SlideShare a Scribd company logo

Flux’s Security & Scalability with OCI & Helm Slides.pdf

Weaveworks
Weaveworks

During this session Kingdon Barrett, OSS Engineer at Weaveworks & Flux Maintainer, will show you how to quickly create scalable and Cosign-verified GitOps configurations with Flux using the same process with two demo environments: one will be a Kustomize Environment and the other a Helm-based environment.

1 of 40
Download to read offline
1 November 29, 2022 Flux’s Security & Scalability with OCI & Helm Kingdon Barrett OSS Engineer, Weaveworks Vanessa Abankwah DX Community Manager, Weaveworks
2 Weaveworks is founded on open source ● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s ● EKSctl: Create an Amazon EKS cluster with one command ● (and many many more projects!) And now … Weave GitOps......Built on Flux! weave.works
3 Speakers Help/Support Kingdon Barrett OSS Engineer Vanessa Abankwah DX Community Manager ,Weaveworks Duration 30-40 Minutes Browser Safari copy/paste shortcuts may not work Using Zoom Questions? • Use chat (button: top left corner of screen) • Escape to exit full screen • “To Everyone” or “To all panelists and attendees” Support: https://support.zoom.us/hc/ en-us/articles/206175806-T op-Questions Troubleshooting Use chat If the issue is not easily resolved, we ask that you follow along as we demo the sample app. Flux’s Security & Scalability with OCI & Helm
4 HashiCorp User Group Luxembourg (virtual) Nov 30 WOUG: Implementing Flux for Scale with Soft Multi-tenancy (Dec 13) Upcoming Events
5 5 ● Operating model for cloud native applications such as Kubernetes ● Utilizes a version controlled system (Commonly Git) as the “single source of truth” ● Enables continuous delivery through automated deployment, monitoring, and management by a version controlled system ● Managing your infrastructure and applications declaratively Recap: What is GitOps
6 6 ● 2 wks ago: (https://youtu.be/Bmh7kKYLIhY) Flux with “OCI Bootstrap” ● OCIRepository “standing in” for GitRepository as root Source Of Truth ○ “Bootstrap Lite” ● Non-standard config ○ We started to get ideas about where OCI can be used ○ Primitives: use them how you want, these are only examples ● (Podinfo app still managed via Git) ○ stand in for “upstreams we can’t control” ● Today is “Part 2” of the series Recap: Flux Security & Scalability (VSCode + OCI + Cosign)
7 7 Still GitOps? OCI + Flux == GitOps ● Git is still the source of truth ● Before: ○ Git => Flux ● After: ○ Git => OCI registry => Flux
8 8 Still GitOps? OCI + Flux == GitOps ● Git is still the source of truth ● Before: ○ Git => Flux ● After: ○ Git => OCI registry => Flux ○ New opportunities for validation, etc. ○ (We added a CI Step!)
9 Source: GitOps Working Group https://opengitops.dev/
10 10 Demo Time!
11 11 Security & Scalability ● Pulling an OCI image is much less resource-intensive compared to a full or shallow Git clone ● Highly available registries are on every cloud provider ● Flux leverages Kubernetes workload identity and IAM when pulling OCI artifacts from managed registries ○ => No more key management ○ => No more SSH keys to generate ○ => No more proprietary API usage for token generation
12 12 Recap: Security & Scalability ● Last time: Image verification with cosign ○ “Two types” of images ■ Application runtime (not verified) ■ Manifests (YAML) - and how to publish as OCI, sign, etc. ● This time: …
13 13 Recap: Security & Scalability ● Last time: Image verification with cosign ○ “Two types” of images ■ Application runtime (not verified) ■ Manifests (YAML) - and how to publish as OCI, sign, etc. ● Today: let’s add ○ Helm Charts, and Cosign verification on HelmReleases ○ Keyless Cosign Signatures (and keyed) ● Bonus: ○ App runtime image verification with Kyverno
