List of videos

When the headline reads “Cloud Breach Due to Misconfiguration”, this is only a small part of the story, causing teams to focus solely on eliminating cloud resource misconfigurations and getting a false sense of security. What’s missing in these stories is the series of moves attackers make to discover knowledge about the cloud environment, move laterally, and ultimately extract data without detection. When they gain access to an environment, they’re after API keys that enable them to begin operating against the API control plane of the cloud provider. And once a control plane compromise attack begins, it’s too late to stop it. In this session, Josh Stella - Chief Architect at Snyk - will deconstruct how control plane compromise attacks go down in the cloud, and how teams can recognize and address the architectural design flaws in their cloud environment that make them vulnerable. You’ll walk away from this session with an understanding of: - How cloud hackers think and operate in order to steal data - What questions you should be asking about the security of your cloud environment - Why cloud security is a design problem, and what secure cloud design looks like Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Security is… well… complex. When it comes to accessing cloud resources, VPN’s have become a popular tool to solve that piece of the security puzzle. But how do traditional VPN’s hold up to today’s evolving threat landscape, and which alternatives should security-minded engineers consider? Speaker bio: Nicholas currently works as a solutions engineer at Teleport, helping companies solve their access management questions for cloud infrastructure. Nicholas also has experience managing various network hardening and information security projects for the United States Army, where he continues to serve. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

Kubernetes sidecars are one of the most important and commonly employed patterns in modern application infrastructures. However, developing and debugging such structures can be quite challenging. Gefyra helps to make Kubernetes-native development with sidecars possible. This session demonstrates: - How to run a Kubernetes workload containing Keycloak, the popular OAuth2-Proxy in a sidecar and a Python-based application - How the application container will be intercepted with Gefyra in order to introspect the JSON Web Token - How to debug the source code and provide a solution. Attendees will leave this session ready to leverage sidecars for authorization (i.e. OAuth2) use-cases and to use Gefyra for debugging and developing Kubernetes-based applications in local Docker containers. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

In the ideal development practice, we secure, shape, and observe traffic between services with a single line of code. However, most environments have multiple types of applications running many versions across diverse workloads and platforms, from containers to public cloud to private datacenter. With so many platforms and application frameworks, you cannot use the same code libraries across all services to shape traffic, secure communications, or enhance observability. How can we reduce the development and operational complexity? In this session, you dive into why and how a service mesh can alleviate the management complexity of shaping, securing, and observing traffic across multiple platforms and environments. First, I'll provide a short introduction to the session's setup, which uses HashiCorp Consul and Envoy proxy on Kubernetes. Then, you will learn how to implement and debug traffic shaping and certificate management in the mesh. Finally, you will configure tracing and metrics collection for your service mesh application and examine the telemetry in Prometheus and Jaeger. We'll compare the experience of using a service mesh to various programming language implementations and discuss how to extend the mesh across different workloads. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

After all these years, the task of tuning Kubernetes microservice applications is a daunting task even for experienced Performance Engineers and SREs, often resulting in companies facing reliability and performance issues, as well as unexpected costs. In this session, we plan to first illustrate some less-known facts about Kubernetes key resource management and autoscaling mechanisms and show how properly setting pod resources and autoscaling policies is critical to avoid over-provisioning while ensuring services deliver the expected performance and resilience. We then demonstrate how a new approach leveraging ML techniques makes it possible to automatically tune both pod and runtime configurations to ensure any specified optimization goal, such as minimizing Kubernetes cost or maximizing application throughput, while respecting any SLOs, such as max response time and error rates. Results of real-world cases will be used to document how much this new approach can be effective to deliver higher operational efficiency tangible benefits. Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk

During this talk, a showcase will be presented on federating multiple backend GraphQL interfaces into one common interface, which is then consumed by the frontend. The services are orchestrated with Kubernetes running locally on the developer's machine. The frontend comes with a webpack development server and is built with Vue.js. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

DevOps engineers tend to be obsessed with their favorite tools and platforms. That could be Docker, Kubernetes, Terraform, Prometheus, Grafana, Crossplane, or any other among a myriad of those labeled as ""DevOps"". However, that is often missing the point of what we're trying to accomplish. The goal should be to enable everyone to be in complete control of their applications, including dependent services and infrastructure. DevOps is about having self-sufficient teams, and the only way to accomplish that is by providing services that everyone can consume. Instead of waiting for requests to create a cluster, perform security scanning, deploy an application, and so on, ops and other specialized teams should be enabling others to do those operations. That enablement is best accomplished by creating an Internal Developer Platform (IDP). This session will explore the architecture and the critical ingredients needed for an IDP. We'll also discuss the key benefits of an IDP, and we'll see, through a demo, how we could build one. We'll combine tools like Backstage, Argo CD, Crossplane, and quite a few others into a platform that everyone can use, no matter their experience level. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

SD-WAN is increasingly being used to stitch network connectivity between enterprise locations, and the applications running there. In many cases, Kubernetes provides the fine grained management for the microservices that compose those applications. The ability to influence the SD-WAN based on microservice metadata adds even greater power to the microservice application model and the SD-WAN. In hybrid/multicloud application deployments, optimizing service communication between remote locations is highly desirable and SD-WAN application routing capability is a nice addition to the operations toolbox. This talk will show how an SD-WAN controller, using Kubernetes configuration and state, can adapt the network for optimal application performance. The talk will provide a few use-cases showing what is possible today via custom tooling, as well as, go through possible future approaches. Other talks at this conference 🚀🪐 https://www.conf42.com​/cloud2022 — 0:00 Intro 1:27 Talk

Epsagon developers use OpenTelemetry excessively to create a sustainable observability product. But it wasn't always like this. This talk will share the story of Epsagon adopting OpenTelemetry into its systems, the mistakes that were made in the process, how it became a part of the OpenTelemetry community, and how it all came together with Epsagon being acquired by Cisco. This talk will cover: - Recent history of observability with an emphasis on OpenTelemetry - The different paths to use open source projects in general, and OpenTelemetry in particular, to create valuable products for your customers. - How to become a part of OpenTelemetry - Pitfalls to avoid when using OpenTelemetry (and open source in general) Other talks at this conference 🚀🪐 https://www.conf42.com/cloud2022 — 0:00 Intro 1:27 Talk