Conf42 Cloud Native 2022

Conf42 Cloud Native 2022 is now available! 🐋 Schedule, Lineup & RSVP: https://www.conf42.com/cloud2022 🦘 Join Discord to interact: https://discord.gg/DnyHgrC7jC 0:00 intro, sponsors & partners Keynotes 1:52 Ciara Carey 2:22 Hammad Mushtaq 2:59 Ana Van Straaten 3:34 Rajalakshmi Srinivasan 4:11 Josh Stella 4:41 Nick Bergam Getting started 5:25 Rosemary Wang 6:14 Jason Dudash 6:46 Alparslan Avci 7:08 Naor Paz 7:44 Michael Schilonka 8:23 Jason Belk Security 8:52 Aviram Shmueli 9:34 David Melamed 10:12 Federico Maggi 10:51 Mor Manor 11:36 Otavio Santana 12:04 Tal Melamed 12:46 Tim Szigeti Tools 13:22 Trista Pan 13:57 Alba Rivas 14:49 Mary Grygleski 15:43 Viktor Farcic 16:05 Wei Jin 16:49 Gilbert Cabillic 17:13 Jim Sheldon 17:46 Raja Ganesan 18:23 Alberto Rodriguez-Natal 18:44 Maish Saidel-Keesing 19:21 Ramesh Patel 19:57 Roy Tal 20:36 Zachary Conger 21:18 Tim Davis Observability 21: 52 Dave McAllister 22:31 Yosef Arbiv Deep Dive 23:15 Noaa Barki 24:13 Shai Almog 25:03 Robert Hoffmann 25:40 Tim Spann 26:14 JJ Asghar Lessons Learned 26:47 Hila Fish 27:21 Lerna Ekmekcioglu 28:06 Handoyo Sutanto 28:44 Adarsh Shah 29:21 Denis Magda 30:15 Erez Berkner 30:40 Giovanni Paolo Gibilisco 31:18 Michael Cade 31:48 Natan Silnitsky 32:23 Robert Stein 33:14 Thank you, Join our Discord to interact! https://discord.gg/DnyHgrC7jC

In 2022, your entire tech stack is likely in the Cloud - so why aren’t your software packages? Whether you’re currently on-premise, have your own in-house solution, or have a bit of a hybrid setup, join Ciara Carey, Developer Relations at Cloudsmith in this session to explore: - What does it mean to be truly cloud native? - Why enterprises are making the move - Case study: the banking sector - How being cloud native helps Cloudsmith succeed and can help you succeed too! - Getting started: A look at the cloud native ecosystem and what to consider when setting up your pipeline Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Reliability is multifaceted. Your approach to releases plays a part in that. It's smart to think forward. What's impacted? What will change? Canary releases, or phased rollouts, allows you to better manage the release lifecycle and understand any impact to reliability. Iteration and canarying is more involved than traditional big releases. You need to look at the code being deployed and flag everything that comprises each new feature. You’ll also need to tag groups of users. And instead of one big release, you do several smaller releases where more groups of users receive more features each time. In this talk you'll learn: - Why you should consider an iterative canarying approach to releases - Knowing when it’s safe to expand and iterate - Understanding how users rely on your services to find the ideal groups to canary Your reliability plan should comprise these parts. Learn the agile way. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Even with high availability, things can fail. Migrating legacy services running in only one region with no fault tolerance, have a big chance of downtime in the best case scenario. What steps must we take to get to a real 99.99% uptime? Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Modern applications are built to run on containerized infrastructure. Businesses are migrating their existing apps from traditional to container deployments. In such a scenario, gaining end-to-end visibility of the complete container environment is a serious challenge for the IT Operators/Administrators. In this talk, we will cover the following: - New-age business complexities - How applications are moving from monolith to microservice architecture. - Operational challenges in monitoring the container architecture. - Strategies to manage the life cycle of the containers efficiently. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

