Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Mayank Kumar, Andy Chen

2022-10-28

Many companies are thinking about automating application provisioning on Kubernetes but are stuck with old tools which cannot natively leverage the K8s apis and offer little scalability and extensibility. Mayank will show you how the Salesforce Hyper compute team that manages thousands of EKS clusters, is migrating Spinnaker pipelines that deploy K8s integrations like logging, monitoring and certificates to every EKS cluster on Hyperforce, to ArgoWorkflows. Mayank will talk through the existing problems and walk you through a step by step process, their team is using to convert all Spinnaker pipelines to Argo Workflow templates to improve reliability using custom retries, deployment velocity using memoization and using K8s features to gain more control over the various continuous deployment stages. He will also talk about a reusable library of ArgoWorkflow stages that is helping speed up the conversion process and making the developer experience around maintaining these deployment pipelines a true joy.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Danny Hershko Shemesh, Alon Schindel

2022-10-26

Cloud service providers are constantly enhancing and releasing new capabilities to provide the best managed Kubernetes experience, intertwining cloud-specific capabilities within, to ease integrations and reduce friction. This talk is about the fine line between your managed Kubernetes cluster and its underlying Cloud environment, and how intertwining cloud-specific capabilities within the managed Kubernetes services introduces potential attack vectors and lateral movement paths – from Kubernetes outwards, or from the cloud inwards. This talk is demo-driven, we'll demonstrates several scenarios where an attacker can gain a foothold in a Kubernetes cluster and move laterally in order to compromise other cloud resources outside the cluster, or alternatively, gaining access to a cloud resource with the intent of compromising resources within a cluster. This talk also covers some of the best practices for configurations and standards to adopt in EKS, AKS and GKE to secure them from cluster-to-cloud or cloud-to-cluster attacks.