The Service Mesh: It's about Traffic

This document provides an overview of Docker concepts including containers, images, Dockerfiles, and the Docker architecture. It defines key Docker terms like images, containers, and registries. It explains how Docker utilizes Linux kernel features like namespaces and control groups to isolate containers. It demonstrates how to run a simple Docker container and view logs. It also describes the anatomy of a Dockerfile and common Dockerfile instructions like FROM, RUN, COPY, ENV etc. Finally, it illustrates how Docker works by interacting with the Docker daemon, client and Docker Hub registry to build, run and distribute container images.

Zero Trust / SASE Network / Security Cisco SD-WAN / SD-Access Cisco Secure Cloud Insights / Jupiter One GRC / DevSecOps

Christian Folini gave a presentation on optimizing ModSecurity on NGINX and NGINX Plus. Some key points: - ModSecurity is an open source web application firewall that provides a rule-based system. The OWASP ModSecurity Core Rule Set (CRS) is the default rule set that blocks over 80% of attacks. - To use ModSecurity with NGINX, one must compile ModSecurity 3.0 and the ModSecurity NGINX connector module, then compile NGINX with the connector. Alternatively, precompiled binaries are available with NGINX Plus. - Initial optimization steps include adjusting the anomaly threshold, learning to read logs using aliases, and handling false positives by

There is a lot of talk now around the term Service Mesh. The hype is high and the promise is real. The problem is that there is not really a good definition of what service mesh really is. In this talk we are going to review the problem service meshes are trying to solve, name the core components that make up a service mesh, and discuss the benefits an organization can receive by implementing this new technology.

The document discusses Kubernetes networking. It describes how Kubernetes networking allows pods to have routable IPs and communicate without NAT, unlike Docker networking which uses NAT. It covers how services provide stable virtual IPs to access pods, and how kube-proxy implements services by configuring iptables on nodes. It also discusses the DNS integration using SkyDNS and Ingress for layer 7 routing of HTTP traffic. Finally, it briefly mentions network plugins and how Kubernetes is designed to be open and customizable.

Platform Engineering is the practice of building and operating a common platform as a product for technology teams. In this session, we will talk about why and when we need a platform. How to build Platform Engineering and demo. Jirayut Nimsaeng Founder & CEO Opsta (Thailand) Co., Ltd. Youtube Record: https://youtu.be/brBZYbNbnAo Dev Mountain Tech Festival 2022 @ Khaoyai March 19, 2022

All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table. Presented at OWASP NoVA, Sept 25th, 2018

Building Cloud-Native App Series - Part 6 of 11 Microservices Architecture Series Testing Strategies - JUnit 5 - Cucumber BDD - Selenium - SpringBoot Test - Mockito - Wiremock - Pact

This document provides an overview of best practices for securing Kubernetes clusters. It discusses infrastructure protection, Kubernetes internal security, authentication and authorization options, network security, secrets management, container runtime security, and other security tools. Specific recommendations include limiting SSH access, using hardened images, encrypting storage, restricting API access, separating workloads, enabling authentication, implementing role-based access control, using network policies, securely managing secrets, scanning images for vulnerabilities, and auditing events.

1. Docker EE will include an unmodified Kubernetes distribution to provide orchestration capabilities alongside Docker Swarm. 2. When running mixed workloads across orchestrators, resource contention is a risk and it is recommended to separate workloads by orchestrator on each node for now. 3. Docker EE aims to address the shortcomings of running mixed workloads to better support this in the future.

My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.

Integration Patterns and Anti-Patterns for Microservices Architectures David Williams Co-Founder and Partner, Williams Garcia You can learn more about NATS at http://www.nats.io

The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them. More details here - https://www.practical-devsecops.com/

The document provides an overview of Kubernetes networking concepts including single pod networking, pod to pod communication, service discovery and load balancing, external access patterns, network policies, Istio service mesh, multi-cluster networking, and best practices. It covers topics such as pod IP addressing, communication approaches like L2, L3, overlays, services, ingress controllers, network policies, multi-cluster use cases and deployment options.

Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua. Container security best practices ​and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.