When the headline reads “Cloud Breach Due to Misconfiguration”, this is only a small part of the story, causing teams to focus solely on eliminating cloud resource misconfigurations and getting a false sense of security. What’s missing in these stories is the series of moves attackers make to discover knowledge about the cloud environment, move laterally, and ultimately extract data without detection. When they gain access to an environment, they’re after API keys that enable them to begin operating against the API control plane of the cloud provider. And once a control plane compromise attack begins, it’s too late to stop it. In this session, Josh Stella - Chief Architect at Snyk - will deconstruct how control plane compromise attacks go down in the cloud, and how teams can recognize and address the architectural design flaws in their cloud environment that make them vulnerable. You’ll walk away from this session with an understanding of: - How cloud hackers think and operate in order to steal data - What questions you should be asking about the security of your cloud environment - Why cloud security is a design problem, and what secure cloud design looks like Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Security is… well… complex. When it comes to accessing cloud resources, VPN’s have become a popular tool to solve that piece of the security puzzle. But how do traditional VPN’s hold up to today’s evolving threat landscape, and which alternatives should security-minded engineers consider? Speaker bio: Nicholas currently works as a solutions engineer at Teleport, helping companies solve their access management questions for cloud infrastructure. Nicholas also has experience managing various network hardening and information security projects for the United States Army, where he continues to serve. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Kubernetes sidecars are one of the most important and commonly employed patterns in modern application infrastructures. However, developing and debugging such structures can be quite challenging. Gefyra helps to make Kubernetes-native development with sidecars possible. This session demonstrates: - How to run a Kubernetes workload containing Keycloak, the popular OAuth2-Proxy in a sidecar and a Python-based application - How the application container will be intercepted with Gefyra in order to introspect the JSON Web Token - How to debug the source code and provide a solution. Attendees will leave this session ready to leverage sidecars for authorization (i.e. OAuth2) use-cases and to use Gefyra for debugging and developing Kubernetes-based applications in local Docker containers. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

In the ideal development practice, we secure, shape, and observe traffic between services with a single line of code. However, most environments have multiple types of applications running many versions across diverse workloads and platforms, from containers to public cloud to private datacenter. With so many platforms and application frameworks, you cannot use the same code libraries across all services to shape traffic, secure communications, or enhance observability. How can we reduce the development and operational complexity? In this session, you dive into why and how a service mesh can alleviate the management complexity of shaping, securing, and observing traffic across multiple platforms and environments. First, I'll provide a short introduction to the session's setup, which uses HashiCorp Consul and Envoy proxy on Kubernetes. Then, you will learn how to implement and debug traffic shaping and certificate management in the mesh. Finally, you will configure tracing and metrics collection for your service mesh application and examine the telemetry in Prometheus and Jaeger. We'll compare the experience of using a service mesh to various programming language implementations and discuss how to extend the mesh across different workloads. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

After all these years, the task of tuning Kubernetes microservice applications is a daunting task even for experienced Performance Engineers and SREs, often resulting in companies facing reliability and performance issues, as well as unexpected costs. In this session, we plan to first illustrate some less-known facts about Kubernetes key resource management and autoscaling mechanisms and show how properly setting pod resources and autoscaling policies is critical to avoid over-provisioning while ensuring services deliver the expected performance and resilience. We then demonstrate how a new approach leveraging ML techniques makes it possible to automatically tune both pod and runtime configurations to ensure any specified optimization goal, such as minimizing Kubernetes cost or maximizing application throughput, while respecting any SLOs, such as max response time and error rates. Results of real-world cases will be used to document how much this new approach can be effective to deliver higher operational efficiency tangible benefits. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

During this talk, a showcase will be presented on federating multiple backend GraphQL interfaces into one common interface, which is then consumed by the frontend. The services are orchestrated with Kubernetes running locally on the developer's machine. The frontend comes with a webpack development server and is built with Vue.js. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

DevOps engineers tend to be obsessed with their favorite tools and platforms. That could be Docker, Kubernetes, Terraform, Prometheus, Grafana, Crossplane, or any other among a myriad of those labeled as ""DevOps"". However, that is often missing the point of what we're trying to accomplish. The goal should be to enable everyone to be in complete control of their applications, including dependent services and infrastructure. DevOps is about having self-sufficient teams, and the only way to accomplish that is by providing services that everyone can consume. Instead of waiting for requests to create a cluster, perform security scanning, deploy an application, and so on, ops and other specialized teams should be enabling others to do those operations. That enablement is best accomplished by creating an Internal Developer Platform (IDP). This session will explore the architecture and the critical ingredients needed for an IDP. We'll also discuss the key benefits of an IDP, and we'll see, through a demo, how we could build one. We'll combine tools like Backstage, Argo CD, Crossplane, and quite a few others into a platform that everyone can use, no matter their experience level. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

