Ville de Montréal
Cloud infrastructure at Ville de Montréal
Software development life cycle of montreal.ca
We will do a presentation summarizing the architecture put in place for the City of Montreal in order to develop it’s microservices in NodeJS and executing them in Kubernetes.
We will describe how we used Jenkins and developed our own DSL to simplify adoption and operations.
We will also demonstrate all the steps taken: from the creation of a new API project to deploying in production, including monitoring and logging.
We will conclude with an overview of the challenges we faced and the processes implemented in order to improve.
Engineering Team Lead
Cloud Infrastructure Engineer
Using Rook to Manage Kubernetes Storage with Ceph
This presentation will introduce the Rook project within CNCF and set the context around the problem that it addresses. Through the use of the operator pattern, the Rook operator will be discussed to understand how a storage cluster can be configured and managed through it. Rook started with Ceph as its only storage backend but over the course of its development, many new backends have been introduced. For the purpose of this presentation, the focus will be on the Ceph backend and how Rook makes it easy to upgrade the operator and the backend independently of each other to give administrators control over their environment. The use cases for Rook-Ceph will vary depending on the Kubernetes cluster and its purpose. However, as end users of Rook-Ceph, the shared filesystem that Ceph provides allows for the scalability of different services by running multiple pods with the same mounting point. If there's no need for Read Write Many capabilities, Rook-Ceph also provides block and/or object storage interfaces to pods. By the time of the presentation, Rook 1.0 would have been released and with it comes the Ceph CSI driver implementation which will also be highlighted. Finally, a running Rook-Ceph cluster will be shown and the Ceph cluster will be upgraded to a new release to pick up fixes and new features demonstrating independence between the operator and its storage backends.
Senior Technical Staff Member
What is cloud native anyway
Cloud Native and microservices architectures are growing in popularity every day, but once you start writing production systems, how do you make sure they are fully tested? This session will give an overview of the trials and tribulations when testing cloud native applications, drawing on our experiences from writing the text-based microservice adventure Game On! and developing the polyglot microservice system that generates code for IBM Cloud users. Starting from the ground up, it will cover how to structure your application, the different types of tests you should write and how to test a system of microservices when working across different teams. Finally, it will introduce code examples of how to utilise tools such as JMockit to create mock objects that can be used during testing.
Defense in Depth: Securing your new Kubernete cluster from the challenges that lurk within
The abstraction layers of 'container' and 'helm' etc often make people not think about the security issues. I run 'helm install X' or 'docker build'. That in turn imports many things which get delivered into my environment.
Containers are not a (strong) security barrier. We often think about security as a Boolean (outside bad, inside good). Here I will talk about 'Defense in Depth': assuming that bad things are already in, and the steps we take to harden the environment.
- service mesh
- network policy
- reduction in privilege (de-root, de-privilege)
- rbac, roles
- understanding the upstream risk, quantifying, controlling
- read-only filesystems
And I'll show a simple check list of activities you can do during your DevOps cycle that won't change your cost (much).
I will focus on Kubernetes environment, contrasting Helm (+Tiller) versus Kustomize, but this is applicable to other environments.
Cloud Native Computing Foundation Ambassador, Principal Product Marketing Manager
DevOps is Not War
Over the past 500 years, there have been 16 cases of a rising power threatening to displace a ruling power. 75% of those cases resulted in war. Although your organizational transformation probably won’t lead to war, it could be contentious. History can help prevent conflict when driving change. This talk will analyze human tendencies, historical data, and provide real-world examples of how to avoid conflict during your DevOps journey.
Streams must flow: developing fault-tolerant stream processing application with Kafka Streams and Kubernetes.
All things change constantly, and we need to get on board with streams! Moreover, dealing with constantly changing data at low latency is pretty hard. It doesn’t need to be that way. Kafka Streams, Apache Kafka’s stream processing library, allows developers to build sophisticated stateful stream processing applications which you can deploy in an environment of your choice. Kafka Streams is not only scalable but fully elastic allowing for dynamic scale-in and scale-out as the library handles state migration transparently in the background. By running Kafka Streams applications on Kubernetes, you can use Kubernetes powerful control plane to standardize and simplify the application management—from deployment to dynamic scaling. In this talk, Viktor explains the essentials of dynamic scaling and state migration in Kafka Streams. You will see a live demo of how a Kafka Streams application can run in a Docker container and the dynamic scaling of an application running in Kubernetes.
Container Solution Architect
Filipe Bento dos Santos,
Container Solution Architect
Solution Architecture at Tigera
Identity, AuthN and AuthZ for Zero Trust Workload Security
Workload identity, authentication and authorization are foundational to a comprehensive security posture for cloud-native microservices. This session will walk through the state of the union in how these can be enabled within Kubernetes and a service mesh.
Furthermore, deployments have evolved from isolated Kubernetes islands towards interconnected services that also encompass public cloud services. We will share a few emerging patterns learned from operationalizing this spanning Kubernetes, Istio Citadel, Envoy and Calico.
Of course, together with a couple of demos to illustrate how these can be linked together to enable zero-trust security.
Kubernetes Crossing the chasm
As Kubernetes enters the mainstream market, we are seeing more use cases that don't fit the original mold, each bringing a new set of challenges. This talk discusses specific case studies, the challenges encountered adopting Kubernetes in each case, and the solutions and tooling used to solve them.