day4 talks
This commit is contained in:
parent
c178fe095c
commit
f3715316b5
|
@ -52,3 +52,7 @@ I should follow up
|
|||
|
||||
* The paid renovate offering now includes build failure estimation
|
||||
* I was told not to buy it after telling the technical guy that we just use build pipelines as MR verification
|
||||
|
||||
### Certmanager
|
||||
|
||||
* The best swag (judged by coolness points)
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
title: What's New in Operator Framework?
|
||||
weight: 3
|
||||
---
|
||||
|
||||
By the nice opertor framework guys at IBM and RedHat.
|
||||
I'll skip the baseline introduction of what an operator is.
|
||||
|
||||
## Operator DSK
|
||||
|
||||
> Build the operator
|
||||
|
||||
* Kubebuilder with v4 Plugines -> Supports the latest Kubernetes
|
||||
* Java Operator SDK is not a part of Operator SDK and they released 5.0.0
|
||||
* Now with server side apply in the background
|
||||
* Better status updates and finalizer handling
|
||||
* Dependent ressource handling (alongside optional dependent ressources)
|
||||
|
||||
## Operator Liefecycle Manager
|
||||
|
||||
> Manage the operator -> A operator for installing operators
|
||||
|
||||
### OLM v1 APIs
|
||||
|
||||
* New API Set -> The old CRDs were overwhelming
|
||||
* More GitOps friendly with per-tenant support
|
||||
* Prediscribes update paths (maybe upgrade)
|
||||
* Suport for operator bundels as k8s manifests/helmchart
|
||||
|
||||
### OLM v1 Components
|
||||
|
||||
* Cluster Extension (User-Facing API)
|
||||
* Defines the app you want to install
|
||||
* Resolvs requirements through catalogd/depply
|
||||
* Catalogd (Catalog Server/Operator)
|
||||
* Depply (Dependency/Contraint solver)
|
||||
* Applier (Rukoak/kapp compatible)
|
||||
|
||||
```mermaid
|
||||
flowchart TD
|
||||
uapi(User facing api)-->|Can I find this operator|catalaogd
|
||||
catalogd-->|Check if all dependencies are checked|depply
|
||||
depply-->|Please install|kapp
|
||||
```
|
||||
|
||||
|
||||
```mermaid
|
||||
flowchart LR
|
||||
oa(operator author)-->ba(Bundle and att to catalog)
|
||||
ba-->catalogd(Catalogd Handle unpackling)
|
||||
|
||||
user-->ufa(User facing api)
|
||||
ufa-->|Resolve package|catalogd
|
||||
ufa-->|Create app on cluster|appcr(App CR / kapps)
|
||||
```
|
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
title: "Cryptographically Signed Swag: Cert-Manager’s Stamped Certificates"
|
||||
weight: 5
|
||||
---
|
||||
|
||||
A talk by the certmanager maintainers that also staffed the certmanager booth.
|
||||
Humor is present, but the main focus is still thetechnical integration
|
||||
|
||||
## Baseline
|
||||
|
||||
* Certmanager is the best™ way of getting certificats
|
||||
* Poster features: Autorenewal, ACME, PKI, HC Vault
|
||||
* Numbers: 20M downloads 427 contributors 11.3 GitHub stars
|
||||
* Currently on the gratuation path
|
||||
|
||||
## History
|
||||
|
||||
* 2016: Jetstack created kube-lego -> A operator that generated LE certificates for ingress based on annotations
|
||||
* 2o17: Certmanager launch -> Cert ressources and issuer ressources
|
||||
* 2020: v1.0.0 and joined CNCF sandbox
|
||||
* 2022: CNCF incubating
|
||||
* 2024: Passed the CNCF security audit and on the way to graduation
|
||||
|
||||
## The booth works
|
||||
|
||||
### How it came to be
|
||||
|
||||
* The idea: Mix the digital certificate with the classical seal
|
||||
* Started as the stamping idea to celebrate v1 and send contributors a thank you with candels
|
||||
* Problems: Candels are not allowed -> Therefor glue gun
|
||||
|
||||
### How it works
|
||||
|
||||
* Components
|
||||
* RASPI with k3s
|
||||
* Printer
|
||||
* Certmanager
|
||||
* A go-based webui
|
||||
* QR-Code: Contains link to certificate with privatekey
|
||||
|
||||
```mermaid
|
||||
flowchart LR
|
||||
ui(UI in go)-->|Generate cert ressource|kubeapi
|
||||
kubeapi-->|Issue certificate|CertManager
|
||||
CertManager-->|Certificate|ui
|
||||
ui-->|print|Printer
|
||||
```
|
||||
|
||||
### What is new this year
|
||||
|
||||
* Idea: Certs should be usable for TLS
|
||||
* Solution: The QR-Code links to a zip-download with the cert and provate key
|
||||
* New: ECDSA for everything
|
||||
* New: A stable root ca with intermediate for every conference
|
||||
* New: Guestbook that can only be signed with a booth issued certificate -> Available via script
|
||||
|
||||
## Learnings
|
||||
|
||||
* This demo is just a private CA with certmanager -> Can be applied to any PKI-usecase
|
||||
* The certificate can be created via the CR, CSI driver (create secret and mount in container), ingress annotations, ...
|
||||
* You can use multiple different Issuers (CA Issuer aka PKI, Let's Encrypt, Vault, AWS, ...)
|
||||
|
||||
```mermaid
|
||||
flowchart LR
|
||||
ui-->|Input certificate subject details|CertManager
|
||||
cai(CA Issuer)-->|CertManager|Souurce for certificate
|
||||
CertManager-->|Creates|sr(Secret Ressource)
|
||||
```
|
||||
|
||||
## Conclusion
|
||||
|
||||
* This is not just a demo -> Just apply it for machines
|
||||
* They have regular meetings (daily standups and bi-weekly)
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
title: Networking
|
||||
weight: 99
|
||||
---
|
||||
|
||||
Who have I talked to today, are there any follow-ups or learnings?
|
||||
|
||||
## Fastly
|
||||
|
||||
* They were nice and are always up to talk if we ever need something
|
||||
|
||||
## Ozone
|
||||
|
||||
{{% notice style="note" %}}
|
||||
They will follow up with a quick demo
|
||||
{{% /notice %}}
|
||||
|
||||
* A interesting tektone-based CI/CD solutions that also integrates with oter platforms
|
||||
* May be interesting for either ODIT or some of our customers
|
||||
|
||||
## Docker
|
||||
|
||||
* Talked to one salesperson just aboput the general conference
|
||||
* Talked to one technical guy about docker buildtime optimization
|
||||
|
||||
## Rancher/Suse
|
||||
|
||||
* I just got some swag, Maik got a demo focussing on runtime security
|
||||
|
||||
## Kong
|
||||
|
||||
* They didn't have any Insomina stickers and the insomnia guy apparently already left
|
||||
|
||||
## Planetscale
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
archetype: chapter
|
||||
title: template
|
||||
---
|
||||
title: Day 4
|
||||
---
|
||||
|
||||
The last day with a limited sponsor expo (10:00-14:30) and a bunch of people on the move (not me)
|
Loading…
Reference in New Issue