Marcus Noble
Platform Engineer @ Giant Swarm
Oxford, United Kingdom
Actions
Marcus is a platform engineer at Giant Swarm, a company dedicated to offering managed Kubernetes solutions. His main area of focus in recent years has been around Go, Kubernetes, containers and DevOps but originally started out as a web developer and JavaScript enthusiast. A self-described “tinkerer”, when not building Kubernetes solutions, Marcus likes to dabble with 3D printing and experimenting with smart home tech.
Awards
Area of Expertise
Topics
What Pokémon can teach us about being engineers
The world of Pokémon has many teachings that we can apply to our life as developers, SREs and DevOps engineers. Join me while we find out what Ash, Pikachu and all their friends can teach us about being better engineers and community members. Together, we really can be the very best, like no one ever was.
Webhooks - what's the worst that could happen?
Webhooks in Kubernetes play an essential role in extending the functionality of the cluster and go a long way towards the power Kubernetes offers. However, as with any technology, they also come with their set of risks and even potential disaster.
In this talk we’ll go through scenarios that could possibly impact an otherwise healthy Kubernetes cluster by making use of a misconfigured or malicious webhook. Can we take down the whole cluster? Can we block access to others?
For each risk we’ll take a look at the ways we can try to avoid them or mitigate their impact, if at all possible.
By attending this talk, attendees will gain a better understanding of the potential risks associated with webhooks and the measures they can take to ensure a more secure and stable Kubernetes cluster.
From Fragile to Resilient: Using Admission Policies to Strengthen Kubernetes
In the world of Kubernetes, dynamic admission controllers have long played a pivotal role in enhancing the robustness and adaptability of clusters. For instance, ValidatingWebhookConfiguration empowers users to implement intricate and finely-tuned access controls beyond the capabilities of RBAC and MutatingWebhookConfiguration provides advanced defaulting logic for all resource types. However, this capability often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.
Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But what if we could change that narrative?
Enter CEL-based Admission Policies!
In this talk we’ll take a look at what makes ValidatingAdmissionPolicies and MutatingAdmissionPolicies a safer choice for your admission logic and what problems they aim to solve.
We will dive into the features and limitations and will also draw comparisons with their webhook-based alternatives, highlighting the problems they solve. Finally, we’ll walkthrough how you can begin leveraging them today and take a look at what might be coming in the future.
Managing Kubernetes without losing your cool
After several years operating and building on Kubernetes clusters I have my fair share of battle scars. From network misconfigurations to soaring cloud costs to deletion of a production control plane, just to name a few.
Each time something went wrong, dealing with it became a little easier and each incident added another tool to my bag of tricks.
Over time I’ve tried to simplify and automate as much of my debugging technique as I can, through a combination of scripts, tools and code.
This talk will cover some practical tips and tricks that everyone using Kubernetes, regardless of experience level, can leverage to make interacting with clusters that little bit easier. We’ll start small, something anyone can do today, and work our way up to building our own tooling on top of Kubernetes to make every day operations just that little nicer.
What DragonBall can teach us about being engineers
The world of DragonBall has many teachings that we can apply to our life as developers, SREs and DevOps engineers. In this fun and fast-paced talk we'll learn how the Z Warriors were ahead of their time and how they fully embrace the engineer mindset.
The Wonders and Woes of Webhooks
Since introduced in Kubernetes v1.9, webhooks have been a key feature, making up one of the cornerstones of Kubernetes extensibility. When used right, they can allow operators to have much more control over their clusters and with tooling like Kyverno and Gatekeeper it’s easier than ever to leverage their full power. But, when misused, things can get very, very messy.
So how do we ensure our webhooks are full of wonders and not woes?
By taking a look at the history of webhooks in Kubernetes, the driving force behind their adoption and through several horror stories of webhooks gone wrong, we can develop a set of best practices.
KCD Denmark 2024 Sessionize Event
KCD UK London - 2024 Sessionize Event
DDD East Midlands Conference 2023 Sessionize Event
DevOpsDays Birmingham (UK) 2023 Sessionize Event
KubeHuddle Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top