--- Thank you very much to our sponsors, Oracle, who are sponsoring this meetup and making it possible. Incidentally they are hiring DevOps/SRE oriented people ---
After talking about deploying applications using PHP last month, we are now delving into running cloud applications on AWS and Kubernetes Admission control.
18:30 - arrive
18:30- 19:00 - networking, pizza, drinks etc
19:00 - 19:30 Neil Millard, DevOps consultant at Equal Experts will give a talk on 'Running Cloud Applications on AWS'. There is more than one way to deploy configuration to run applications on AWS. In this talk we will discuss 3 of them; Fargate, ECS and EC2 instances.
Of course Apps don’t run in a vacuum, so this talk will tell you about the dependencies that need to be met, in order to run your app in a robust and error free way on the Cloud.
19:35 - 20:35 - Mikalai, SRE at Red hat will speak about 'Kubernetes Admission Control: You Shall Not Pass!'
Talk description:
You are happy. You just deployed your Kubernetes cluster. Cluster dashboard is not exposed to the internet and RBAC gives just enough permissions to cluster users to perform their duties. Access to nodes is limited and machines are receiving security updates. Monitoring and alerting works perfectly. Everything seems to work well and your cluster is ready to accept traffic. Product teams are going to start running their apps soon. You are very proud of the work you’ve done.
You are less happy. Turns out different teams have different approaches to labelling objects. People don’t set memory and CPU limits. Some pods mount volumes from the host machine and run containers with 99 vulnerabilities. You are going to educate your colleagues - you will show them best practices and ask everyone to follow the policy document you prepared that sets minimum requirements for deployments to be considered secure and well defined.
You are upset. Maybe even angry. A lot of teams are still not following the document. Is there a way to enforce the policy requirements? Can we reject pods that are insecure? It feels like it’s time to learn more about Kubernetes admission process and admission controllers.
Mikalai currently works for Red Hat as a Senior Software Engineer / SRE on the Azure Red Hat OpenShift managed service. Enjoys automating processes, likes Python and Go very much and occasionally contributes into Kubernetes sig-cli.