Containers & Kubernetes Conference
Monday, February 7, 2022
All the unit tests in the world, the largest QA team still can’t stop bugs from slithering into production. With a distributed microservice architecture debugging becomes much harder. Especially across language & machine boundaries. APMs/Logs have limits.
Production bugs are the WORST bugs. They got through unit tests, integration tests, QA and staging… They are the spores of software engineering. Yet the only tools most of us use to attack that vermin is quaint little log files and APMs. We cross our fingers and put on the Sherlock Holmes hat hoping that maybe that bug has somehow made it into the log… When it isn’t there our only remedy is guesswork of more logging. That in turn bogs performance for everyone, makes the logs damn near unreadable and can literally cost millions in fees. But we have no choice other than crossing our fingers and going through CI/CD again and again until we find it.
There are better ways. With modern continuous observability tools we can follow a specific process as it goes through several different microservices and “step into” as if we were using a local debugger without interrupting the server flow. In this session I will demonstrate such an approach.
Tuesday, February 8, 2022
OPEN TALK: Learn How to Find & Fix Security Issues in Kubernetes Manifests Using Open Policy Agent and RegulaJoin on Hopin
Teams can now run pre-deployment security checks on their Kubernetes (K8s) manifests using Open Policy Agent (OPA), the open standard for policy as code and a Cloud Native Computing Foundation project.
In this session, Aidan O'Connor (Senior Solutions Engineer at Fugue) will walk through using OPA and Regula (an open source OPA-based tool purpose built for IaC checks) to find and fix security issues (measured against Center for Internet Security Benchmarks) in your K8s manifests pre-deployment.
Attendees will walk away with an understanding of:
-The kinds of security risks that need to be considered with K8s manifests
-Using OPA and Regula to catch security vulnerabilities and learn how to remediate them
-How automated K8s manifest checks can be integrated into DevOps workflows
Instrumenting your services is table stakes for modern services work. If your services are appropriately instrumented, debugging stops becoming guesswork, and you can understand your systems at a much deeper level than just knowing when something goes wrong. And when something is table stakes in software development, it cannot be controlled by any one vendor. OpenTelemetry is an increasingly popular vendor-neutral Observability framework for cloud-native software, poised to be the global standard for instrumenting systems. It’s a set of APIs, SDKs, and tools so that you can better understand your software’s performance and behavior. In this session, Phillip will walk you through what OpenTelemetry is from a developer’s standpoint, why you should choose it if you’re building cloud-native applications, and strategies for instrumenting a system with OpenTelemetry. At the end of this talk, you should feel empowered to adopt OpenTelemetry today and participate in an increasingly vendor-neutral future!
As you adopt cloud native technologies and Kubernetes, you will face a myriad of technology, process, policy and people decisions. What tools and patterns are needed to be successful? How can you ensure Kubernetes is a success across your DevOps team and organization?Rachel Sweeney, Product Advocate SRE at Fairwinds, discusses why Kubernetes plays an important role in your DevOps experience and the 5 things to help your team succeed at Kubernetes. Learn a few critical steps to achieving your Kubernetes Maturity around technology, security, visibility and consistency.
Ada Lovelace was one of the first to recognize the ability of a computer to do higher order reasoning. Now, with the move to cloud, you too interact with infrastructure as code, and security as code.
It’s a new security reality: from the moment you start to build, you configure governance and security controls, identity and access management; you make choices around services and resources; you store data and backups and architect for redundancy and high-availability; and so on. To do security at scale, you must embrace the reality that security engineers are developers, and developers are architecting for security. Making the secure thing to do, the easy thing to do, is hard—but it is the only way to do security at scale.
This brief talk by IBM Quantum Developer Advocate James Weaver introduces quantum computing with Qiskit to classical developers, and touches on the following concepts:
- Contrasting classical and quantum computing
- Axioms of quantum mechanics with Grumpy Cat
- Using IBM Quantum Circuit Composer
- Using IBM Quantum Lab (Python notebooks)
- Resources and next steps for attendees
The buzz about quantum computing has been rapidly increasing lately, and a growing number of developers have been looking into the subject. Concepts developers typically find challenging after cursory investigation of quantum computing include: superpositions of quantum bits (qubits), quantum gates, quantum entanglement (Einstein’s “spooky actions at a distance”), and the relevance of Schrödinger’s famous cat.
In this workshop, James Weaver gives a gentle introduction to quantum computing, followed by leading the participants in hands-on activities that leverage IBM Quantum simulators and computers.
A well-crafted container or kubernetes avoids using excessive privileges, shipping unused packages, leaking credentials, and will expose a minimal attack surface. By removing known risks in advance, you’ll reduce security management and operational overhead; however, not everything can be known and prevented in advance. You cannot forget about security since the container is running.