SD-WAN is increasingly being used to stitch network connectivity between enterprise locations, and the applications running there. In many cases, Kubernetes provides the fine grained management for the microservices that compose those applications. The ability to influence the SD-WAN based on microservice metadata adds even greater power to the microservice application model and the SD-WAN. In hybrid/multicloud application deployments, optimizing service communication between remote locations is highly desirable and SD-WAN application routing capability is a nice addition to the operations toolbox. This talk will show how an SD-WAN controller, using Kubernetes configuration and state, can adapt the network for optimal application performance. The talk will provide a few use-cases showing what is possible today via custom tooling, as well as, go through possible future approaches. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Epsagon developers use OpenTelemetry excessively to create a sustainable observability product. But it wasn't always like this. This talk will share the story of Epsagon adopting OpenTelemetry into its systems, the mistakes that were made in the process, how it became a part of the OpenTelemetry community, and how it all came together with Epsagon being acquired by Cisco. This talk will cover: - Recent history of observability with an emphasis on OpenTelemetry - The different paths to use open source projects in general, and OpenTelemetry in particular, to create valuable products for your customers. - How to become a part of OpenTelemetry - Pitfalls to avoid when using OpenTelemetry (and open source in general) Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Sooner or later, every business needs to design their data and API authorization model with granularity over what their user can do. How do you do it in the world of distributed systems without disrupting the codebase or introducing a single point of failure? In this talk we will present our journey of discovery for an efficient distributed solution leveraging OpenPolicy Agent, Go and other technologies, with everything running in the Kubernetes ecosystem. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Do you want to become an infrastructure wizard overnight? Then this talk is for you. With most tools for Infrastructure as Code, we describe our infrastructure in a declarative configuration language. But there is another way: We can use a general-purpose programming language like TypeScript, Java or C#. This talk gives an overview of this alternative approach to IaC and answers some of the most burning questions: Can we finally get rid of tons and tons of YAML and JSON files? What are the pros and cons of coding instead of configuring? What tools can we use, what are their differences? And most importantly, do they help us to build infrastructure like a boss without 30 years of experience? Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Have you heard the term service mesh but have no idea what that means? Are you architecting, developing, or responsible for running distributed applications? This talk will make you smarter on concepts around service mesh technology. We also will get a little nerdy and explore the awesome platform capabilities you get from an Istio based service mesh running containerized applications and services. Why? As modern applications move toward microservices based architectures the importance of a platform to back both the development and operational work grows. Development teams struggle with building, debugging, and connecting services properly. And application operations teams face increasing challenges with securing hybrid deployments, scaling bottlenecks, recovering from failure, and gathering metrics. This session will feature an introduction to the technology and also give a demo showcasing key capabilities a service mesh platform brings to connect, secure, and observe microservice based applications. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

As we took our SaaS platform from Alpha to Beta to GA, we accrued a rapidly expanding set of microservices. Engineers were unhappy with performance they were experiencing in local development, and tests on a single microservice became meaningless without the others. This presentation walks through our experiences in building a scalable system that allowed our team to continue developing on their laptops as our platform grew. These include first implementing Docker Compose, then Kompose to move most of the workload to Kubernetes, and then Kotlin tooling to improve the flexibility of our local/Kubernetes hybrid development environment. This talk will look at the tradeoffs of these different tools and the iterations that led us to where we are today. We will dive into how conference attendees can think about implementing these tools in their own environments to help engineers develop locally. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

There's a lot of confusion in the infrastructure operations world regarding emerging concepts such as state drift, ghost assets, and other cloud operations nightmares. In this talk we're going to demystify the differences between all of these concepts that are the byproduct of large-scale, rapid adoption and growth of cloud operations. Cloud operation were widely impacted by the introduction of Infrastructure as Code practices which changed the way we manage our cloud. That said, cloud deployments that predate IaC were often not codified and managed via UI or cloud APIs - which has led to a mishmash in the way cloud resources are managed and maintained today. We will go on to focus on how and when ghost assets happen, why you might have these haunting assets and what to do about them - hopefully without spooking you out too much. We'll wrap up with some real code examples of what ghost assets looks like, when you should be concerned - from the cost to the security implications, as well as how to fix them and prevent any ghosts in your closet in the future. Boooo! Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

