DevOps is much more than just local improvements in the development, delivery, and operation of software: It represents a movement that touches not only development and operations (obviously!), but organizational culture, quality assurance, security, and program management.
Anyone tasked with a DevOps transformation will be able to spend a day wrapping their head around the world of DevOps, with exercises to help them look at their specific organization’s challenges through a DevOps lens. In this workshop, we’ll cover the following topics:
DevOps history and underpinnings
Core DevOps principles
Continuous delivery and business flow
An overview of technologies and tools to help implement DevOps
By joining DevOpsCon’s Transformation Day, you’ll get an insight into all the necessary aspects to make a DevOps transformation in your own organization successful.
Im zweiteiligen Kubernetes Workshop lernen die Teilnehmer, wie sie ihre eigenen, containerisierten Anwendungen auf einem Kubernetes Cluster ausrollen und das Lifecycle-Management in den Griff bekommen. Im zweiten Teil geht es dann um das Verfügbarkeits- bzw. Metrik-Monitoring mit Prometheus, das Log-Monitoring mit Elastic bzw. Loki und den persistenten Storage (PVC/PV). Auch die Isolation der jeweiligen Anwendungen innerhalb eines Clusters wird Thema des Workshops sein. Den Teilnehmern wird so das Wissen vermittelt, eigene Container ohne Zusatztools wie Ansible mit Kubernetes verwalten zu können.
In this day-long workshop, Jeff Sussna teaches you how to transform operations teams into user-centered service providers. He introduces a powerful method for discovering the promises you make to your users, and continuously improving your ability to keep those promises. He shows you how to incorporate promise discovery into existing practices such as:
Cloud-native computing is all about smart, continuous delivery of value-driven information services. In this workshop, we’ll learn to use Istio service mesh for smart deployment of microservice systems onto a Kubernetes cluster.
Looking to deploy Istio to your Kubernetes clusters, but not sure how? Confused about serverless workloads on Knative? Trying to integrate DevOps practices like A/B Testing, chaos engineering, or traffic splitting into your deployment practices? This workshop explains how to effectively adopt DevOps tools like Istio and Knative for utilizing service meshes and serverless in your deployments.
Starting with the basics, Kamesh Sampath explores what a service mesh or serverless workload is, before going over Istio and Knative. He’ll show you how to deploy your microservices apps to Kubernetes via Istio or Knative. Additionally, Kamesh will spend some time on understanding the building blocks of Knative before going over the perks of on-demand scaling. Whether you’re linking existing microservices apps into a service mesh or using serverless workarounds, this workshop guides developers towards a more effective DevOps implementation.
DevOps stresses the importance of breaking down silos. The truth is that you can’t actually get rid of silos; you can only realign them. Much of the anxiety caused by controversial topics such as "Enterprise DevOps" and "DevOps teams" reflects an incomplete understanding of the nature of large, complex organizations.
In this talk, I will dig more deeply into the reality of silos and what to do with them. I will present a more sophisticated perspective on how to structure teams in a way that balances autonomy with alignment. I will revisit empathy as the essence of DevOps, and explain how empathy makes it possible to scale DevOps without reintroducing the friction and brittleness it was intended to remove.
In der Anwendungsentwicklung haben sich agile Entwicklungsmethoden wie DevOps, Continuous Integration, Continuous Delivery und Continuous Deployment mittlerweile weitgehend durchgesetzt. Dies hat zur Folge, dass entsprechende Mechanismen und Werkzeuge auch für die Datenbank benötigt werden. In vielen Unternehmen ist die Datenbank zu einem Flaschenhals in dem sonst agilen Entwicklungsprozess geworden. Datenbankspezialisten befinden sich unter stets wachsendem Druck, die Entwicklungszyklen zu verkürzen. In einer Datenbankumgebung, die sich ständig verändert und in der auch kurze Ausfälle sehr hohe Kosten nach sich ziehen können, ist wenig Raum für Fehler. Daher ist es umso wichtiger, agile Entwicklungsmethoden einzuführen, um einerseits schnellere Ergebnisse zu liefern und andererseits das Risiko zu minimieren. Dieser Vortrag befasst sich mit den Besonderheiten einer Datenbankumgebung und den daraus resultierenden Herausforderungen für die Einführung von agilen Methoden bei der Anwendungsentwicklung für Datenbanken, und zeigt Wege auf, diese Herausforderungen zu überwinden.
The craft of software application development has evolved over the past thirty years. Yet, in comparison, Infrastructure as Code development (IaC) is still in its infancy. This talk presents some of the most impactful learning journeys from my career as an application developer, and how we can apply those lessons to accelerate the growth of Infrastructure as Code as a craft in its own right.
Have you ever had to re-write an entire template rapidly after discovering a flaw in production? Felt embarrassed to have bust a gut on a neat template update but realised you missed the point of the change request altogether? Have you ever struggled to come up to speed when reading someone else’s configuration management or infrastructure orchestration code? Maybe you’ve suffered from spaghetti-code in Terraform, CloudFormation, Chef or Puppet? How can we shortcut these pitfalls and leverage some of the practices that application developers have been honing for years? Find out in this session.
Learn tried and tested development techniques for ensuring high code quality
Understand how to apply agile principles to IaC development
Learn about testing frameworks for common Infrastructure as Code services
For cloud-native applications, Kubernetes and Istio deliver a lot of key functionality out of the box which works generically for microservices, no matter in which language they have been implemented, and independent from the application logic. However, some cloud-native functionality cannot be covered by orchestration frameworks and service meshes. Instead, it needs to be handled in the business logic of the microservices, for example application-specific failover functionality, metrics and fine-grained authorization.
