Embracing change: Policy-as-code for Kubernetes with OPA and Gatekeeper

As more enterprises migrate to cloud native environments like Kubernetes the need for more scalable ways to define and enforce fine-grained policies increases: how can I limit the number of replicas of a pod for certain users? how can I ensure that all images come from trusted registries? Gatekeeper, a CNCF project, allows to define policy as Kubernetes objects, making it easier to adopt policy-as-code practices in Kubernetes environments and sharing reusable policy templates. In this talk we will demo Gatekeeper for Kubernetes environments. You will learn how to adopt policy-as-code techniques and how you can integrate Gatekeeper with your existing tools.


Data Driven Security

The value of Machine Learning researching malware is as important as the human experience. This presentation outlines why Data Driven Security is more effective than traditional research methodologies, as it combines data, human experience and logic made by machines to define the verdict. The audience is exposed to the background, why logic created by Machine Learning algorithms is defined ‘optimal’, in the sense of a mathematical reflection of the data and labels collected over time.


Pragmatic App Migration to the Cloud: Quarkus, Kotlin, Hazelcast and GraalVM in action

At a point in the past, it was forecast that Java would die, but the JVM platform would be its legacy. And in fact, for a long time, the JVM has been tremendously successful. Wikipedia itself lists a bunch of languages that run on it, some of them close to Java e.g., Kotlin, some of them very remote e.g., Clojure. But nowadays, the Cloud is becoming ubiquitous. Containerization is the way to go to alleviate some of the vendor lock-in issues. Kubernetes is a de facto platform. If a container needs to be killed for whatever reason (resource consumption, unhealthy, etc.), a new one needs to replace it as fast as possible. In that context, the JVM seems to be a dead-end: its startup time is huge in comparison to a native process. Likewise, it consumes a lot of memory that just increase the monthly bill. What does that mean for us developers? Has all the time spent in learning the JVM ecosystem been invested with no hope of return over investment? Shall we need to invest even more time in new languages, frameworks, libraries, etc.? That is one possibility for sure. But we can also leverage our existing knowledge and embrace the Cloud and containers ways with the help of some tools. In this talk, I’ll create a simple URL shortener with a “standard” stack: Kotlin, JAX-RS and Hazelcast. Then, with the help of Quarkus and GraalVM, I’ll turn this application into a native executable with all Cloud/Container related work has been moved to the build process.


Ignite: Enabling multi-cloud and breaking vendor lock-in with Cloud Sidecar

Cloud providers offer numerous services that abstract away common problems from software developers. No longer do companies need to manage their own file storage solutions, message queues, key-value stores, etc… The problem is, once you start building software on top of these services you get locked into that specific cloud provider. This is better known as vendor lock-in. Of course, the more services you use the harder it is to go multi-cloud or switch clouds. Cloud Sidecar solves the problem of vendor lock-in by converting requests from one cloud’s API to another cloud’s API. So, if your applications use Amazon Web Services’ S3 and SQS, you can easily deploy Cloud Sidecar next to your application and now it automatically uses Google Cloud’s GCS and Pubsub. Learn about Cloud Sidecar, how it works, how easy it is to modify your software to use it, and how you can deploy it.


Ignite: The Importance of Visuals in Teaching Code and Reducing Bias

Coding can be taught line by line but not everyone is comfortable with purely text and logic based explanations of coding. The current status quo is to teach showing lines of code with inputs and outputs however a lot of visual learners are not going to easily grasp that. What if there was a way to communicate the code concepts with images? This talk will show how using geometry and modeling can acclimate novices to coding concepts using visual-spatial examples reinforced by coding concepts applicable anywhere.


GitOps: yea or nay?

GitOps is a paradigm or a set of practices that empowers developers to perform tasks which typically (only) fall under the purview of operations. It’s a way to do Kubernetes cluster management and application delivery by using Git as a single source of truth for declarative infrastructure and applications. Being Git at the center of delivery pipelines, engineers use familiar tools to make pull requests to accelerate and simplify both application deployments and operations tasks to Kubernetes. GitOps software agents (e.g. ArgoCD, Flux and Jenkins X) can alert on any divergence between Git with what’s running in a cluster, and if there’s a difference, Kubernetes reconcilers automatically update or rollback the cluster depending on the case. This talk will include a demo of ArgoCD/Flux/Jenkins X on how to configure and use it to accelerate and simplify application deployments.


