Raju Gandhi

Containers are everywhere. Of course, a large part of the appeal of containers is the ease with which you can get started. However, productionizing containers is a wholly different beast. From orchestration to scheduling, containers offer significantly different challenges than VMs.

In particular, in terms of security. Securing and hardening VMs is very different than that for containers.

In this twopart session, we will see what securing containers involves.

We'll be covering a wide range of topics, including

Understanding Cgroups and namespaces
What it takes to create your own container technology as a basis of understanding how containers really work
Securing the build and runtime
Secrets management
Shifting left with security in mind

Containers are everywhere. Of course, a large part of the appeal of containers is the ease with which you can get started. However, productionizing containers is a wholly different beast. From orchestration to scheduling, containers offer significantly different challenges than VMs.

In particular, in terms of security. Securing and hardening VMs is very different than that for containers.

In this twopart session, we will see what securing containers involves.

We'll be covering a wide range of topics, including

Understanding Cgroups and namespaces
What it takes to create your own container technology as a basis of understanding how containers really work
Securing the build and runtime
Secrets management
Shifting left with security in mind

You've heard of Terraform, maybe even written some scripts using it. You've heard that Terraform is capable of dynamic behavior using blocks, for loops and counters. And you've glanced at the Terraform functions list, but wondered how one would ever go about using those?

We've got you covered.

In this session, we'll build a set of Terraform scripts that can be fed a YAML file, and using Terraform's dynamic capabilities, we'll build infrastructure as specced out in the YAML file.

We'll be covering a host of different topics in this session

Terraform's dynamic capabilities including dynamic blocks, for and for_each loops
Terraform's functions and datastructures

In a world where automation is king, when it comes to configuration management, Ansible rules. Ansible, an open-source project from RedHat allows you to automate configuration including installing software, applying security patches, managing networks across the whole spectrum—be that locally, on-prem, in the cloud.

In this exercise driven session, we’ll learn Ansible from the ground up. We’ll see how to declare your inventory, use modules to run arbitrary tasks on hosts, collect related tasks into playbooks, make reusable units of work using roles, and how to use variables. By the end of this session, you will walk away with a comprehensive understanding of how Ansible works, and how you can start to use it to automate away the mundane.

Detailed agenda:

• Why Ansible?
• How does Ansible work?
• Ansible characteristics
• Run ansible for the first time
• Run an ansible module with args
• Escalating privileges
• Keeping track of your inventory
• Groups of groups (of groups?)
• Variables, specifically inventory variables
• Extracting group and host variables into group/host variable files
• Plays and playbooks
• Our first play
• Environment specific variables
• Making a useful playbook
• Jinja2 string interpolation
• Roles
• Using ansible.builtin.copy and ansible.builtin.template in roles
• Using handlers
• Using Ansible facts and filters
• Using Ansible data-structures
• Using tags
• Encrypting passwords using ansible-vault
• Checking your scripts
• Benefits of Ansible
• Trade-offs

In a world where automation is king, when it comes to configuration management, Ansible rules. Ansible, an opensource project from RedHat allows you to automate configuration including installing software, applying security patches, managing networks across the whole spectrum—be that locally, onprem, in the cloud.

In this exercise driven session, we’ll learn Ansible from the ground up. We’ll see how to declare your inventory, use modules to run arbitrary tasks on hosts, collect related tasks into playbooks, make reusable units of work using roles, and how to use variables. By the end of this session, you will walk away with a comprehensive understanding of how Ansible works, and how you can start to use it to automate away the mundane.

Detailed agenda:
Why Ansible?
How does Ansible work?
Ansible characteristics
Run ansible for the first time
Run an ansible module with args
Escalating privileges
Keeping track of your inventory
Groups of groups (of groups?)
Variables, specifically inventory variables
Extracting group and host variables into group/host variable files
Plays and playbooks
Our first play
Environment specific variables
Making a useful playbook
Jinja2 string interpolation
Roles
Using ansible.builtin.copy and ansible.builtin.template in roles
Using handlers
Using Ansible facts and filters
Using Ansible datastructures
Using tags
Encrypting passwords using ansiblevault
Checking your scripts
Benefits of Ansible
Tradeoffs

In this session we'll take a tour of some features that you might or might not have heard of, but can significantly improve your workflow and day-to-day interaction with Git.