14 14 ● Software supply chain attacks ● OCI Artifact authenticity ● Sigstore cosign ○ Sponsored by Open Source Security Foundation (OpenSSF) ○ OpenID Connect, Root CA and Public Ledger ○ Keys: text-based, cloud KMS, Kubernetes Secret ● Container registry must support signed images ○ GitHub offers a simple way to get started with OCI and cosign Recap: Features of verification with cosign
15 15 ● What does it mean? ○ Overlapping protections ○ Risk assessment ○ Multiple mitigations ● Swiss-Cheese Strategy for Security ○ When there is a hole in one layer… ○ …the other layers enhance the probability of blocking attacks Defense in Depth
16 16 ● What does it mean for us? ○ Traditional approaches still apply: ■ Use a protected main branch, and CI checks ■ Use immutable images (req. support from Container Registry) ○ New approaches we can add: ■ Signatures and verification ■ Verify: ● YAML manifests (declarative representation of prod/app) ● App Runtime Images Defense in Depth
17 17 ● Helm ● Flux’s Helm Controller & Source Controller ● Sigstore cosign ● Git repository (GitHub) ● CI workflows (GitHub Actions) ● Container registry (GHCR) Agenda: Tools we are using
18 18 ● Helm ○ It’s ubiquitous ○ If you are using Kubernetes and you are not Google-scale ■ You basically can’t avoid Helm (everybody has helm charts) ■ Lots of nice features including lifecycle hooks ■ (Don’t over-analyze it) ○ Software + config distro commonly done with Helm charts ■ But it has some limitations Agenda: Tools we are using
19 19 ● Flux’s Helm Controller & Source Controller ○ Allows Helm to be used declaratively ○ Remediation and CRD upgrades ■ Features that aren’t natively in Helm ○ Helm + GitOps => (Flux implements this) Agenda: Tools we are using
20 20 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow ○ OCI signatures ○ Flexible attestations Agenda: Tools we are using
21 21 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow Q: How many people are signing releases now? Agenda: Tools we are using
22 22 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow Q: How many people are signing releases now? ● What does keyless verification get us? Agenda: Tools we are using
23 23 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow Q: How many people are signing releases now? ● What does keyless verification get us? ○ (If we don’t sign releases now, could it get any worse?) Agenda: Tools we are using
24 24 ● Git repository (GitHub) ○ (Also an OIDC provider) ○ Place to store and version code Agenda: Tools we are using
25 25 ● CI workflows (GitHub Actions) ○ Place for CI actions to run ○ (environment with ephemeral GITHUB_TOKEN) Agenda: Tools we are using
26 26 ● Container registry (GHCR) ○ Place for CI actions to store the results ○ (Signatures go in here, as OCI artifacts as well) ■ sha256-abcd1234ef98765.sig ○ Images have a “digest” which hashes their content ○ Cosign attestations can make+certify assertions (“CI Passed”) ○ “Packages” hold the manifests or app runtime images ■ Serve them up as an OCI Repository Agenda: Tools we are using
27 27 Demo Time! (x2)
28 28 ● Demo Example Docs ○ https://github.com/kingdonb/flux-oci-demo-nov-29 ○ (The repo we worked in today, with “solutions” Text in README shows what we did) Links
29 29 ● Podinfo ○ https://github.com/stefanprodan/podinfo ○ Keyless: ■ https://github.com/stefanprodan/podinfo/blob/master/.github/ workflows/release.yml#L90-L97 ○ Keyed: ■ https://github.com/stefanprodan/podinfo/blob/master/.github/ workflows/release.yml#L118-L125 Links
