Elif Samedin
Senior DevOps Engineer
Bucharest, Romania
Actions
Senior DevOps Engineer with extensive experience in IT Infrastructure Automation. HashiCorp Ambassador. Advocate for Continuous Learning, Open Source Communities, and Technical Innovation.
Links
Awards
Area of Expertise
Topics
Vault Autounseal with Transit Secrets Engine & OIDC Authentication: a synergy for improved security
In the field of cloud infrastructure and security, it’s essential to automate and safeguard sensitive data. This talk explores a complex setup where Terraform is used to set up several virtual machines, showcasing advanced Infrastructure as Code methods. We concentrate on setting up a main Vault cluster using Ansible, an effective automation tool, to ensure smooth and repeatable deployments.
A key feature of this system is linking Vault's auto-unseal function with Azure Key Vault, presenting a strong method for secret handling and data security in cloud settings. This combination boosts security and streamlines operational processes.
Additionally, we examine the setup of another Vault cluster, which uses the Transit Secrets Engine. It relies on the central Vault cluster for its unsealing, highlighting Vault's flexibility and interconnection, and providing a layered security framework.
The session also covers the integration of OpenID Connect (OIDC) with Microsoft Entra ID (formerly known as Azure AD), vital for identity and access management, offering a secure and effective solution for authentication and authorization in cloud applications.
Altogether, our aim is to offer practical insights into using these technologies, giving participants a thorough grasp of utilizing Terraform, Ansible, Vault, Azure Key Vault, and Microsoft Entra ID for a secure and efficient cloud infrastructure.
Terraform and beyond: End-to-end infrastructure testing
The release of Terraform 1.6 is a game-changer for infrastructure as code (IaC). It introduces a groundbreaking testing framework that reshapes our approach to ensuring infrastructure reliability. In this talk, we'll explore the intricacies of this new feature and how it enables thorough, real-world testing of Terraform configurations.
It goes beyond mere code verification, evolving into a broader scope of integration testing. This change signifies a move from simply testing the functionalities of Terraform to assessing the actual performance and stability of the infrastructure once deployed.
We’ll talk about crafting strategic, automated tests that mimic real-world conditions, preparing for potential discrepancies. The goal? To design tests that reflect real-life scenarios and challenges.
To wrap up, we’ll highlight the critical role of end-to-end testing in Terraform. It’s not just about making infrastructure changes safer: it’s about boosting overall system stability and availability. Attendees will gain insights into using Terraform 1.6's new testing tools to build infrastructure that's as resilient and dependable as the applications it supports.
Kubernetes RBAC with Ansible
Role-Based Access Control (RBAC) is a security strategy that allows for the granular management of system resource access. RBAC in Kubernetes allows cluster administrators to determine who may do specific operations on various resources inside the cluster. And what better way to guarantee that certain best practices, such as the concept of least privilege, are followed than via the use of automation? For this live presentation, Ansible will be the tool of choice.
Kubernetes on Bare Metal: an Automated Deployment
Underneath virtualization and cloud platforms there is always the physical server. There are various contextual factors to be considered when choosing how and when to deploy a Kubernetes cluster on bare metal, two main reasons being cost and performance. We will address this by using Ansible to both invoke and enact the provisioning steps required and build a Kubernetes cluster with kubeadm.
How Vault Agent aids in Kubernetes cluster hardening
We are going see how the Vault Sidecar Injector enables an application in Kubernetes to consume secrets from various Secret Engine types available in Vault.
Exploring and Provisioning Infrastructure with Packer
Packer is indisputably one of the tools that shouldn’t be missing from a DevOps Engineer’s ammunition. Its objective is to create identical machine images for multiple platforms (KVM, Vagrant, VMWare, AWS, Azure, Google Cloud, Docker) from a single source configuration. Thus, it drastically shortens the time it takes to deploy new instances.
By baking our needed configuration into golden images, we also shift our mindset to immutable infrastructure. This in turn brings some major benefits, such as reducing the deployment time and configuration drifts.
90DaysOfDevOps - 2024 Community Edition Sessionize Event
HashiDays 2023 Sessionize Event
HashiTalks 2023 Sessionize Event
2022 All Day DevOps Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top