docs(day2): Added compliance automation talk notes

content/day2/05_kcp.md

@@ -102,3 +102,8 @@ OrgA-->TeamA
 - The internal pülatform can be bought, customized or diyed but the api layer does not change -> Interchangeable backend switching
 - Kubernetes is already widespread and makes it easy to use different projects
 - Backed by the CNCF, flat learning curve
+
+## Q&A
+
+- Is OIDC Provided: Yes, r/n globally for all workspaces, per workspace oidc is WIP
+- What about KCPxCrossplane: Yes it is possible, more in septemeber with a talk during Container Days

content/day2/06_compliance.md

@@ -0,0 +1,55 @@
+---
+title: Automating Compliance and Infrastructure Plumbing: Tackling the Boring Stuff
+weight: 6
+tags:
+ - compliance
+ - backstage
+---
+
+<!-- {{% button href="https://youtu.be/rkteV6Mzjfs" style="warning" icon="video" %}}Watch talk on YouTube{{% /button %}} -->
+<!-- {{% button href="https://docs.google.com/presentation/d/1nEK0CVC_yQgIDqwsdh-PRihB6dc9RyT-" style="tip" icon="person-chalkboard" %}}Slides{{% /button %}} -->
+
+They basicly presented a bunch of examples about how their platforn handles createion of different resource.
+Most of the examples were too detailed, so i did not note them down.
+The DX also did not feel that easy (at least from their examples and screenshots)
+
+## The "Blueprint"
+
+### Idea
+
+- Centralized Configuration (Source of truth)
+- Automatic Provisioning and managmeent of services
+- Continuos reconciliation
+- Version control (git) for auditing
+
+### Platform components
+
+- Classic: Slow manual provisioning with a tendency towards config drift
+- Service Catalog: YAML files in a central repo following the backstage definition
+- Automation: GitOps
+- Backstage: For The UI
+
+### Implementation
+
+- A bunch of backstage components with operators (some crossplane, some not)
+- Example - New resource with Namespace: Namespace get's created in Kubernetes and Elasticsearch alongside a EntraID Group with members for the rolebinding for the Namespace
+- Example - DNS: Registers Route in Kong, DNS in ExternalDNS and generates Certificate for Route (via Certmanager)
+- Monitoring: Elasticsearch, CR(D) Status/Events, Backstage Catalog (just shows the kubernetes Status)
+
+### Challenges
+
+- Developer buy-in -> Workshops, talks, enforcement b/c compliance and stuff
+- Integration with existing systems
+- Conflicting requirements -> They just forced this via "b/c compliance needs unified interface"
+
+## Q&A
+
+- Why the backstage YAML format: Well the engineers decided to
+- How did you convince them to switch over from service now: No one was sad to get rid of service now
+- Is the backstage read-only: No, it also supports write actions (natively and through headlamp)
+
+## TL;DR
+
+- They use git (ops) for Auditing
+- They use operators and crossplane for reconciliation
+- Backstage acts as the UI for all of this (visualizes Service Status and relationships)

content/day2/_index.md

@@ -6,7 +6,7 @@ weight: 2
 
 The schedule on day 2 was pretty ai platform focused.
 Sadly all of the ai focused talks were about building workflows and platforms with gitops and friends, not about actually building the base  (gpus scheduling and so on).
-We also had some "normal" work tasks resulting in less talks visited and more "normal" work + networking.
+We also had some "normal" work tasks resulting in less talks (well I skipped two talk slots) visited and a bit of "normal" work + networking.
 
 ## Reccomended talks