Autoscaling with HashiCorp Nomad

Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure, but we have not nearly spend enough time to train our self to review, monitor and respond to outages. Does our platform degrade in a graceful way or what does a high cpu load really mean? What can we learn from level 1 outages to be able to run our platforms more reliably? We all love infrastructure as code, we automate everything ™. However, making sure all of our infrastructure assets are monitored effectively can be slow and resource intensive multi stage process. During this talk we will investigate how we can setup nomad cluster that can automatically scale our infrastructure both horizontally as vertically to be able to cope with increased demand by users/ This talk will focus on making sure we on configuring Nomad and its new autoscaler component to be able to make data driven decisions about scaling nomad jobs in or out to fit current customers usage.


Setup and Open Policy Agent for a multi purpose scientific platform

At the Italian National Institute for Nuclear Physics (INFN) an effort is being made in leveraging modern cloud-native paradigms to build the scientific analysis infrastructure of the future. The talk will focus on the adopted storage platform that is based on with a fine grained authorization model obtained by the combination of the AWS STS authentication flow and the native integration with the OpenPolicyAgent. Moreover, a set of tools have been developed to allow users to access data with different mode spanning from the canonical S3 APIs until a POSIX like experience.


Continuous Security – integrating security into your pipelines

In the world of continuous delivery and cloud native, the boundaries between what is our application and what constitutes infrastructure is becoming increasing blurred. Our workloads, the containers they ship in, and our platform configuration is now often developed and deployed by the same teams, and development velocity is the key metric to success. This presents us with a challenge which the previous models of security as a final external gatekeeper step cannot keep up with. To ensure our apps and platforms are secure, we need to integrate security at all stages of our pipelines and ensure that our developers and engineering teams have tools and data with enable them to make decisions about security on an ongoing basis. In this session I will talk through the problem space, look at the kinds of security issues we need to consider, and look at where the integration points are to build in security as part of our CI/CD process.



We accidentally created a Cloud on our IBM Cloud

Part of the job of a Developer Advocate is the ability to demo or show off portions of your technology stack to possible users. At IBM this is no different for us, but there is a gap on the scale of what our requirements are and what the provisioning of our cloud infrastructure was. In this talk we will describe our situation, our iterations on what we tried and the painful portions of them, and how we accidentally created a Cloud interface on top of the IBM Cloud, or easier said, we created a Cloud on our Cloud.
Ideally, we will show our journey and the lessons we learned along the way, and as an audience member, you will come away with nuggets of useful tooling to make your cloud usage more streamlined, and hopefully, you will see the pitfalls we fell in and you can avoid them yourself. We will show off some bad code, some good code, and some robust code; all open source and available to allow you to leverage it too.


First hand experience: How Nextcloud stayed productive during COVID-19

We are all now experiencing that remote working and virtual conferencing are important tools to stay connected. Not just in current circumstances but also in the wider future. That is why it is important to offer an easy-to-use, efficient, and quick replacement. Nextcloud is a platform for complete online collaboration and communication and can help to quickly adept and stay connected. Nextcloud is built by Nextcloud GmbH that has employees in home-offices in 11 countries and the Nextcloud Community which is spread all over the world. This talk gives an inside look at how Nextcloud GmbH works together with the Nextcloud community-building Nextcloud. It covers different communication channels that work for synchronous and asynchronous communication, how coordination in distributed teams works, and how good and efficient collaboration around documents is possible. Additionally, but also very important to share, this talk covers some of the challenges and solutions on how to successfully work across different countries, time zones, languages, and cultures.


How we finally migrated an eCommerce-Platform to GCP

As Squad Architect Platform I supported the platform-team to migrate a complete ecommerce-environment to Google Cloud Platform. By sketching out various migration-steps, technical concepts and tooling I will explain we did the migration exactly this way.