When it comes to distributed, event-driven messaging systems, we usually see them supporting either one of two types of semantics: streaming, or queueing, and rarely do we find a platform that supports both. In this presentation, we’ll first get an introduction and some clarifications of event-driven versus message-driven systems, event streams, and stream processing. We’ll then take a look at Apache Pulsar which offers a very unique capability in modern, cloud-native applications and architecture, in which its platform supports both Pub-Sub and Message Queues, and extends into streams processing as well as performs message mediation & transformation. We will look at how it relies on Apache Bookkeeper for its durable, scalable, and performant storage of log streams, and leverages on Apache Zookeeper. We will also see how Pulsar is meant to bring the best of other systems, such as how it fills the gaps that Kafka has and extends its streaming capability in the complex cloud world. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022

As we go deeper into cloud-native applications, microservices are becoming a part of any developer’s life. Together with Kubernetes and service meshes, they became the de facto standard in the industry. However, one question arises with microservices: How to implement distributed transactions in such an environment? In this talk, we will discuss distributed transaction methodologies, talk about real-life scenarios, and provide a hands-on resolution in the Istio service mesh using the Hazelcast application platform. The attendees will easily understand the distributed saga pattern, backend architecture, and the topology of the solutions with live demonstrations. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

As Wix Kafka usage grew to 1.5B messages per day, over 10K topics and over 100K leader partitions serving 2000 microservices, we decided to migrate from self-running cluster per data-center to a managed cloud service (Confluent Cloud) with multi-cluster setup. This talk is about how we successfully migrated with 0 downtime and full traffic and the lessons we learned along the way. These lessons include: 1. Automation, Automation, Automation - all the process has to be completely automated at such scale 2. Prefer a gradual approach - E.g. migrate topics in small chunks and not all at once. Reduces risks if things go bad 3. First migrate test topics with relayed real traffic - So data will be real but will not effect production. 4. Cleanup first - avoid migrating unused topics or topics with too many unnecessary partitions 5. Adapt to Confluent Cloud APIs - e.g. lag monitoring Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

In this session you will learn more about the native container services available in AWS. The session will be a guided tour of an imaginary company that is just starting out and how they used App Runner to kickstart their online presence. Of course they were a huge success and as their business continues to grow, they continue to expand and use Amazon ECS and AWS Fargate to help them succeed. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Data Management is required across the board when it comes to any platform, we could be talking about Virtualisation, Cloud (IaaS, PaaS, SaaS, etc), Cloud-Native, and Legacy and sometimes all of these platforms are linked together to serve the end-user. Data Management consists of many different facets including Backup, Recovery, Migration, and also leveraging that data as part of another use case that does not interfere with the production environment. In this session we are going to focus on protecting stateful workloads in your cloud-native Kubernetes environment, the importance of making sure your data services are protected but also the capabilities available to enable easy migration between multiple different Kubernetes clusters and environments. Database not running in Kubernetes? That is fine we also have a unique way of being able to protect your data services that reside outside of the Kubernetes cluster. If we have time, we can also touch on the ability to add this to your continuous deployment process to ensure that your data service is also protected before any code change. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

This talk is about all of the benefits of resource tagging. There are so many uses for it like organization, automation, cost analysis, etc. It is such an easy step that a lot of people simply skip when deploying resources, because it isn't a required step. Slightly altering your process, even with some easy-to-use tools, can help make your life easier. We will break down a lot of the uses, some tools to help make the job easier, and answer any questions you may have. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Organizations are always seeking to expand the bottom line with cost and time efficient technologies without compromising quality. Considering a cloud-agnostic strategy is an affordable option to efficiently build and run cloud-native applications. The popularity of cloud-agnostics is not a new occurrence. Most organizations examine a cloud agnostic strategy due to the savings. It’s expensive to maintain and run servers. You need a dedicated IT person or company to manage the servers just to keep up with the load which quickly becomes a costly headache. Going cloud-agnostic frees your company from the shackles and helps save money. When you choose cloud-agnostics, there are costs involved for the orchestration or executions, but they are not very much and won’t break the bank compared to running and maintaining servers. You pay for the number of executions which occur in each millisecond by using the API when you send and receive information. A short task is not overly costly compared to using a server. It’s true, nothing in the world of technology is perfect or might even meet your particular needs. As with anything, there are some downsides to cloud-agnostics. After this talk we are confident that you’ll discover the benefits of cloud-agnostic technologies far outweigh the drawbacks for most organizations. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

