Kubernetes L.A. - Container Security and Compliance, Managing Apps via GitOps

Replicated - 5913 Blackwelder Street, Culver City 90232 - View Map Los Angeles
Thu, Aug 23, 2018, 6:30 PM (PDT)

About this event

Los Angeles Kubernauts and Cloud Native enthusiasts!

Our meetup will be August 23, 2018. In August we will dive into Anchore, the OSS tool for container security and compliance, and checkout how Replicated manages 3rd party apps using the GitOps model.

We're always looking for speakers and hosts. If you're interested, ping me via twitter @baldwinmathew or email baldwin_at_stackpoint.io.

Agenda:

6:30 - 7:00 - Gather, Drink, Grab a Plate

We may start earlier depending on crowd size, so come early and claim your spot.

7:00 - 7:30 - Open-Source End-to-End Policy Enforcement in Kubernetes with Anchore, OPA, and Falco - Anchore - Zachary Hill

I will demonstrate how to achieve end-to-end policy enforcement in kubernetes for security and best-practices of workloads from build-time to deploy-time to run-time using several open-source systems: Anchore for image scanning, Open-Policy Agent for workload configurations, and Sysdig Falco for runtime enforcement. By the end we’ll see a policy enforcement at each stage of the software lifecycle and the kubernetes mechanisms to configure and use for each stage.

7:30 - 8:00 - GitOps for Third Party Applications - Replicated - Marc Campbell

At Replicated, we wanted to run our developer stack in our Kubernetes cluster. But we didn't want to manage it any differently than we manage any of the software that we've written. Receiving Helm charts is just the start, we needed customizations and automation to get these deployed. So we've built and created (and open sourced) tools and systems to enable an easy to use, secure developer environment (inspired by Google's BeyondCorp paper), running a set of tools in a GKE cluster, that are deployed and updated by merging a pull request.

This talk will show how we consume Helm charts to receive these applications, layer on Kustomize overlays to add our own customizations (including BeyondCorp ingress and security), and manage it all using pull requests in GitHub.

The talk will explain why we've done this and how it works, and then demo how we update a popular third party application in our cluster.

Bio

Marc Campbell is Founder and CTO of Replicated. Replicated is a platform to enable SaaS companies to ship versions of their application to enterprise customers for install and run behind the firewall.

Twitter: @mccode

Location/Instructions:

Parking:
Here's a comprehensive map of all the available parking spots: https://goo.gl/IHvLEn .

Once Blackwelder is full we suggest you find street parking on La Cienega Blvd or the free public lot at the corner of Fairfax and Adams (also marked on the map). Also the La Cienega stop on the Metro Expo line is close to the venue. There will also be enough free beer that Uber might be a good choice :)

When

Thursday, Aug 23
6:30 PM - 9:00 PM (PDT)

Where

Replicated
5913 Blackwelder Street, Culver City 90232