Monitoring Microservices The Right Way

Modern systems today are far more complex to monitor. Microservices combined with containerized deployment results in highly dynamic systems with many moving parts across multiple layers. These systems emit massive amounts of highly dimensional telemetry data from hardware and the operating system, through Docker and Kubernetes, all the way to application and its databases, web proxies and other frameworks. Many have come to realize that the commonly prescribed Graphite+StatsD monitoring stack is no longer sufficient to cover their backs. New requirements need to be considered when choosing a monitoring solution for the job, including scalability, query flexibility and metrics collection. In this talk Horovits will look at the characteristics of modern systems and what to look for in a good monitoring system. He will also discuss the common open source tools, from the days of Graphite and StatsD to the currently dominant Prometheus. This talk will put you on the right track for choosing the right monitoring solution for your needs.


Fuzzing: Finding Your Own Bugs and 0days!

This presentation has as objective to explain how 0day are found through Fuzzing technique. I’ll be explaining how you can create a fuzzer, what are types of fuzzing and types of targets. And how you can find a Buffer Overflow vulnerability and write your own exploit. PoC demos included, of course! (include 2 movies PoC).


On-call done right: how even a developer can help

It is another night on-call, and a customer is reporting a problem with one of your key services. The logs and the monitoring systems tell you nothing, and so it is time to wake up one of the on-call developers. You can already predict what they are going to say – that they “don’t see anything on their end” and that they “can’t understand why you woke them up, again, for what is clearly a problem on your end”. Same old, same old… You have to remember, though, that while you have all the tools at your disposal – the developers don’t. They wrote and pushed the code, and at that point have transferred the responsibility to you – they don’t have the same context. This talk discusses this gap, and what we can do to close it.


Stretching the Service Mesh Beyond the Clouds

We hear a lot about using service mesh with Kubernetes and public clouds, but what about outside the clouds? In this talk, you’ll learn creative ways to apply a service mesh across different platforms and environments to automate canary deployments, facilitate cloud migrations, and more. By combining HashiCorp Consul’s service mesh and Terraform’s infrastructure as code, you can build a more seamless operational experience across multiple environments.


How DevOps changed the way we operate software

It’s been more than a decade since the inception of devops. A lot has changed since then. We now live in a world where many traditional ops responsibilities distributed among teams. We are also seeing a dramatic change in how we do ops. Ops people are now writing code and testing them the way developers write business logic. But does this give enough context? Of course not. In this talk, we are going to cover how devops change the way we create and run software – and talk about what is next!


The Tyranny of Taylorism and how to spot Agile BS

Even those that developed and industrialised waterfall no longer believe it has value, and they still struggle with the tyranny of Taylorism. While 81% of all development shops say that they are adopting agile, the reality is far from it; only 22% do short iterations, 16% have ordered backlogs, & 13% do retrospectives! They still lack feedback loops. This talk will take a walk through history from 1890 through to the present and follow the rise and eventual fall of Waterfall in the very organisation that developed it; the US Military-Industrial Complex. From communities through the industrial revolution, mechanisation of the workforce, the first MBA’s, the pursuit of hierarchical plan-driven solutions, and bureaucracy to the realisation of reality and the struggle to change.

1880 – Social, Family, Community, Problem Solving
1890 – Industrial Revolution and mechanisation of the workforce
1906 – First MBA and enshrinement of the carrot and the stick
1920 – First ideas that people are different ridiculed
1950 – Sequential work adopted by US Military
1970 – Waterfall designed and adopted
1993 – First Scrum Project
2001 – Agile Manifesto
2010 – Consultation on new DOD procurement rules
2013 – New Procurement rules mandating iterative delivery go live
2018 – Detecting Agile BS
2019 – USAF Memo

Future – Social, Family, Community, Problem Solving


Reference Architecture for a Cloud Native Digital Enterprise

In an era of digital transformation, (digital) enterprises are looking for fast innovation through effective collaboration to deliver more value to their customers with dramatically less effort. Digital enterprises enable companies of every sector to integrate, expose, and monetize their business capabilities by digitizing entire value chains. As a result, APIs have become the norm to expose integrated business functionalities to deliver an enhanced digital experience. Enterprises can start their digital transformation in greenfield or brownfield; in both cases, having a well-defined API-led integration architecture is important. Apart from integration and API platforms, these architectures should be able to provide agility, flexibility, and scalability. This session discusses a vendor/technology-neutral reference architecture for a cloud native digital enterprise to increase productivity by having agility, flexibility, and scalability through automation and services. The architecture discussed in this session can be mapped into different cloud-native platforms (Kubernetes and service mesh), different cloud providers (Microsoft Azure, Amazon AWS, and Google GCP), and infrastructure services to perform the implementation.