The craft of Software Engineering has been around for decades and we have learned and improved a lot along the way. Things like keeping code in source control are taken for granted these days, but we remember the days when the latest code existed on production servers or on an engineer’s machine. As improvements to the craft of Software Engineering gained momentum, the way infrastructure was managed lagged, remaining a manual process for many teams. Over time best practices for Software Engineering are being applied to infrastructure. The quintessential example is Infrastructure as Code. In this presentation, we will talk about how the history of Software Engineering has and will continue to shape the improvement of infrastructure practices. Then we will introduce newer concepts like Environment as Code that will help further the craft of managing Infrastructure, beyond IaC. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Everyone agrees that infrastructure as code is vital to managing cloud resources, but what are the best ways to arrange and manage that code? How does GitOps fit into the picture? Jim will share different approaches that he has seen development teams adopt, to be successful in managing not only their cloud infrastructure, but their Kubernetes resources as well. Jim will cover git repository structure and layout, as well as when it makes sense to split configuration into multiple repositories. Once the structure is created, Jim will go over how to best test and apply the configuration changes from development to production. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

This session mainly shares the use and architecture of Apache APISIX Ingress. The audience can learn about the design of Apache APISIX Ingress from this sharing. Through some practical cases, it will introduce how to simplify user configuration , it is applicable to more complex cloud requirements. The outline of this sharing is as follows: - About Wei - Introduce the design of Apache APISIX Ingress - Explain the simplicity in combination with specific scenarios - Combine the case to illustrate the benefits of architectural flexibility - Outlook Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

There are immutable laws and rules for many things, from nature to physics to karma. Observability, with its innate complexity, also has its own immutable rules, which transform elastic and ephemeral rote reactions to a clear and concise approach and understanding of your environment. Join us to learn the rules you should understand with your approach to observability, including: - The impact of open and flexible data ingest and instrumentation - The impact of data retention and aggregation on blind spot analysis - The impact of data accuracy and precision on observability - The innate drive for seamless workflow integration, from alerts to resolution - Why drift and skew could lead to erroneous conclusions Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

2:32 AM. PagerDuty wakes you up. DynamoDB is throttling. Should you wake up the team and fiercely charge to resolve the issue, or can it wait for tomorrow? Understanding the business impact and the affected users are the key points to making this decision. Those data points are usually not easy to obtain, especially in highly distributed asynchronous architectures like serverless. In this session, we will share guidelines on what needs to be part of your serverless application in order to be able to answer those questions in a matter of minutes. The main operational questions, when things go bad: - What is the user functionality being affected? - Which users were affected and how? - What is the root cause of these issues? Getting a good night's sleep is within arm’s reach... Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Currently, we see several cases of security breaches that caused a loss of millions, either as credibility or as new fines. As a result, new data protection laws emerge. Betting on information security guarantees quality and helps prevent these headaches, in addition to avoiding scandals that could make a software project unfeasible. The company and its team are aware of the importance of safety and prevention; it is necessary to develop a DevSecOps culture. In this talk, you will learn more about this working model and how to prevent you or someone on your team from being responsible for the next security disaster. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

When getting started with network automation, Ansible is a super useful tool to learn. It will provide a helpful platform and framework for connecting to network devices in a secure way to make configuration changes, read operational data and build reports. You can run Ansible locally on your laptop and connect to a ton of devices to save time in your next change window, even if it is just grabbing “show” commands to put into a file and view the differences between the state before and after your change. Ansible was originally designed for compute and cloud engineers, so this session is focused on how to learn it from a network engineer’s perspective, assuming no previous knowledge Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

