The ninth TechTalkThursday took place on 19 March 2020 in our cafeteria. Many thanks to all participants and the presenters.
Shortly before the Federal Council of Switzerland prohibited all events and not only those with more than a thousand people, we had our TechTalk with 20 techtalkers.
Thomas Hug, CEO of nine introduces the two speakers Reto Bollinger of Nine Internet Solutions AG and Daniel Lorch of Swisscom.
Reto Bollinger about GitOps and Security
Reto Bollinger talks about opportunities to create more security through #GitOps. A deployment that is defined by a yaml file allows the administrator to restrict debugging access to read-only. Fixes are not done manually through SSH but with an adaption of the yaml file which is pushed to Git. GitOps means, everything is declared, we do not depend on external states but declare these states and we change only the declaration of instances but do not work on actual instances. Yaml files are used to declare the deployment, the CI/CD pipelines and the monitoring system. Any changes should be incremental and tested. Public repositories should be mirrored if you require long lasting states.
From the perspective of confidentiality, it is still possible to accidentally misconfigure i.e. permissions. But it is documented and traceable. Using Git, merge requests can be configured to require approval (4 eyes principle) and they can be checked for suspicious patterns. Integrity can’t be broken since everything is declarative. From the perspective of availability it either runs or it doesn’t. If it doesn’t revert to its previous state, rolling out quick-fixes definitively takes longer but changes and fixes are of better quality.
Daniel Lorch about Prometheus Operators
The Prometheus Operator: Managed Prometheus setups for Kubernetes. Do you need monitoring and alerting for services running on your Kubernetes clusters? Then the Prometheus Operator is something you should evaluate. It is customizable and comes with preconfigured Grafana dashboards. Looking for fully managed services? nine can help!
Gene Kim proposed ‘The Three Ways’ of DevOps: 1. Flow: optimize from the idea until the business idea throughout the organization. 2. Feedback: get feedback from customers or technical systems like monitoring, 3. Continual Learning: improve your system, thus closing the feedback loop.
This talk covers the feedback part of applications that can be done with Prometheus. Prometheus is for Monitoring and Alerting. It allows you to add instrumentation to your code or you can use one of the available exporters for your services. It uses a pull-based mechanism to scrape metrics from the services (using HTTP) and has a built-in time series database to store retrieved values. The Prometheus Operator is a Managed Prometheus setup for Kubernetes.
We’re committed to continue the event series and are very happy about the speakers offering their time and the participants to exchange with each other at the social part. Feel free to share the events with your friends in order to grow the event a bit further. We’re always looking for presenters and sponsors, get in touch with your preferred contact at nine if you would like to contribute anything.
The next TechTalkThursday will take place on the 4th of June via Google Meet!(https://www.meetup.com/ninetechtalkthursday/events/269482604/)
On this occasion, we would like to once again thank our speakers for presenting!