30 30 ● Flux Blog & Docs ○ https://fluxcd.io/blog/2022/10/prove-the-authenticity-of-oci-artifacts/ ○ https://fluxcd.io/blog/2022/11/verify-the-integrity-of-the-helm-charts-stored-as- oci-artifacts-before-reconciling-them-with-flux/ ○ https://fluxcd.io/blog/2022/08/manage-kyverno-policies-as-ocirepositories/ ○ https://fluxcd.io/flux/cheatsheets/oci-artifacts/#signing-and-verification ● Security ○ https://fluxcd.io/flux/security/contextual-authorization/ ○ https://fluxcd.io/flux/security/secrets-management/ Links
31 31 ● Kyverno ○ https://kyverno.io/docs/writing-policies/verify-images/#verifying-image-attestations ○ https://kyverno.io/policies/flux/generate-flux-multi-tenant-resources/generate-flux- multi-tenant-resources/ <- Flux Multi-Tenancy Resource ● Kyverno uses Flux and Cosign: ● https://github.com/kyverno/kyverno/blob/main/.github/workflows/relea se.yaml#L155-L172 Links
32 32 ● (Who else uses Cosign today in their release process?) ● Prometheus Community does now: ○ https://github.com/prometheus-community/helm-charts/tree/main/ charts/kube-prometheus-stack ○ https://github.com/orgs/prometheus-community/packages?repo_ name=helm-charts ● Flux Monitoring ■ https://fluxcd.io/flux/guides/monitoring/ Links
33 33 ● (Who else uses Cosign today in their release process?) ● Cert-Manager does now: ○ https://cert-manager.io/docs/installation/code-signing/#container-images- -cosign Links
34 34 ● (Who else uses Cosign today in their release process?) ● Harbor curiously does not: ○ However, Harbor users do already enjoy Cosign verification now: ○ https://goharbor.io/blog/cosign-2.5.0/ ● You can see attestations and verify the signatures in Harbor UI Links
35 35 ● Is coming! ● You can help by… Adoption
36 36 ● Is coming! ● You can help by… ○ Trying this workflow out and reporting any issues you may have ○ Joining the community ● Flux Dev Meetings ● Flux Bug Scrub ○ https://fluxcd.io/#calendar ● (We’d love to have you join!) Adoption
37 37 GitOps Tools for Flux Visual Studio Code Extension ● An extension to enhance the developer experience ● An intuitive way to manage, troubleshoot and operate your Kubernetes environment following the GitOps operating model ● Accelerate your development lifecycle and simplify your continuous delivery pipelines ● GitOps Tools Visual Studio Code on GitHub: https://github.com/weaveworks/vscode-gitops-tools ● GitOps Tools for Flux in Visual Studio Marketplace: https://marketplace.visualstudio.com/items?itemName=Weavework s.vscode-gitops-tools
38 38 Weave GitOps ● Adds a web UI that surfaces key information to help application operators easily discover and resolve issues ● An intuitive interface that provides a guided experience to build understanding and simplify getting started for new users; they can easily discover the relationship between Flux objects and navigate to deeper levels of information as required ● GitOps Tools Visual Studio Code on GitHub: https://github.com/weaveworks/weave-gitops ● Weave GitOps Documentation: https://docs.gitops.weave.works/docs/intro/
39 ● Join us on Flux discussions if you have more questions: https://github.com/fluxcd/flux2/discussions ● Flux Community: https://github.com/fluxcd/community/blob/main/community-roles.md ● Join the GitOps Community Group: https://www.meetup.com/GitOps-Community/ ● Join the GitOps Community LinkedIn Group: https://www.linkedin.com/groups/13914610/ ● VS Code Extension: https://code.visualstudio.com/ Next Steps
Confidential do not distribute 4 0 weave.works Thank you
Ad