When adopting serverless technology, we eliminate the need to develop a server to manage our application and by doing so, we also pass some of the security threats to the infrastructure provider. However, serverless functions, even without provisioning or managing servers, still execute code. If this code is written in an insecure manner, it can still be vulnerable to traditional application-level attacks. The OWASP Serverless Top 10 project recently launched. In this talk, I will examine how the original Top 10 stack up for serverless apps. In particular, we’ll examine the differences in attack vectors, security weaknesses, and the business impact of successful attacks on applications in the serverless world, and, most importantly, how to prevent them. As we will see, attack vectors and prevention techniques are completely different from the traditional application world. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Businesses are increasingly shifting their applications to microservice based architectures, as these support rapid application development with flexibility, stability, portability, and scale. However, microservice architectures present new networking and security challenges that traditional approaches simply cannot meet. For instance, securely interconnecting such microservices dynamically and at scale cannot be done with legacy systems and requires and entirely new approach, a Cloud Native approach. Similarly too, when it comes to security, it's not enough to secure an interconnection, but also containers, pods, clusters and even APIs. This requires security to be embedded early and pervasively into the entire CI/CD pipeline, and not simply as an after-the-fact consideration. In this session we’ll lay out some of the key problem areas, industry best practices and demonstrate solutions to meet these new and complex requirements. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022

As a small firm starting up we relied heavily on aws resources at first to get our event based architecture in place for rapid code deployment. As our core api became very large on fargate we ran into issues with a bulky ci/cd process and slower release cycles. This is why we have made a move to shift off fargate and move to kubernetes and break apart our monolith using domain driven design. We would like to walk you through the hurdles we faced and what our current design looks like using Argo CD and kubernetes. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

The minimum viable security (MVS) approach, enables us to easily bake security into our cloud config files, apps, and CI/CD processes with a few simple controls built - and the great part? It's easily achievable through cloud native open source tooling. In this talk we will focus on five critical security controls that will be integrated as part of your typical cloud native operations and CI/CD pipeline and provide an overview of some of the existing tools for which challenge - with our take on the right one for the job - from npm audit to OWASP dependency check, Gitleaks to detect-secrets, to KICS & Chekhov for IaC scanning, Trivy to container security scanning, OWASP ZAP and much more. These controls will provide a foundational framework for securing your applications from the first line of code, that will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that comes with time, as well as increased experience with your deployments, stacks, and security posture. Code examples & demos will be showcased as part of this session. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

In this talk we will focus on four critical security controls that will be integrated as part of the CI/CD pipeline: static application security (SAST), dependency check (SCA), infrastructure as code (IaC) and dynamic application security (DAST). Anything from your Terraform deletes to code vulnerabilities, infrastructure misconfigurations and more can be operationalized and enforced through OPA and ArgoCD or even other GitOps methods and CI tools like Github Actions. Code examples will be showcased as part of this session. Open Policy Agent has become a very popular project in the Kubernetes ecosystem for finer-grained policy management and enforcement. OPA comes with a very convenient dev-friendly language called Rego that can be leveraged as a unified way to manage any deployment changes at scale. In this talk we will focus on four critical security controls that will be integrated as part of the CI/CD pipeline: static application security (SAST), dependency check (SCA), infrastructure as code (IaC) and dynamic application security (DAST). Anything from your Terraform deletes to code vulnerabilities, infrastructure misconfigurations and more can be operationalized and enforced through OPA and ArgoCD. Code examples will be showcased as part of this session. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Salesforce Functions (https://developer.salesforce.com/docs/platform/functions/overview) help you deliver scalable experiences thanks to the power of elastic compute and open language flexibility. In this session I will explain: - How we've implemented salesforce functions making use of popular open source technologies - How functions are written in node or java (for now), how they can be invoked from Salesforce, and how it can interact with Salesforce data seamleassly - The tooling that we have created to work with Functions (a CLI to run them locally, deploy them, etc.). Everything from a practical approach showing code / running demos. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Karpenter is a cluster autoscaling solution for Kubernetes cluster. Karpenter uses effective way to autoscale the capacity by interacting directly with the cloud providers computing services to provision capacity for the kubernetes cluster. In this talk, I will discuss how to use Karpenter to scale up and down Kubernetes clusters. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

In this session I will get you started with real-time cloud native streaming programming with Java, Golang, Python and Apache NiFi. I will start off with an introduction to Apache Pulsar and setting up your first easy standalone cluster in docker. We will then go into terms and architecture so you have an idea of what is going on with your events. I will then show you how to produce and consume messages to and from Pulsar topics. As well as using some of the command line and REST interfaces to monitor, manage and do CRUD on things like tenants, namespaces and topics. We will discuss Functions, Sinks, Sources, Pulsar SQL, Flink SQL and Spark SQL interfaces. We also discuss why you may want to add protocols such as MoP (MQTT), AoP (AMQP/RabbitMQ) or KoP (Kafka) to your cluster. We will also look at WebSockets as a producer and consumer. I will demonstrate a simple web page that sends and receives Pulsar messages with basic JavaScript. After this session you will be able to build simple real-time streaming and messaging applications with your chosen language or tool of your choice. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