In this session, we will demonstrate how to build microservices with Java EE and Eclipse MicroProfile and how to run and operate them on Kubernetes and Istio. MicroProfile also comes with convenience functionality that you typically need when developing microservices, for example invocations and implementations of REST APIs including their documentation. Attend this session to see how we walk you through a scalable and resilient sample application that can be run in your local Kubernetes environment or on any other Kubernetes cluster.
Google became the latest cloud vendor to announce their strategy for bringing their cloud to your datacenter (Google Next Keynote April 8, 2019) following Azure Stack and AWS Outposts. And the industry as a whole is embracing K8S as the de facto standard for the modern datacenter! Developers are infatuated with containers and microservices that are tailor made for K8S. But who is thinking about orchestrating the backend applications that power the business? Come to this session to:
Learn about K8S JOB and DaemonSet objects
Hear how Organizations are leveraging them to manage business workflows
See real-world examples of customer 360 and sentiment analysis
Automation and DevOps are probably two buzzwords which have gone hand in hand with the cloud over the last couple of years, while simplified user interfaces are great, they just don’t cut it when you want to start to automate tasks like the creation of systems within the cloud.
In this session, we’ll take a look at one of those automation tools, Terraform, and highlight its ability to quickly create environments that can be used over and over again. In the world of compostable resources, the automation Terraform brings can be invaluable with not only the creation of systems but also for standing up environments in case of disaster recovery too. We’ll dig into what Terraform is, how it can be used and provide a demonstration on how to build out an environment.
This will be a technical session, so ideal for Solution Architects and IT Operational folk to join.
Let me tell you a story about DevOps. Back in time, there were only developers in our company and we didn’t have a dedicated ops role. However, we’ve decided to change this and that’s how we’ve entered a very dangerous path with a lot of technical, people and culture related obstacles. This is a story about money, expectations, tickets, sweat, and long hours put to make everybody happy. I hope you’ll learn a lot from the real scenarios which we’ve encountered and the way we handled them. Most of all, I hope you won’t wake up one day and realise that there’s a team in your organisation which takes your focus and energy in the wrong direction.
Making sure microservices are properly compliant and secure from a GDPR and cybersecurity perspective can be difficult. Many of the various frameworks, tools and cloud platforms, currently, don’t have proper solutions for a cyber and information security and DevOps perspective for addressing challenges related to building microservices. The new microservices platform for the Norwegian pharmacy sector will gather personal prescription history data from all Norwegian citizens. In this talk, we will illuminate what is required to properly secure a microservices platform from an information and cyber security perspective in order to deliver a GDPR compliant microservices platform. We will share our experiences with and address challenges in regards to privacy and cybersecurity when using various frameworks, tools, and cloud platforms for delivering a GDPR compliant microservices platform.
Sicherheit ist ein großes Wort. Bei diesem Hands-on schauen wir uns in Docker an, welche Probleme es mit Folgendem gibt:
Capabilities und Sticky Bit
Nachdem wir dies eruiert haben, schauen wir uns an, wie dies in Kubernetes zu managen ist. Hierfür stellen wir die PodSecurityPolicies vor. Mit diesen sollen kritische/gefährliche Container/Pods nicht starten dürfen.
DevOps practices are in a place, containers are everywhere, pipelines are flying. We do Agile. We do DevOps. Now we should focus on following security practices for protecting the deployed resources, too. This is a reason why DevSecOps is not a hype anymore and is gaining more prominence. There is a lot of information about DevSecOps, but how to do it properly? Where to start? What are the best practices?
In this session, we will walk through an end-to-end scenario where we will deploy infrastructure components and solutions securely to the cloud. We will build a pipeline with security in mind to protect and detect potential security flaws during the build. We will focus on main the principles that you can apply to the most popular and used solutions and tools.
You will learn essential concepts:
how to build an end-to-end CI/CD pipeline that builds the application and deploys infrastructure with security checks for the application, containers, and infrastructure;
what security tools are available for CI/CD pipelines and the best way to implement them into different Git workflows;
best practices and patterns of building security pipelines.
A culture of automation is such a cornerstone of DevOps, one of it's oldest, most famous tropes is "automate ALL the things". But are there things we maybe shouldn't automate? What if how we go about automating things is actively causing us pain in the form of incidents? We'll take a look at some of the impacts and challenges pervasive automation has presented for engineers and operations, along with some important considerations when automating our complex, living socio-technical systems, as well as some strategies to cope with these "ironies of automation."
Looking to build new serverless applications, or migrate existing ones—but not sure how to manage them? Interested in deploying serverless applications alongside your other services? We'll talk about how Terraform can help you manage all your applications and services in a consistent manner, and we'll dive into some real life use cases of how Terraform is being used to manage serverless application deployment.
Serverless Containers or "Nodeless" Kubernetes, is the future of Containers infrastructure. Matching and scaling the right infrastructure to ever-changing micro-services deployments is a challenge. In this talk, we will review the evolution of Containers Auto Scaling in Kubernetes both Horizontal and Vertical, discuss the trade-offs, and introduce a new approach to deploy Serverless Containers in a "Nodeless" cluster. No Infrastructure or VM to manage, just Containers that can self-optimized themselves.
