Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Andres Aguiar, Anders Eknert
2023-04-21
tldr - powered by Generative AI
The presentation discusses the use of service policies and Argo workflows for Cloud native open source authorization application architecture.
- The use of service policies and Argo workflows enables Cloud native open source authorization application architecture.
- Service policies allow for dynamic resolution of authorization checks based on service instances.
- Argo workflows are used for end-to-end workflows for compiling, testing, and validating authorization changes.
- The presentation provides an example of using Argo to submit a job to pull down policies and run tests to validate changes.
- The presentation emphasizes the importance of testing and evolving policies over time.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Uma Makkara, Raj Babu Das
2023-04-20
tldr - powered by Generative AI
The presentation discusses the use of chaos engineering in DevOps and how Litmus can be used to implement it. It also covers common security questions and challenges that arise when implementing chaos engineering.
- Chaos engineering can be used to test the resilience of systems and identify vulnerabilities
- Litmus is a tool that can be used to implement chaos engineering in DevOps
- Chaos experiments can be constructed using APIs and injected into pipelines using Chaos IPs
- Chaos hubs can be used to share chaos experiments across teams
- Common security questions and challenges include controlling access to chaos experiments, isolating namespaces for chaos engineering, and managing privileges through service accounts
- Litmus 3.0 beta is focused on making chaos engineering easier for developers to use
- Joining the Litmus community can provide opportunities for feedback and contributions
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Sanjeev Rampal, Donald Hunter
2023-04-20
tldr - powered by Generative AI
The presentation provides guidelines for dev and ops teams to build and deploy production-ready cloud-native applications that use eBPF technology.
- eBPF technologies are rapidly gaining use within the cloud-native technology stack
- The presentation focuses on providing guidelines for building production-ready cloud-native eBPF software projects
- The presentation covers available programming models, tool chains, understanding portability and maintainability, and designing for operational requirements
- The presentation provides demos and code walkthroughs of sample eBPF programs that illustrate the use of best practice recommendations
- The presentation also discusses challenges and solutions for using BPF programs in a Kubernetes environment
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Laurent Bernaille, Marcel Zięba
2023-04-20
tldr - powered by Generative AI
The presentation discusses challenges in running large Kubernetes clusters and offers best practices to overcome them. It also highlights the importance of using informers and avoiding list calls to improve performance.
- Running large Kubernetes clusters is challenging despite community improvements
- Defaults are not always enough and best practices should be followed
- Avoid list calls and use informers to improve performance
- Memory and CPU buffer should be maintained to handle bad events
- Streaming lists in Kubernetes 1.27 can improve memory usage
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Wenbo Qi, Yiyang Huang
2023-04-19
tldr - powered by Generative AI
Best practices for using Dragonfly to accelerate image distribution in cloud services
- Dragonfly is a P2P-based image and file distribution system used to improve the physical and speed of large-scale field distribution
- Dragonfly has been selected and put into production by many internet companies since it was open-sourced in 2017
- The system architecture of Dragonfly consists of four services: manager, scheduler, asset peer, and pure peer
- The manager service is used to manage the relationship between multi-clusters or P2P clusters and provides a dynamic configure management
- The scheduler service selects candidate download parents for download peer when the pure download fails and controls the peer to download the task
- The asset peer is triggered by the scheduler to download back to songs and divide the results into pieces
- The pure peer is the calendar in P2P network and can be downloaded and uploaded
- Dragonfly can be combined and used with other systems in the ecosystem, such as Harbor, Nydus, and eStargz
Conference: Global AppSec Dublin 2023
Authors: Chris Romeo
2023-02-15
tldr - powered by Generative AI
The presentation discusses common failures in DevOps security and provides solutions to address them.
- Failure to prioritize security in DevOps
- Lack of collaboration between security and development teams
- Inadequate training and education on application security
- Inefficient use of tools and technology
- Lack of integration of threat modeling in DevOps process
- Vulnerable code in the wild
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Joanna Lee
2022-10-28
Are Codes of Conduct risky business? The pending lawsuit against the organizers of DEF CON hacker conference arising from Code of Conduct enforcement decision suggests so. In this session, we'll discuss:The factual background, legal claims, and status of the DEF CON lawsuit (to the extent publicly known),What Code of Conduct responders can learn from the lawsuit,Legal risks associated with Code of Conduct enforcement, andTips and best practices for managing legal risk and minimizing the threat of litigation.
Conference: SupplyChainSecurityCon 2022
Authors: Ronen Slavin, Alex Ilgayev
2022-06-22
tldr - powered by Generative AI
The presentation discusses the security landscape of Github Actions and the potential vulnerabilities that can arise from misconfigurations. The focus is on code injection as the main scenario of the exploit and the consequences that can result from such attacks.
- Github Actions is a popular CI/CD tool that allows developers to automate development workflows easily
- Misconfigurations in Github Actions can lead to potential vulnerabilities
- Code injection is a common exploit that can result from misconfigurations
- The consequences of such attacks can be disastrous, including exposing secrets and allowing attackers to commit malicious code
- Possible mitigations to stop such attacks are explored
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Joanna Lee
2022-05-20
Come gather with other community members who are interested in how to effectively use Codes of Conduct to help ensure that projects and communities are safe and respectful environments for all participants. We'll share best practices and learn from each other during a group discussion facilitated by Joanna Lee.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Vanessa Kantner, Manuela Latz
2022-05-19
tldr - powered by Generative AI
The main theme of the conference presentation is the importance of FinOps in enabling data-driven decisions to save costs. The presentation focuses on monitoring, labeling, right-sizing, and waste management as key aspects of FinOps.
- Common understanding across roles is important in FinOps
- Standardization of labeling and monitoring is necessary across teams and organizations
- Load testing and iterative improvement of resource requests is crucial for right-sizing
- Integration and coordination of policies and autoscalers is important to avoid system failures
- FinOps can have a positive impact on the environment, but it is not the sole focus of the practice