Microservices are definitely not for everyone! They are a great way of solving the sorts of problems you’ll get once you have initial success as a startup. If your initial idea is bad, it doesn’t matter whether you built it with microservices or not. Mambu has focused first on success and now is incrementally adopting microservices.
In this session we will touch, from a developer perspective, on how we did find approaches to address cross-cutting concerns (authentication through API Gateway, met compliance needs with DR for an open source event streaming platform or monolithic dinosaur containerization) that works well in our context and how we assessed different options and moved forward, while being open to change.
Is it ever safe to run untrusted code in containers? Should process isolation keep workloads in, or attackers out? What would it take to run a malware test lab in Kubernetes?
With fast startup times and consistent execution environments containers beat traditionally slow, monolithic VMs -- but with the advancement of micro VMs the boundaries have become blurred. It is increasingly difficult to know which isolation technology to choose for our next application. Can we run different workloads in different “container” types -- on the same cluster?
In this talk we:
- examine the history of trying to safely run unsafe processes
- compare and contrast the emerging generation of process isolation and security techniques
- rationalise the design decisions that drive each project
- demo how to break in, out, and learn about what workloads are best suited to run in each technology
Take any container running in your Kubernetes cluster. What can you say about it and with what level of certainty? Do you know where it came from? Could an attacker have modified it? Is it up-to-date? Can you identify the exact revision of the code that the image was built from?
This talk will look at what guarantees Kubernetes gives you out-of-the-box, and what you can do to establish a trustworthy and reliable workflow for deploying and updating images. Topics and tooling covered will include: - building images in a repeatable manner with BuildKit or Bazel - distributing images through registries - verifying provenance with secure hashes as well as Notary/TUF