Shell scripts have been our constant companions since the seventies and although there have been many other contenders like Perl, Python or Ruby, Shell scripts are still here, alive and kicking. With the rise of the container, writing shell scripts becomes an essential skill again, since plain shell scripts are the least common denominator for every Linux container. A lot of historical dust settled on our rusty shell scripts which makes them hard to maintain and to extend. In this hands-on session, we will see how we can polish our shell. An opinionated approach about conventions will be demonstrated for writing modular and maintainable scripts. We will learn how to write integration tests for our shell scripts. This and much more will be part of our ride through the world of Bash and co. Come and enjoy some serious shell script coding, you won't regret it.
Your DevOps team is constantly making changes which presents you with the following challenge: How can you keep your web applications up and running consistently?
There are many platforms that claim to do blue-green deployment. In reality, it is difficult for teams to truly implement such deployments. In this session, we will discuss why companies use NGINX Plus to control traffic and do rolling deployments. We will also cover health checks, monitoring systems with NGINX Amplify/NGINX Controller, as well as the advanced NGINX Plus metrics.
Security is often overlooked when organizations move quickly to the cloud. So how do you maintain the speed and flexibility of application delivery and build security into your CI/CD pipeline and operations? Hybrid cloud teams focused on DevOps need to embrace security that integrates into their pipeline and runtime environments making it easier to improve both your security and development speed.
When it comes to logging, running a container-based microservices infrastructure offers you some challenges - to put it mildly. In a volatile environment, you can't just debug a user session by digging through a single server's log files. Pretty soon you realise that you need to centralise collection, processing and storage of your logs. Unfortunately, a centralised logging system does not play well with a "shared nothing" architecture approach. If the teams take "share nothing" literally, each team would have to run their own logging stack. Let's be honest: Most teams are lacking time, knowledge (or both) to do so and the approach is bound to break here. We'd like to show you in this session, how Shopping24 managed to find a way: We defined a common interface and provided an extensible default log processing implementation. Only a small layer of governance is needed to ensure that the teams have full control over their logs while still being able to participate in version updates and new features easily.
Companies today are faced with an ever increasing pace of change and disruption in the market. The need to deliver fast and to innovate is stronger than ever and will only intensify. Turn to Agile & DevOps ways of working is not good enough.Business Agility puts the focus on company’s business goals by leveraging “Delivery Agility”, “Product Innovation”, “Organizational Adaptability” and “Leadership Effectiveness”.
In this talk Stephan Lange will highlight examples where companies are doing well and also where they struggle. The intent is to focus on the value story of an enterprise rather than implementing initiatives that solve small parts of the business challenge.
Cloud-native technologies are growing and maturing at an unpresented pace. First adopted by start-ups and small organizations, cloud-native is now confidently entering the enterprise space. During this presentation, Slava will discuss current trends in cloud-native adoption, review different solutions and patterns, and outline how cloud-native can meet strict enterprise requirements.
Continuous delivery is becoming increasingly critical but it still remains a hard problem many enterprises struggle with. We will present lessons learned from the CI/CD transformation of 1000s of legacy monolith applications and how to achieve new levels of automation for cloud applications in day 0 and day 1+ scenarios.
Leadership does not know what’s going on on the shop floor. And the shop floor only gets to know a two sentence version of our purpose and direction. Hardly enough to be successfully aligned. While technology, business and the socio-technological systems we work in seem to spin ever faster, there still is the demand for purpose and direction. We all feel the tension between having set long term goals and short term decision making that is required from us. If done wrong, there is little connection, meaning, and power between strategic goals and execution. Done right, all these layers are connected through feedback loops. The talk will show mechanisms and ways of interaction which enable us to bridge long term thinking and short term decisions across the organization.
Is your team thinking about using Continuous Delivery or already using it? In this session, we are going share with you our continuous delivery platform, architecture and how it helping us and our clients to deliver continuously.
During the live demo, we will also see a reusable continuous delivery framework for microservices, which is based on Best of Breed model using opensource tools.
This presentation will introduce the audience to the basics of authentication and role-based access control (RBAC) in Kubernetes, discuss the challenges of implementing Kubernetes access control at scale in enterprise environments and explain the patterns employed in the open source Kubernetes management software Rancher to help Kubernetes operators escape the hell of YAML file sprawl and consistency issues.
Continuous Deployment can offer a competitive advantage and reduce the time-to-market. Purely software-centered companies often already employ Continuous Deployment but diversified corporations find it difficult to adopt this methodology. Too often, the software release process is painful and therefore done rarely. The project presented in this paper is aimed at helping companies with different software engineering domains to optimize their software release processes through Continuous Deployment. We propose a maturity model for measuring and improving the process maturity. It was developed and validated within Robert Bosch GmbH. Existing Continuous Delivery maturity models were analyzed and evaluated against a set of criteria established in our research. It was found that separating the levels Continuous Integration, Continuous Delivery and Continuous Deployment is essential for the support of agile development processes, as they build on one another. As this separation is not part of existing models, this dimension was used as the foundation to the newly developed Maturity Model Continuous Deployment - MMCD. It consists of a universal capability model and a detailed checklist with concrete points to fulfill each maturity level. Additionally, a check-tool was developed to generate a meaningful visualization of the assessment results and track the progress of improving maturity.
