We're back with another virtual Cloud Native and Kubernetes Manchester meetup, streaming URL TBC - watch this space.
Once again we've got two speakers lined up with a rough order of events as follows:
6:00pm - Stream goes live
6:15pm - Who's afraid of privileged containers? (Marko Bevc, Scale Factory)
7:10pm - Overcoming scalability issues in your Prometheus ecosystem (Jürgen Etzlstorfer, Dynatrace)
8:00pm - Closing comments
· Who's afraid of privileged containers? (Marko Bevc, Scale Factory)
When running containerised workloads, especially in hosted environments such as EKS, GKE or AKS, it is so easy to forget about security as managing underlying infrastructure becomes someone else's problem. And also Cloud provider's shared responsibility model usually blurs those lines even more.
In this talk we will be looking at how to securely run containers in Kubernetes environments. During this talk we will look more into some security mechanisms available to us. There are many different ways and aspects of securing your Kubernetes cluster and we will only look at those related to running privileged containers. This talk will focus on a possible privilege escalation to bypass RBAC rules when running privileged containers without any security policies in place. We will also do a live demo and show how this can be achieved in AWS EKS cluster. Afterwards we will show how to remediate this using PodSecurityPolicies and what to watch for when implementing those in an active cluster.
Marko is a Senior DevOps Consultant at The Scale Factory. He has been working with AWS services and Hashicorp stack on a daily basis for the last 4 years, empowering a variety of different customer teams to improve their cloud workloads. He is an open source contributor, very passionate about automation and enthusiastic about new technologies. Also holds AWS, CKA, HCTA and RHEL certifications and competencies. Marko is also a fan of hiking, cycling, travelling and exploring new places.
· Overcoming scalability issues in your Prometheus ecosystem (Jürgen Etzlstorfer, Dynatrace)
Prometheus is considered a foundational building block when running applications on Kubernetes and has become the de-facto open-source standard for visibility and monitoring in Kubernetes environments.
Your first starting points when operating Prometheus are most probably configuring scraping to pull your metrics from your services, building dashboards on top of your data with Grafana, or defining alerts for important metrics breaching thresholds in your production environment. in your production environment.
As soon as you are comfortable with Prometheus as your weapon of choice, your next challenges will be scaling and managing Prometheus for your whole fleet of applications and environments. As the journey “From Zero to Prometheus Hero” is not trivial you will find obstacles on the way. In this blog we are highlighting the most common challenges we have seen and provide guidance on how to overcome them. Finally, we are discussing a solution to get you there more quickly to build automated, future-proof observability with Prometheus showing Keptn as one possible implementation.
Jürgen is a core contributor to the Keptn open-source project and responsible for the strategy and integration of self-healing techniques and tools into the Keptn framework. He also loves to share his experience, most recently at conferences on Kubernetes based technologies and automation.