Multi-Tenancy strategies in Kubernetes with Kyverno

Multi-tenancy in Kubernetes requires control and isolation. Learn how Kyverno helps manage different teams or clients in the same cluster, ensuring proper resource usage and configurations for each. A live demo will showcase how to set clear boundaries and rules between namespaces.

Securing GitOps: Preventing Privilege Escalation in ArgoCD

GitOps has revolutionized infrastructure and application management by using Git as the single source of truth. However, this approach comes with security challenges, especially around privilege escalation. In this session, we will explore the most common attacks targeting GitOps workflows, focusing on ArgoCD, and demonstrate how attackers can exploit misconfigurations. We'll also dive into practical strategies to secure your GitOps system, including repository protection, RBAC configuration, secret management, and policy enforcement using tools like OPA/Gatekeeper. Learn how to defend your pipelines and ensure a robust and secure GitOps environment.

This talk is essential for anyone leveraging GitOps practices and seeking to enhance their security posture in cloud-native ecosystems.

Breaking barriers in Kubernetes multitenancy: The power of virtual clusters with Vcluster

This talk is designed for Kubernetes practitioners and decision-makers seeking advanced strategies for multitenancy. We’ll start with the theoretical foundation, comparing traditional approaches with virtual clusters. Then, we’ll proceed to a live demo showcasing the deployment and management of virtual clusters using Vcluster, demonstrating:

- How to create a virtual cluster.
- Isolation and multi-version Kubernetes capabilities.
- Key benefits in real-world scenarios.
- Walk away equipped with the knowledge and tools to transform your Kubernetes multitenancy approach and embrace the future with virtual clusters!

Kubernetes API Server Event Auditing with Falco and Falcosidekick

In this hands-on workshop, you’ll learn how to audit Kubernetes API Server events using Falco, the real-time intrusion detection tool, and Falcosidekick, its powerful integration companion. We’ll cover setting up API Server audit logging, customizing Falco rules to detect specific activities, and forwarding these events to destinations like Slack, Elasticsearch, or Prometheus using Falcosidekick.

By the end of this session, you’ll gain a comprehensive understanding of how to enhance the security and observability of your Kubernetes cluster while implementing effective strategies to monitor and respond to suspicious or unwanted activities.

Streamline Development with IDPBuilder: Build an Internal Developer Platform in Minutes

Discover how to transform your development workflows with IDPBuilder! In this hands-on workshop, you’ll learn how to create a complete Internal Developer Platform (IDP) powered by cutting-edge tools like Kubernetes, Argo, and Backstage, with only Docker as a dependency. We'll guide you step-by-step to spin up a fully operational platform that simplifies deployments, enhances developer productivity, and unifies your team's workflows. Perfect for developers and platform engineers alike—no extensive Kubernetes experience required. Bring your laptop and start building your IDP today!

Entregas Seguras: Implementando Canary Deployments con Argo Rollouts e Istio

En esta charla, exploraremos cómo Argo Rollouts e Istio trabajan juntos para habilitar estrategias de entrega progresiva, con un enfoque en los Canary Deployments. Descubre cómo mejorar tu pipeline de entrega de software con redirección de tráfico controlada, observabilidad en tiempo real y mecanismos sólidos de reversión.

Abordaremos:

- Los fundamentos de la entrega progresiva y su importancia en aplicaciones modernas.
- Configuración de Argo Rollouts para gestionar estrategias de despliegue.
- Integración de Istio para dividir el tráfico y mejorar la observabilidad.
- Una demostración en vivo que incluye:
- Despliegue de una nueva versión de una aplicación.
- Redirección gradual del tráfico hacia la nueva versión utilizando estrategias canary.
- Monitoreo de métricas de rendimiento y reversión en caso de problemas.

Al finalizar esta sesión, tendrás un entendimiento claro de cómo Argo Rollouts e Istio simplifican el proceso de entrega, reducen riesgos y mejoran la confianza en tus despliegues.

Requisitos Técnicos:

- Conocimientos básicos de Kubernetes y mallas de servicios (service meshes).
- Acceso a un clúster de Kubernetes con Istio instalado para práctica opcional.
- Familiaridad con YAML y conceptos de despliegue (opcional pero recomendado).

Audiencia Objetivo:

- Desarrolladores, ingenieros DevOps y arquitectos de plataformas interesados en prácticas modernas de despliegue.
- Equipos que buscan adoptar estrategias de entrega progresiva como Canary Deployments.