day4 talks
This commit is contained in:
parent
c178fe095c
commit
f3715316b5
|
@ -52,3 +52,7 @@ I should follow up
|
||||||
|
|
||||||
* The paid renovate offering now includes build failure estimation
|
* The paid renovate offering now includes build failure estimation
|
||||||
* I was told not to buy it after telling the technical guy that we just use build pipelines as MR verification
|
* I was told not to buy it after telling the technical guy that we just use build pipelines as MR verification
|
||||||
|
|
||||||
|
### Certmanager
|
||||||
|
|
||||||
|
* The best swag (judged by coolness points)
|
||||||
|
|
|
@ -0,0 +1,55 @@
|
||||||
|
---
|
||||||
|
title: What's New in Operator Framework?
|
||||||
|
weight: 3
|
||||||
|
---
|
||||||
|
|
||||||
|
By the nice opertor framework guys at IBM and RedHat.
|
||||||
|
I'll skip the baseline introduction of what an operator is.
|
||||||
|
|
||||||
|
## Operator DSK
|
||||||
|
|
||||||
|
> Build the operator
|
||||||
|
|
||||||
|
* Kubebuilder with v4 Plugines -> Supports the latest Kubernetes
|
||||||
|
* Java Operator SDK is not a part of Operator SDK and they released 5.0.0
|
||||||
|
* Now with server side apply in the background
|
||||||
|
* Better status updates and finalizer handling
|
||||||
|
* Dependent ressource handling (alongside optional dependent ressources)
|
||||||
|
|
||||||
|
## Operator Liefecycle Manager
|
||||||
|
|
||||||
|
> Manage the operator -> A operator for installing operators
|
||||||
|
|
||||||
|
### OLM v1 APIs
|
||||||
|
|
||||||
|
* New API Set -> The old CRDs were overwhelming
|
||||||
|
* More GitOps friendly with per-tenant support
|
||||||
|
* Prediscribes update paths (maybe upgrade)
|
||||||
|
* Suport for operator bundels as k8s manifests/helmchart
|
||||||
|
|
||||||
|
### OLM v1 Components
|
||||||
|
|
||||||
|
* Cluster Extension (User-Facing API)
|
||||||
|
* Defines the app you want to install
|
||||||
|
* Resolvs requirements through catalogd/depply
|
||||||
|
* Catalogd (Catalog Server/Operator)
|
||||||
|
* Depply (Dependency/Contraint solver)
|
||||||
|
* Applier (Rukoak/kapp compatible)
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
flowchart TD
|
||||||
|
uapi(User facing api)-->|Can I find this operator|catalaogd
|
||||||
|
catalogd-->|Check if all dependencies are checked|depply
|
||||||
|
depply-->|Please install|kapp
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
flowchart LR
|
||||||
|
oa(operator author)-->ba(Bundle and att to catalog)
|
||||||
|
ba-->catalogd(Catalogd Handle unpackling)
|
||||||
|
|
||||||
|
user-->ufa(User facing api)
|
||||||
|
ufa-->|Resolve package|catalogd
|
||||||
|
ufa-->|Create app on cluster|appcr(App CR / kapps)
|
||||||
|
```
|
|
@ -0,0 +1,73 @@
|
||||||
|
---
|
||||||
|
title: "Cryptographically Signed Swag: Cert-Manager’s Stamped Certificates"
|
||||||
|
weight: 5
|
||||||
|
---
|
||||||
|
|
||||||
|
A talk by the certmanager maintainers that also staffed the certmanager booth.