Recommended

Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension Flux Security & Scalability using VS Code GitOps Extension
Flux Security & Scalability using VS Code GitOps Extension
Weaveworks
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
Paris.py
Paris.pyParis.py
Paris.py
Dimitri Merejkowsky
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
All Things Open
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
aspyker
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open SourceEnhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Nico Meisenzahl
 
Continuous Delivery: 5 years later (Incontro DevOps 2018)
Continuous Delivery: 5 years later (Incontro DevOps 2018)Continuous Delivery: 5 years later (Incontro DevOps 2018)
Continuous Delivery: 5 years later (Incontro DevOps 2018)
Giovanni Toraldo
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform GainRejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform Gain
Łukasz Piątkowski
 
meetup devops 2023/04/04 - Astonish April
meetup devops 2023/04/04 - Astonish Aprilmeetup devops 2023/04/04 - Astonish April
meetup devops 2023/04/04 - Astonish April
Frederic Leger
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?
Weaveworks
 
WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?
All Things Open
 
GitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka RaviGitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka Ravi
Weaveworks
 
Continuous integration is not a solved problem
Continuous integration is not a solved problemContinuous integration is not a solved problem
Continuous integration is not a solved problem
Kristian Van Der Vliet
 
Who needs containers in a serverless world
Who needs containers in a serverless worldWho needs containers in a serverless world
Who needs containers in a serverless world
Matthias Luebken
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
Juraj Hantak
 
Cloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps ApproachCloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps Approach
Nicola Ferraro
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Pentester++
Pentester++Pentester++
Pentester++
CTruncer
 
2013-03-07 indie developer toolkit
2013-03-07 indie developer toolkit2013-03-07 indie developer toolkit
2013-03-07 indie developer toolkit
CocoaHeads Tricity
 
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Cloud Native NoVA
 
Data Science in the Cloud @StitchFix
Data Science in the Cloud @StitchFixData Science in the Cloud @StitchFix
Data Science in the Cloud @StitchFix
C4Media
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Brian Rosmaita
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
sparkfabrik
 
Contributions to an open source project: Igalia and the Chromium project
Contributions to an open source project: Igalia and the Chromium projectContributions to an open source project: Igalia and the Chromium project
Contributions to an open source project: Igalia and the Chromium project
Igalia
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
Jay Bryant
 
Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Ad

More Related Content

Similar to Flux’s Security & Scalability with OCI & Helm Slides.pdf (20)

Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform GainRejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform Gain
Łukasz Piątkowski
 
meetup devops 2023/04/04 - Astonish April
meetup devops 2023/04/04 - Astonish Aprilmeetup devops 2023/04/04 - Astonish April
meetup devops 2023/04/04 - Astonish April
Frederic Leger
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?
Weaveworks
 
WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?
All Things Open
 
GitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka RaviGitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka Ravi
Weaveworks
 
Continuous integration is not a solved problem
Continuous integration is not a solved problemContinuous integration is not a solved problem
Continuous integration is not a solved problem
Kristian Van Der Vliet
 
Who needs containers in a serverless world
Who needs containers in a serverless worldWho needs containers in a serverless world
Who needs containers in a serverless world
Matthias Luebken
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
Juraj Hantak
 
Cloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps ApproachCloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps Approach
Nicola Ferraro
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Pentester++
Pentester++Pentester++
Pentester++
CTruncer
 
2013-03-07 indie developer toolkit
2013-03-07 indie developer toolkit2013-03-07 indie developer toolkit
2013-03-07 indie developer toolkit
CocoaHeads Tricity
 
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Cloud Native NoVA
 
Data Science in the Cloud @StitchFix
Data Science in the Cloud @StitchFixData Science in the Cloud @StitchFix
Data Science in the Cloud @StitchFix
C4Media
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Brian Rosmaita
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
sparkfabrik
 
Contributions to an open source project: Igalia and the Chromium project
Contributions to an open source project: Igalia and the Chromium projectContributions to an open source project: Igalia and the Chromium project
Contributions to an open source project: Igalia and the Chromium project
Igalia
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
Jay Bryant
 
Rejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform GainRejekts 24 EU No GitOps Pain, No Platform Gain
Rejekts 24 EU No GitOps Pain, No Platform Gain
Łukasz Piątkowski
 
meetup devops 2023/04/04 - Astonish April
meetup devops 2023/04/04 - Astonish Aprilmeetup devops 2023/04/04 - Astonish April
meetup devops 2023/04/04 - Astonish April
Frederic Leger
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?
Weaveworks
 
WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?WTF is GitOps & Why Should You Care?
WTF is GitOps & Why Should You Care?
All Things Open
 
GitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka RaviGitOps & Flux - A Refresher with Priyanka Ravi
GitOps & Flux - A Refresher with Priyanka Ravi
Weaveworks
 
Continuous integration is not a solved problem
Continuous integration is not a solved problemContinuous integration is not a solved problem
Continuous integration is not a solved problem
Kristian Van Der Vliet
 
Who needs containers in a serverless world
Who needs containers in a serverless worldWho needs containers in a serverless world
Who needs containers in a serverless world
Matthias Luebken
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
Juraj Hantak
 
Cloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps ApproachCloud Native Applications on Kubernetes: a DevOps Approach
Cloud Native Applications on Kubernetes: a DevOps Approach
Nicola Ferraro
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdfGitOps Testing in Kubernetes with Flux and Testkube.pdf
GitOps Testing in Kubernetes with Flux and Testkube.pdf
Weaveworks
 
Pentester++
Pentester++Pentester++
Pentester++
CTruncer
 
2013-03-07 indie developer toolkit
2013-03-07 indie developer toolkit2013-03-07 indie developer toolkit
2013-03-07 indie developer toolkit
CocoaHeads Tricity
 
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Cloud Native NoVA
 
Data Science in the Cloud @StitchFix
Data Science in the Cloud @StitchFixData Science in the Cloud @StitchFix
Data Science in the Cloud @StitchFix
C4Media
 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
 
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Cinder Update, OpenInfra Meetup Q3 China, 2020-09-26
Brian Rosmaita
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
sparkfabrik
 
Contributions to an open source project: Igalia and the Chromium project
Contributions to an open source project: Igalia and the Chromium projectContributions to an open source project: Igalia and the Chromium project
Contributions to an open source project: Igalia and the Chromium project
Igalia
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
Jay Bryant
 

More from Weaveworks (20)

Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Six Signs You Need Platform Engineering
Six Signs You Need Platform EngineeringSix Signs You Need Platform Engineering
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdfSRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCIFlux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes ClustersAutomated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdfSimplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)Weave AI Controllers (Weave GitOps Office Hours)
Weave AI Controllers (Weave GitOps Office Hours)
Weaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)Flamingo: Expand ArgoCD with Flux (Office Hours)
Flamingo: Expand ArgoCD with Flux (Office Hours)
Weaveworks
 
Six Signs You Need Platform Engineering
Six Signs You Need Platform EngineeringSix Signs You Need Platform Engineering
Six Signs You Need Platform Engineering
Weaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdfSRE and GitOps for Building Robust Kubernetes Platforms.pdf
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
Weaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOpsWebinar: End to End Security & Operations with Chainguard and Weave GitOps
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
Weaveworks
 
Flux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCIFlux Beyond Git Harnessing the Power of OCI
Flux Beyond Git Harnessing the Power of OCI
Weaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes ClustersAutomated Provisioning, Management & Cost Control for Kubernetes Clusters
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
Weaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy CatastrophesHow to Avoid Kubernetes Multi-tenancy Catastrophes
How to Avoid Kubernetes Multi-tenancy Catastrophes
Weaveworks
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancyImplementing Flux for Scale with Soft Multi-tenancy
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKSAccelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
Weaveworks
 
The Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCFThe Story of Flux Reaching Graduation in the CNCF
The Story of Flux Reaching Graduation in the CNCF
Weaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
Weaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOpsDeploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
Weaveworks
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdfSimplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
Weaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
Weaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
Weaveworks
 
Ad

Recently uploaded (20)

Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
AxisTechnolabs
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
How can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptxHow can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptx
laravinson24
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
AxisTechnolabs
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
How can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptxHow can one start with crypto wallet development.pptx
How can one start with crypto wallet development.pptx
laravinson24
 
Ad

Flux’s Security & Scalability with OCI & Helm Slides.pdf

  • 1. 1 November 29, 2022 Flux’s Security & Scalability with OCI & Helm Kingdon Barrett OSS Engineer, Weaveworks Vanessa Abankwah DX Community Manager, Weaveworks
  • 2. 2 Weaveworks is founded on open source ● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s ● EKSctl: Create an Amazon EKS cluster with one command ● (and many many more projects!) And now … Weave GitOps......Built on Flux! weave.works
  • 3. 3 Speakers Help/Support Kingdon Barrett OSS Engineer Vanessa Abankwah DX Community Manager ,Weaveworks Duration 30-40 Minutes Browser Safari copy/paste shortcuts may not work Using Zoom Questions? • Use chat (button: top left corner of screen) • Escape to exit full screen • “To Everyone” or “To all panelists and attendees” Support: https://support.zoom.us/hc/ en-us/articles/206175806-T op-Questions Troubleshooting Use chat If the issue is not easily resolved, we ask that you follow along as we demo the sample app. Flux’s Security & Scalability with OCI & Helm
  • 4. 4 HashiCorp User Group Luxembourg (virtual) Nov 30 WOUG: Implementing Flux for Scale with Soft Multi-tenancy (Dec 13) Upcoming Events
  • 5. 5 5 ● Operating model for cloud native applications such as Kubernetes ● Utilizes a version controlled system (Commonly Git) as the “single source of truth” ● Enables continuous delivery through automated deployment, monitoring, and management by a version controlled system ● Managing your infrastructure and applications declaratively Recap: What is GitOps
  • 6. 6 6 ● 2 wks ago: (https://youtu.be/Bmh7kKYLIhY) Flux with “OCI Bootstrap” ● OCIRepository “standing in” for GitRepository as root Source Of Truth ○ “Bootstrap Lite” ● Non-standard config ○ We started to get ideas about where OCI can be used ○ Primitives: use them how you want, these are only examples ● (Podinfo app still managed via Git) ○ stand in for “upstreams we can’t control” ● Today is “Part 2” of the series Recap: Flux Security & Scalability (VSCode + OCI + Cosign)
  • 7. 7 7 Still GitOps? OCI + Flux == GitOps ● Git is still the source of truth ● Before: ○ Git => Flux ● After: ○ Git => OCI registry => Flux
  • 8. 8 8 Still GitOps? OCI + Flux == GitOps ● Git is still the source of truth ● Before: ○ Git => Flux ● After: ○ Git => OCI registry => Flux ○ New opportunities for validation, etc. ○ (We added a CI Step!)
  • 9. 9 Source: GitOps Working Group https://opengitops.dev/
  • 11. 11 11 Security & Scalability ● Pulling an OCI image is much less resource-intensive compared to a full or shallow Git clone ● Highly available registries are on every cloud provider ● Flux leverages Kubernetes workload identity and IAM when pulling OCI artifacts from managed registries ○ => No more key management ○ => No more SSH keys to generate ○ => No more proprietary API usage for token generation
  • 12. 12 12 Recap: Security & Scalability ● Last time: Image verification with cosign ○ “Two types” of images ■ Application runtime (not verified) ■ Manifests (YAML) - and how to publish as OCI, sign, etc. ● This time: …
