diff --git a/content/day2/99_networking.md b/content/day2/99_networking.md index 402cc94..fa2ce8f 100644 --- a/content/day2/99_networking.md +++ b/content/day2/99_networking.md @@ -52,3 +52,7 @@ I should follow up * The paid renovate offering now includes build failure estimation * I was told not to buy it after telling the technical guy that we just use build pipelines as MR verification + +### Certmanager + +* The best swag (judged by coolness points) diff --git a/content/day4/03_operator.md b/content/day4/03_operator.md new file mode 100644 index 0000000..358a521 --- /dev/null +++ b/content/day4/03_operator.md @@ -0,0 +1,55 @@ +--- +title: What's New in Operator Framework? +weight: 3 +--- + +By the nice opertor framework guys at IBM and RedHat. +I'll skip the baseline introduction of what an operator is. + +## Operator DSK + +> Build the operator + +* Kubebuilder with v4 Plugines -> Supports the latest Kubernetes +* Java Operator SDK is not a part of Operator SDK and they released 5.0.0 + * Now with server side apply in the background + * Better status updates and finalizer handling + * Dependent ressource handling (alongside optional dependent ressources) + +## Operator Liefecycle Manager + +> Manage the operator -> A operator for installing operators + +### OLM v1 APIs + +* New API Set -> The old CRDs were overwhelming +* More GitOps friendly with per-tenant support +* Prediscribes update paths (maybe upgrade) +* Suport for operator bundels as k8s manifests/helmchart + +### OLM v1 Components + +* Cluster Extension (User-Facing API) + * Defines the app you want to install + * Resolvs requirements through catalogd/depply +* Catalogd (Catalog Server/Operator) +* Depply (Dependency/Contraint solver) +* Applier (Rukoak/kapp compatible) + +```mermaid +flowchart TD + uapi(User facing api)-->|Can I find this operator|catalaogd + catalogd-->|Check if all dependencies are checked|depply + depply-->|Please install|kapp +``` + + +```mermaid +flowchart LR + oa(operator author)-->ba(Bundle and att to catalog) + ba-->catalogd(Catalogd Handle unpackling) + + user-->ufa(User facing api) + ufa-->|Resolve package|catalogd + ufa-->|Create app on cluster|appcr(App CR / kapps) +``` diff --git a/content/day4/05_certmanager.md b/content/day4/05_certmanager.md new file mode 100644 index 0000000..6c98128 --- /dev/null +++ b/content/day4/05_certmanager.md @@ -0,0 +1,73 @@ +--- +title: "Cryptographically Signed Swag: Cert-Manager’s Stamped Certificates" +weight: 5 +--- + +A talk by the certmanager maintainers that also staffed the certmanager booth. +Humor is present, but the main focus is still thetechnical integration + +## Baseline + +* Certmanager is the best™ way of getting certificats +* Poster features: Autorenewal, ACME, PKI, HC Vault +* Numbers: 20M downloads 427 contributors 11.3 GitHub stars +* Currently on the gratuation path + +## History + +* 2016: Jetstack created kube-lego -> A operator that generated LE certificates for ingress based on annotations +* 2o17: Certmanager launch -> Cert ressources and issuer ressources +* 2020: v1.0.0 and joined CNCF sandbox +* 2022: CNCF incubating +* 2024: Passed the CNCF security audit and on the way to graduation + +## The booth works + +### How it came to be + +* The idea: Mix the digital certificate with the classical seal +* Started as the stamping idea to celebrate v1 and send contributors a thank you with candels +* Problems: Candels are not allowed -> Therefor glue gun + +### How it works + +* Components + * RASPI with k3s + * Printer + * Certmanager + * A go-based webui +* QR-Code: Contains link to certificate with privatekey + +```mermaid +flowchart LR + ui(UI in go)-->|Generate cert ressource|kubeapi + kubeapi-->|Issue certificate|CertManager + CertManager-->|Certificate|ui + ui-->|print|Printer +``` + +### What is new this year + +* Idea: Certs should be usable for TLS +* Solution: The QR-Code links to a zip-download with the cert and provate key +* New: ECDSA for everything +* New: A stable root ca with intermediate for every conference +* New: Guestbook that can only be signed with a booth issued certificate -> Available via script + +## Learnings + +* This demo is just a private CA with certmanager -> Can be applied to any PKI-usecase +* The certificate can be created via the CR, CSI driver (create secret and mount in container), ingress annotations, ... +* You can use multiple different Issuers (CA Issuer aka PKI, Let's Encrypt, Vault, AWS, ...) + +```mermaid +flowchart LR + ui-->|Input certificate subject details|CertManager + cai(CA Issuer)-->|CertManager|Souurce for certificate + CertManager-->|Creates|sr(Secret Ressource) +``` + +## Conclusion + +* This is not just a demo -> Just apply it for machines +* They have regular meetings (daily standups and bi-weekly) diff --git a/content/day4/99_networking.md b/content/day4/99_networking.md new file mode 100644 index 0000000..b32a936 --- /dev/null +++ b/content/day4/99_networking.md @@ -0,0 +1,34 @@ +--- +title: Networking +weight: 99 +--- + +Who have I talked to today, are there any follow-ups or learnings? + +## Fastly + +* They were nice and are always up to talk if we ever need something + +## Ozone + +{{% notice style="note" %}} +They will follow up with a quick demo +{{% /notice %}} + +* A interesting tektone-based CI/CD solutions that also integrates with oter platforms +* May be interesting for either ODIT or some of our customers + +## Docker + +* Talked to one salesperson just aboput the general conference +* Talked to one technical guy about docker buildtime optimization + +## Rancher/Suse + +* I just got some swag, Maik got a demo focussing on runtime security + +## Kong + +* They didn't have any Insomina stickers and the insomnia guy apparently already left + +## Planetscale \ No newline at end of file diff --git a/content/day4/_index.md b/content/day4/_index.md index c1a008c..cd0cff7 100644 --- a/content/day4/_index.md +++ b/content/day4/_index.md @@ -1,4 +1,6 @@ --- archetype: chapter -title: template ---- \ No newline at end of file +title: Day 4 +--- + +The last day with a limited sponsor expo (10:00-14:30) and a bunch of people on the move (not me) \ No newline at end of file