Why you should take care of infrastructure drift

As infrastructure as code (IaC) becomes widely adopted by users with heterogenous skillsets, and as IaC codebases become larger and larger, it becomes harder to track drift. Drift is a deviation between the actual infrastructure state and the IaC codebase. It causes issues for security posture management, collaborative work, and maintenance. There are a lot of juicy stories from the trenches to be told on infrastructure drift. Sure enough, we all do GitOps by the book! Or we all have the right processes in place. But we also have to interact with other teams. We also have to grant some level of access to our infrastructures to some services or tools that may eventually generate uncontrolled changes. You can’t efficiently improve what you don’t track. We track coverage for unit tests, why not infrastructure as code coverage? How can we make sure our infrastructure code matches our actual infrastructure state? In this talk, using Terraform with AWS resources, I will show how infrastructure drift can go undetected despite our best efforts or tooling and cause issues and end the talk by showing our own free and open source tool driftctl, (just released under Apache-2.0 licence) that tracks IaC coverage and warns of infrastructure drift.


Introducing Thola – A tool for Monitoring and Provisioning Network Devices

Thola is a new open source tool for identifying, reading and monitoring network devices.
It serves as a unified interface for communication with devices from various manufacturers and features a check mode which complies with the monitoring plugins development guidelines.
Therefore it is compatible with Nagios, Icinga, Zabbix, Checkmk, etc.
One new focus of Thola is its integration into Ansible.
It enables inventorying network devices regardless of their vendor or operating system.
This talk will inform about the current state of development as well as planned features.
You will learn how to use Thola to improve inventorying and monitoring your network.


Help, My Datacenter is on Fire

Most people will claim that this never happens, others hope it never happens, but it happened on March 10, 2021, and it was not just the 1 datacenter that got impacted, but the whole campus of the provider that got powered down. This talk will explain how our customers survived this outage, how our culture, opensource tooling and automation saved the da(y,ta). A talk about disaster recovery, business continuity plans and building cloud agnostic stacks that survive disasters.


Kubernetes Native Continuous Deployment with FluxCD, Flagger, and Linkerd

With many services going online that have rapidly growing user bases plus the expectation of being both resilient and innovative at the same time, continuous delivery has become a necessary practice. By employing practices like automated gating, CD helps organizations grow with confidence, and limit (or completely circumvent) having to wait for manual checks and approvals.
This talk will discuss and demonstrate a Kubernetes native CD pipeline using FluxCD, Flagger and Linkerd. I will discuss the benefits we gained in the process of employing this pipeline at StackPulse.Three key learnings audience will take away from the session:

  • How to increase velocity and deployment safety by adopting CD
  • How great tooling can reflect your culture — not change it


Contributing to Open Source with the example of Icinga

Have you ever contributed to an open source project? There are tonnes of different ways to help out, and we want to show you how: From GitHub workflows and general contributing as well as more specific Icinga related topics. We at Icinga have been working on some guidelines for getting started with development on our projects – contributing to the Icinga project has never been easier! That could be working on a plugin, a webmodule, fixing bugs in Icinga Web 2 or Icinga 2, adding features to the director or simply adapting the documentation.


Platform as a Product

Most ops groups can’t give developers what they need. Ops is limited by traditional service delivery mindset and tools. Stability & reliability are now table-stakes when you are releasing software daily. What developers need now from ops is innovation. Operations has rarely taken this innovation-driven, product approach to providing services, & instead focuses on delivering to specification & limiting SLAs. As with development, ops creates value with continuous operations, product managing their platforms and releasing frequently. This talk covers how ops groups are transforming from a service delivery mindset a platform-as-a-product approach. With examples from Discover Financial Services, Rabobank, the US Air Force, & others the talk covers the concept, technologies & tools commonly used, & ops tactics needed to kick-off a platform-as-a-product strategy.