You’ve moved to the cloud-native space. You now have multiple Kubernetes and/or OpenShift clusters, possibly spread around various clouds, and it’s gotten legit unruly. Don’t worry; I’m here to help and give you the tools to help wrangle your clusters so you can focus on building for the business instead of fighting infrastructure. Leveraging GitOps and the principles around a mash-up of traditional infrastructure management and software development practices creates an auditable/accountable/enforceable way to interface with your fleet. In this talk, I’ll be walking through (a strong possibility of your situation) why GitOps has become the de facto way to maintain your cluster(s), advantages and struggles going down this path, and strong suggestions on “fastest time to dopamine” paths. You should know that you can take bits and pieces from this talk and build this up piecemeal, but the sooner you leverage this, the sooner you can start focusing on what makes your business win instead of losing time with administration. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Terraform is a GREAT tool, but like a lot of other things in life, it has its pitfalls and bad practices. Since you are working with Terraform, you probably went through its documentation, which can tell you what resources can be used - BUT do you always have a clear path towards using these resources? How should modules be constructed? What should we call these modules? How should you structure your Terraform code in general? In this talk, I’ll cover the good, the bad, and the ugly when it comes to Terraform. I will show best practices for working with Terraform that were put together with a lot of blood, sweat, and tears, so you’ll ultimately have a go-to approach and a paved way of working with Terraform, whether it’s an existing codebase or a new functionality altogether. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Lifting and shifting applications into the cloud, even monolithic apps, requires minimal to no changes to the application architecture and is straight forward. Once rehosted in the cloud, modernizing a monolith into a microservices based architecture is a natural next step. It helps teams with agility but requires a methodical approach to minimize risk of disruptions to the business. In this session, I cover how to modernize a monolithic application into a microservices-based architecture in AWS. I apply the strangler fig pattern using AWS Migration Hub Refactor Spaces to chip away at the monolith iteratively and demonstrate step by step how to move a sample Spring Boot Java application into microservices built on AWS serverless components. The session is targeted for cloud teams who are looking to modernize their monolithic application stacks rehosted on AWS including those in regulated industries where security and reliability are critical such as Financial Services and Healthcare. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

In their cloud security report last year Gartner states: “Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users.” This statement is one of many affirmations that emphasizes the importance of data resides in the cloud. Yet, while we migrate to cloud environments, we scrutinize the infrastructure; we secure the virtual permitter, workloads, and other assets. We do, however, tend to forget about the security posture of our crown jowl, our data. In this session we present, “ Snapshot”, a patent-pending technology that provides cloud data security posture. This free agentless solution leverages cloud databases snapshot functionality and allows cloud operators to receive thorough insights of their data stored in the cloud. To demonstrate the magnitude of the data exposure issue we will present recent research we conducted by automating the “Snapshot” technology. The research leverages a minor users’ misconfiguration on one of the leading public cloud vendors and exposes significant number of data & sensitive records over dozens of cloud accounts. We will present how we automate the process, what insights we accomplished from the research and reflect on our responsive disclosure process to the vendor. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

As the most popular open source relational database in the world, PostgreSQL keeps attracting the significant attention it deserves. With the ever increasing data storage and query requirements, new challenges are brought forward for horizontal elastic expansion and security of the PostgreSQL database. How to provide existing PostgreSQL databases with incremental capabilities such as data sharding, data encryption and other functions is of great concern to many PostgreSQL users. This will focus on introducing how to empower PostgreSQL thanks to the ecosystem provided by Apache ShardingSphere - an open source distributed database, plus an ecosystem users and developers need for their database to provide a customized and cloud-native experience. ShardingSphere doesn't quite fit into the usual industry mold of a simple distributed database middleware solution. ShardingSphere recreates the distributed pluggable system, enabling actual user implementation scenarios to thrive and contributing valuable solutions to the community and the database industry. The aim of ShardingSphere is the Database Plus concept. Database Plus sets out to build a standard layer and an ecosystem layer above the fragmented database's basic services. A unified and standardized database usage specification provides for upper-level applications, and the challenges faced by businesses due to underlying databases fragmentation get minimized as much as possible. To link databases and applications, it uses traffic and data rendering and parsing. It provides users with enhanced core features, such as a distributed database, data security, database gateway, and stress testing. ShardingSphere uses a pluggable kernel architecture for Database Plus. That means there's modularity, which provides flexibility for the user. Demos and notable use cases in production environments that are from the Asia equivalents of FAANG (Facebook, Amazon etc.) will be used to introduce the use and implementation of these functions for PostgreSQL databases. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