The exploration of service mesh for any organization comes with some serious questions. What data plane should I use? How does this tie in with my existing API infrastructure? What kind of overhead do sidecar proxies demand? As I've seen in my work with various organizations over the years "if you have a successful microservices deployment, then you have a service mesh whether it’s explicitly optimized as one or not." In this talk, we seek to understand the role of the data plane and how to pick the right component for the problem context. We start off by establishing the spectrum of data-plane components from shared gateways to in-code libraries with service proxies being along that spectrum. We clearly identify which scenarios would benefit from which part of the data-plane spectrum and show how modern service meshes including Istio, Linkerd, and Consul enable these optimizations.

Building Cloud-Native App Series - Part 9 of 11 Microservices Architecture Series CI-CD Jenkins, GitHub Actions, Tekton

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2a6wCn2. Emily Reinhold shares stories of how a rapid growth company broke up a monolith into a series of microservices, with practices and lessons that can save time and money. Filmed at qconnewyork.com. Emily Reinhold is a software engineer on Uber's Money team. Since joining Uber in early 2015, Emily has been involved in many aspects of money, including charging riders and paying driver partners. She has recently contributed to the effort to dismantle Uber's monolith while building its microservice architecture.

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1D2YQGg. John Bunting talks about different services Tumblr has built and how their architecture helps them be fault tolerant as they continue to grow. Filmed at qconsf.com. John Bunting is a pragmatic programmer. Possible cyborg hacker for at Tumblr. Loves Python, Ruby and everything Tech.

Niko Kurtti talks about the challenges Shopify saw in moving from a traditional host-based infrastructure to a cloud native one, moving not only their core app to Kubernetes but also hundreds of other apps at the same time. He focuses on the cluster tooling solutions they've built, such as controllers, cluster creators, and deploy tools. Filmed at qconnewyork.com. Niko Kurtti is a production engineer at Shopify. He started out as a software developer doing web apps with Java, but since then fell in love with container technologies. He was part of the effort to roll out Docker in production at Shopify in 2014 and is still working around the same domain, but today the focus is on Shopify’s internal PaaS based on k8s.

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2hkPH7v. Josh Evans talks about the chaotic and vibrant world of microservices at Netflix. He starts with the basics, - the anatomy of a microservice, the challenges around distributed systems, and the benefits. Then he builds on that foundation exploring the cultural, architectural, and operational methods that lead to microservice mastery. Filmed at qconsf.com. Josh Evans is Director of Operations Engineering at Netflix, with experience in e-commerce, tools, testing, and operations. For the past three years he has led an organization that creates, integrates, and evangelizes proven technical solutions and practices like continuous delivery, real-time ​operational insight, and chaos engineering to achieve operational excellence at scale.

This talk was done in Feb 2020. Sergey and I co-presented at CTO Forum on Microservices and Service Mesh (how they relate, requirements, goals, best practices and how DevOps and Agile has had convergence in the set of features for Service Mesh and gateways around observability, feature flags, etc.)

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1ncT8iO. From its simple roots as a PHP program, Uber has grown into a complex distributed system deployed across multiple datacenters using multiple databases and programming languages. Matt Ranney covers the evolution of Uber's architecture and some of the systems they built to handle the current scaling challenges. Filmed at qconsf.com. Matt Ranney is the Chief Systems Architect at Uber. He has a computer science degree which has come in handy over a career of mostly network engineering, operations, and analytics.

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1IPjAIS. Rick Hudson discusses the motivation, performance, and technical challenges of Go's low latency concurrent GC and why the approach fits Go well. Filmed at qconsf.com. Rick Hudson is a member of Google’s Go team. Rick has published papers on language runtimes, memory management, concurrency, synchronization, memory models, and transactional memory.

These are the slides of the second talk of the first Tech Talk@TransferWise Singapore, which happened on the 23rd of November 2017. These slides share how TransferWise codebase is moving from a monolith architecture to a microservices architecture.

Hyperledger Miami Meetup group, sponsored by 8base. Startups included 8base, Bushido Lab, and CoinPlan.

The document summarizes a Hyperledger meetup event in Coral Gables, Florida. It includes: - An agenda for the event with introductions, presentations on Hyperledger and local blockchain groups, and startup pitches. - Details on the panelists which include representatives from Hyperledger, KPMG, local blockchain companies and a law firm. - Information on three startups that will be pitching: 8base, Bushido Lab, and Coinplan.