How does your product owner or team make decisions? How is the backlog or roadmap planned? Was your last improvement successful? Many teams rely only on their gut feeling and estimates in story points. Data from existing sources such as JIRA, ticket systems and CI/CD tools are waiting to be evaluated. In this session, I will introduce metrics and KPIs from Agile, Lean and DevOps, and we'll focus on learning the Build-Measure-Learn Loop. We'll look at digital and physical methods and tools that incorporate the data into processes and daily work. Using examples and diagrams, I'll show how this data can be used for more realistic planning and forecasting - and how this data can help the team improve itself.
Kubernetes and Docker have become nowadays the standard for building reliable and flexible software services, but with flexibility comes Responsibility. At the Audi Business Innovation GmbH, we use Kubernetes Cluster for Continuous Integration / Continuous Deployment and thus enable our developing teams to build, test and deploy software.
In this Talk we will share our Security Best Practices for running a secure Kubernetes Cluster, implement multi-tenancy through network and pod security policies and enable teams to use a trusted shared environment. The failures we made in the past were used as seeds for better implementation of Best Practices that work in today’s complex world of Kubernetes.
UX is driving Engineering and Product crazy, a black throwing off timelines and killing ideas. They’re too siloed and not collaborating well. UX doesn’t seem Lean, and popular Agile methodologies haven’t figured out how UX fits in, often suggesting that a Product Manager describing features in stories is enough for developers.
UX is throwing your Agile train off so much that you want to throw them under it. Can’t anybody make wireframes? Can’t we circumvent or exclude these people?
Companies are figuring out that UX specialists and the User-Centered Design process are good investments that more than pay for themselves. Recent highly-publicized UX failures remind us that skimping on the UX process can alienate customers, create negative media attention, and burn millions of dollars.
This workshop explains how the UX process fits into Agile, saves companies money, augments DevOps goals, and increases customer satisfaction. Learn how to save time, money, and sanity when UX does research, designs, builds rapid UX prototypes, conducts and interprets UX testing, and iterates… before developers write a line of code.
Digital economy makes applications the center of your world and the trust anchor of your customer. At the same time, your customer expects the highest comfort which makes it necessary to keep your applications up to date with new features as quick as possible. This results in several release cycles per day which need to be in sync with your security policy. To get this managed, it is necessary to get your application security infrastructure over infrastructure as code integrated in your CI/CD system. In this presentation, we will show a declarative approach to keep the integration as simple as possible together with the capability to integrate RBAC to get the domain specific knowledge of different teams like SecOps, DevOps and NetOps seamlessly integrated.
„Joy in work comes from understanding why your work is important. Not from the work, but from knowledge of who‘s going to use it... Motivation - nonsense. All that people need to know is why their work is important.“ - W. Edwards Deming
In the DevOps community, we hear a lot about socio-technical Systems these days. If we want to take an approach informed by socio-technical theory, then we need to take the sociological frame that STS proposes seriously.
In this talk, Jabe describes the intricacies of agency, temporal feedback dynamic, and shares a transition-based approach to enabling whole work in sociotechnical systems.
If you just started with Kubernetes, one of the first thing you have to learn is the `kubectl` CLI. Join me at a live hacking journey trough the world of `kubectl` and how you can improve your daily work to be more productive. In Detail we will look into: * kubectl basics * kubectl for scripting * the fuzzy side of kubectl * KubeOps - use kubectl to manage k8s clusters, workers, and static virtual machines.
Event-Driven Microservices architecture has gained a lot of attention recently. The trend in the industry is to move away from Monolithic applications to Microservices to innovate faster. While Microservices have their benefits, they also come with drawbacks. One major drawback is the problem of distributed data management, as each Microservice has its own database. Event-Driven Architecture enables a way to make microservices work, and manage transactions that update entities owned by multiple services in an eventually consistent fashion. Unfortunately, implementing Event-driven Microservies architecture is hard. This talk focuses on the challenges faced and how to solve them.
Infrastructure as Code has been adopted by many teams during the last years. It makes provisioning of your infrastructure easy and helps to keep your environments consistent. But by using declarative templates, we still miss many practices that we are used to for “normal” code. You’ve probably already felt the pain that each CloudFormation template is just a copy and paste of your last projects or from Stack Overflow. Can you trust these snippets? How can you align improvements or even security fixes through your codebase? How can you share best practices within your company? This talk gives an introduction to the new AWS Cloud Development Kit (CDK) which is an imperative way to write CloudFormation templates in the language of your choice (even in Java). Philipp also explains why CDK is such a game changer and how your teams can spend less time with writing CloudFormation templates while even increasing the quality.
Containers require a new approach to security as the traditional security infrastructure is not applicable to cloud native and serverless deployments. Rather they must leverage the cloud-native principles of immutability, microservices and portability using machine-learned behavioral whitelisting, integrity controls and nano-segmentation.
You’ll learn how the latest release of the Aqua Cloud Native Security platform protects applications across the technology spectrum as well as against undiscovered vulnerabilities by implementing tight compliance and whitelisting-based zero-trust security.
Experience live how open source tools can be used to check the security of a web application - fully automated as part of a DevOps build pipeline. See how a dynamic and static security analysis toolset identifies vulnerabilities and gives remediation advice. Also learn how to generate vulnerability reports and consolidate findings. Enhance your security tool-belt and be prepared to check your applications afterwards...