This talk will walk you through applying centralized policy for Kubernetes deployments leveraging Open Policy Agent, Conftest and Gatekeeper - both from the developer's and DevOps / operations perspectives. Open Policy Agent has been an excellent and complementary project to ensuring centralized policy management for your Kubernetes deployments. In this session, we will do a deep-dive session into: Open Policy Agent, Conftest, and GateKeeper, three projects that really enable you to apply granular policies and controls for highly distributed, microservices deployments. This talk will show real-life use cases of how to use those technologies in production in order to configure and enforce a centralized policy for Kubernetes, both from the developer and operations (DevOps) perspectives. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022

Brian Kernigham said: “Debugging is twice as hard as writing the code in the first place.” In fact, debugging in a modern production environment is even harder - orchestrators spinning containers up and down and weird networking wizardry that keeps everything glued together, make understanding systems that much more difficult than it used to be. And, while k8s is well understood by DevOps people by now, it remains a nut that developers are still trying to crack. Where do you start when there’s a production problem? How do you get the tools you’re used to in the remote container? How do you understand what is running where and what is its current state? In this talk, we will review debugging a production application deployed to a Kubernetes cluster, and review kubectl debug - a new feature from the Kubernetes sig-cli team. In addition, we’ll review the open source KoolKits project that offers a set of (opinionated) tools for kubectl debug. KoolKits builds on top of kubectl debug by adding everything you need right into the image. When logging into a container, we’re often hit with the scarcity of tools at our disposal. No vim (for better or worse), no DB clients, no htop, no debuggers, etc… KoolKits adds all the tools you need right out of the box and lets you inspect a production container easily without resorting to endless installation and configuration cycles for each needed package. We’ll finish the talk by delving into how to get better at debugging on a real-world scale. Specifically, we’ll talk about how to be disciplined in our continuous observability efforts by using tools that are built for k8s scale and can run well in those environments, while remaining ergonomic for day to day use. This session will go back and forth between explanation slides and demonstration of the topic at hand. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

An infrastructure of major cloud providers spans dozens of geographical regions and availability zones. With this infrastructure, any application can serve user requests with low latency regardless of whereabouts, bringing the application experience straight to users’ doors. It can also easily comply with data residency requirements when expanding to new territories. Come and learn how to design geo-distributed applications that achieve low latency and comply with GDPR regulations (and similar) by: - Spreading data across multiple availability zones, regions, and even cloud providers. - Serving user requests with microservices closest to the user location. - Using a combination of synch and async communication channels to replicate data and exchange events between cloud regions of different proximity. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022

The multi-cloud is the new standard of the cloud. You will learn how to do comprehensive and simple management of multi-cloud workloads. I will teach you how to choose and provision one or more cloud providers in a few clicks, using the best cloud providers (AWS, GCP, Azure, OVH…), and multiple regions. How to manage all your suppliers from a single console, compare costs, and integrate dynamic failover. This will allow you to de-risk your cloud resources, monitor your architecture, improve performance, scale or downgrade quickly, and free yourself from the cloud locked-in. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

CDK is growing in popularity in the AWS ecosystem, and is set to be the successor of CloudFormation, being built natively for the configuration of AWS resources. CloudFormation that had its own set of limitations, opened the door for the widely adopted existing infrastructure as code tools we have all grown to love - including Terraform and Pulumi. In this talk, we'll dive into why CDK is a game changer for AWS-based deployments. How it works with your existing developer flows and favorite programming languages - from NodeJS to Golang and even Python, and brings the inherent benefits from using your programming language of choice. We'll also dive into what the migration looks like from your existing IaC tools - whether CloudFormation, Terraform or Pulumi, when others tools are a better for fit for your use case, and will wrap up with code samples based on CDK and Golang. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk