6:00 pm : Meet, greet, & eat
6:30 pm : Presentation
Talk 1: Insight & Abnormal Behavior Detection/Prevention with CNCF Falco
Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well? In this talk, we’ll present Falco, a CNCF Sandbox project for runtime security. We will show how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior, & how to write Falco rules to detect abnormal behavior. We’ll show how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally we will show how Falco can trigger functions to stop abnormal behavior, & isolate the compromised Pod or Node for forensics. Attendees will leave with a better understanding of what problems runtime security solves, & how Falco can provide runtime security, auditing & incident response.
Talk 2: A Basic Kubernetes Debugging Kit: curl, jq, openssl, and Other Best Friends
Joe Thompson walks you through a set of essential command-line Linux tools – curl, jq, openssl, netcat, dig and others – and how to use them to debug network and other issues in your Kubernetes clusters. The basic function and use of each tool is covered, with examples for some common Kubernetes-related tasks like verifying if a certificate is correctly generated or checking if DNS resolution in your cluster is working properly. We’ll also look at some container-based debugging procedures, including how to use one container to debug another that’s not running properly or to debug the host OS when the tools you need aren’t installed there.
Michael Ducy - Sysdig
Born on the rolling plains of central Illinois corn fields, Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. Raised in a blue collar family, his first workbench was given to him at the age of 5. His first programming language was BASIC, at the ripe young age of 6. Michael quickly saw the parallels between building physical objects on his workbench, and building virtual objects with his computer. Still an avid woodworker, Michael finds joy in helping people understand technology and the impact it has on the work that we do, and the lives that we lead.
Joe Thompson - Mesosphere
I'm a solutions architect for Mesosphere and a regular participant in the Helm and SIG-Apps communities. Prior to Mesosphere, I worked at Capital One, Oteemo, CoreOS and Red Hat (among others), providing practical solutions and training in and for Kubernetes and other cloud environments. My experience in IT operations and engineering stretches from present-day cloud and virtualization back to before you could Google error messages, and my blood type is caffeine-positive.