Cluster API deep dive en

Managing one single cluster is easy even though upgrades can be tricky, but how about managing hundreds or even thousands of clusters. First challenge is how to deploy them in a simple manner. Second challenge is which tool to use. Third challenge is how to make this process easy, stable, fast and secure.
Most of the tool existing and mostly used pushes you to learn new "languages", mechanism ....
Did you know you can deploy and manage hundreds or even thousands of clusters with kubernetes ?
Did you know you can use Kubernetes to manage apps deployment into those clusters ?
This tool is called Clusterapi completely driven by the kubernetes SIG. Join me for this workshop to learn how to leverage it and it really works underneath.

vous ne devez pas faire aveuglément confiance à vos scanners de sécurité et voici pourquoi ! fr

Lorsque nous parlons de sécurité des plates-formes de production, nous nous appuyons fortement sur les scanners de sécurité. Il en existe beaucoup, et ils font tous un travail fantastique en aidant à identifier les problèmes de sécurité (configurations manquantes, informations d'identification, cve, ...) Mais aussi puissants qu'ils puissent être, nous ne devrions pas leur faire aveuglément confiance. Il y a des pans du tableau que les scanners de sécurité ne voient même pas, alors comment peuvent-ils nous aider à les sécuriser ? Dans ce talk, je souhaite partager mes expériences sur les scanners de sécurité de tous types, ainsi que leurs avantages et leurs inconvénients. Mais surtout, encore plus important ! comment combler efficacement leurs lacunes et couvrir l'image complète de la plate-forme de production pour fournir le plus haut niveau de sécurité en permanence.

L’open source à fait de moi un indépendant (et j’en suis fier) en

Aprés plus de 20ans dans l’IT, subitement je décide de passer indépendant et de partager mes compétences et experiences avec mes clients et partenaires. Mais pourquoi ? Quels ont été les moteurs de cette transformation ? Je vous propose de vous partager mon aventure et de vous raconter comment grace à l’explosion de l’open source, une idée de gosse et devenue réalité en quelques années à peine :) il y aura des haut et des bas mais c’est aussi ça l’aventure de l’indépendant. C’est aussi ça l’open source des possibilités presque infinies que vous soyez simple passionné, pro de l’IT, dirigeant , indépendant, tous le monde peux contribuer !!!!

indie à la recherche du graal du cloud fr

Qui n'en a pas rêvé ?
Une plateforme hautement disponible, totalement résiliente et hyperscalable.
Une plateforme ou votre application est déployée à grande échelle en un click.
Basée sur des technologies OpenSources et (presque) totalement cloud provider agnostic.
Spoiler alerte ! on l'a trouvé !

Ce talk est un REX des différents travaux de R&D qui ont été réalisés lors d'une mission longue chez un cloud provider majeur européen. Les travaux réalisés avec succès ont permis de sélectionner des technologies Opensources qui misent ensemble permettent de répondre aux attentes citées dans le pitch.
Il s'agit ici de montrer les challenges de ce projet, les analyses réalisées ainsi que les choix (et les raisons de ces choix) puis de faire une petite démo technologique.
Dans les grandes lignes, on met en lumière le Trio ArgoCD / Cilium / ClusterAPI qui permet de répondre aux attentes.
Le talk se terminera par une rapide description des travaux communautaires en cours du côté de la ClusterAPI pour répondre à de nouveaux challenges comme par exemple l'hybridation "intercloud" ou comment déployer des plateformes VRAIMENT hybrides (exemple: un cluster Kubernetes déployé cross providers).

large-scale kubernetes deployment, which tools to use and how en

Today, deploying a Kubernetes cluster is easy; many solutions exist, public cloud, private cloud, .... we are spoilt for choice. How to do when you want to deploy AND manage a large number of clusters? Which solutions to use? Pros/cons of this kind of solution... I want to share with you the various projects carried out to meet this challenge in the form of an experience report followed by a small demo. Goal: to show you that it is not "more complicated" to manage two or 100+ clusters (without deploying 100 clusters during the demo anyway :) )

you should not blindly trust your security scanners and here is why ! en

When we speak about security regarding production platforms, we heavily rely on security scanners, many exist, and they all do a fantastic job in helping identify security issues (miss configurations, credentials, cve, ...).But as powerful as they can be, we should not blindly trust them anyway. There are parts of the picture that security scanners don't even know about, so how can they help us secure them? Throughout this talk, I am to share experiences about security scanners of all types, pros and cons, and most importantly, how to efficiently fill the gap and cover the complete picture of the production platform to provide the highest security level continuously.

state of art : image security en

Speaker about security regarding production workloads, we often see the CI/CD and the platform itself. While they are good start in making production workloads secure, we tend to forget other existing mechanisms like image signature. Kubernetes project has announced sigstore usage to sign each and every component. How to leverage this mechanism for our own application images? what are their key features ? are there any alternatives? is it complex to use? let's find out all together :) through this talk let's discover how to strengthen image security using sigstore and also learn how to leverage other existing mechanisms.

l'analyse comportementale au service de la sécurité de votre production en

Lorsque l'on parle de sécurité, on y associe souvent une usine logicielle sécurisée, un scanner de vulnérabilité, un WAF, ....

mais tout cela n'est que la partie émergée de l'iceberg, le sujet de la sécurité est beaucoup plus vaste qu'il n'y parait.

