Hans Kristian Flaatten
Platform Engineer at NAV
Bergen, Norway
Actions
CNCF Abassasor, Google Developer Expert (GDE) for Cloud, Grafana Champion and Platform Engineer at the Norwegian Labor and Welfare Administration (NAV) working on NAIS - a platform built to increase development speed by providing the best experience to build, run and operate applications.
Previously Principal Consultant at TietoEVRY with focus on large enterprises in public government, telecom, banking and insurance sectors.
Co-organiser of KCD Oslo, Cloud Native and GDG meetups in Norway. Regular speaker at national and international conferences on all things cloud native.
Awards
Area of Expertise
Hva er OpenTelemetry og hvordan bruker vi det i NAV?!
OpenTelemetry er kanskje det største som har skjedd Open Source verden etter Kubernetes, med en mye brattere kurve for antallet involverte og kode-endringer.
OpenTelemetry, eller Otel, er en universell standard for å observere hva som skjer i én, eller på tvers av flere, applikasjoner med støtte for så godt som alle programmeringsspråk. Flere og flere rammeverk og eksterne tjenester kommer nå med innebygget OpenTelemetry-søtte og de største tilbyderne av overvåkingstjenester støtter også standarden.
Endelig er vi ferdig med å bytte biblioteker og agenter hver gang vi skal ha et nytt overvåkingssystem! Og endelig får vi en standard som forener Logg, Metrikker og Traces slik at du enkelt kan hoppe mellom de ulike signalene fra applikasjonen. Og i NAV er vi i allerede godt i gang med overgangen til OpenTelemetry.
Men alt er ikke bare regnbuer og enhjørninger, som alt annet kreves det tålmodighet og «tunga-beint-i-munnen» når vi skal i gang med slike omveltninger. I denne presentasjonen gir vi en grundig introduksjon til OpenTelemetry og hvordan NAV har gått frem for å få alle sine applikasjoner over – hva som har fungert og hva som ikke har fungert like godt.
Hvor moderne er applikasjonsplattformene i offentlig sektor?
Helt siden de to største grenene av norske offentlig sektor, Skatteetaten og NAV, møttes i Berlin på KubeCon i 2017, har Norge vært på god vei mot bedre digitale tjenester ved hjelp av moderne applikasjonsplattformer.
Spol frem til 2023 og vi har samlet nesten 50 offentlige enheter som alle deler den samme lidenskapen å bygge bedre interne utviklerplattformer under ett tak som vi kaller Offentlig PaaS hvor vi deler beste praksis, erfaring og kunnskap med hverandre.
Ved å bruke den nylig publiserte CNCF Platform Engineering Maturity Model har vi undersøkt hvor modne plattformene i offentlig sektor er, og hvilke teknologier de bruker.
De som har en applikasjonsplattform er godt på vei på tvers av alle aspekter, og funnene våre indikerer at plattformene er mest modne når det kommer til grensesnitt og operasjon, og minst modne når det gjelder å være datadreven.
Denne presentasjonene vil presentere våre funn og dykke ned i noen utvalgte plattformer og snakke om teknologivalgene de har tatt.
Observability with OpenTelemetry: From Idea to Insight
OpenTelemetry might be the biggest thing that has happened in the OpenSource ecosystem since Kubernetes. With a much steeper contribution graph, and the recent General Availability of the specification, OpenTelemetry is now ready for prime time with more and more observability vendors supporting the standard.
Getting insights from your applications is absolutely vital for modern software development teams that want to release new functionality with confidence. The process of programming your application to give this insight is often called instrumentation and we often refer to the three pillars of observability; logs, metrics and tracing.
The instrumentation itself can be a hassle and will take some time depending on the size and of the application and how modern the framework and libraries are, but it is manageable. The real value comes when you instrument enough of the applications within a team or a business domain.
This also brings us to the challenge – instrumentation technology that works across different languages and frameworks without having to rewrite those applications from scratch. Different vendors have been providing this as their secret sauce if you accept to be cemented into their walled garden and lock this vital information in their monitoring system. Until now with OpenTelemetry! The universal telemetry toolkit for all your observability needs.
OpenTelemetry is a graduated CNCF project with first release in 2019 after OpenCensus and OpenTracing decided to merge. It has support for all major programming languages (Java, .NET, Go, Python, ++) and more and frameworks such as (Spring ++) has built in support for OpenTelemetry. All major monitoring tools and platforms (such as the Grafana stack) are contributing and supporting OpenTelemetry in one way or another.
In this workshop, you will learn how to get a modern observability stack up and running with the open source monitoring platform from Grafana – the LGTM stack (Loki, Grafana, Temp and Mimir). You will also learn how to instrument different applications with OpenTelemetry SDK and agent, to gain insight into the application’s performance.
State of Open Source in the Norwegian Government
Open Source have not had a prominent role in the Norwegian Government until the introduction of Kubernetes and the CNCF-landscape.
Ever since the Norwegian Tax Administration and Welfare Administration met during KubeCon EU 2017 and stated building their Kubernetes based application-platforms Norway has been on the fast track to open source technology adoption with more and more agencies favoring open source and open standards.