Git continues to see improvements daily. However, work (and life) can take over, and we often miss the changelog. This means we don't know what changed, and consequently fail to see how we can incorporate those in our usage of Git.

In this session we will look at some features you are probably aware of, but haven't used, alongside new features that Git has brought to the table. Examples include:

• Rebase and interactive rebase
• restore/switch and when to use them
• worktrees
• shallow-clones
• Git's filesystem monitor

By the end of this session, you will walk away with a slew of new tools in your arsenal, and a new perspective on how this can help you and your colleagues get the most out of Git.

Go is a fascinating language. While it is simple, it makes some rather interesting decisions on several language features that we take for granted in other languages.

In this session we will take a deeper dive into the language — seeing what it makes it the language of choice for companies like Google, as well as the go to language for large OSS projects like Kubernetes and Docker.

Git revolutionized the way we think about version control. Kubernetes' on the other hand gave us a programmatic mechanism to declaratively specify the desired state of a cluster, and with the magic of Kubernetes reconciliation loop automatically see the cluster reflect that ask.

Combine the two, and we get GitOps. In this session we will take a look at FluxCD, a CNCF project that allows you to commit your changes to a repository, and have your changes automatically applied to your Kubernetes cluster.

Join me to see what it takes to adopt FluxCD in your workflow, the benefits it provides, and how you can modernize, simplify and automate your deployment process.

In this session, we will take a look at GitOps, using FluxCD to simplify and automate your deployment process.

Platform engineering is the latest buzzword, in a industry that already has it's fair share. But what is platform engineering? How does it fit in with DevOps and Developer Experience (DevEx)? And is this something your organization even needs?

In this session we will aim to to dive deep into the world of platform engineering. We will see what platform engineering entails, how it is the logical succession to a successful DevOps implementation, and how it aims to improve the developer experience. We will also uncover the keys to building robust, sustainable platforms for the future

A large part of embracing DevOps involves embracing automation. Over the last decade we have seen the emergence of “as Code” — Build-as-Code, Configuration-as-Code and Infrastructure-as-Code. The benefits to utilizing such tools are huge! We can codify the state of the world around our applications, giving us the ability to treat everything that our code needs like we treat the code itself. Version control, release management, tagging, even rolling backs are now possible.

Terraform, an open-source tool from HashiCorp allows us to build, control and modify our infrastructure. Terraform exposes a Domain-specific language (DSL) that we can use to express what our infrastructure should look like. Terraform can work with all the major cloud providers, including Amazon AWS, Google GCP and Microsoft Azure.

We will be using AWS as our playground for this workshop

Agenda

• The place for, and benefits of “Everything as Code” alongside GitOps
• Terraform's architecture
• Terraform 101
• Introduction to HCL
• What are providers?
• Initializing terraform and providers
• Dive right in! Creating your first resource in AWS using Terraform
• Understanding references, dependencies
• apply-ing terraform
• Variables and the HCL type-system
• Using data and output in your terraform scripts
• Understanding how Terraform manages state
• Using S3 as a backend
• DRY with Terraform modules
• Collaboration using Terraform
• Terraform ecosystem, testing, and GitOps
• Closing arguments, final Q/A, discussion

Instructions

Please visit https://github.com/looselytyped/terraform-workshop/ for detailed instructions. They might seem a tad arduous but it's not as bad as it looks :)

Kubernetes IS the the cloud operating system, allowing to to do everything from resource management, to scheduling to networking. However, deploying applications of any complexity can be overwhelming. involving wrangling lots of YAML files. Oh! And good luck versioning your releases.

Most operating systems ship with a package manager. From apt to home brew to chocolatey, a package manager simplifies the act of installing software. So why don't we have one for Kubernetes?

Well, your wait is over. Say hello to Helm—the Kubernetes package manager. Helm, a CNCF project, aims to simplify deploying your applications to Kubernetes, with support for multiple environments, versioning, rollbacks and so much more.

In this session we will deep dive into Helm. We will see what it takes to package your applications using Helm, and discuss the benefits of folding Helm into your workflows. Single-click Kubernetes deployments, here we come!