The cloud native ecosystem can be a difficult place to navigate. In this lightning talk, hear about 5 non-technical great ideas and programs that are being driven by the CNCF that will turbo-charge your understanding on how the cloud native ecosystem works.
“Zero trust” has become an increasingly popular topic for discussion recently – zero trust and the service mesh! zero trust and certificate management! zero trust policy enforcement! It’s all but impossible to escape serious looks at “zero trust” applied to whatever industry niche you care to imagine.
What seems to be missing is a serious look at what an entire application looks like when designed with zero trust in mind… so the KubeCrash hosts have decided to get together with an eye toward solving that. Rather than just talk in isolation about our individual pieces of the cloud native world, we’ve assembled a single application bringing everything together:
The end result is that our application is running in an environment where every access is checked, every time, at every level of the infrastructure and the application… and at the Spring 2023 KubeCrash, we’ll be taking a deep dive into how this entire reference architecture fits together. Experts on each of the open source projects listed above will provide a deep dive not just into how the project works, but how they all work with each other and with the application. We’ll wrap up by showing how you can apply this open-source reference architecture to your own work.
Home security begins at your front door, and in the world of cloud native apps running on Kubernetes, the ingress is the door to all of your apps. Using a “defense in depth” approach to security is vital, and there are many layers to securing an ingress, from TLS, to auth/n and authz, to rate limiting and allow/deny IP lists.
This talk will focus on how zero-trust requires a secured transport layer, from user to ingress to service(s). You will learn how to acquire a TLS certificate from LetsEncrypt and configure this with JetStack’s cert-manager for use with the CNCF Emissary-ingress API gateway.
You will also walk away from the session with an understanding of, and pointers to additional resources, for further securing your Kubernetes ingress.
Zero trust requires checking every access, every time, and a service mesh is the perfect tool to make that happen everywhere within the cluster running a cloud-native application. Of course, the mesh doesn’t exist in isolation! It’s important to consider not just how the mesh can run, but also how it interacts with other areas of infrastructure and the application.
In this talk, Alex will walk you through not just how to set Linkerd up for proper mTLS, but also how Linkerd can work well with the other pieces of our demo application. You'll see Linkerd get certificate information from cert-manager and routing information from Emissary-ingress, and how to define policies that can be curated by Polaris. Finally, you'll see how the application developer can take advantage of Linkerd to find and safely fix bugs no matter where they are in the call graph, with a live demonstration of how all these pieces fit together.
cert-manager is an open source X.509 certificate controller for Kubernetes. It automates certificate issuance for Kubernetes workloads. In this demo, certificates will be used to prove the identity of the Emissary API gateway and to prove the identity of peers in an mTLS Linkerd service mesh. Thanks to cert-manager's Issuer integrations, external CAs like Vault can be used to sign these certificates.
trust-manager is another project led by the cert-manager team. It distributes and manages the trusted CA certificates in a Kubernetes cluster. In this workshop, it is used to make all Kubernetes services trust the CA that is used for Linkerd mTLS, this way we can verify the peer identity in an mTLS connection. Additionally, it can be used to quickly update what public CAs are trusted.
Polaris is an open source policy engine for Kubernetes that validates and remediates resource configuration. It includes 30+ built in configuration policies, as well as the ability to build custom policies with JSON Schema.
When building a zero-trust environment using tools like Cert-manager, Emissary-ingress, and Linkerd, there are a vast number of objects and configurations available to both cluster operators and end-users. Many of these configurations may be undesirable, or worse insecure. In this talk, Stevie will demonstrate how cluster operators can use Polaris to enforce best practices and secure configurations in your zero-trust environment.
Supporting millions of concurrent users at one time as they build a world, battle creatures, or race to the finish line is a scale challenge. In this panel session we talk with innovators in the gaming industry to find out how they use cloud native technologies to build modern, data-intensive applications that scale to millions of users.
Jake Moshenko has been an innovator in the cloud native ecosystem for over 15 years. After engineering roles at Amazon and Google, Jake founded Quay, the first private Docker registry, which was acquired by CoreOS. Jake then became an engineering leader at CoreOS, which was acquired by Red Hat (and then IBM). He is now the co-founder and CEO of AuthZed, the company commercializing SpiceDB, the industry-leading cloud-native permissions database.
In this talk, Jake will discuss one of the most unappreciated barriers to application innovation: scaling fine-grained permissions. Whether you know it or not, your apps are scaling along one or more dimension:
- Development velocity
- Feature requests
- New geographies
When distributed cloud native apps scale along these dimensions, the complexity of storing, querying, and validating application permissions becomes burdensome and slows innovation. Jake will describe how cloud native permissions services, like SpiceDB, are allowing teams to unlock to the full potential of their applications.
74% of industry executives and leaders are backing Machine Learning and AI to solve their next generation of business problems. But only 53% of Machine Learning projects ever make it from prototype to production.
The potential for machine learning is enormous, but across all industries we are faced with long unsolved challenges of executing rapid experimentation and graceful scaling whilst keeping costs minimal to maximize return on investment.
Join Josh who will dive into how to reduce the barrier of entry and create more accessible scaling entry points using cloud native technology.
Join us for a panel discussion featuring thought leaders from a variety of industries to examine the present and future of these rapidly evolving technologies.
The panelists will shed light on how machine learning and AI will impact different industries and the world as a whole, and provide guidance on how businesses can effectively utilize these technologies for progress and better performance. They will also delve into the ethical aspects and potential difficulties that arise from the widespread use of ML and AI.
Expect an engaging and educational conversation in this rapidly transforming area.