Let’s kick off FOSDEM with some interesting Kubernetes talks!
- 6.30: Welcome + pizza
- 7 PM talk 1:
Victor Farcic - Combining Serverless Continuous Delivery With ChatOps
Simply put, OSS Jenkins does not scale. At times, our OSS Jenkins is struggling under heavy load. At others, it is wasting resources when it is underutilized. As a result, we might need to increase its requested memory and CPU as well as its limits to cover the worst-case scenario. As a result, when fewer builds are running in parallel, it is wasting resources, and when more builds are running, it is slow due to insufficient amount of assigned resources. And if it reaches its memory limit, it'll be shut down and rerun (potentially on a different node), thus causing delays or failed builds.
Except, that there is no OSS Jenkins in Jenkins X. And the good news is that it is serverless. It combines Kubernetes with Prow, Tekton, and Pipeline Operator. And that's not all. It is based on GitOps principles, and it comes with ChatOps capabilities.
We'll explore how we can combine different tools and processes to accomplish Kubernetes-first Cloud-native continuous delivery based on GitOps principles combined with ChatOps. But, before we do that, you'll need to forget everything you know about OSS Jenkins or similar tools.
- 7.45 PM talk 2:
Phil Estes - So You're Using Kubernetes! A Practical Guide for Application Security
In this talk we'll cover the options and best practices at each layer for deploying and running applications in a secure way. We will also look at the ever-growing ecosystem of tooling–spanning both open source and vendor-specific–that can be useful as developers help their overall organizations move towards production-ready secure applications in Kubernetes!
- 8.45 PM talk 3:
Andrew Martin - How to Train Your Red Team (for Cloud-Native)
How do we safely introduce Cloud Native software without opening unexpected security holes? By understanding risk, modelling threats, and attacking our own systems.
“Simulation” (i.e. playing hacking games on production-like infrastructure) is rising to prominence as a comprehensive training method for penetration testers, Red Teams, and infrastructure engineers. It safely demonstrates the risks an organisation or platform may face by using a controlled environment that looks and feels like production — but is only a clone.
In this highly technical talk we:
- cover the challenges faced introducing Cloud Native to financial organisations
- show the steps taken to threat model Kubernetes
- build and automate attack trees and kill chains for likely (and perversely difficult) compromise scenarios
- demonstrate an open-source Kubernetes CTF platform
- 9.30 PM talk 4:
Kris Nova - Runtime Security with Kubernetes - Let's hack a cluster.
Kris Nova, is Chief Open Source Advocate at Sysdig, focuses on security, intrusion detection, and the Linux kernel with Kubernetes and eBPF. As an active advocate for open source, Nova is an ambassador for the CNCF and the creator of kubicorn, a successful Kubernetes infrastructure management tool. Nova joins Sysdig from Heptio/VMWare, where she was a Senior Developer Advocate. Prior to VMWare, Nova was at Deis/Microsoft, where she was a developer advocate and an engineer on Kubernetes. Nova has a deep technical background in the Go programming language and has authored many successful open-source tools in Go. Nova has organized many special interest groups in Kubernetes. She is a leader in the community. She understands the frustration with running cloud native infrastructure via a distributed cloud-native application and authored an O’Reilly book on the topic, Cloud Native Infrastructure. Nova lives in Seattle and spends her free time climbing mountains.
Thanks a lot to our main sponsor, skyscrapers.eu for providing drinks!
Thanks a lot to Appnovation, for providing pizza!