"la CI/CD montre qu'on est secure, on a déployer en production, donc on est secure"

Que se passe-t-il si une application déployée en toute sécurité le lundi, devient sensible à un CVE critique le vendredi ?

Comment maintenir un niveau de sécurité optimale, sans devoir forcement passer par une nouvelle phase de déploiement (souvent en urgence)?

C'est là que l'analyse comportementale, vient à votre secours.

mais au fait ? qu'est ce que c'est ? et surtout en quoi cela peut-il vraiment vous aider ?

Je vous propose de répondre à ces questions ensemble et de découvrir comment cela peut protéger votre production de faille critique et complexe a patcher (indice: log4j / dirtypipe/ ...)
et ce quelque soit l'environnement d'execution.

Behaviour analysis to the rescue of your Kubernetes cluster en

Most of the time, speaking about security in kubernetes, we tend to see a one time project, implementing RBAC rules, image scanning, so on and so forth.
Maybe we are missing the more significant part here: the security of our applications. We know how to build a secure ci/cd pipeline, but how often do we monitor with security in mind, what our applications are doing in production.
Challenge accepted! Let me walk with you through the valley of kubernetes security challenges; We will learn how to implement behaviour analysis, discover its benefits and use several tools built for that purpose.

Three main takeaways from this workshop are:
- Learning what exactly is behaviour analysis and benefits you can leverage implementing it
- Real-world exercises and materials to learn how to implement
- Overview of tools built for that purpose and a some fun playing with them :)

Jump in! the fun has just begun

What the H... is this signing thing about ? en

While learning container security best practices, we stumble very early during the journey on "signing images", but what the h... is this signing about? Why should you really care? What are the benefits? Advantages, drawbacks, tools to choose, integration, deployment, day2,... ok ok ok I got it loooonnnggg journey ! Throughout this talk, I aim to explain simply with a little fun what this is all about, why it is so important, and more importantly, how it can help you be better at securing your container-based supply chain and production platform. Plain and simple, you'll learn from this session whoever you are in your organization C level, leads, experts,... did I hooked you? jump in and sail with me safely the seven container seas :)

Modern and secure app deployment using AzureDevOps, AKS and friends en fr

There’s a lot of different ways to deploy a micro service oriented applications and containers helped a lot in this matter.
While it’s easy to deploy micro services using containers, it might not be THAT easy when you are tasked to comply with a strict security policy.
Oh wait !!! What if .... what if, it COULD BE THAT EASY ? Deploying your microservices using modern workflows AND security driven ? Let’s find out ! Jump in and learn with us how EASY it is to leverage AzureDevOps, AKS and their bests friends, all together and of course completely security driven :)
You might be surprised about brand NEW friends, but hey let’s keep it a secret until then shall we ?

Terraform hand-in-hand with kubernetes en

Terraform is the goto tool to manage your Infrastructure and is used by many kubernetes distributions to create the underlying platform.
What if you could use terraform not only to manage the Infrastructure but the applications life-cycle also?
What if you could leverage kubernetes best features With Terraform to automate tasks, strengthen collaborations between your teams and more?
What if Terraform could become your single source of truth for everything regarding your production running platforms?
If you want to learn more about it with some real-world scenarios, then jump in and sail the cloud-native seas to discover the wonders of Terraform hand-in-hand with kubernetes. oh by the way Vault will be hidden somewhere so let's find him too :)

Give your kubernetes cluster the security level it deserves en

More and more people are getting used to manage and deploy kubernetes clusters, still security is probably the hardest part (seen as boring sometimes too sadly). we’ll discover how easy it could be to implement and maintain security best practices from simple tasks to advanced ones.
This talk is about giving a refresh around kubernetes security best practices but will mostly be focused into choosing the right tool for the right purpose, how to use several tools at once to offer a better security level. Keeping in mind that security isn’t only about the platform but also and moreover about the applications that will be run in production. Scanning, signing, behavior analysis will be the corner stones of this talk.

Behaviour analysis to the rescue of your Kubernetes cluster en

Most of the time, speaking about security in kubernetes, we tend to see a one time project, implementing RBAC rules, image scanning, so on and so forth.
Maybe we are missing the more significant part here: the security of our applications. We know how to build a secure ci/cd pipeline, but how often do we monitor with security in mind, what our applications are really doing in production.
Challenge accepted! through this talk, I aim to show you how we can achieve that, by implementing behaviour analysis on kubernetes at our application level (and not only).
Three main takeaways from this talk are:
- Learning what exactly is behaviour analysis and benefits you can leverage implementing it
- Overview of tools built for that purpose and a quick comparison
- A real-world example of implementation
Jump in! the fun has just begun

Déploiement moderne et sécurisé d'applications basé sur des technologies 100% Opensources en fr