Über die letzten Jahre ging es Schlag auf Schlag mit der Veröffentlichung von unterschiedlichen Cloud-native Tools. Docker, Kuberentes und nun das Thema Service Meshing. Die einzelnen Tools bringen bei der Entwicklung von verteilten System einige Vorteile. Solange man von ein paar einzelnen Services redet, lässt sich das Ganze mit Kubernetes-Mitteln relativ einfach bewältigen. Doch ab einem gewissen Zeitpunkt entsteht die Herausforderung, eine Vielzahl von Services zu managen und dabei nicht den eigentlichen Business Value aus dem Auge zu verlieren; hier hilft das Tool Istio deutlich. In der Session soll es darum gehen, welche Unterstützung Istio liefert und wie es aufgebaut ist.
IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm.
Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's micro-service-enabled, service-mesh-oriented infrastructure expects simple, resilient, self-discovery services instead of brittle monoliths that rely on manual configuration.
Operating IAM products with a DevOps setting in terms of automation, repeatability, and continuous improvement is possible through close collaboration between IAM, application, and infrastructure experts.
Artificial intelligence (AI) and Machine Learning (ML) offer incredible opportunities for enterprises to introduce new business models, optimize their offerings and interactions with their end users, improve customer experience, and increase efficiency of their business processes and operations.
Kubernetes combined with Serverless/Function-as-a-Service (FaaS) offer the perfect stack for creating a production-ready ML framework that can power a myriad of applications and use cases within the organization -- supporting granular scalability, ease of use, and portability across mixed environments spanning cloud resources as well as on-prem datacenters.
Through a live demo of a sample use case, this talk covers the suggested architecture and design patterns for enabling a distributed, scalable, ML framework that can be consumed (in a self-service/API) by various stakeholders/apps - enabling them to easily leverage ML models and data in a reliable way.
We share best practices around the various components of the stack- comprising of a managed Kubernetes solution, open source Serverless framework, data streams integrations, stateful data store recommendations, as well as key consideration for Day2 operations and maintain-ability.
DevOps and Serverless, two frames for making sense of the waves of change in IT.
Moving beyond a modernist organizational concept, large enterprises and start-ups alike are no longer simply asking “can this be automated (the modernist conception)” but are instead turning towards understanding “what it will mean when this is automated”.
After a brief introduction of the modern management concept (industrialization) and a quick review of the various conceptions of capital (capital, human, social), this talk will use each of the frames to point towards issues that contemporary IT organizations will need to grapple with in the near future.
With the increasing use of agile methods, the frequency of delivery of software versions and security requirements increases. Established security methods such as risk analyses, security analyses and penetrations, which perform well with phase-oriented methods, must be redefined in an agile environment.
Only a holistic approach of automation, orchestration and correlation leads to intelligent remediation in agile DevSecOps environments that will help you manage and reduce your software exposure.
Learn how to implement these new requirements and integrate the Agile Security strategy in your agile development methods and agile working teams. All this with the possibility of "hybrid" provisioning and support.
With Kubernetes gaining so much popularity over the years since it was introduced, it has now become the new Application Server. With most enterprises starting to embrace Serverless architectures, developers wished to have a platform like Kubernetes but with the capability to handle serverless workloads. As a result, Knative (Snow White) was born in Kubernetes Fairyland…
The story starts with how Knative was born, with details explaining how it uses the Kubernetes primitives to provide a platform that can run serverless workloads. With many Serverless platforms based on Kubernetes, developers are left with questions which one to choose and why. That’s exactly what the next part of the session is going talk about with demos. The Snow White tale is never complete without the dwarfs, but in this story I have only three dwarfs - Build, Serving, and Eventing; the building blocks of Knative - the last part of the story is packed with demonstrations to show how our dwarfs help Snow White to handle the Serverless workloads in an efficient and optimal way.
In order to increase efficiency, companies are forced to automate their processes to the highest degree. CI/CD pipelines are used to automatically create, test and deploy software projects. In other cases, cloud services are used which are automatically provisioned by the cloud service provider according to the "Infrastructure as Code" principle. Many companies already use an API management solution, which has often grown into a business critical platform. It is not uncommon for sensitive data to be made available externally and internally. Nevertheless, such platforms are still very often operated with completely manual processes. In this session you will learn how to automate the operation of an API management platform according to the principle: "APIs as code". Live cases will show you how to control the entire API management lifecycle including API security.
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this session, Slava Koltovich, CEO of Kublr, will discuss canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. He’ll examine the role of each tool in the process and how they are all connected. During a demo, he’ll demonstrate a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
Dynamic cloud-based infrastructure has forced us to re-evaluate how we route and secure traffic in our internal networks. They also raise problems with the ways that we look at reliability and how we observe and monitor our systems. A popular solution for this is a service mesh; in this session, we will walk through how the open source HashiCorp Consul Connect and Envoy allow you to secure service-to-service communication in Kubernetes, effectively observe our applications and implement reliability patterns such as load-balancing, circuit-breaking, and timeouts. Takeaways: * Introduction to modern networks security and service meshes * Introduction to Consul Connect * Running Consul Connect and Envoy on Kubernetes * Secure Pod to Pod communication using Connect * Leveraging Envoy to provide reliable and performant service to service communication * Gain full insight into the operating performance and health of our applications
Non-violent communication will help you communicate with your coworkers in a manner that enables productivity and helps you understand how their unmet needs might lead to negative interactions. Successful communication is a huge part of a project’s success - everyone on the team can benefit from NVC. Nonviolent Communication is based on the idea that all human beings have the capacity for compassion and only resort to violence or behavior that harms others when they don’t recognize more effective strategies for meeting their needs. Especially in our technological industry, there are many chances for miscommunication which can lead to all parties feeling dissatisfied. Unspoken expectations, ignored feelings, and accusatory or aggressive language can bring an otherwise productive team to a halt. This presentation will show you how to be aware of yourself, how your actions affect others, and how to deal with and understand others that may be negatively affecting you.
Kubernetes in general, and Istio in particular, have changed a lot the way we look at Ops-related constraints: monitoring, load-balancing, health checks, etc. Before those products became available, there already were solutions available to handle those constraints. Among them is Hystrix, a Java library provided by Netflix. From the site: "Hystrix is a latency and fault tolerance library designed to isolate points of access to remote systems, services and 3rd party libraries, stop cascading failure and enable resilience in complex distributed systems where failure is inevitable." In particular, Hystrix provides an implementation of the Circuit Breaker pattern, which prevents a network or service failure from cascading to other services. But now, Istio also provides the same capability. In this talk, we will have a look at how Istio and Hystrix implement the Circuit Breaker pattern, and what pros/cons each of them has. After this talk, you'll be able to decide which one is the best fit in your context.
Many DevOps teams describe their environment and infrastructure information in code and manage it the same way they manage application code: Check into a source code management system, use as part of their continuous integration pipelines, and test with automated testing tools.
At XebiaLabs, our "as code" philosophy goes beyond the environment and infrastructure to include everything DevOps teams need to deliver fast, repeatable, scalable releases and deployments. In a live demo, we will show the current state of implementation of the XebiaLabs DevOps platform for microservices on various cloud platforms, Data Lake implementations and DevSecOps Pipeline.
With our approach, teams can define implementation packages, infrastructure, environments, release templates, dashboards, and more in YAML files that they can store alongside their application code in source code management. This allows the components of the end-to-end software delivery pipeline to be version-controlled, shared across the enterprise, and easily audited.
The code can be used to integrate projects, applications and teams from the XebiaLabs DevOps platform in a standardized, controlled manner. The XebiaLabs platform automatically creates the required configuration items, launches the release pipeline, and deploys the application - whether you are targeting mainframes, local infrastructure, container platforms, or public, private, or hybrid clouds.
Many industries are going through a digital transformation (aka Industry 4.0) with open source software changing the way businesses and developers think about and do innovation. Cloud computing is also contributing a great deal to increasing security, flexibility and reliability of ICT systems, and to the promise of connected, innovative solutions that will deeply transform our lives. However, while businesses as well as researchers and developers are generally aware of the importance of security and privacy, intellectual property remains an overlooked area. Historically, this type of disruption has been accompanied by IP disputes. Furthermore, businesses and developers often are not aware of the relevant IP trends in the tech world, especially in a global context. The talk will present important changes in the cloud computing patent landscape that must be taken into account by businesses and developers to secure a smooth digital transformation.
This talk calls attention to the seven biggest problems encountered when building security into agile projects. Based on rules of thumb from security consulting, you will experience first-hand the expected (and unexpected) obstacles you can meet. You will hear about technical, organizational, process-oriented, and even skill-related issues with which teams find themselves confronted when trying to improve the security of their projects in a sustainable way. As a content-related takeaway, you will receive tailor-made solution models that are applicable and effective for both large companies and specialized service providers alike.
When worked with a Silicon Valley-based company that ran a containerized application monitoring pilot, we encountered a big bunch of challenges – come and learn how we solved them! The tech stack includes AWS ECS, Docker, Java, .NET, and Node.js. Additionally, using a containerized app in the cloud, we will conduct a live demo in which you will learn a methodology for debugging app performance problems.
After this session you'll have a clear understanding of the fundamental Docker components and how they work, know what you have to do if a container refuses to do so and you will even understand how to get all your containers in that ECS cluster up and running (right on time for the presentation with the C-Level Guys). We will also give you advice on how to shorten the feedback loop when adding containers to your CI/CD pipeline.
Trust is the metric that best reflects the quality of our relationships and of our social connections. "The more interconnected a system is, the more robust and resilient it will be", finds philosopher Alicia Juarrero. Trust is a metric for social resilience. Political Scientist Francis Fukuyama finds trust to be the pivotal attribute of a successful culture. Trust culture enables societies to leap forward, while distrust results in decline.
We reliably find the absence of trust is the cause for organisations failing to adopt better practices.
We're predisposed to seek connection; rejection hurts. We get meaning and validation where connection allows us to be authentic and vulnerable. Yet we exist in environments that routinely inform us that what we do and who we are is not "good enough". We are shamed into conformity (often masqueraded as improvement) and blamed for failures.
"The secret killer of innovation is shame. You can’t measure it, but it is there. Every time someone holds back on a new idea, fails to give their manager much needed feedback, and is afraid to speak up in front of a client, you can be sure shame played a part. Shame becomes fear. Fear leads to risk aversion. Risk aversion kills innovation", explains Peter Shearan from his experience working with companies like Apple and IBM.
"Management, in most of its incarnations, is an institutionalized form of distrust" say Robert Solomon and Fernando Flores.
This talk presents the answers I have found: about how we can remain authentic in a blame culture; how we can build authentic trust and enable safe-to-fail environments to strengthen our connections, as well as my experience in applying these practices.
Deploying microservices to Kubernetes (and other cloud-native platforms) is only easy in theory. The inherent complexity of distributed systems requires new techniques of observability, analysis and resilience. Service mesh is an infrastructure-based architectural pattern that makes these techniques possible in a smart, centralised way. Leaving the services fully ignorant; like: "I'm a service, I don't care about the platform. I just wanna serve information." Istio is an open source service mesh initiated by Google, IBM and Lyft, providing the services with this option of blessed ignorance. Let's see what it gives us (engineers) and what it deprives us of.
Some DevOps transformations flourish, but many others are stalling. Why is that? This talk will make the case that Operations is the most predictable differentiator.
So much of the energy in DevOps has been about activities that start in Dev and move towards Ops — continuous delivery, deployment pipelines, automated testing, and of course, the unofficial mantra of “deploy, deploy, deploy.“ However, when it comes to Operations, too many DevOps transformations maintain the status quo and leave questionable Operations practices in place.
This talk will first examine the trouble with the various siloed, ticket-driven, low trust, and centralized practices that have been accepted in Operations for far too long. Then we will look at the specific techniques used by high-performing Operations organizations who are fundamentally transforming how they operate.
In this talk, I will cover why testing is something that belongs in development, not with a dedicated test team. I will offer insights into how to test in production and explain why all testing is additive. That means regression isn’t a thing when you carry out a test for enforcing a behavior, may it be functional or performance related. We will cover how well this works in a start-up environment. Additionally, I will be sharing some of the challenges I’ve faced moving into the CTO role: scaling people and operating models and support models. I will go into detail how I’ve just about remained hands on despite it getting much harder with 60 reports. My talk will conclude with what I expect that model will look like once we have reached 100 reports.
Development of cloud-native web applications became a daily task in the software engineering world. Software engineers must work with concepts like microservices, containers, load balancing, service discovery, service meshes and so forth. Kubernetes is a technology that unites all these concepts in one big development platform. Kubernetes simplifies development but brings quite a few concepts of its own: pods, configmaps, deployments, services, namespaces, persistent volumes and much more. It is a whole new ecosystem. Studying it is time-consuming, especially considering a multitude of other technologies a modern software engineer must learn and master. However, you do not need to be a Kubernetes expert to develop cloud-native applications and employ a Kubernetes cluster to its fullest potential. In this presentation, we will show how you can use well-known tools to deploy your Java applications in a Kubernetes cluster easily and without expertise in Kubernetes. All you require is a functioning Kubernetes cluster (can be installed within a few hours with modern deployment tools) and some familiarity with key concepts of Apache Maven and Kubernetes.
These days, it is well known that Passwords are the first line of defense in our private and business life, whether it is for our social media accounts, our home WiF or just the login screen of our PC/Mac or Smartphone.
In this Talk you will get the idea as well as the practical know-how (for those who dare) on the various types of Password Cracking nowadays and its mitigations.
A deep dive into the mind of a Hacker to understand and learn the techniques (and Tools) used to Crack our Secrets. Let the Hack begin...
Kubernetes offers a powerful abstraction layer for managing containerized infrastructure. Amazon Elastic Container Service for Kubernetes (Amazon EKS) makes it easy to run Kubernetes on AWS without having to manage master nodes or the etcd operator. In this session, we'll cover what you need to know to get your application up and running with Kubernetes on AWS. We'll show how Amazon EKS makes deploying Kubernetes on AWS simple and scalable, including networking, security, monitoring, and logging. In addition, we cover best practices for designing perfomant containerized applications on AWS using Kubernetes.
Last year, Prometheus graduated as the second project in the CNCF, right after Kubernetes. You might say that clearly proves that Prometheus has become mainstream. However, it doesn't mean at all that Prometheus would be “done” now. The developer community is as active as always. Let's have a look at the highlights of the past year and at the things on the roadmap. The speaker is one of the main Prometheus developers and would also be delighted to hear from you what you want to see next in Prometheus.
While the adoption of DevOps makes teams move faster with reduced dependency on central operations, it can constrain teams who lack the skills to self-manage the full application and infrastructure stack. The way to overcome this challenge is creating an internal platform and treating it as a world-class product offering. “Applying product management to internal platforms means establishing empathy with internal consumers (read: developers) and collaborating with them on the design. Platform product managers establish roadmaps and ensure the platform delivers value to the business and enhances the developer experience”, via ThoughtWorks Technology Radar. In this talk, we will walk you through how Zalando adopted a customer-first mindset with regards to its developer tooling. We will show the effect on developer satisfaction when internal platforms are given the same respect as external product offerings. We will tell our story on how we moved from a classical infrastructure team to a product mindset with strong focus on building a world-class developer experience. We will share both our learnings and challenges going through this transition, and the impact it has on the daily life of our customers (developers).
Today we pay close attention to scaling our systems, testing for chaos, and reducing MTTR in production. Yet our delivery pipelines don't get nearly as much love. This talk presents tried and tested patterns for increasing accelerating delivery of changes in a safe manner. We'll also try to solve the mystery of what is sustainable Continuous Delivery. Everyone wants to go faster but also safer, so we're cramming more and more activities in the pipeline, from security controls to database changes, to compliance approvals, soon networking... How can we do this AND still move fast AND avoid burning out teams with all this cognitive load? Join this session to find out! After this talk, you will have learned about: * patterns to ensure the reliability of your pipelines and make application changes safer * smart patterns to accelerate delivery, such as continuous pruning and short path to production * how to sustain your CI/CD adoption growth with key practices like immutable delivery system
DevOps has achieved widespread success. However, that success has been uneven for those who work in Operations. In most enterprises today, it is not uncommon for engineers who come anywhere near Operations to find themselves buried in interruptions, tickets, and repetitive work.