|
||||||
|
Humor is present, but the main focus is still thetechnical integration
|
||||||
|
|
||||||
|
## Baseline
|
||||||
|
|
||||||
|
* Certmanager is the best™ way of getting certificats
|
||||||
|
* Poster features: Autorenewal, ACME, PKI, HC Vault
|
||||||
|
* Numbers: 20M downloads 427 contributors 11.3 GitHub stars
|
||||||
|
* Currently on the gratuation path
|
||||||
|
|
||||||
|
## History
|
||||||
|
|
||||||
|
* 2016: Jetstack created kube-lego -> A operator that generated LE certificates for ingress based on annotations
|
||||||
|
* 2o17: Certmanager launch -> Cert ressources and issuer ressources
|
||||||
|
* 2020: v1.0.0 and joined CNCF sandbox
|
||||||
|
* 2022: CNCF incubating
|
||||||
|
* 2024: Passed the CNCF security audit and on the way to graduation
|
||||||
|
|
||||||
|
## The booth works
|
||||||
|
|
||||||
|
### How it came to be
|
||||||
|
|
||||||
|
* The idea: Mix the digital certificate with the classical seal
|
||||||
|
* Started as the stamping idea to celebrate v1 and send contributors a thank you with candels
|
||||||
|
* Problems: Candels are not allowed -> Therefor glue gun
|
||||||
|
|
||||||
|
### How it works
|
||||||
|
|
||||||
|
* Components
|
||||||
|
* RASPI with k3s
|
||||||
|
* Printer
|
||||||
|
* Certmanager
|
||||||
|
* A go-based webui
|
||||||
|
* QR-Code: Contains link to certificate with privatekey
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
flowchart LR
|
||||||
|
ui(UI in go)-->|Generate cert ressource|kubeapi
|
||||||
|
kubeapi-->|Issue certificate|CertManager
|
||||||
|
CertManager-->|Certificate|ui
|
||||||
|
ui-->|print|Printer
|
||||||
|
```
|
||||||
|
|
||||||
|
### What is new this year
|
||||||
|
|
||||||
|
* Idea: Certs should be usable for TLS
|
||||||
|
* Solution: The QR-Code links to a zip-download with the cert and provate key
|
||||||
|
* New: ECDSA for everything
|
||||||
|
* New: A stable root ca with intermediate for every conference
|
||||||
|
* New: Guestbook that can only be signed with a booth issued certificate -> Available via script
|
||||||
|
|
||||||
|
## Learnings
|
||||||
|
|
||||||
|
* This demo is just a private CA with certmanager -> Can be applied to any PKI-usecase
|
||||||
|
* The certificate can be created via the CR, CSI driver (create secret and mount in container), ingress annotations, ...
|
||||||
|
* You can use multiple different Issuers (CA Issuer aka PKI, Let's Encrypt, Vault, AWS, ...)
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
flowchart LR
|
||||||
|
ui-->|Input certificate subject details|CertManager
|
||||||
|
cai(CA Issuer)-->|CertManager|Souurce for certificate
|
||||||
|
CertManager-->|Creates|sr(Secret Ressource)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Conclusion
|
||||||
|
|
||||||
|
* This is not just a demo -> Just apply it for machines
|
||||||
|
* They have regular meetings (daily standups and bi-weekly)
|
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
title: Networking
|
||||||
|
weight: 99
|
||||||
|
---
|
||||||
|
|
||||||
|
Who have I talked to today, are there any follow-ups or learnings?
|
||||||
|
|
||||||
|
## Fastly
|
||||||
|
|
||||||
|
* They were nice and are always up to talk if we ever need something
|
||||||
|
|
||||||
|
## Ozone
|
||||||
|
|
||||||
|
{{% notice style="note" %}}
|
||||||
|
They will follow up with a quick demo
|
||||||
|
{{% /notice %}}
|
||||||
|
|
||||||
|
* A interesting tektone-based CI/CD solutions that also integrates with oter platforms
|
||||||
|
* May be interesting for either ODIT or some of our customers
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
|
||||||
|
* Talked to one salesperson just aboput the general conference
|
||||||
|
* Talked to one technical guy about docker buildtime optimization
|
||||||
|
|
||||||
|
## Rancher/Suse
|
||||||
|
|
||||||
|
* I just got some swag, Maik got a demo focussing on runtime security
|
||||||
|
|
||||||
|
## Kong
|
||||||
|
|
||||||
|
* They didn't have any Insomina stickers and the insomnia guy apparently already left
|
||||||
|
|
||||||
|
## Planetscale
|
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
archetype: chapter
|
archetype: chapter
|
||||||
title: template
|
title: Day 4
|
||||||
---
|
---
|
||||||
|
|
||||||
|
The last day with a limited sponsor expo (10:00-14:30) and a bunch of people on the move (not me)
|
Loading…
Reference in New Issue