Cloud Native Computing Meetup | February 2021

Please join our next CNC meetup which will take place remote-only on Thursday, February 18th 2021 at 16:00 CET.

Agenda:

16:00 – Welcome & Intro
16:05 – Session 1: Run a trusted and tamperproof CI/CD pipeline from Code to Runtime using CodeNotary (Live Demo) by Dennis Zimmer
16:45 – Session 2: Open Policy Agent and the evolution of access control by Anders Eknert
17:25 – Session 3: Managing multi-cluster configuration baseline with GitOps continuous delivery by Jan Bruder.
18:05 – Final words

Session details:

Session 1: "Run a trusted and tamperproof CI/CD pipeline from Code to Runtime using CodeNotary (Live Demo)"

Abstract: CI/CD is the foundation of DevOps automation, but also a great attack surface for "bad" guys or accidental security leaks.
The SolarWinds "affair" was so far the biggest attack on software lifecycle automation and the given trust in digital certificates and company brand made increased the scope massively.
CodeNotary CNLC integration provides different ways (free/commercial) to add cryptographic proof to everything that goes in and comes out of your pipeline.

Speaker: Dennis Zimmer, CodeNotary, https://www.codenotary.com
Co-founder and CTO of CodeNotary. The company that focuses on data immutability.
He’s been working for over 20 years in the IT industry, wrote 10 books and hundreds of magazine articles.

Session 2: "Open Policy Agent and the evolution of access control"

Abstract: With our digital systems growing increasingly distributed and our tech stacks increasingly heterogeneous, we need to devise new models around both identity and access control. In this presentation we’ll explore a distributed, scalable model for API security, identity and authorization policy enforcement in a microservice environment. After a brief introduction to the technologies involved, we’ll take a deep dive into an architecture utilizing OAuth2 and OpenID Connect for carrying identity across our distributed systems, and how once identity is established, we may leverage Open Policy Agent (OPA) for fine-grained policy based access control in our APIs. We’ll learn how to use Rego, the policy language used by OPA, to write concise and clear policies for access control, as well as methods for distributing them across our platforms and how to monitor policy enforcement in real-time.

Speaker: Anders Eknert, developer advocate at Styra with a long background in software development, security and identity systems in primarily distributed environments. When not in front of his computer he enjoys watching football, cooking and Belgian beers. Follow him on Twitter at @anderseknert.

Session 3: Managing multi-cluster configuration baseline with GitOps
continuous delivery.

The use of Kubernetes is evolving from the traditional monolithic single-cluster to a distributed consumption of Kubernetes across different infrastructure providers as well as purpose-built, shared and dedicated clusters. This presentation will introduce the concept of multi-cluster continuous delivery with GitOps as a solution to this problem and demonstrate an implementation using open source software such as K3s, Rancher Fleet and System Upgrade Controller.

Speaker: Jan Bruder, field engineer at SUSE Germany with a dedicated focus on Kubernetes and DevOps. Having a developer background he enjoys building things in Go and has contributed to several open source projects in the Kubernetes ecosystem.

The event will be recorded and made available later on VSHN's YouTube channel: https://vshn.tv – subscribe to be notified of updates!

We expect all participants to abide by the following Conference Code of Conduct: https://confcodeofconduct.com/

If you would like to talk about your cloud-native projects in the CNC Switzerland meetup events, just send us your talk suggestion here: https://cnc-meetup.ch – we look forward to hearing from you!

Looking forward to seeing you online!