CI/CD [clear filter]
Tuesday, November 19

10:55am PST

Building Reusable DevSecOps Pipelines on a Secure Kubernetes Platform - Steven Terrana, Booz Allen Hamilton & Michael Ducy, Sysdig
Onboarding development teams can often be the critical point in determining if a team will adopt modern Cloud Native and DevSecOps practices. If there is too much friction for developers to build, scan, and test their applications or to secure their application environments then these best practices are often pushed aside. In this talk we’ll cover how we automated the creation of a trusted software supply chain. Through a live demonstration, we will show how this approach accelerates adoption by allowing developers to inherit a preconfigured pipeline performing various security tests (and underlying tooling) as well as safeguards (via the CNCF Sandbox project Falco) put in place to monitor production workloads for security problems.

avatar for Steven Terrana

Steven Terrana

Chief Engineer, Booz Allen Hamilton
Steven is a Chief Engineer at Booz Allen Hamilton focused on building reusable capabilities for the Firm and industry. He uses these capabilities to help organizations adopt all things modern software delivery: DevSecOps, Cloud Infrastructure, Container Orchestration, and Microservice... Read More →
avatar for Michael Ducy

Michael Ducy

Director of Open Source, Sysdig
Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. His first workbench was given to him at the age of 5. His first programming... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

11:50am PST

Applying Policy Throughout The Application Lifecycle with Open Policy Agent - Gareth Rushgrove, Snyk
Open Policy Agent is built to be used as a library in other tools and there are already several open source projects using OPA as generic policy engine. This is powerful because it allows end users to invest in one use case, and reuse some of the same knowledge and tools, especially the Rego data assertion language, to solve other adjacent problems.

In this talk we will look at applying Open Policy Agent tools throughout the application lifecycle. We’ll explore:

* Writing unit tests for Kubernetes configuration (and Helm charts) using Conftest
* Defining a CI pipeline in code, and testing that using OPA
* Gating deployments to the cluster using Gatekeeper
* Auditing the cluster for security best practices, by porting the Kubesec ruleset to Rego
* Porting pod security policies to OPA
* Writing unit tests for the Rego policy code we wrote above

avatar for Gareth Rushgrove

Gareth Rushgrove

VP Product, Snyk
Gareth Rushgrove is VP of Product at Snyk, working remotely from Cambridge, UK, helping to build interesting tools for people to better secure their applications. He has previously worked for the UK Government Digital Service focused on infrastructure, operations and information security... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 29ABCD - San Diego Convention Center Upper Level

2:25pm PST

Managing Helm Deployments with Gitops at CERN - Ricardo Rocha, CERN
Kubernetes has taken a key role at CERN both for physics analysis and core IT services, simplifying and accelerating deployments and allowing a much higher rate of updates and upgrades.

This session will describe how helm is used for managing the description and configuration of the services. How CERN uses chartmuseum to maintain its private chart repositories, and how a custom plugin is used to manage secrets in the configuration, safely pushing encrypted payloads into git repositories. How a well defined structure of umbrella charts (sometimes referred to as meta charts) is used to define high level applications with complex dependencies, and how the notion of service variants and environments is exposed.

A demo will show the full gitops lifecycle for both production and canary deployments, relying on weave flux to quickly propagate changes to clusters.

avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer at CERN IT focusing on containerized deployments, networking and more recently machine learning platforms. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

3:20pm PST

Kubernetes in Your 4x4 – Continuous Deployment Directly to the Car - Rafal Kowalski, Grape Up
Automotive industry is getting more and more digitalized. Vehicles are not only a mean of transportation, but they pursue to be the drivers' control center with multiple software components onboard. To keep pace with evolving customer expectations and the newest technological solutions, vehicle's software requires frequent updates. However, the delivery process in a scaled up environment is not straightforward. Developers and operators have to face challenges, which are unusual in the typical Cloud Native world. Even basic service deployment may be complicated due to network performance or geographical considerations. During this talk, Rafał will show how to use Kubernetes, KubeEdge, k3s, Jenkins and RSocket for building continuous deployment pipelines, which ship software directly to the car, deals with rollbacks and connectivity issues.

avatar for Rafał Kowalski

Rafał Kowalski

Cloud Solution Architect, Grape Up
Rafał Kowalski is a Cloud Solution Architect at Grape Up and a PhD student at the Complex Theory System Department at the Institute of Nuclear Physics Polish Academy of Science. His professional career, as well as scientific work, is related to delivering robust, scalable cloud-based... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

