1. An air-gapped Kubernetes environment restricts internet access to increase security by preventing downloads of malicious data and attacks from outside entities.
2. Implementing an air-gapped Kubernetes cluster is more difficult than a standard one and requires additional effort for maintenance, but provides protections such as preventing data exfiltration by third parties.
3. Deploying components like the ELK stack in an air-gapped environment requires manually downloading, transferring, and installing charts and images due to the lack of access to external registries and repositories. Processes and permissions must be tightly controlled to maintain security.
CNCF_ A step to step guide to platforming your delivery setup.pdf
1. This document provides a step-by-step guide to establishing an internal developer platform to help teams build applications more efficiently.
2. It recommends treating the platform as a product with a product owner, roadmap, and user interviews. Prioritize components based on how much developer and operations time they save.
3. Agree on core technologies like containers and Kubernetes as the minimum standard. Identify evangelistic teams to pilot the initial platform offerings.
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
The document discusses a presentation by Joey Lei and Anders Eknert on data protection guardrails using Open Policy Agent (OPA). It provides background on the speakers and an overview of OPA, including how it works, the Rego policy language, and OPA's open source community. It then discusses how data protection policies can be enforced as code using OPA to provide guardrails for infrastructure-as-code deployments and prevent misconfigurations that could compromise availability, integrity or confidentiality of data. Examples of policy checks for recovery objectives, retention, backup strategies and exfiltration protection are provided.
This document summarizes a presentation about securing Windows workloads in a hybrid Kubernetes cluster. It begins with an overview of Calico and describes what a hybrid cluster is. It then discusses running Windows containers and the need to choose container base images wisely. The presentation covers how to secure Windows workloads using Calico for networking and policy enforcement. It concludes with information about demo resources and links for further reading.
This document summarizes a virtual meetup on app modernization. It discusses that 79% of app modernization efforts fail, with the average cost being $1.5 million and time being 16 months. App modernization aims to improve scalability, engineering velocity, and remove technical debt. Common obstacles include complexity, technical debt, and lack of resources. Modernizing just the UI without the business logic is ineffective. The document recommends prioritizing modernizing the business logic first to achieve the most benefits, and provides guidance for successful modernization projects such as defining requirements, securing resources, training teams, and providing the right tools.
CNCF Live Webinar: Low Footprint Java Containers with GraalVMLibbySchulze
GraalVM Native Image can compile Java applications into native executables for improved performance and lower resource usage compared to the traditional Java Runtime. It works by ahead-of-time compiling Java applications into native images that have a smaller footprint when deployed in containers and start faster than traditionally interpreted Java applications. Native images generated by GraalVM Native Image were shown to use half the memory and achieve better throughput than the same application running on the Java Runtime when deployed to Oracle Kubernetes Engine.
This document summarizes a workshop about using EnRoute and Open Policy Agent (OPA) to enforce policies at the ingress level. It includes an overview of EnRoute and OPA, a system diagram, differences between EnRoute and other ingress controllers, how OPA can be used for attribute-based access control (ABAC). It then demonstrates configuring EnRoute with OPA integration, installing an example workload secured with JWT, enforcing JWT claims using an OPA policy, and verifying the policy is applied.
1. An air-gapped Kubernetes environment restricts internet access to increase security by preventing downloads of malicious data and attacks from outside entities.
2. Implementing an air-gapped Kubernetes cluster is more difficult than a standard one and requires additional effort for maintenance, but provides protections such as preventing data exfiltration by third parties.
3. Deploying components like the ELK stack in an air-gapped environment requires manually downloading, transferring, and installing charts and images due to the lack of access to external registries and repositories. Processes and permissions must be tightly controlled to maintain security.
CNCF_ A step to step guide to platforming your delivery setup.pdfLibbySchulze
1. This document provides a step-by-step guide to establishing an internal developer platform to help teams build applications more efficiently.
2. It recommends treating the platform as a product with a product owner, roadmap, and user interviews. Prioritize components based on how much developer and operations time they save.
3. Agree on core technologies like containers and Kubernetes as the minimum standard. Identify evangelistic teams to pilot the initial platform offerings.
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdfLibbySchulze
The document discusses a presentation by Joey Lei and Anders Eknert on data protection guardrails using Open Policy Agent (OPA). It provides background on the speakers and an overview of OPA, including how it works, the Rego policy language, and OPA's open source community. It then discusses how data protection policies can be enforced as code using OPA to provide guardrails for infrastructure-as-code deployments and prevent misconfigurations that could compromise availability, integrity or confidentiality of data. Examples of policy checks for recovery objectives, retention, backup strategies and exfiltration protection are provided.
This document summarizes a presentation about securing Windows workloads in a hybrid Kubernetes cluster. It begins with an overview of Calico and describes what a hybrid cluster is. It then discusses running Windows containers and the need to choose container base images wisely. The presentation covers how to secure Windows workloads using Calico for networking and policy enforcement. It concludes with information about demo resources and links for further reading.
This document summarizes a presentation about securing Windows workloads in a hybrid Kubernetes cluster. It begins with an overview of Calico and describes what a hybrid cluster is. It then discusses running Windows containers and the need to choose container base images wisely. The presentation covers how Calico can be used to secure Windows workloads by providing networking and policy enforcement capabilities. It concludes with information about demo environments and resources for working with Windows and Kubernetes.
Advancements in Kubernetes Workload Identity for AzureLibbySchulze
This document summarizes Azure Workload Identity, a new solution for providing managed identities to Kubernetes workloads. It discusses the limitations of the existing AAD Pod Identity solution and introduces the motivations and architecture of Azure Workload Identity. Key points include that it eliminates identity assignment wait times, dependencies on Kubernetes custom resource definitions and the IMDS, and supports non-Azure Kubernetes clusters and non-Linux nodes. Integrations, the roadmap, and resources are also outlined.
This document discusses approaches to containerizing operating systems and development environments to automate software project setup and decrease onboarding time. It analyzes different layers involved in coding (project source, libraries, OS packages, OS, device) and whether their setup is declarative. Containerizing the OS and using tools like Docker, Nix, and containerized dev environments can automate previously manual setup steps and ensure consistency across environments. Fully automated solutions include using online IDE services while bringing your own browser and device.
This document discusses challenges around detecting software vulnerabilities in Kubernetes artifacts and proposes a solution called KubeClarity. It notes that effective vulnerability scanning requires an accurate software bill of materials (SBOM) but these are difficult to obtain for various reasons. KubeClarity aims to address these challenges by yielding SBOMs and detecting vulnerabilities across container images and code directories. It does this using multiple analyzers and scanners to scan at different stages, and groups results under applications to navigate dependencies. The high-level architecture includes runtime scanning in clusters and CI/CD pipelines using remote centralized scanners to provide faster and more complete vulnerability detection.
This document summarizes a webinar about spinning up Kubernetes infrastructure in a GitOps way. It introduces Kubermatic and their start.kubermatic project, which provides a wizard to easily bootstrap infrastructure on cloud providers and install Kubermatic Kubernetes Platform (KKP) using GitOps. The webinar demonstrates how tools like Terraform, KubeOne, Helm, Flux, and SOPS are used to automate the provisioning and management of the Kubernetes cluster and KKP configuration. It also discusses security aspects and provides a live demo.
Era Software - State of Observability and Log Management 2022 Webinar cncf.pdfLibbySchulze
The document summarizes the findings of a survey on the state of observability and log management in 2022. Some key findings include:
- Log data volumes are growing exponentially due to factors like cloud services, containers, and microservices. This growth is making log management challenging.
- Most organizations take steps to minimize log data volumes and costs but it is difficult to do so without missing important data.
- Log data is critical for IT operations and business outcomes but existing tools struggle to handle the growing volumes of data.
- Observability approaches that combine log, metrics, and trace data are becoming more common but still a work in progress for most organizations. Innovation in observability data management is needed to effectively handle
This document provides an overview of making applications cloud-native including:
- Defining cloud-native and its impacts on applications
- The advantages of using containers for applications
- When and why to use Kubernetes for container orchestration
- A demonstration of containerizing a sample application
Understand your system like never before with OpenTelemetry, Grafana, and Pro...LibbySchulze
This document discusses using OpenTelemetry, Grafana, and Promscale to gain insights into distributed systems. It summarizes OpenTelemetry for instrumentation, Promscale as an observability backend built on TimescaleDB that allows analyzing metrics, traces and business data together, and demonstrates this using a lightweight microservices demo that generates absurd passwords. The demo can be run locally and visualized in Grafana.
Luigi Hostplumber intro slide.pptx (1).pdfLibbySchulze
Luigi is a Kubernetes operator that provides advanced networking plugins like Multus, SRIOV CNI, Whereabouts IPAM, OpenvSwitch, and node-feature-discovery. It uses HostPlumber, which is an operator that can configure nodes via custom resource definitions for use cases involving these advanced networking plugins, such as creating SRIOV VFs, VLAN interfaces, installing Open vSwitch and bridges, and IPs and routing tables. HostPlumber also allows fetching node networking details via Kubernetes.
This document outlines an upcoming workshop on container networking, specifically using EnRoute as an ingress controller and Linkerd as a service mesh to provide traffic management and security for Kubernetes applications. It includes an agenda that will discuss CNI, ingress controllers like EnRoute OneStep, service meshes like Linkerd, and demonstrate setting up TLS and mTLS between workloads using these tools.
This document summarizes a webinar about spinning up Kubernetes infrastructure in a GitOps way using start.kubermatic. It introduces Kubermatic and its start.kubermatic project, which provides a wizard to easily bootstrap infrastructure on cloud providers using GitOps. The webinar demonstrates how it uses tools like Terraform, KubeOne and Flux to automate the creation of a Kubernetes cluster and then configure it and manage its resources with GitOps. It discusses the security and automation benefits of this approach for managing Kubernetes at scale across multiple clusters.