Then along comes a new way of working and a new role called Site Reliability Engineering (SRE). But SRE seems too good to be true!
SREs are doing what systems administrators used to do, but are able to spend most of their time doing engineering work that adds enduring value to their company. How is so little of these SREs’ time being wasted on the interruptions, repetitive work, and drudgery that consumes so much of our time? And how do they do this with the same or less headcount?
This talk will take a close look at what SRE is, what SRE isn’t, and how to move to an SRE style of working. We will break down the principles behind the SRE movement and highlight where SRE departs from the current conventional wisdom of Operations and Systems Administration work.
Looking to adopt serverless in your organization? In this talk, we will dive into how to adopt serverless in a practical sense, step-by-step; rather than doing it in one-go. We will discuss how edge-based serverless can help with this transition—by setting up a proxy and enabling features to move up the stack, one at a time. With this, I will provide three use cases which support deprecating old TLS, building a highly performant authentication service, and developing an infinitely scalable registration site with serverless.
We all love Kubernetes as our declarative and reactive container orchestration platform of choice. Resource descriptors declare a target state, and a whole set of controllers running in the background are watching these resources to reconcile the current state to the desired target state. We can use this dominant paradigm also for custom resources and controllers, commonly referred to as "operators". A growing number of operators for all sorts of tasks already has been created. In this presentation, an overview of existing operators is given before the CoreOS Operator Framework is explained in details. The Operator Framework consists of * an Operator SDK for writing operators in Golang * the Operator Lifecycle Manager (OLM) for managing operators and their installation * Operator Metering for usage reporting of operators.
The second part of this talk is about implementing live an operator with the Operator SDK and how this is managed with the Operator Lifecycle Manager. At the end of this talk, you'll have an impression of where we're standing with operators these days and how quickly you can implement operators yourself.
The talk explains how to build loosely coupled microservices using event-driven architecture. We will use Azure Serverless Functions to build microservices and will loosely couple them using an event-driven messaging platform like Event Grid, keeping the microservices state unaware.
We’re proud of Deutsche Post DHL’s long and diverse heritage, but it’s produced a complex application landscape where legacy systems sit shoulder to shoulder with cutting-edge digital solutions and everything in between. At the same time, the market is demanding ever-faster, more user-friendly customer interfaces seamlessly connected with more reliable and flexible IT back-ends. It became imperative for us to modernize our legacy applications, and develop the capacity for continuous, ultra-fast, ultra-scalable deployments. I will walk you through the highs and lows on our way to meet these challenges and explain some of the obstacles we’ve overcome on our journey. I will tell you the story from the interconnected perspectives of people, technology and processes, and bring it all to life with real-world use cases that are already making a difference for our customers.
In recent years, we’ve been transforming application portfolios across DPDHL Group with a mix of cutting-edge technologies and tried and tested solutions. We’re bringing developers, testers and operations specialists together to work seamlessly in customer-focused DevOps teams to modernize legacy apps and build ultra-modern, highly scalable and mobile-enabled customer interfaces at speed. How we built these high-velocity capabilities, is the topic of this talk.
Once you’ve completed this workshop, you’ll have practical experience of carrying out manual and automated attacks on web apps, which you can transfer into your own software development work so as to increase the security of your projects for the long-term.
DevOps can have a huge impact in scaling organizations and making them more adaptive to change and thus resilient. However, the transition from traditional organizational structures to an agile, DevOps-oriented way of working is often hard.
To be successful, we need the ability to pick the right problems, view them from different angles and then collaboratively solve them. No solution thought out by a single person or department will help and stay or will even be close to ideal.
The day will start with leading practitioners and international speakers J Paul Reed, Jabe Bloom, Marc Burgauer and Markus Andrezak sharing their models of problem solving. After that, in an open format, we will in smaller groups pick some of the problems and try to solve them in the diverse frameworks set by the 4 facilitators. In a double diamond approach, we will first identify relevant problems, nail them down and then solve them.
Due to the open format, participants can choose from diverse approaches and later compare results gained by these approaches. We will end the day with a common analysis of the approaches based on the results and the experience during the workshop.
In this workshop, you will learn how to scale agile retrospectives by doing them with multiple teams from a project, product, or organization, practice facilitation skills with different retrospective exercises, and learn how you can introduce and improve retrospectives. You will also learn to do agile self-assessments and readiness checks, and to design and facilitate retrospectives that help organizations to increase their agility.
CI/CD started out years ago as a nice-to-have for development teams. CD adoption grew over time across teams and layers of the organization, resulting in delivery systems that often evolved in an ad-hoc way, full of workarounds, poor code, and abstractions. Today CI/CD is mission-critical if we want to keep up with the market and also fix issues quickly.
To achieve the level of reliability and performance required, a mindset change is needed. We must treat our pipeline as a product! This has a number of implications, from team design to product management and building in the necessary quality requirements.
This workshop will help you navigate this new world of reliable CI/CD! In particular, you will learn about:
Why must we treat pipelines as a product and what does that mean in practice?
How to build in quality in the CI/CD system to cope with growing CD adoption in your organization?
Take with you concrete patterns for ensuring your CI/CD is resilient, performant, and scalable.