  • 13. 13 13 Recap: Security & Scalability ● Last time: Image verification with cosign ○ “Two types” of images ■ Application runtime (not verified) ■ Manifests (YAML) - and how to publish as OCI, sign, etc. ● Today: let’s add ○ Helm Charts, and Cosign verification on HelmReleases ○ Keyless Cosign Signatures (and keyed) ● Bonus: ○ App runtime image verification with Kyverno
  • 14. 14 14 ● Software supply chain attacks ● OCI Artifact authenticity ● Sigstore cosign ○ Sponsored by Open Source Security Foundation (OpenSSF) ○ OpenID Connect, Root CA and Public Ledger ○ Keys: text-based, cloud KMS, Kubernetes Secret ● Container registry must support signed images ○ GitHub offers a simple way to get started with OCI and cosign Recap: Features of verification with cosign
  • 15. 15 15 ● What does it mean? ○ Overlapping protections ○ Risk assessment ○ Multiple mitigations ● Swiss-Cheese Strategy for Security ○ When there is a hole in one layer… ○ …the other layers enhance the probability of blocking attacks Defense in Depth
  • 16. 16 16 ● What does it mean for us? ○ Traditional approaches still apply: ■ Use a protected main branch, and CI checks ■ Use immutable images (req. support from Container Registry) ○ New approaches we can add: ■ Signatures and verification ■ Verify: ● YAML manifests (declarative representation of prod/app) ● App Runtime Images Defense in Depth
  • 17. 17 17 ● Helm ● Flux’s Helm Controller & Source Controller ● Sigstore cosign ● Git repository (GitHub) ● CI workflows (GitHub Actions) ● Container registry (GHCR) Agenda: Tools we are using
  • 18. 18 18 ● Helm ○ It’s ubiquitous ○ If you are using Kubernetes and you are not Google-scale ■ You basically can’t avoid Helm (everybody has helm charts) ■ Lots of nice features including lifecycle hooks ■ (Don’t over-analyze it) ○ Software + config distro commonly done with Helm charts ■ But it has some limitations Agenda: Tools we are using
  • 19. 19 19 ● Flux’s Helm Controller & Source Controller ○ Allows Helm to be used declaratively ○ Remediation and CRD upgrades ■ Features that aren’t natively in Helm ○ Helm + GitOps => (Flux implements this) Agenda: Tools we are using
  • 20. 20 20 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow ○ OCI signatures ○ Flexible attestations Agenda: Tools we are using
  • 21. 21 21 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow Q: How many people are signing releases now? Agenda: Tools we are using
  • 22. 22 22 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow Q: How many people are signing releases now? ● What does keyless verification get us? Agenda: Tools we are using
  • 23. 23 23 ● Sigstore cosign ○ Popular new tool for verification of signatures ○ Enables traditional “keyed” signatures or ■ Keyless - OIDC-based workflow Q: How many people are signing releases now? ● What does keyless verification get us? ○ (If we don’t sign releases now, could it get any worse?) Agenda: Tools we are using
  • 24. 24 24 ● Git repository (GitHub) ○ (Also an OIDC provider) ○ Place to store and version code Agenda: Tools we are using
  • 25. 25 25 ● CI workflows (GitHub Actions) ○ Place for CI actions to run ○ (environment with ephemeral GITHUB_TOKEN) Agenda: Tools we are using
  • 26. 26 26 ● Container registry (GHCR) ○ Place for CI actions to store the results ○ (Signatures go in here, as OCI artifacts as well) ■ sha256-abcd1234ef98765.sig ○ Images have a “digest” which hashes their content ○ Cosign attestations can make+certify assertions (“CI Passed”) ○ “Packages” hold the manifests or app runtime images ■ Serve them up as an OCI Repository Agenda: Tools we are using
  • 28. 28 28 ● Demo Example Docs ○ https://github.com/kingdonb/flux-oci-demo-nov-29 ○ (The repo we worked in today, with “solutions” Text in README shows what we did) Links
