Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Sonja Chevre, Ahmet Soormally
2023-04-21
tldr - powered by Generative AI
OpenTelemetry can help monitor GraphQL queries in production and improve troubleshooting for developers and SREs.
- GraphQL is a query language and server-side runtime that provides a monolithic facade on top of complex microservice architecture
- Using GraphQL introduces new challenges when isolating failures and troubleshooting performance issues
- OpenTelemetry can help monitor and improve troubleshooting for GraphQL queries in production
- The RED method can be used to monitor the health and performance of distributed systems
- Instrumenting GraphQL services with OpenTelemetry can provide distributed traces for monitoring
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Hung-Ying Tai, Vivian Hu
2023-04-21
tldr - powered by Generative AI
The presentation discusses the need for a lighter and more efficient way to manage microservices in the post-pandemic rise of lightweight microservices. The solution presented is the use of WebAssembly System Interface (WASI) to create a more lightweight and efficient infrastructure.
- The rise of lightweight microservices has created a need for a more efficient way to manage them
- Current technology is not efficient enough for the large number of microservices required by modern applications
- WebAssembly System Interface (WASI) provides a more lightweight and efficient infrastructure for managing microservices
- WASI enables non-blocking sockets, supports domain name lookup, and extends the current API to allow for more functionality
- WASI can be integrated with various databases and frameworks, including MySQL, Maria DB, PostgreSQL, and Redis server
- The use of WASI can lead to a more efficient and lightweight infrastructure for managing microservices
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Charlie Egan
2023-04-21
tldr - powered by Generative AI
The presentation discusses the Gatekeeper project, a customizable Kubernetes admission web hook that uses Opa engine to enforce policies and enhance governance in organizations.
- Gatekeeper project is a customizable Kubernetes admission web hook that uses Opa engine to enforce policies and enhance governance in organizations
- Gatekeeper is used to ensure that workloads deployed to Kubernetes clusters are compliant with governance and company policies
- Google Anthos and Microsoft Azure have embedded Gatekeeper in their policy engines
- Gatekeeper simplifies the process of building an admission web hook
- Gatekeeper uses Opa engine to enforce policies and enhance governance
- The presentation also discusses updates to Opa, including new built-in functions and upcoming features such as schema validation and a more user-friendly output for tests
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Edidiong Asikpo
2023-04-20
tldr - powered by Generative AI
The use of Telepresence, an open source CNCF tool, has improved the developer experience, accelerated the inner dev loop, and reduced staging environment compute costs for Cloudnative companies. Three case studies are presented to illustrate this point.
- Building and testing microservice-based applications becomes difficult when running everything locally is no longer feasible due to resource requirements.
- Moving to the cloud for testing is a solution, but synchronizing local changes with remote Kubernetes environments can be challenging.
- Telepresence improves the developer experience by allowing developers to test their code changes against external dependencies without the fear of things going wrong or not matching up with production.
- Telepresence eliminates the need to constantly build, deploy, and test images, which speeds up the inner dev loop.
- The use of Telepresence has positively impacted the development workflow of companies such as Culture Code, Voice Flow, and a fintech company in the APAC region.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Michael Maximilien, David Hadas
2023-04-20
tldr - powered by Generative AI
Knative offers benefits for security and resource management in microservices on Kubernetes
- Knative offers auto-scaling to dynamically adjust the number of pods based on load
- Knative provides revision management to help manage changes to microservices
- Knative is working on adding TLS to reduce reliance on service mesh for security
- Knative promotes uniformity in services for easier security and monitoring
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Ron Vider
2023-04-19
tldr - powered by Generative AI
The presentation discusses the use of openTelemetry for application security and highlights the importance of using modern tools, collecting cloud-native information, utilizing open-source tools, and prioritizing observability to make applications more secure.
- Modern problems require modern solutions, and application security testing tools need to evolve to keep up with changing vulnerabilities in modern applications.