Il existe de nombreuses façons de déployer des applications orientées micro-services et les conteneurs ont été d'un grand secours à cet égard.
Bien que cela puisse paraitre facile, il se peut que cela se complique lorsque vous devez vous conformer à une politique de sécurité stricte.
Sauf que .... ! Et si .... et si, ça pouvait être aussi simple ? Déployer vos microservices en utilisant des technologies modernes ET opensources ? le tout en tenant compte des aspects sécurités ? C'est ce que je vous propose de découvrir !
Je vous invite à une petite ballade en bateau, pour découvrir à quel point il est FACILE de réussir ce challenge :)
Vous pourriez même être surpris par la découverte de tout nouveaux amis, mais gardons le secret jusque là, d'accord ?

Help ! security incident ! what do we do now ? en fr

Perhaps you have already found yourself in this situation? A major security incident is detected, but no organisation, no tools, it's panic!
This conference aims to show you a "real" successful hack attempt AND to show you how you can technically be alerted quickly and protect yourself :)
It will remain technical but not too much and will focus on tools and best practices.

Help ! incident de sécurité ! on fait quoi maintenant ? en fr

Peut-être vous êtes vous déjà retrouvé dans cette situation ? Un incident majeur de sécurité est détecté, mais pas d'organisation, pas d'outillage, c'est la panique !!!
Cette conférence à pour objectif de vous montrer une "vraie" tentative de hack réussie ET de vous montrer comment on peut techniquement en être alerter rapidement et s'en protéger :)
Cela restera technique mais pas trop et sera centrer sur de l'outils et des bonnes pratiques.

confidential computing, because your workload desperatly needs it en

Security is now in the path to become soon completely mainstream, or so we think ! you may have followed all best practices and deploy all required components and that's ok !
BUT ! there's always a catch right ? someone who got access to the hardware, an insider attack, or just an application "too close" or the other ....
This is where confidential computing kicks in, several mechanisms to ensure data protection even from an insider attack.
what is confidential computing, where and how to use it.
Is it really worth the gig ! jump in and i'll walk you through it.

Optimizing Kubernetes: ClusterAPI's Role in Unified Cluster Management en

Hey Kubernetes fans! Ready to explore how ClusterAPI is revolutionizing Kubernetes management? This talk is all about unifying your Kubernetes game. With ClusterAPI, you get a one-stop-shop for managing all your Kubernetes clusters. Think of it as your command center, running in your pods.
We're diving into how ClusterAPI can become the backbone of a centralized Kubernetes management platform. This means smoother operations, less hassle, and a scalable way to handle everything from development to production environments.
Along the way, we’ll check out some awesome open-source projects leveraging ClusterAPI and showing what's possible when you bring everything under one roof.
Join me for a fun and insightful journey into unified Kubernetes management. You'll walk away with a new perspective on how to streamline your clusters and make your Kubernetes life a whole lot easier, all thanks to the power of ClusterAPI. Let’s unlock the full potential of Kubernetes together!

Safe Skies: Your Guide to Open-Source Cloud Security Tools en

Step into the world of cloud security without the tech overwhelm. This talk introduces user-friendly, open-source tools that safeguard your cloud environment. Learn how to protect your services and keep your cloud ventures secure. I'll walk you through the essentials, from picking the right tools to applying them effectively, with no expert knowledge needed. It's all about making cloud security accessible and manageable for everyone. Join the ship to gain the confidence to secure your cloud setup with ease.

Crafting a Future-Ready Observability Stack: The Open Source Way en

Let's face it: our cloud-native world is booming, and it's not slowing down. As the number of applications skyrockets, so does their complexity, leaving us in dire need of observability stacks that can keep up. We're all after that sweet spot of system reliability, performance, and creating experiences that make developers and users smile.

Now, with a lot of open-source observability options on the table, making the right choice feels like finding a needle in a haystack. And even when we do pick, technology moves so fast that we're left wondering if we'll have to toss our stack out with the bathwater just to stay current.

But what if I told you there's a better way? Imagine crafting an observability stack that's like a good wine. One that's flexible enough to grow with you, powerful enough to handle what's next, and so user-friendly that it practically becomes part of your team.

In this talk, we're going to roll up our sleeves and dive into the real-world toolkit for building an observability stack that won't let you down.

Launching Into Observability: A Practical Guide to Starting Your Project en

Join me for 'Launching Into Observability: A Practical Guide to Starting Your Project.' We'll make sense of observability in a fun, accessible way. I'll cover the basics, why it's essential in tech, and guide you through initiating your project, including insights on OpenTelemetry. You'll hear about the real challenges I faced and how I overcame them in building a scalable, adaptable observability platform. Plus, we'll take a glimpse at the future of this field. This talk is ideal for those with a basic understanding of observability and aims to deepen your knowledge in a jargon-free manner. Attendees will gain valuable skills and insights applicable in their professional projects, enhancing expertise and versatility in the tech world. Get ready for a journey into observability that's both informative and enjoyable, and bring back practical takeaways for your team and projects!