  • 29. 29 29 ● Podinfo ○ https://github.com/stefanprodan/podinfo ○ Keyless: ■ https://github.com/stefanprodan/podinfo/blob/master/.github/ workflows/release.yml#L90-L97 ○ Keyed: ■ https://github.com/stefanprodan/podinfo/blob/master/.github/ workflows/release.yml#L118-L125 Links
  • 30. 30 30 ● Flux Blog & Docs ○ https://fluxcd.io/blog/2022/10/prove-the-authenticity-of-oci-artifacts/ ○ https://fluxcd.io/blog/2022/11/verify-the-integrity-of-the-helm-charts-stored-as- oci-artifacts-before-reconciling-them-with-flux/ ○ https://fluxcd.io/blog/2022/08/manage-kyverno-policies-as-ocirepositories/ ○ https://fluxcd.io/flux/cheatsheets/oci-artifacts/#signing-and-verification ● Security ○ https://fluxcd.io/flux/security/contextual-authorization/ ○ https://fluxcd.io/flux/security/secrets-management/ Links
  • 31. 31 31 ● Kyverno ○ https://kyverno.io/docs/writing-policies/verify-images/#verifying-image-attestations ○ https://kyverno.io/policies/flux/generate-flux-multi-tenant-resources/generate-flux- multi-tenant-resources/ <- Flux Multi-Tenancy Resource ● Kyverno uses Flux and Cosign: ● https://github.com/kyverno/kyverno/blob/main/.github/workflows/relea se.yaml#L155-L172 Links
  • 32. 32 32 ● (Who else uses Cosign today in their release process?) ● Prometheus Community does now: ○ https://github.com/prometheus-community/helm-charts/tree/main/ charts/kube-prometheus-stack ○ https://github.com/orgs/prometheus-community/packages?repo_ name=helm-charts ● Flux Monitoring ■ https://fluxcd.io/flux/guides/monitoring/ Links
  • 33. 33 33 ● (Who else uses Cosign today in their release process?) ● Cert-Manager does now: ○ https://cert-manager.io/docs/installation/code-signing/#container-images- -cosign Links
  • 34. 34 34 ● (Who else uses Cosign today in their release process?) ● Harbor curiously does not: ○ However, Harbor users do already enjoy Cosign verification now: ○ https://goharbor.io/blog/cosign-2.5.0/ ● You can see attestations and verify the signatures in Harbor UI Links
  • 35. 35 35 ● Is coming! ● You can help by… Adoption
  • 36. 36 36 ● Is coming! ● You can help by… ○ Trying this workflow out and reporting any issues you may have ○ Joining the community ● Flux Dev Meetings ● Flux Bug Scrub ○ https://fluxcd.io/#calendar ● (We’d love to have you join!) Adoption
  • 37. 37 37 GitOps Tools for Flux Visual Studio Code Extension ● An extension to enhance the developer experience ● An intuitive way to manage, troubleshoot and operate your Kubernetes environment following the GitOps operating model ● Accelerate your development lifecycle and simplify your continuous delivery pipelines ● GitOps Tools Visual Studio Code on GitHub: https://github.com/weaveworks/vscode-gitops-tools ● GitOps Tools for Flux in Visual Studio Marketplace: https://marketplace.visualstudio.com/items?itemName=Weavework s.vscode-gitops-tools
  • 38. 38 38 Weave GitOps ● Adds a web UI that surfaces key information to help application operators easily discover and resolve issues ● An intuitive interface that provides a guided experience to build understanding and simplify getting started for new users; they can easily discover the relationship between Flux objects and navigate to deeper levels of information as required ● GitOps Tools Visual Studio Code on GitHub: https://github.com/weaveworks/weave-gitops ● Weave GitOps Documentation: https://docs.gitops.weave.works/docs/intro/
  • 39. 39 ● Join us on Flux discussions if you have more questions: https://github.com/fluxcd/flux2/discussions ● Flux Community: https://github.com/fluxcd/community/blob/main/community-roles.md ● Join the GitOps Community Group: https://www.meetup.com/GitOps-Community/ ● Join the GitOps Community LinkedIn Group: https://www.linkedin.com/groups/13914610/ ● VS Code Extension: https://code.visualstudio.com/ Next Steps
  • 40. Confidential do not distribute 4 0 weave.works Thank you