KubeCon + CloudNativeCon India 2024

The most widely used runtime enforcement techniques today are prone to attackers. Many of these techniques work on the principle of stopping or killing a process in response to an attack, which relies at the mercy of an exploit writer putting little to no effort into avoiding triggering these detection mechanisms. Our discussion will focus on various aspects of runtime security: how it is currently implemented, its shortcomings, and the performance implications associated with these approaches. We'll explore a various range of cloud-based runtime security implementations. We'll expose the attacker's perspective, demonstrating how they can bypass these common runtime security measures. This will equip you to anticipate and counter their tactics. Finally, we will cover recent popular attacks and how appropriate runtime security measures can prevent them in the future.

Flatcar is an operating system purpose-built for securely running container workloads. It ensures security by providing essential tools, reducing the OS size with minimal packages, and making the /usr directory immutable. This tutorial is designed for ops and DevOps professionals, offering step-by-step guidance on getting started with Flatcar. You’ll explore how to deploy it using Terraform, configure it with Ignition, and automate OS updates via Nebraska, enabling you to "set it and forget it.

Simplify authentication and authorization across applications, focusing solely on business logic while ensuring secure services. Our solution features a multitenant proxy to streamline authentication on the SAAS platform. Istio service mesh intercepts every request, with a multitenant-aware proxy (enhanced OAuth2Proxy and caching) connecting to a centralized Identity Provider (IDP) for authentication. Post-authentication, the proxy collaborates with an authorization agent like OPA, passing context for dynamic policy evaluation. Authentication and Authorization are decoupled from the code, allowing developers to use a centrally managed auth service. This shift lets development teams concentrate on business functions, leaving security rules to security analysts, saving time and resources. Externalized authorization management offers runtime controls, including policy management, enforcement, and decision modeling for fine-grained access to applications, services, transactions and data.

Doesn't it get messy when resources are left behind after a test?How do we manage the life cycle of the infrastructure resources? Have you wondered if there's a way to handle it? You are at the right place then, welcome to the world of Boskos where resource management is easier than before. In this talk, we will explore some challenges faced in Continuous Integration(CI) with testing on various infrastructures. It will give an overview on how to use the resource manager service, Boskos to help you better manage your infrastructure and make sure that no stales are left unattended.

With 178 projects, various SIGs & countless ways to contribute, it may be confusing to know where to start in the vast world of cloud-native tech. With my former intern Anushka's help, we'll break down barriers & share our personal journeys within the CNCF ecosystem. Whether you're considering GSoC, joining the shadow release program, fixing a typo in documentation, there's a place for you. We'll use hip hop elements—MCing, DJing, break dancing, art, & knowledge to illustrate how cloud-native is a union of diverse components. You'll get practical advice on taking that crucial first step, with concrete examples of how people from different backgrounds have done it—writing blogs, designing the Kubernetes Mandala, singing at Kuberoke, playing guitar at KubeJam or making their first pull request. By the end, you'll have actionable steps & the confidence to begin or deepen your cloud-native journey. Join us to celebrate the diversity of contributions & get inspired—plus, there'll be a rap!

Showcasing Azimuth - AstraZeneca’s cutting-edge Enterprise Cloud Native Machine Learning Platform. It is built on Kubernetes and integrates a diverse array of cloud-native tools, enabling seamless development, deployment, and management of machine learning workflows. My presentation will delve into the architecture, key components, real-world applications, and the integration with Cloudability for cost management, highlighting its role in empowering data science teams and accelerating innovation within AstraZeneca. The tech stack involves Kubeflow, Weights & Biases, Ray, Volcano Scheduler, Grafana, Prometheus, ELK, Harbor, NetApp Ontap FSx, Kyverno, GitHub Actions, ArgoCD, Argo Rollouts, CloudNativePG, etc

As Large Language Models gain prominence, the discussion around AI fairness and ethics has never been more pressing. Cloud Native is emerging as the standard infrastructure for training, deploying, and serving AI workloads, but its role doesn't stop there—it can also play a crucial part in minimizing bias in AI models. This session will delve into: - Mapping Cloud Native principles like attestation and supply chain fundamentals to AI workloads, enhancing explainability and providing actionable recourse. - Leveraging Kubernetes' reconciliation loop to offer feedback that corrects false positives in AI output. - Utilizing the distributed nature of cloud computing to decentralize AI power, promoting more responsible automation. This session is designed for AI practitioners seeking insights from the Cloud Native tech stack, infrastructure beginners looking to understand its extensibility, and experts and maintainers aiming to extend the boundaries of current Cloud Native infrastructure.

Fidelity's journey to cloud started about a decade ago with Cloud Foundry. Open-Source adoption was our first step towards digital transformation and from there today we sit on a CNCF tools stack of Kubernetes, Backstage, Harbor, Elastic, Postgres, Argo, Kafka, Helm, Open Telemetry, Jenkins, TF, Cilium, AWS, Azure, et al. Neil Armstrong once said, "one small step for man, one giant leap for mankind" about his first step on moon; so was the case of Fidelity with CF adoption towards wider adoption. It was never an easy sail towards Open Source CNCF landscape adoption since Fidelity being a global financially regulated organization, has its own challenges for industry regulations and embedded culture. We have divided and conquered the goal taking on the challenges unified but in distributed work streams across the organization. In this talk we would like to share this journey, experience, and learnings with others to help their adoptions of cloud native tools at an enterprise scale.

Join me as I share my transformative journey from a regular user to a maintainer of Flux CD, a popular GitOps tool for Kubernetes. Open-source software thrives on the contributions of passionate individuals who go above and beyond to support and enhance the community. My journey with Flux CD began as a user, where I leveraged its powerful GitOps capabilities to streamline Kubernetes deployments. However, my desire to give back led me to become a maintainer. In this talk, I will recount my path, the challenges I faced, and the invaluable lessons I learned. Attendees will gain insights into the inner workings of open-source communities, the responsibilities of maintainers, and practical advice for those aspiring to contribute at a deeper level. This session is perfect for developers, DevOps engineers, and anyone interested in open-source contributions and Kubernetes.

Contributing to open-source projects like Istio can be a transformative experience, but how do you begin? In this session, Adil Mohamed M P, a computer engineering student from India and an LFX mentee, will share his personal journey on how the LFX Mentorship program has eased his cloud-native debut. He will share his contributor experience to one of the most popular CNCF projects, Istio, and how he was part of the latest Service mesh buzz word "Ambient Mesh". Adil will discuss how the LFX mentorship program has equipped him with the skills to excel in open-source development and collaboration. Whether you’re a beginner looking to contribute or an experienced developer seeking to give back, this session will offer valuable tips, and a roadmap for making meaningful contributions to cloud-native projects.