Join this session to gain clear direction on how to:
- Image build and apply Dockerfile best practices
- Reduce the attack surface and optimize size for distribution using multistage builds
- Manage threats and vulnerabilities, like log4j
Developers know what they want and don’t want. And we are pretty sure they don’t want ops. The world is becoming serverless…Including the database.
In this session, we will deliver a deep-dive exploration into the internals of a serverless database, exploring the following, and more:
- How to automatically scale your workload with zero downtime
- How Raft and MVCC are used to guarantee serializable isolation for transactions
- How Cockroach automates scale and guarantees an always-on resilient database
- How to tie data to a location to help with performance and data privacy
- How to only pay what you use and never overspend
CockroachDB - a Distributed SQL cloud-native database designed for consistency, resiliency, located data and scale - is the core of CockroachDB Serverless. We’d love for you to join us and see how it works!
Wednesday, February 9, 2022
Creating functional deployments for k8s is hard enough without even beginning to think about doing it securely. Part of your team are at war backing Helm vs Kustomize and your dirty secret is that you love straight up yaml!
As a security fan you’re looking for an easy win with zero budget to help make sure the “Department of No” doesn’t block the deployment regardless of your Infrastructure as Code choice.
In this live demo, we’ll see how Checkov (you love Star Trek too!), the open source IaC scanning tool by Bridgecrew, can handle all of that AND do so right in your IDE.
DevOps + Security = SomethingSomething… let’s figure it out together.
Observability has never been more important: kubernetes and distributed architectures are necessary, but they make it harder and harder to answer basic questions about system behavior. The conventional wisdom claims that Metrics, Logging and Tracing are “the three pillars” of observability… yet software organizations check these three boxes and are still grasping at straws during emergencies.
In this session, we’ll examine how we got ourselves into this predicament, and how to get ourselves out of it. We will talk briefly about the theory and then illustrate more elegant and modern approaches to common observability problems using live demos.
Spinning up exact copies of your application in multiple regions is as easy as git commit and git push. Now security policies and decisions for these applications can be just as easy. Learn how to extend your GitOps workflow to include policy-as-code. By using Open Policy Agent to write your application policy and security, you can have the benefits of GitOps for your security policies.
The rest of your application has moved to cloud-native; now it's time your application and security policies do as well. Long gone are the days of programming servers one by one. Infrastructure is now all push-button deploy powered by configurations that live in Git. The next logical step is to commit the security decisions that protect these systems into Git repositories. Becoming very popular over the last few years, GitOps has standardized application and infrastructure management processes. Within GitOps, smaller branches are starting to emerge to handle specific areas of your application. With tools like Open Policy Agent (OPA), we can define application and infrastructure security policies using Policy As Code and commit them to Git.
OPA is a general purpose policy engine that comes with a custom built dedicated policy language called Rego. Rego allows you to declaratively state the intent of your security policies using human readable expressions. It comes equipped with over 150 built-in functions tailor made for policy authoring. Together OPA and Rego allow you to supercharge your Policy As Code workflow in a Cloud Native way.
Join this talk to gain a general understanding of what policy-as-code is, the benefits in adding it to your application workflow, and see some examples of everyday use cases implemented with OPA and Rego.
The software we write does not always work as smoothly as we would like. In order to know if something went wrong, understand the root cause and fix the problem, we need to monitor our system and get alerts whenever issues pop up. There are many useful tools and practices for Kubernetes based applications. As we adopt serverless architecture can we continue to use the same practice? Unfortunately, the answer is no.
In this session, we will discuss:
- The differences between monitoring Kubernetes and serverless based applications
- Best practices for serverless monitoring
- Methods to efficiently troubleshoot serverless based applications
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session, Oleg Chunikhin, CTO of Kublr, describes best practices for “configuration as code” in a Kubernetes environment. He will demonstrate how a properly-constructed containerized app can be deployed to both Amazon and Azure, and how Kubernetes objects, such as persistent volumes, ingress rules and services, can be used to abstract from the infrastructure.
If you feel like you’re spending a pretty penny on Kubernetes-related cloud costs these days…well, at least you’re not alone. A 2021 Cloud Native Computing Foundation report—the first of its kind—recently found that 68% of organizations are spending considerably more on Kubernetes than they were a year ago. Kubernetes spending has been skyrocketing, stemming from a combination of overprovisioning coupled with low accountability and a lack of visibility into ever-higher costs.
But writing increasingly bigger checks isn’t the only option. By understanding different Kubernetes cost monitoring techniques and implementing best practices for allocation and efficiency, you can drastically rein in Kubernetes costs without a ton of effort (and improve relations between finance and engineering teams in the process).
