Kubernetes Observability with eBPF

eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. BumbleBee (https://github.com/solo-io/bumblebee) is a new Open Source project which helps to build, run and distribute eBPF programs using OCI images. It allows you to focus on writing eBPF code, while taking care of the user space components – automatically exposing your data as metrics or logs. In this workshop, we’re introducing eBPF and the different ways to create eBPF programs. Then, attendees are creating their first eBPF program using BCC and libbpf to have a better understanding of the main concepts. Finally, they are going through several labs to build and deploy an eBPF program with BumbleBee. They also deploy Prometheus and a web application on Kubernetes to display all the communications happening in the Kubernetes cluster.

Measure Twice, Cut Once: Dive Into Network Foundations For All!!

Networks are the foundation of distributed apps, especially in cloud-native ecosystems. Awareness of how data moves between applications is critical for understanding their performance, security, and efficiency.

As many apps are built and deployed onto container systems like Kubernetes, it’s key to understand where traffic goes, how to communicate with your applications, and how to decipher network protocols and transactions.

Cloud-native application networking tools offer many advantages, but require a deep understanding of the Linux networking stack.

This workshop prepares Platform Engineers to navigate networks and develop expertise in networking technologies. By using the Linux operating system, this workshop helps you to answer the questions:
- What does a packet look like?
- How does it flow into your microservices?
- How do you trace network & API communications?
- Why do you need DNS?
- How does Service mesh help with microservices?
- How can eBPF improve our network performance?

Progressive deployments in multicluster environments with Istio, Flagger and ArgoCD

Enterprises struggle to secure, manage and connect their applications in the wild west of cloud native. In this brave new world, concepts like zero trust security and application networking are still far and apart in adoption and understanding, and this talk wants to help to understand how:
- connect and secure workloads in multi-tenant environments
- configure multi-cluster routing and failover
- adopt GitOps principles for self-driving clusters
- to secure applications at the edge
- progressively deploy and scale your application
- observe the whole estate centrally using open source tooling

Platform Engineering meets Service Mesh: an SRE love story

Platform Engineering is the new black and we posit that service mesh is the perfect complement and an indispensable sharp tool in every SRE’ tool belt. Albeit been around for a few years, service meshes are now blossoming into a de-facto standard for providing much needed features to cloud native platforms, such as zero trust security enforcement, observability, traffic shaping and control over the application networking layer(s). This demo-heavy presentation will walk you thru the rationale behind adopting a service mesh and what can it do in practice to alleviate the pain of running at-scale platforms to deliver cloud native self-service infrastructure to developers. We will focus on Istio (the most popular service mesh) but the learnings extends to any other service mesh implementation; we will provide a workshop-style repository to follow offline.

Learn why and how every SRE should know what service mesh and what can it do for them: control and management of application networking, automated zero trust security and near-perfect observability of cloud native applications

The talk has a flow and structure to help lead the conversation from principles (SRE and Platform engineering) towards the practical implementation details with tools like ArgoCD and Istio.

1. Intro on why platform engineering is trending now
2. SRE principles, system engineering for platforms
3. Pains of platform engineering (security, multi-tenancy, observability)
4. Solution based on (among others) service mesh, GitOos and Zero trust security achieved thru those tools
5. Demo with multi-tenant, multi-cluster architecture and self-service platform for developers

Observability for Platform Engineers

Observability is a crucial part of every DevOps journey and fundamental for proper operations at every scale. We will give an introduction to it, with particular focus on what we need to measure when we build developer platforms and how can we leverage metrics, logs and traces to run them efficiently and securely. We will talk about DORA metrics, SRE principles, foundational DevOps practices to help you build a secure and accessible Internal Developer Platform, with particular focus on security and self-service.

Ephemeral Clusters as a Service with ClusterAPI and GitOps

GitOps has seen widespread adoption in the last few years due to the clear advantages over traditional CI/CD tools. However, with adoption comes the growing pains of scale: running and managing multiple clusters across different cloud providers represents a major hurdle for organizations wanting to adopt Kubernetes as a standard deployment platform. In particular, observability and security at scale are two thorny aspects that need to be addressed; we will demonstrate how it’s possible to tame the complexity of such scaled infrastructure via open-source tools, such as ClusterAPI, ArgoCD and Prometheus+Thanos to provide control and visibility over an arbitrary number of clusters. We will show a sample, created after our collective experience at large scale customers, which can automate the deployment of hundreds of clusters and applications automatically and securely, and collect metrics from all the ephemeral clusters along the way.

Build a Secure Developer Platform Using Argo, Istio and Vault.

