57 lines
1.7 KiB
Markdown
57 lines
1.7 KiB
Markdown
---
|
|
title: OCM: Rethinking Software Delivery with a Secure and Standardized Approach
|
|
weight: 4
|
|
tags:
|
|
- security
|
|
- delivery
|
|
- compliance
|
|
---
|
|
|
|
<!-- {{% button href="https://youtu.be/rkteV6Mzjfs" style="warning" icon="video" %}}Watch talk on YouTube{{% /button %}} -->
|
|
<!-- {{% button href="https://docs.google.com/presentation/d/1nEK0CVC_yQgIDqwsdh-PRihB6dc9RyT-" style="tip" icon="person-chalkboard" %}}Slides{{% /button %}} -->
|
|
|
|
## Challlenges
|
|
|
|
### Baseline
|
|
|
|
- Fan-in: SBOM
|
|
- Fan-out: Deployment automation
|
|
- In the middle: Out dev team and their product
|
|
- Questions: How do we transport this stuff
|
|
|
|
TODO: Steal illustartion
|
|
|
|
### Tooling
|
|
|
|
- Fan-in: Standard tools (SBOM, Containers, Maven, ...)
|
|
- Fan-out: Diverse: Human in the Loop with different tools
|
|
- Goal: Standardize everything and shift-left Deployment/Security/Compliance-Concerns
|
|
|
|
## The open component model
|
|
|
|
> Open standard created by SAP
|
|
|
|
- Suggests standards
|
|
- Contains example implementations but does not enforce them
|
|
- Constructor: Defines what our product needs to run on a cluster (e.g. HelmChart, Container, ...)
|
|
|
|
## Example
|
|
|
|
```mermaid
|
|
graph LR
|
|
SyncAgent-->|with SBOM|PreProduct
|
|
UIFramework-->|with SBOM|PreProduct
|
|
PreProduct-->|Helm, Cointainer|Product
|
|
Product-->|Bundle|AirgappedEnv
|
|
subgraph AirgappedEnv
|
|
Flux
|
|
Kro
|
|
end
|
|
```
|
|
|
|
## TL;DR
|
|
|
|
- We can use the constructor to create a archive that contains our product with all dependencies offline-ready
|
|
- We can upload the offline bundle into our airgapped oci registry or directory to our platform
|
|
- The resources and contruction bundles are defined as kubernetes CRDs and the cli can be used for upload and download (prbly among other features)
|
|
- The deployer defines how our resoruces shall be deploey (e.g. via flux) |