- Collecting all available cloud-native information, such as traces and infrastructure configuration, is crucial when addressing vulnerabilities in cloud-native applications.
- Open-source tools, such as openTelemetry, can be repurposed for application security purposes to make organizations more secure.
- Observability is essential for understanding the real risk of microservices-based and Kubernetes-based applications, and analyzing each microservice separately without knowledge of the surrounding infrastructure is insufficient.
Conference: Global AppSec San Francisco 2022
Authors: Eli Nesterov
2022-11-18
Enabling production-level TLS/mTLS for applications and API often requires a lot of effort and cross-team collaboration. It is easier for south-north and Internet-facing traffic but much harder for east-west traffic and internal applications. Adding secure authentication on top of that even harder task.As developers, we want to focus on business logic, adding new features, and shipping products. So it is not a surprise that we often push adding transport level security and secure authentication till the very last moment and then rush to enable it. Sounds familiar? This situation often leads to different "bolt-on" security solutions as a compromise. It lets development teams focus on the business logic and security features added transparently through various mechanisms like side-cars, service meshes, and API gateways.What if there is a better way?What if we can build apps and APIs with automated mTLS and secure authentication without adding friction to developers?In this talk, we'll discuss SPIFFE and SPIRE and how you can use them to secure microservices communication automatically. We'll look into different SPIRE architecture models and usage scenarios and examine ways to enable it by default removing frictions for developers.I'll demonstrate different use-cases, including transparent authentication to AWS, GCP, or Azure cloud services through federation, even if you are running in your on-prem data center.
Conference: Global AppSec San Francisco 2022
Authors: Zohar Shchar, Dmitry Ryskin
2022-11-18
When doing application security for an API–centric enterprise spanning over thousands of micro services, Dynamic Application Security Testing (DAST) is almost a must-have. However, DAST products often fail to execute even the most rudimentary tests on internal endpoints that require a complex user flow. If an API call requires an ID that was obtained in the response BODY 5 HTTP calls ago, the chances a traditional DAST will be able to test your API are slim.In this talk we’ll present our approach for solving this issue, by leveraging existing headless-chrome test suites (built by the engineers as part of the R&D flow) to serve as the attack surface for our custom DAST solution, Krampus. By using Chromium interceptors, we were able to introduce appsec payloads into HTTP requests issued during the execution of normal 'user flow' test scenarios (and pick up the results) and have an effective DAST for internal API's and endpoints.It wasn't smooth sailing, though, with many challenges along the way. Particularly, we realized that replicating each API call & param with a separate test will mean that the number of our test calls grows exponentially, pushing up both cost and overhead. As many of our API’s also include dynamic params as part of the path, we had to build an API asset DB to understand if and when a specific URL was already tested (code for which we plan to release as open source).At the end of the talk the participants will have the tools to leverage similar testing suites in their own orgs to drastically improve the quality & coverage of the automatic testing in their environment.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Artur Souza, Yaron Schneider
2022-10-28
tldr - powered by Generative AI
The presentation discusses Dapper, a microservices building block that simplifies the development of distributed systems by providing APIs for common tasks such as service invocation, state management, and pub/sub messaging.
- Dapper is a microservices building block that simplifies the development of distributed systems
- It provides APIs for common tasks such as service invocation, state management, and pub/sub messaging
- Dapper uses plugable components to allow developers to use their preferred technology stack
- Dapper provides SDKs for popular languages to make it easier to write plugable components
- Dapper can be used with various messaging systems such as Redis and Azure Service Bus
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Julian Portillo
2022-10-28
tldr - powered by Generative AI
Challenges and considerations in migrating Windows workloads to Kubernetes
- Migrating Windows workloads to Kubernetes requires paying back tech debt and adjusting architecture
- Scaling up Windows containers can lead to long pull times and node failures
- There is a lack of common open source tools for Windows containers
- Performance testing and system design changes can help mitigate migration pains