Today over 35 government agencies have a presence on GitHub where they have stared giving back to community by making what they have built themselves open source with the Norwegian Labor and Welfare Administration alone have 2000 public code repositories.
Workshop: Securing (and Observing) Kubernetes clusters with Cilium and eBPF - Part 2/2
Getting Kubernetes up and running and deploying your first application is relatively easy, managing them securely on scale however can be quite a challenge. Knowing what applications are communicating with each other and how to restrict, verify, and debug traffic policies is a real game changer for complex environments.
Cilium is an open source container network interface (CNI) for Kubernetes to secure and observe network connectivity between container workloads built on top of eBPF and is an official CNCF project. It provides transparent network encryption, multi-mesh connectivity, traffic observability, network policy management and debugging, and security forensic and auditing.
Join us for this workshop where we will get our hands dirty with setting up policies to inspect and secure the traffic to and from your Kubernetes applications.
Part 2/2: Securing Container Supply Chain Workshop
“Software supply chain” is a term describing everything that happens to code from the time it leaves the developers fingers until it runs in production. The code needs to be compiled, tested, packaged and deployed, and these steps take place in a variety of systems and use lots of complex third party solutions. Our apps also depend on an increasing number of third party libraries and frameworks that we often know next to nothing about.
Several initiatives have been started in an attempt to address the issues surrounding supply chain integrity, the most noticeable one being Supply chain Levels for Software Artifacts - SLSA. SLSA aims to be vendor neutral and is backed by major players like the Cloud Native Computing Foundation and Google in addition to startups such as Chainguard.
Cosign - Sigstore is a Linux Foundation project which is developing Cosign, a container signing, verification and storage in an Open Container Initiative (OCI) registry, making signatures invisible infrastructure.
Kyverno - Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies.
In this workshop we will make a practical approach to securing your container applications and verify that the container has not been tampered with since it was built.
* Setting up automated container builds
* Signing containers using sigstore/cosign
* Verifying signed containers using Kyverno
* Working with Kyverno policy reports at scale
Part 1/2: Securing Container Supply Chain Workshop
“Software supply chain” is a term describing everything that happens to code from the time it leaves the developers fingers until it runs in production. The code needs to be compiled, tested, packaged and deployed, and these steps take place in a variety of systems and use lots of complex third party solutions. Our apps also depend on an increasing number of third party libraries and frameworks that we often know next to nothing about.
Several initiatives have been started in an attempt to address the issues surrounding supply chain integrity, the most noticeable one being Supply chain Levels for Software Artifacts - SLSA. SLSA aims to be vendor neutral and is backed by major players like the Cloud Native Computing Foundation and Google in addition to startups such as Chainguard.
Cosign - Sigstore is a Linux Foundation project which is developing Cosign, a container signing, verification and storage in an Open Container Initiative (OCI) registry, making signatures invisible infrastructure.
Kyverno - Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies.
In this workshop we will make a practical approach to securing your container applications and verify that the container has not been tampered with since it was built.
* Setting up automated container builds
* Signing containers using sigstore/cosign
* Verifying signed containers using Kyverno
* Working with Kyverno policy reports at scale
How we secure NAV.no and 1/3 of Norway's national budget
Norwegian Labour and Welfare Administration (NAV) has over the past few years been through an extensive digital transformation journey that fundamentally changed who develop and deliver digital services and has influenced everything to how we work to the technology decisions we make. This journey will continue and we must adapt our approach to security accordingly.
As our attack surfaces grows with every new service, and our supply chain is growing longer and longer the threat landscape is becoming more and more complex. We experience an increase of digital threats and they can not be handled only by those who are operating the applications. Digital security concerns all roles and has to be implemented across the organization.
In this presentation we will shed some light on how NAV systematically works to enhance it's digital security from the very start of how the organization is structured with Security Champions in all teams, to planning/design/implementation of new systems, to how we secure the runtime and infrastructure that powers it all and how we proactively prevent and train on security related events.
Bulding a dedicated platform for frontend developers at NAV
The even the best container-based application platforms like NAIS are inadvertently better suited for microservices and more traditional backend applications, often leaving much to be desired for single page applications that have their own unique challenges.
At the Norwegian Labor and Welfare Administration (NAV) we have over 100 product teams running 1.600 applications on our application platform, 400 of which are frontend applications. Most of them written in React or Next.js, but other frontend frameworks is still in existence as well.
These applications does not get the benefit of our Prometheus monitoring, automatic SQL-database creation, cluster network security policies and many other features available from our application platform and they often have to do the heavy lifting of build their own micro-frontend architecture, monitoring, testing and much more.
At NAV we have perfected our container application platform for the better part of a decade. Along the way we have started a dedicated data platform (NADA) and since 2022 we have started a new team dedicated towards building platform services for our frontend developers to give them the best tools to build and run their frontend applications.
As far as we know, NAV is the first government agency in Norway to build a platform specifically for frontend application and we are super excited to share how far we have come 🚀
Booster Conference 2025 Sessionize Event Upcoming
TDC 2024 Sessionize Event
#HelloStavanger 2024 Sessionize Event
KubeCon + CloudNativeCon Europe 2024 Sessionize Event
State of Open Con 24 Sessionize Event
NDC Oslo 2023 Sessionize Event
NDC Oslo 2022 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top