Today we have all the right tools to successfully bring applications into production. We have learned how to build CI/CD pipelines. However this brings some challenges as well:

- How do you make sure applications get connected properly (to their backend, api's, database, etc.)?
This can take days, weeks or even months. CD(continuous deployment) becomes Continuous Disappointment

- The problem is even more complex if you consider multi platform and multi cloud. You don't choose multi cloud, multi cloud chooses you.
- Once the 2 above problems have been solved, how do you solve:
- Multi tenancy: How do you give every team complete autonomy to test their applications and bring them into - production
- Secure connectivity
- Secure code

In this presentation i will show you how you can solve this challenge by building a platform that will accomplis:

- Automatically build code
- Automated and secure application connectivity thanks to Multi - Cluster Istio and ArgoCD
- Achieve multi tenancy with Istio
- Manage Secrets, certificates and any sensitive information by using Vault and inject secrets into your deployment

Getting Started with Istio Ambient Mesh: An Interactive Workshop

Istio is the most widely used service mesh platform in the world for large-scale production deployments. In September 2022, Google and Solo.io announced the release of Istio Ambient Mesh to the community. Ambient offers a revolutionary data-plane architecture that allows service mesh users to ditch sidecars. It slashes operational complexity and enables incremental mesh adoption, all while reducing cost and computational overhead within a service mesh.

This interactive workshop provides a hands-on tour of the new Ambient capabilities, including:
• Mesh on-boarding without sidecars
• Layer 4-7 authorization policies
• Layer 7 observability
• Fault injection
• Traffic shifting

Each session participant will have access to their own sandboxed Kubernetes environment hosted on the Instruqt platform. A Credly-managed "Foundation for Ambient Mesh" badge will be issued to workshop participants who choose to take and pass a free certification exam offered at the end of the session.

Kubernetes Observability with eBPF

eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. BumbleBee (https://github.com/solo-io/bumblebee) is a new Open Source project which helps to build, run and distribute eBPF programs using OCI images. It allows you to focus on writing eBPF code, while taking care of the user space components – automatically exposing your data as metrics or logs. In this workshop, we’re introducing eBPF and the different ways to create eBPF programs. Then, attendees are creating their first eBPF program using BCC and libbpf to have a better understanding of the main concepts. Finally, they are going through several labs to build and deploy an eBPF program with BumbleBee. They also deploy Prometheus and a web application on Kubernetes to display all the communications happening in the Kubernetes cluster.

Trust no one: implementing zero trust security with Ambient Service Mesh

We live in a brave new world of cyber attacks, state-sponsored hacking and global instability fueled by (cyber and not) wars; perimeter security is just not up to the task of securing the modern digital infrastructure.
Zero Trust Security Model assumes that an enterprise-owned environment is not different or trustworthy than any non enterprise-owned environment. In this paradigm, an enterprise must assume no implicit trust and continually analyze and evaluate the risks to its assets.
We will show how we can simply and scalably implement new ways to perform the necessary steps towards achieving perfect zero-trust architecture, and what entails for operations and development.

The Neuroscience of Communities

Communities are the backbone of human experience and we evolved specifically to get rewarded from collaborative behaviour and the sharing of common values identified as our uniquely human culture. As Aristotle once wrote: “Man is by nature a social animal […] Anyone who either cannot lead the common life or is so self-sufficient as not to need to, and therefore does not partake of society, is either a beast or a god.”
We will explore the neuroscience of community engagement, how it reflects in our open source software development patterns, how we can enhance and foster our innate tendency to pursue communal work, the biochemistry of community and how this can lead to better life satisfaction and increase productivity.

Rapid local prototyping with ArgoCD

You want to develop ArgoCD locally without constantly pushing code to your VCS? You can! Combining minikube, Gitea and ArgoCD, you can get up to speed with a local GitOps environment in minutes.

Look Ma, no sidecars!

The sidecar model of delivering service mesh to applications in a cluster has drawbacks that limited adoption at scale and performance; a new model introduced in the ambient mode of Istio aims at reducing complexity and overhead and delivering secure application networking at both L4 and L7 with zero changes needed at the pod level.

Will deploy and demo Ambient Mesh on AKS with a workshop that can also be done at your own pace, based on our platform academy.solo.io

Kubernetes multi-cluster security approaches with GitOps

Usage of Kubernetes is expanding at rapid pace and it's quickly becoming the pervasive tool for cloud native computation and application development at a majority of enterprises. It's high time for new approached for security and governance based on pull mechanisms, tight desired state control loops and automated policy enforcement rooted in CI/CD concepts. The talk will walk through the principles of GitOps (operations by pull requests) and how you can leverage to enforce the highest security standard on fleets of clusters.

Open Source Computing Sustainability: The CNCF Approach

Thi talk delves into the critical role of open-source computing sustainability, with a specific focus on the approach adopted by the Cloud Native Computing Foundation (CNCF). In an era where digital technologies are transforming industries, open-source computing plays a pivotal role in driving innovation, scalability, and accessibility. The CNCF's strategy, principles, and initiatives in fostering sustainability within the open-source ecosystem are examined, shedding light on the organization's efforts to ensure the longevity, robustness, and resilience of cloud-native technologies. By introducing the CNCF TAG Environmental Sustainability, this talk offers insights into the broader landscape of open-source sustainability and its implications for the future of technology development and deployment.

We will make specific reference to compute sustainability in Azure, with examples and demos from the Carbon-Aware KEDA Operator

Gateway API: next gen ingress and routing

This talk will dive deep into the new Gateway API in Kubernetes, who reached GA recently and represents the next evolution for routing and ingress in Kubernetes, extending and improving with a better security model over the ingress API. We will demo how to get traffic into a cluster with HTTPRoute and TLSRoute, how to secure it with certificates and how to integrate Gateway API with Service Meshes (the GAMMA initiative).