4:25pm PST

Mario’s Adventures in Tekton Land - Vincent Demeester, Red Hat & Andrea Frittoli, IBM
Tekton is a Kubernetes-native, lightweight, easy to manage CI/CD pipelines engine. Pipeline building blocks can be reused, version controlled and curated in a catalogue that embeds best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD. The Tekton team wanted to make sure that the project is going in the right direction by "dogfooding" i.e. by using Tekton to run its own automation "plumbing". The initial continuous integration setup embedded most of the testing pipelines in bash scripts. The speakers replaced this with Tekton, hence improving the readability of the pipelines and the reproducibility of CI runs. Eventually, they moved onto continuously delivering Tekton and its pipelines via Tekton. In this talk, the speakers will tell their experiences about using a cloud-native pipeline system to test, release and continuously deploy itself.

avatar for Andrea Frittoli

Andrea Frittoli

Open Source Advocate, IBM
Andrea Frittoli is an Open Source Advocate at IBM. He has more than 10 years of experience serving open source communities. Andrea is the co-founder of CDEvents and a maintainer of Tekton. He serves as chair of the CD Foundation Technical Oversight Committee. Andrea is a frequent... Read More →
avatar for Vincent Demeester

Vincent Demeester

Principal Sofware Engineer, Red Hat
I'm a french developer, Gopher, sysadmin, factotum, free-software fan and unicode lover ; tektoncd, docker/moby maintainer, knative contributor amongst other project.

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
Wednesday, November 20

10:55am PST

A Series of Fortunate CloudEvents - Ian Coffey, Salesforce
Serverless and Eventing are two ultra-popular areas of tech right now, describing a broad set of ideas and capabilities that can service a range of possible systems. We are told that these concepts will expand and help define the next generation of web services.

That’s all well and good, but what is really going on inside these systems? What technology do those terms rely on and what does an Eventing workflow look like under the hood? Given the complexity and size of these projects’ codebases, it can be difficult to drill down and see what’s happening on a micro scale.

Together, we will discuss, operate and modify a running distributed system built with CloudEvents and Knative Eventing. The system will be based around the concept of an automated conversation between kubernetes services.

avatar for Ian Coffey

Ian Coffey

OSS ML Engineer, VMware
Ian Coffey has been in the platform and infrastructure business for 16 years and currently works on open source machine learning software at VMware. Away from work, Ian’s free time is usually spent adventuring with his wife and two little girls. He has an affinity for old amps and... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 5AB - San Diego Convention Center Upper Level

11:50am PST

Leveling Up Your CD: Unlocking Progressive Delivery on Kubernetes - Daniel Thomson & Jesse Suen, Intuit
Kubernetes Continuous Delivery methods have continued to evolve to more advanced strategies such as canary, A/B testing, and blue-green. Progressive delivery is the next step of CD, enabling service promotion for a subset of users in an automated fashion backed by metrics.

There’s no one-size-fits-all on what are the appropriate metrics to drive promotions. Often, the four golden signals (latency, traffic, errors, saturation) are used, but what if this isn’t enough? More sophisticated techniques might use algorithmic or even AI-driven analysis.
The Argo Experiment and Analysis CRDs provides simple constructs to drive automated promotion in an extensible fashion.

This session discusses how Intuit leverages experimentation and analysis, the challenges in providing an automatic but generic approach to analyzing experiments, and envisioning the future of declarative progressive delivery.

avatar for Jesse Suen

Jesse Suen

CTO, Akuity
Jesse Suen is the CTO and co-founder of Akuity. He is a co-creator and a project lead on the Argo project. Prior to founding Akuity, Jesse was a Principal Software Engineer and lead for the Argo team at Intuit, leading the design and architecture for Workflows, CD, and Rollouts. Jesse... Read More →
avatar for Daniel Thomson

Daniel Thomson

Software Engineer, Stytch
Danny Thomson is a software engineer at Stytch working to build the future of user authentication through passwordless options. Previously, Danny worked at Intuit on their Modern Saas platform and contributed to their open-source project: Argoproj. He believes that developer services... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

2:25pm PST

Krane: A Developer-Centric Deploy Tool - Daniel Turner & Katrina Verey, Shopify
Have you ever shipped changes to a Kubernetes app and found yourself wondering what actually happened? Krane is an open-source command-line tool created to solve this problem: it helps developers, especially those who may be new to Kubernetes, deploy with confidence.

