Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Jose Donizetti
2023-04-19
tldr - powered by Generative AI
The presentation discusses the use of Tracy, a tool for tracing and profiling software executions, to detect and prevent supply chain attacks in DevOps workflows.
- Tracy is a tool for tracing and profiling software executions in DevOps workflows
- The tool can be used to detect and prevent supply chain attacks
- Tracy uses denial and allow lists to identify good and bad activity
- The tool extends profiles to include user ID, arguments, and environment variables
- Tracy can ignore certain system and environment variables to ensure consistency
- The tool uses syscall to collect information on executed binaries
- An anecdote is provided to illustrate how Tracy can detect a supply chain attack
Conference: OpenAI + Data Forum 2022
Authors: Zeyno A Dodd
2022-06-23
According to a CNCF survey, 85% of the participating organizations emphasize the importance of security modernization for their cloud native deployments, along with the modernization of legacy infrastructure, adopting cloud-native security architectures, dynamic, standardized procedures, and automation going beyond the traditional security measures. Cloud-native security follows cloud-native technology, and with the implication of increased maturity of the cloud-native space, 82% expresses willingness to adopt OSS for security. This inclination is further relevant considering the challenge of sorting through a plethora of security and compliance products, frameworks and tools and lack of shared standards in an ever-evolving threat landscape. The need for adaptability and timely response to the threat of cyber-attacks drives global and focused efforts to build technologies, OSINT integration strategies, models and capabilities capturing CVEs, cybersecurity risk management frameworks, and knowledge bases of adversary tactics and techniques.Graph neural networks (GNNs) have received great attention due to their superior performance and ability to represent the real-world complexity in a variety of applications ranging from recommender systems to drug discovery. We outline a security strategy leveraging a GNN inference framework coupling prevention with detection capabilities against real-time threats and violations. Our efforts focus on the development of Kubernetes security agent templates, for real time detection, attack emulation and recommendation capabilities implementing various GNN inferences including link prediction and node classification. Our preliminary graph models are built and trained leveraging knowledge graphs from Mitre Att&ck framework threat patterns and techniques, and the Microsoft Security Threat Matrix for Kubernetes.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Richard Case, Anusha Hegde
2022-05-19
tldr - powered by Generative AI
The presentation discusses how to build your own Cluster API Provider and highlights common patterns, development and debugging workflows, and common pitfalls to take into account when writing your own provider.
- Cluster API Providers make the experience of provisioning clusters consistent
- Providers handle the infrastructure or environment-specific operations
- Cluster API has higher order functionality like automatic scaling and upgrades
- Building a Cluster API Provider is similar to building a Kubernetes operator
- Tilt is a useful tool for testing and debugging locally
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Stephen Kitt, Laura Lorenz
2021-10-15
tldr - powered by Generative AI
The presentation discusses the Multi-Cluster Service API (MCS API) and its implementation in Submariner, a tool for connecting Kubernetes clusters across different networks and clouds.
- The MCS API is a standardized way of managing services across multiple Kubernetes clusters.
- Submariner is a tool that implements the MCS API and allows for easy connectivity between clusters.
- The presentation demonstrates how to set up a headless service in Submariner and access it from a different cluster.
- Other community projects, such as Istio and SIG Network's Gateway API, are also implementing parts of the MCS API.
- The audience is invited to try out Submariner and get involved in the development of the MCS API and other multi-cluster projects.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Scott Nichols
2021-10-15
tldr - powered by Generative AI
CloudEvents is a protocol independent event definition that aims to make eventing infrastructure more robust by providing a common language for events.
- CloudEvents is an envelope definition that allows for event occurrence independent of protocol choice
- It aims to make routing part of the application configuration rather than a custom event mediator
- CloudEvents is a cost-effective choice for event producers and consumers
- It is a vendor-neutral and open standards project under the CNCF
- The working group is currently working on demo integrations using CloudEvents and other APIs
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Andrew Block, Paul Czarkowski, Karena Angell, Scott Rigby
2021-10-13
Have you ever wondered, how can I improve the processes and tooling around my Helm Chart development and distribution? Just like with a programming language, there are OSS projects in the Helmiverse, such as linters, testing tools, and automation you can use to help you with charts. In this session, you’ll learn about some of these tools and how you can use them to improve your workflow and CI automation. Along the way you’ll learn about supply chain security, GitHub actions, YAML validation, tools you can use in any CI system, and more. Charts are at the heart of using Helm, in this session you’ll learn how to have a healthier heart.