Kubernetes Security Jumpstart

Kubernetes helps with microservice based app problems like scaling, deployment and discovery. But k8s is not a container security tool, and it would be a big mistake to assume that it can defend your apps from security vulnerabilities. We will explore steps we can take towards k8s security.

Kubernetes makes it possible to run containerized application at scale. It solves many problems of microservice architecture by abstracting away things like container deployment, container-to-container communication, load balancing. While Kubernetes is great at it many things, it seems to be lacking in terms of security. It has some security features but in most respect it is not production grade security, at least not by default.

If you are thinking about or already started with Kubernetes for your production workload, there are some steps you could follow to make sure your environments sand applications is secure.

In this talk we will discuss some best practices for Kubernetes security. From container image to secret management, we will try to cover it all. And after this talk hopefully we will all be in a better position to harden and secure our Kubernetes cluster.

Get up and running on Openshift

Red Hat OpenShift is a leading hybrid cloud, enterprise Kubernetes application platform. Red Hat OpenShift includes streamlined workflows to help teams get to production faster, including built-in Jenkins pipelines and our source-to-image technology to go straight from application code to container. It is also extensible to new frameworks like Istio and Knative.

This workshop will have you deploying and creating native docker images for a Node.js based website and learning to leverage the power of OpenShift to build, deploy, scale, and automate.

Managing Kubernetes with Istio

Developers are moving away from large monolithic apps in favor of small, focused microservices that speed up implementation and improve resiliency. Microservices and containers changed application design and deployment patterns, but along with them brought challenges like service discovery, routing, failure handling, security and visibility to microservices.

“Service mesh” architecture was born to handle these features. Applications are getting decoupled internally as microservices, and the responsibility of maintaining coupling between these microservices is passed to the service mesh.Istio, a joint collaboration between IBM, Google and Lyft provides an easy way to create a service mesh that will manage many of these complex tasks automatically, without the need to modify the microservices themselves.

In this talk we will see how istio can be used to manage traffic, gather metrics and enforce policies in a demo application running microservices. We will learn why kubernetes need “service mesh” and how does Istio improve managing Kubernetes workload.

Knative: Serverless Workload on Kubernetes

Kubernetes excels at container scheduling, and offers useful primitives for automating infrastructure. But we’ve noticed that development teams often struggle when they use vanilla Kubernetes for application deployments. By all means, use Kubernetes to push containers all day long. But if you want to push application code — or a function — Kubernetes on its own isn’t enough.

Knative is an open source software layer that helps cloud service providers and enterprise platform operators deliver a serverless experience to developers on any cloud. It’s a way to abstract the operational overhead of deploying and managing workloads that run on K8s and provides a consistent approach so that developers can focus on writing cool code.

In this talk we will learn what Knative is, why it was created and how you can get started.

How we accidentally created a Cloud on our Cloud

Part of the job of a Developer Advocate is the ability to demo or show off portions of your technology stack to possible users. At IBM we run many workshops and tech demos every week for our clients and conferences. We need to create, monitor, maintain and clean these assets. In this talk we will describe our automation journey from bash scripts run and maintained by individual developers to automating the creations and deletion on automatic schedule with a UI. We will discuss situation, our iterations on what we tried and the painful portions of them, and how we accidentally created a Cloud interface on top of the IBM Cloud, or easier said, we created a Cloud on our Cloud.

Ideally, we’ll show our journey and the lessons we learned along the way, and as an audience member, you’ll come away with nuggets of useful tooling to make your cloud usage more streamlined, and hopefully, you’ll see the pitfalls we fell in and you can avoid them yourself. We’ll show off some bad code, some good code, and some robust code; all open source and available to allow you to leverage it too.

In an effort to automate tasks for our users we ended up creating a cloud (kind of). In this talk we will describe our journey towards automation, and how we accidentally created a Cloud on our Cloud.