Cloud Native Wales Meetup v1.5.0

DevOpsGroup - Floor 22 Capital Tower Cardiff, CF10 3AG - View Map Cardiff
Thu, Oct 10, 2019, 6:00 PM (BST)

About this event

# Welcome

We're Cloud Native Wales and we want to talk all things Cloud Native!

We're back with talks after our pub quiz we're heading to our Meetup home at the DevOpsGroup office.

Cannot be more excited to announce Andrew Martin sharing a talk with us. We're big fans of his at Cloud Native Wales and looking forward to having him share his talk. We have another big name lined up and we're working hard to make it work. More information to follow.

As well as that, we'll all be there and would love to catch and hear your stories. Salman will be flying in especially from his USA adventure (he's becoming a bit of a big deal now, some say he'll only drink sparkling water) and will pop to the pub afterwards to put the world to rights.

See you now in a minute,


## Agenda

### Rootless, Reproducible, and Hermetic: Secure Container Build Showdown - Andrew Martin, Control Plane

* [Andrew Martin](

Rootless container image builds (as distinct from rootless runtimes) have crept ever closer with orca-build, BuildKit, and img proving the concept. And they are desperately needed: a build pipeline with an exposed Docker socket can be used by an attacker to escalate privilege - and is probably a backdoor into most Kubernetes-based CI build farms. With a slew of new rootless tooling emerging including Red Hat’s buildah, Google’s Kaniko, and Uber’s Makisu, will we see build systems that can securely build untrusted Dockerfiles? How are traditional build and packaging requirements like reproducibility or hermetic isolation being approached? In this talk we: - Compare the strengths and weaknesses of modern container image build tools - Explore the safety of untrusted image builds - Live demo attacking container build pipelines - Chart the history and future of container image build tooling


### Towards a Low-Carbon Cloud - Aled James, Cloud Native Wales

* [Aled James](

Coinciding with this fortnight's international action on the climate emergency, this talk offers a timely outline of some of the latest research being conducted into minimising the significant, and growing, Carbon emissions resulting from our use of The Cloud.


Thursday, Oct 10
6:00 PM - 9:00 PM (BST)


Floor 22 Capital Tower Cardiff, CF10 3AG