Prometheus in 2021 and beyond

Prometheus is well-known in the metrics area. While it stays a simple to operate server, it is getting more and more capabilities over time. Let’s have a look at the latest and greatest changes happening in the Prometheus server and in the ecosystem. Come and learn how we work on improving observability for everyone.


Learning by Pulling Things Apart

What happens when you take a Docker file and build it? How is the series of commands turned into a container image and then a running container? I wanted to find out, and so I started peeling back the layers of technology. In this session, I’ll share what I learned. It will involve containers. But also compilers, programming languages, and how to approach professional learning challenges.


Building the first European open source Edge Computing platform for GAIA-X

Edge Computing is becoming increasingly popular nowadays thanks to the growing availability of cloud, bare-metal and 5G providers offering flexible and affordable access to edge resources around the globe. The idea is based on moving core computational processes and storage to distant locations that are closer to the entities they interact with, like end-users and IoT devices. The benefits come from improving network latency and user experience, reducing security risks, and minimizing data transfers to central cloud locations. Thanks to the €2.1M awarded in 2019 by the European Commission as part of the Horizon 2020 SME Instrument Program, OpenNebula has developed the first open source Edge Computing platform in Europe. This talk analyses the benefits and challenges associated with Edge Computing, introduces the “True Hybrid Cloud” concept, and explores how this new EU-funded Edge Computing platform contributes to consolidate Europe’s digital sovereignty by integrating other relevant European open source technologies and by providing future access to the GAIA-X federated infrastructure.


Automatic Microservices Observability with Programming Language: Ballerina

Modern applications are increasingly becoming more of a distributed computing problem. With the availability of feature rich cloud services, our solutions are increasingly relying on these in implementing functionality. Also, the application itself is adopting more of a disaggregated architecture in favour of extensibility, scalability, re-usability, and deployment flexibility. This is how microservices architectures are becoming popular every day. But there is no free lunch; with the benefits, there are new challenges that are introduced. Compared to monoliths, with microservices we need to handle the complexities that come with networked architectures, such as communication latency, unreliable connections, protocols, data formats, and transactions. So, while we come up with many new techniques to tackle these problems, it is vital for us to have a proper observability functionality to verify the behaviour. The Ballerina programming, which is designed from ground-up to work with networked applications, takes in a unique approach by having built-in observability functionality in language constructs. It exploits the language awareness for network operations, such as service types, remote function invocations, communication resiliency mechanisms, to automatically observe the operations done by the users. Basically, the Ballerina platform takes care of the majority observability situations automatically, so the developer can only focus on the core business logic, and not sprinkle your code with lots of observability code. In this session, we will look at these features on how this built-in functionality will be used for metrics generation and distributed tracing using the Ballerina platform.


Weaviate Vector Search Engine – Introduction

This talk is an introduction to the vector search engine Weaviate. You will learn how storing data using vectors enables semantic search and automatic data classification. Topics like the underlying vector storage mechanism and how the pre-trained language vectorization model enables this are touched. In addition, this presentation consists of live demos to show the power of Weaviate and how you can get started with your own datasets. No prior technical knowledge is required; all concepts are illustrated with real use case examples and live demos. Most of all data is unstructured. Additionally, data is often stored without context, meaning and relation to concepts in the real world. This means that all this data is difficult to index, classify and search through. While this is traditionally solved by manual effort or expensive machine learning models, Weaviate takes another approach to this problem. Weaviate is a vector search engine, which stores data as vectors and automatically adds context and meaning to new data. This enables to search through the data without using exact matching keywords. Moreover, data can be automatically classified. Weaviate is completely open source, has a built-in machine learning model, has a graph-like data model, completely API-based and is cloud-native. Weaviate uses a GraphQL API next to RESTful endpoints to interact with the data in an intuitive manner. Additionally, Python, Go and JavaScript clients are available to facilitate interaction between Weaviate and your applications. GraphQL and client examples will be shown in the presentation.