Enhance your Kafka Infrastructure with Fluvio.pptx
1. Enhance your Kafka Infrastructure
with Fluvio
Webinar on Aug 16 @ 10 AM PDT
2. Webinar Agenda
In this webinar, we will:
● Discuss what are the differences between Kafka and Fluvio
● Why companies are leveraging Fluvio to compliment Kafka
● How to quickly get started with Fluvio
● Live demo with Q&A
3. What are the differences between Kafka & Fluvio
Programming language
● Kafka was built using the Java programming language
● Fluvio was built using the Rust programming language
Fluvio provides Real-time data transformation
● SmartModules allow for programmable stream processing for clean data
Performance Improvements
● Up to 3x latency
● Up to 5x throughput
● Up to 7x CPU utilization
● Up to 50 Memory utilization
6. InfinyOn Approach to Intelligent Data Streaming
● Smart Pipelines vs. Simple Pipelines
○ Event stream processing with Web Assembly SmartModules
○ Process and transform data with single digit millisecond latency
○ Apply business logic to ensure data quality
● Smart Connectors vs ETL
○ Smart Modules can be deployed at source or sink connectors
○ No ETL tools required
● One solution vs. multiple tools and vendors
Distributed Intelligence with centralized control
8. Calls to Action
● Sign up for InfinyOn Cloud:
○ https://infinyon.cloud/signup
● Instructions on how to build a data streaming app:
○ https://www.infinyon.com/tutorials/rust/hello-world/
● Schedule an event stream processing demo:
○ https://www.infinyon.com/use-cases/event-stream-processing/
Editor's Notes
Hello and welcome to the: Enhance your Kafka Infrastructure with Fluvio webinar. I’m Grant Swanson, your host for today’s session. We will start with a few educational slides on Kafka vs. Fluvio, then go into a live demo and then finish up with with Q&A. Please enter questions anytime during the session in the questions window. In the handout section you will see some of our newest content that includes a speaking session on WASM technology from our CTO, Sehyo Chang at the most recent Kubecon Europe event. We also have content in PDF format that includes a Java vs Rust solution brief, a financial services solution brief, a real-time economy whitepaper, an eBook on how to enhance machine learning models with real-time data pipelines, and an InfinyOn Cloud datasheet. InfinyOn Cloud is a fully managed Fluvio service for enterprises.
Now we will cover the agenda for this webinar, where we will:
Discuss what are the differences between Kafka and Fluvio
Why companies are leveraging Fluvio to compliment Kafka
How to quickly get started with Fluvio
Live demo with Q&A
Let's talk about some of the differences between Kafka and Fluvio starting with Programming languages.
Kafka was built over a decade ago using the Java programming language
Fluvio was recently built using the Rust programming language
Fluvio differentiates itself as a technology by providing Real-time stream processing and data transformation using web assembly, all in a single unified cluster.
SmartModules allow for programmable stream processing for clean data. We will dive deeper into SmartModule functionality in the upcoming slides.
We recently completed a POC with a company that serves over 3,000 global banks that enables over 1.2 billion people to carry out their daily banking needs. In the POC they did benchmark testing on Fluvio vs. Kafka. The results were outstanding.
The Performance Improvements include
Up to 3x latency
Up to 5x throughput
Up to 7x CPU utilization
Up to 50 Memory utilization
Why companies are leveraging Fluvio to compliment Kafka
The number #1 use-case and reason why companies are leveraging Fluvio to enhance their Kafka infrastructure is to stream clean data to a Kafka topic. The Data Collection Pipeline shown in this diagram starts with an HTTP service and a Fluvio HTTP source connector. Streaming data flows into the Kafka sink connector where a SmartModules is applied. SmartModules are one of our premiere features, allowing users to have direct control over their streaming data by providing a programmable API for inline data transformation. Finally the transformed data event flows to the Kafka Consumer. Users can quickly and easily stream clean data to Kafka with no external ETL tools.
With stream processing and real-time data transformation, companies can stream data from a sale, a shipment, or a trade and perform any transformations that are needed before it sinks to an application or database. The two most common use-cases are to build rich front-end customer experiences and real-time back-end operations. We believe that in the coming years there will be a fundamental paradigm shift in data engineering where companies will move away from traditional Extract, Transform and Load or ETL tools to an STL infrastructure or Stream Transform and Load.
The InfinyOn approach to intelligent data streaming includes a new concept called smart pipelines. Smart pipelines are unique to InfinyOn and include Web Assembly Smart Modules that can process and transform data with single digit millisecond latency. Business logic can be applied to ensure data quality. SmartModules can be deployed at source connectors, sink connectors, or within the stream processing unit eliminating the need for ETL tools while providing a single solution with distributed intelligence and centralized control.
Question 1: What other types of data transformation can be performed with Fluvio? filter, map, array map, etc.
Question 2: Can you apply multiple SmartModules to a single data stream?
If you are interested in building an event-driven application with InfinyOn Cloud, please sign up for a free InfinyOn Cloud account. Click on the Hello world link that has instructions on how to build a data streaming app. You can also schedule a demo with our technical team by clicking on the event stream processing link and then click on the request a demo button at the bottom of the page.
All of these links are available in the chat window.