© Mapbox, © OpenStreetMap

Speaker

Elif Samedin

Elif Samedin

Senior DevOps Engineer

Bucharest, Romania

Actions

Senior DevOps Engineer with extensive experience in IT Infrastructure Automation. HashiCorp Ambassador. Advocate for Continuous Learning, Open Source Communities, and Technical Innovation.

Badges

Area of Expertise

  • Information & Communications Technology

Topics

  • DevOps
  • Cloud Native Infrastructure
  • Infrastructure as Code
  • Modern Infrastructure

Kyverno vs. OPA Gatekeeper: My Policies, My Rules

Kubernetes is a modern marvel of orchestration - but without proper guardrails, it’s less a precision vessel and more a floating buffet for misconfigurations. With PodSecurityPolicy now consigned to the underworld (v1.25, may it rest), we’re left asking a critical question: who guards the gates of our clusters?

Enter Kyverno and OPA Gatekeeper - two policy engines, both alike in dignity, in fair Kubernetes where we lay our scene. Like Cerberus and Janus, they stand watch at the threshold: one barking at bad configs before they enter, the other scanning policy past and future in a bid for balance and order.

In this 30-minute odyssey, we’ll go beyond feature checklists to share hard-earned lessons from the chaotic beauty of production. You’ll see how these tools hold up under real-world pressure - where they shine, where they stumble, and how to make them work with your developers instead of against them. Think less red tape, more invisible shield.

If you’ve ever stared down a YAML file and thought, “Is this safe?” - This talk is your map, your Minotaur, and your exit strategy. Bring your curiosity, leave with clarity - and maybe even a few extra hours of sleep, knowing your cluster isn't standing wide open.

Terraform 1.10: Ephemeral resources and values

How confident are you that your sensitive data is secure when using Terraform? Imagine this: private keys or API tokens are sitting in plain sight within your plan or state files, ready to be snatched by anyone who knows where to look. Is your infrastructure really as bulletproof as you think, or is it an open door waiting to be breached?

To address these issues, Terraform 1.10 introduces ephemeral values, which prevent sensitive data from being kept in plaintext in Terraform's state or plan files.

Previously, if these files were read incorrectly, secrets that were extracted from data sources or created by resources — such as random passwords — were susceptible to disclosure. Ephemeral values now safeguard sensitive data from possible breaches by ensuring that it is never kept between operations.

Let's explore how ephemeral values and resources enhance infrastructure security, as well as how to implement them successfully — and get a sneak peak at write-only arguments.

Vault Autounseal with Transit Secrets Engine & OIDC Authentication: a synergy for improved security

In the field of cloud infrastructure and security, it’s essential to automate and safeguard sensitive data. This talk explores a complex setup where Terraform is used to set up several virtual machines, showcasing advanced Infrastructure as Code methods. We concentrate on setting up a main Vault cluster using Ansible, an effective automation tool, to ensure smooth and repeatable deployments.
A key feature of this system is linking Vault's auto-unseal function with Azure Key Vault, presenting a strong method for secret handling and data security in cloud settings. This combination boosts security and streamlines operational processes.
Additionally, we examine the setup of another Vault cluster, which uses the Transit Secrets Engine. It relies on the central Vault cluster for its unsealing, highlighting Vault's flexibility and interconnection, and providing a layered security framework.
The session also covers the integration of OpenID Connect (OIDC) with Microsoft Entra ID (formerly known as Azure AD), vital for identity and access management, offering a secure and effective solution for authentication and authorization in cloud applications.
Altogether, our aim is to offer practical insights into using these technologies, giving participants a thorough grasp of utilizing Terraform, Ansible, Vault, Azure Key Vault, and Microsoft Entra ID for a secure and efficient cloud infrastructure.

Terraform and beyond: End-to-end infrastructure testing

The release of Terraform 1.6 is a game-changer for infrastructure as code (IaC). It introduces a groundbreaking testing framework that reshapes our approach to ensuring infrastructure reliability. In this talk, we'll explore the intricacies of this new feature and how it enables thorough, real-world testing of Terraform configurations.

It goes beyond mere code verification, evolving into a broader scope of integration testing. This change signifies a move from simply testing the functionalities of Terraform to assessing the actual performance and stability of the infrastructure once deployed.

We’ll talk about crafting strategic, automated tests that mimic real-world conditions, preparing for potential discrepancies. The goal? To design tests that reflect real-life scenarios and challenges.

To wrap up, we’ll highlight the critical role of end-to-end testing in Terraform. It’s not just about making infrastructure changes safer: it’s about boosting overall system stability and availability. Attendees will gain insights into using Terraform 1.6's new testing tools to build infrastructure that's as resilient and dependable as the applications it supports.

Kubernetes RBAC with Ansible

Role-Based Access Control (RBAC) is a security strategy that allows for the granular management of system resource access. RBAC in Kubernetes allows cluster administrators to determine who may do specific operations on various resources inside the cluster. And what better way to guarantee that certain best practices, such as the concept of least privilege, are followed than via the use of automation? For this live presentation, Ansible will be the tool of choice.

Kubernetes on Bare Metal: an Automated Deployment

Underneath virtualization and cloud platforms there is always the physical server. There are various contextual factors to be considered when choosing how and when to deploy a Kubernetes cluster on bare metal, two main reasons being cost and performance. We will address this by using Ansible to both invoke and enact the provisioning steps required and build a Kubernetes cluster with kubeadm.

How Vault Agent aids in Kubernetes cluster hardening

We are going see how the Vault Sidecar Injector enables an application in Kubernetes to consume secrets from various Secret Engine types available in Vault.

Exploring and Provisioning Infrastructure with Packer

Packer is indisputably one of the tools that shouldn’t be missing from a DevOps Engineer’s ammunition. Its objective is to create identical machine images for multiple platforms (KVM, Vagrant, VMWare, AWS, Azure, Google Cloud, Docker) from a single source configuration. Thus, it drastically shortens the time it takes to deploy new instances.
By baking our needed configuration into golden images, we also shift our mindset to immutable infrastructure. This in turn brings some major benefits, such as reducing the deployment time and configuration drifts.

KCD Porto 2025 Sessionize Event Upcoming

November 2025 Porto, Portugal

HashiTalks 2025 Sessionize Event

February 2025

HashiTalks 2024 Sessionize Event

February 2024

90DaysOfDevOps - 2024 Community Edition Sessionize Event

January 2024

HashiDays 2023 Sessionize Event

June 2023

HashiTalks 2023 Sessionize Event

February 2023

2022 All Day DevOps Sessionize Event

November 2022

Elif Samedin

Senior DevOps Engineer

Bucharest, Romania

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top