Max Fröhlich
Serviceware SE, Platform Engineer
Darmstadt, Germany
Actions
I'm currently working at Serviceware. Here I supported our Data Scientist to build and deploy their applications to Nomad and now push DevOps things company wide.
I enjoy programming, tinkering around with new technology and traveling the world with my wife and daughters
Area of Expertise
Topics
What's happening?! - Getting started with a Grafana-flavored OpenTelemetry setup for Nomad
At Serviceware we're moving more and more applications into our Nomad powered cloud.
A diverse tech stack where each log format is different, only very temporary metrics from the Nomad UI and no traces at all while more and more services are talking to each other made it hard for our developers to understand what's going on in production.
Luckily as OpenTelemetry is becoming the de-facto standard for observability and Grafana brings the necessary counter parts we set out to build our new telemetry infrastructure.
In this talk we look at the basic building blocks of OpenTelemetry and what to consider when setting up your OpenTelemtry Collector pipeline.
We go through a demo derived from our production setup on Nomad, where we use Grafana's Alloy as OpenTelemetry Collector as it blends perfectly into the HashiCorp ecosystem. With the infrastructure in place we learn the required parts for your Nomad Job file to instrument a service.
Lastly we introduce the Nomad admission controller (NACP) to take the complexity out of instrumented deployments by auto-injecting those required parts.
Equipped with this knowledge you can start building your own observability stack on Nomad and get the insights you need to keep your applications running smoothly.
DevSecOpsify your Nomad deployments with NACP and the Notary project
DevSecOpsify your Nomad Deployments with NACP and Notary
DevOps is fun, everyone can deploy whatever they want! What could possibly go wrong.
Sure you can verify your SBOM during build time, but how can you ensure that this is actually the thing that is deployed?
The Nomad Admission Control Proxy (NACP) makes sure nothing sneaks into your cluster.
In this Talk we look at how we can leverage NACP to check that people submit only jobs with images that are specified via their immutable digests. To be even more secure NACP recently learned how to use Notary’s notation lib to check if images are signed off by all your security checks they passed during build time.
Keep your complex Nomad Jobs sane & simple with the Nomad Admission Control Proxy
When you deploy Nomad Jobs on a larger scale, you need to ensure that people follow naming conventions, make sure they include certain metadata or deploy only things that have jumped through all your security hoops.
Validation is one thing, but how do you deal with repetitive code throughout your jobs? Connecting to a database? Just set a vault policy, include an application specific environment variable block, maybe some TLS providing sidecar? Super simple....not. Sure, throw in yet another layer of templating, but this makes your HCL going to be HateCL.
The Nomad Admission Control Proxy (NACP) enforces conventions and hides complexity. It is based on the concept of Kubernetes' Admission Control. NACP is a gatekeeper placed in front of your Nomad API, mutating and validating incoming job requests.
You can configure any kind of remote webhook or use the embedded OPA engine that validates and transforms your Nomad Jobs.
Managing Keycloak Client Secrets with Vault
A common practice to secure services is to use OAuth2. Keycloak is an open source implementation of OAuth’s authorization server and widely adopted technology across the IT industry. A delicate but important part of the OAuth setup is the distribution of sensitive client secrets to backend applications.
In this talk I’ll show how we use our vault Keycloak plugin to distribute client secrets directly to an application running in nomad.
You will learn how to avoid manual provisioning Keycloak client secrets in your application deployment. Therefore, mitigating the risk of exposing sensitive data
Implementing Machine Learning Workflows on Nomad
As machine learning becomes more widespread across industries, the need to enable teams to quickly and efficiently train, evaluate and serve models becomes important for a successful ML project.
In this talk I'll explain how we're using HashiCorp and Jupyter Notebooks to handle the machine learning lifecycle.
I'll give an overview on a basic setup we established to manage, train and serve ML Applications and challenges we're facing moving forward to a Nomad driven MLOps platform.
Finally, I demo our self-service approach for data scientist to spin up isolated Jupyter Notebooks on a nomad cluster via Jupyter Hub for their experiments.
By the end of this talk, you will learn how a ML workflow can be implemented with Nomad and give developers the ability to train models in a self-served manner. Knowledge of ML is not required and all ML concept that are relevant to the talk will be introduced. While the talk will use NLP as an example, the processes described will largely be generic and adaptable to other types of machine learning models.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top