with containers.
-How to secure development environments.
-DevOps security best practices
IGNAT KORCHAGIN – Speeding up Linux disk encryption
Encrypting data at rest is a must-have for any modern SaaS company. And if you run your software stack on Linux, LUKS/dm-crypt [1] is the usual go-to solution. However, as the storage becomes faster, the IO latency, introduced by dm-crypt becomes rather noticeable, especially on IO intensive workloads.
At first glance it may seem natural, because data encryption is considered an expensive operation. But most modern hardware (specifically x86 and arm64) platforms have hardware optimisations to make encryption fast and less CPU intensive. Nevertheless, even on such hardware transparent disk encryption performs quite poorly.
POOJA PURSWANI – WebThings: Let’s Make Your Things Smarter
In today’s world where the security of our data of a major concern, the number of websites are always tracking what we search for, what we watch, our location and now when things are limited to only data, adding another dimension i.e. physical entities is really a big question.
From this talk audience will take away an understanding of the privacy concerns related to IoT, and how they may be putting their personal information at risk by connecting my physical entities to the internet and how Web Things come to the rescue. The goal is for visitors to leave with a better understanding of some of the issues surrounding the Internet of Things today, and how Mozilla is working to build a decentralized IoT with the Web of Things, to improve interoperability, privacy and security through standardization.
MICHEL SCHILDMEIJER – Replace your Docker based Containers with Cri-o Kata Containers for better security
They provide the workload isolation and security advantages of VMs. but at the same time maintain the speed of deployment and usability of containers.by using kata containers, instead of namespace, small virtual machines are created on the kernel and be strongly isolated. The technology of Kata Containers is based on KVM hypervisor. That’s why the level of isolation is equivalent to typical hypervisors. This session will focus on a live production phase when choosing kata instead of docker, and why they are preferable
Although containers provides software-level isolation of resources, the kernel needs to be shared. That’s why the isolation level in terms of security is not so high when compared with hypervisors.This learns to shift from Docker as the de facto standard to Kata containers and learn how to obtain higherl level of security.
MOHAMED ELSAKHAWY – Ignite talk: Opensource in Advanced Research Computing, How Canada did it !
Opensource software is becoming a pillar in our everyday life, leveraged by our cell phones, our transportation systems and on the websites we visit. In this quick talk, we will have a look on how Canada’s Advanced Research Computing (“ARC”) organizations use opensource software to deploy and operate some of the largest Supercomputers and Cloud deployments on Earth. We will briefly introduce the systems and dig deeper into the opensource technologies that together make the magic happen !
FEU MOUREK – Ignite talk: Flying Blind – Accessibility in our Tools
Do you know what it feels like to navigate as someone who can’t distinguish between green and red – looking at those badges that tell you whether something is broken or a-okay?
I’ll give you a quick look into what it feels like with some examples from the monitoring tool Icinga Web 2.
We all tend to forget, that not everyone sees the world like we do.
In this talk I’ll be walking you through different views in Icinga Web 2 with side-by-side comparisons for the default views and how different kinds of vision impairments affect those.
The talks also features a few suggestions on how to improve colour schemes and making websites and webapps better to navigate with screen readers!
RAIN LEANDER – Leveraging Procedural Knowledge: From Riding a Bike to Bare Metal Automation
On the road to senior engineer, one has to inhale multiple technologies. This often seems like a series of massive obstacles wherein each new technology resembles a new beginning. However, engineers often underestimate the extent to which procedural knowledge from one technology transfers to a new technology. In this talk, I will demonstrate that the process from OpenStack Community Liaison to Tinkerbell Developer Advocate was a series of procedural knowledge transfers, wherein the obstacles to learning reduces with each new technology that is learned. I will provide specific examples, from getting started to troubleshooting issues, and conclude with practical recommendations on how to create a coherent plan for transitioning from one technology to another.
RAHUL BAJAJ – Securing Infrastructure with Keycloak
OAuth protocol is often misunderstood as an authentication protocol but that is not the case. It is an authorization protocol used to provide authorization between two services. While OAuth does all the heavy lifting, authorization, it does not maintain an identity. At this point, OpenID Connect plays a vital role. It is a thin layer that sits on top of OAuth 2.0 and enables correct authentication for users and provides the correct identity. With the help of OpenID Connect, organizations can provide Single Sign On(SSO) functionality. In this talk, we will understand how one can leverage Keycloak, an OpenID provider, to perform Sign Sign On using the JSON Web Tokens(JWT). Most of the applications use the Session ID mechanism for authentication. Either they use the sticky mechanism or maintain a common database for multiple web-applications running the same server. Although this approach is used widely it is not scalable in nature. With the increase in adoption of the microservices architecture in applications lately, it has become difficult to scale your application using a Session ID. On the other hand, JWT proves to be an efficient methodology in this case. In this talk, we will gain a deep understanding of how to use the JWT for implementing the OpenID Connect protocol and I shall also demonstrate how I have implemented it in the Foreman project.
JOERG SCHAD – Challenges in Building Multi-Cloud-Provider Platform with Managed Kubernetes
Building a cloud-agnostic platform used to be a challenging task as one had to deal with a large number of different cloud APIs and service offerings. Today, as most Cloud providers are offering a managed Kubernetes solution (e.g., GKE, AKS, or EKS), it seems like developers could simply build a platform based on Kubernetes and be cloud-agnostic. While this assumption is mostly correct, there are still a number of differences and pitfalls when deploying across those managed Kubernetes solutions. This talk discusses the experiences made while building the ArangoDB Managed Service offering across and GKE, AKS, or EKS. While the (managed) Kubernetes API being a great abstraction from the actual cloud provider, a number of challenges remain including for example networking, autoscaler, cluster provisioning, or node sizing. This talk provides an overview of those challenges and also discusses how they were solved as part of the ArangoDB managed Service.