This DeveloperWeek session will guide you through the various Kubernetes cost monitoring models at your disposal, such as showback and chargeback, and help frame the decision about which model is best suited for your organization (these solutions aren’t one-size-fits-all). The talk will also present best practices for implementing a Kubernetes cost monitoring strategy that’ll tick all the boxes for cost transparency, visibility, and accuracy. Attendees will come away with a clear plan of attack for how they can champion better Kubernetes cost controls within their organizations.
Why pay a lot of money for public and private cloud providers, when you already have your own, free, server farm? I will show you how you can utilize your organizational resources to run serverless functions for free, at scale, using open source serverless platforms (or your own platform), in a few easy steps. This is the next step in cloud/serverless evolution - see my article here: https://firstname.lastname@example.org/you-are-your-own-cloud-7c1cf7256ce2
By now, most of us have experienced the benefits of automated drift detection and reconciliation. Any application running in Kubernetes is benefiting from those. No matter what happens to our resources, Kubernetes will always try to converge the actual into the desired state without human intervention.
Why don't we have those features when working with infrastructure? Why don't we embrace Kubernetes API for everything, and not only for infra? If we do, we'll be able to manage all our resources in the same way and rip the same benefits, no matter whether those resources are applications, infrastructure, services, or anything else.
In this talk, we'll explore the effects of having (and not having) automated drift detection and reconciliation applied on infrastructure and explore Crossplane as one possible solution that enables us to leverage the Kubernetes control plane to manage everything, including infra.
Based on over two years of experience running a multi-cloud and multi-region Multi-Tenant SaaS Platform on top of Kubernetes, this talk presents the “dream Kubernetes distro” that SaaS providers need. Why can’t we have a distribution that is cloud vendor neutral, and is designed from the first install to be compatible with important third party services that deliver such things as observability, marketplace integration, self-managed and SaaS channels, CI/CD, and robust security?
Attendees will benefit by learning about important requirements to consider while designing their SaaS services to run on Kubernetes, and some insights into the providers and other options available to them today.
Just a few years ago every cutting-edge tech company, like Google, Lyft, Microsoft, and Amazon, rolled their own AI/ML tech stack from scratch. Fast forward to today and we have a Cambrian explosion of new companies building a massive array of software to democratize AI for the rest of us. But how do we make sense of it all? In order for AI apps to become as ubiquitous as the apps on your phone, you need a canonical stack for machine learning that makes it easier for non-tech companies to level up fast.
Join us in this presentation as we cover:
What are the components for true MLOps
How do teams begin their journey into AI and Machine Learning
Why teams should take a data first approach to ML
Understanding what is happening with a solution that is built from multiple components can be challenging. While the solution space for monitoring and application log management is mature, there is a tendency for organizations to end up with multiple tools which overlap in this space to meet different team needs. They also work on aggregate then act, rather than consider things in a more granular way.
FluentD presents us with a means to simplify the monitoring landscape, address challenges of hyper-distribution occurring with microservice solutions, allowing different tools needing log data to help in their different way.
In this session, we’ll explore the challenges of modern log management. How its use can make hybrid and multi-cloud solutions easy to monitor.
Over the years Kubernetes has become the de facto orchestration platform and it becomes important that developers have the right set of tools to increase their productivity for development and operations. In this talk, speakers will discuss the following tools:
- K9s: Kubernetes CLI to manage multiple clusters.
- lens: Open-source IDE to take control of your Kubernetes clusters.
- krew: Package manager for kubectl plugins.
- Okteto: Remote development environments, powered by Kubernetes.
- devspace: develop and deploy cloud-native software faster.
These tools not only accelerate the development workflow but also help to debug issues faster. You can improve your productivity by 10x using these tools and speakers will be showcasing demo for each one of them. In the end, they will also talk about their recommendations for working and developing with Kubernetes.
Challenges people face with Kubernetes
Introduction to different Kubernetes tools
Impact of Kubernetes development and day2 operations
How to improve productivity while working with Kubernetes
Working demo of what these tools have to offer.
Speaker recommendations to get the most out of these tools.
One of the tough challenges in adopting containers and Kubernetes across all enterprise applications is the availability of shared data services native to Kubernetes. Developers often fraught with making a trade-off between choosing the flexibility that Kubernetes offers vs. enterprise rich data management that comes with traditional IT. This session presents novel architecture principles in delivering a Kubernetes native data store that addresses the needs of cloud native modern applications. The audience will learn about NetApp's shared file service solution that delivers enterprise grade data management to Kubernetes applications.