Krane translates Kubernetes’ asynchronous convergence process into a clear pass/fail result for each deploy. It detects unsuccessful rollouts and shows developers the information they need to take corrective action. Krane also helps ensure dependencies are rolled out in a sane order, it natively supports custom resources, it allows developers to run scripts as part of their deploys, and more! Come find out what Krane can do, learn how its design makes it resilient and scalable, and discover how it may help your organization provide a better developer experience for Kubernetes apps.

avatar for Daniel Turner

Daniel Turner

Senior Software Developer, Shopify
Daniel Turner is a senior software developer at Shopify. He is part of the team building Shopify’s Kubernetes-based platform-as-a-service. He came to the team after working on deploying and running Kubernetes in Shopify’s data centers. Daniel is an experienced speaker and currently... Read More →
avatar for Katrina Verey

Katrina Verey

Senior Staff Software Developer, Production Engineering, Shopify
Katrina is a senior staff software developer working in Production Engineering at Shopify. She is passionate about upstream participation, and is delighted to be serving the Kubernetes community by co-leading SIG-CLI and its Kustomize and KRM Functions subprojects. She has been working... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

3:20pm PST

Panel: GitOps User Stories - Tamao Nakahara, Weaveworks; Javeria Khan, Palo Alto Networks; Hubert Chen, Branch; Stefan Prodan, Weaveworks; & Edward Lee, Intuit
The expression, GitOps, has taken off and resonated in the Kubernetes community since its launch by Weaveworks in 2017. GitOps is a way to do Continuous Delivery by using git as a single source of truth for declarative infrastructure and applications.
Meet actual GitOps practitioners in this panel, hear their use cases, challenges, constraints, and which tools they use to execute GitOps. If you’ve been wanting to get started, learn from these actual solutions:

*Automated Helm-based deployments for code and infrastructure changes through Jenkins and GitLab at Palo Alto Networks
*Simplified access control for Kubernetes clusters using Weave Flux at Branch
*Flux, Terraform and Vault, oh my! Unique ways Under Armour leverages GitOps
*GitOps at Scale: Patterns and processes enabling Intuit to manage thousands of applications and repositories, across 100+ clusters using Jenkins and Argo CD

avatar for Tamao Nakahara

Tamao Nakahara

Juozas Gaigalas is a Developer Experience Engineer at Weaveworks, the creator of GitOps. Juozas works on extensions for the CNCF graduated project, Flux (and its subproject, Flagger).

avatar for Stefan Prodan

Stefan Prodan

Principal Engineer, Weaveworks
Stefan is a Principal Engineer at Weaveworks and an open source contributor to cloud-native projects. He is the creator of Flagger the progressive delivery operator for Kubernetes, and a core maintainer of the CNCF's Flux project. Stefan has over 15 years of experience with software... Read More →

Hubert Chen

Infrastructure Manager, Branch
Hubert manages infrastructure at Branch and has been a long time system administrator. Branch has run Kubernetes in production for three years and uses it as a primary processing platform for ten billion API requests per day. His interests include Kubernetes, distributed systems and... Read More →
avatar for Ed Lee

Ed Lee

Fellow and Chief Architect of Development Platforms, Intuit
Ed is a Fellow and Chief Architect of Development Platforms at Intuit. Over the past three years, Intuit has increased its development velocity by six fold by platformizing kubernetes, observability and operational excellence, and has plans to increase it by another six fold in the... Read More →
avatar for Javeria Khan

Javeria Khan

Senior Site Reliability Engineer, Palo Alto Networks
Javeria Khan is a Senior SRE, and has been working with Kubernetes for the past 3 years. In her current position, she supports building and maintaining multiple on-prem Kubernetes clusters, along with their CI/CD pipelines. As a part of different infrastructure teams, she has experience... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

4:25pm PST

Developer Experience on CD: Build a CD Platform to K8s that Developers Love - Euccas Chen & Tobi Ogunnaike, Pinterest
Application Deployment on K8S can be quite convoluted, especially for an organization that operates thousands of microservices. Pinterest is a visual discovery engine that serves over 250MM users.
For successful adoption of K8S, it is imperative to provide a well integrated self-serve CI/CD platform that abstracts K8S complexities & offers a simple path of migration for existing workloads. This talk will discuss how we build a Continuous Delivery system for Kubernetes at Pinterest, and how we help engineering teams to deploy and migrate their services onto Kubernetes.
Topics include:
  1. Kubernetes and deployments at Pinterest
  2. Introducing Hermez and the Continuous Delivery experience on K8S
  3. How do we design and build the CD system, and lessons we learned
  4. Our journey of onboarding and migrating services to the new CD system and K8S

avatar for Euccas Chen

Euccas Chen

Software Engineer, Pinterest
Euccas Chen is a software engineer at Pinterest. As an engineer on the core infrastructure team, she worked on the design and implementation of Pinterest’s continuous delivery platforms, including Teletraan and Hermez. She is passionate about cloud native development and improving... Read More →
avatar for Tobi Ogunnaike

Tobi Ogunnaike

Software Engineer, Pinterest
Product engineer building the future of CI/CD at Pinterest. Previously, I designed and built core features on the foundational systems at Pinterest that solve the problems of infrastructure ownership and infrastructure governance. I'm thrilled whenever I see web apps with intuitive... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Filter sessions
Apply filters to sessions.