Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

•

0 gostou•41 visualizações

Nico will show how to prevent your Kubernetes cluster from being hijacked by introducing you to best practices as well as useful open-source projects based on real-world examples. You’ll learn everything you need to know to build and run secure Kubernetes clusters including: - basics like shift left and container image security - ensure supply chain security - implement Kubernetes policies - introduce Kubernetes network security - rely on Container Runtime Security - many more… Don't miss this session to learn everything you need to know to securely run your Kubernetes-based workloads.

Tecnologia

How to Prevent Your Kubernetes Cluster
From Being Hacked
ContainerDay Security 2023

Nico Meisenzahl
• Head of DevOps Consulting & Operations
at white duck
• Microsoft MVP, GitLab Hero
• Cloud Native, Kubernetes & Azure
© white duck GmbH 2023
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org

Why do we need to care about security?
https://www.redhat.com/en/resources/state-kubernetes-security-report
© white duck GmbH 2023

It can be quite simple …
• you don't think so?
• check out my “Hijack Kubernetes” talk
• https://github.com/nmeisenzahl/hijack-kubernetes
• recordings on Youtube
© white duck GmbH 2023

Security quick wins through the DevOps cycle
© white duck GmbH 2023

You should think about
• rely on best practices and quick wins to get started
• ensure secure application & deployment code
• build secure container images
• implement Kubernetes policies
• introduce Kubernetes network policies
• many more …
© white duck GmbH 2023

Things we will focus on today
• build secure images with Wolfi
• image verification with Cosign
• container runtime security with Tetragon
© white duck GmbH 2023

Build secure images with Wolfi
• “the first Linux (Un)distro designed for securing the
software supply chain”
• Undistro what? à Distroless v2
• provides a high-quality, build-time SBOM as standard for
all packages
• packages (based on apk) are designed to be independent
• fully declarative and reproducible build system
© white duck GmbH 2023

Demo: Wolfi in Action
• we will build a Wolfi as base image
• compare against others (size, vulnerabilities)
• then build an image declarative and reproducible with
apok & melange
• more details
• https://edu.chainguard.dev/open-source/wolfi
• https://github.com/wolfi-dev
• https://github.com/chainguard-dev/melange
• https://github.com/chainguard-dev/apko
• https://github.com/chainguard-images/images/tree/main/images/node
© white duck GmbH 2023

Image verification with Cosign
• “Cosign signs OCI containers using Sigstore”
• integrated with K8s policies Cosign allows validating the
source of images
• verifying third-party images
• signing and validating your own images
• integrations are available with OPA Gatekeeper and
Kyverno
© white duck GmbH 2023

Demo: Cosign and Kyverno in Action
• we will deploy a policy
• then run signed and unsigned images
• more details
• https://kyverno.io
• https://github.com/sigstore/cosign
• https://www.sigstore.dev
© white duck GmbH 2023

Container Runtime Security with Tetragon
• “eBPF-based Security Observability and Runtime
Enforcement”
• gives you awareness into your cluster
• without that you won't know what is going on
• alerts you on malicious events and workloads
• real-time enforcement
© white duck GmbH 2023

Demo: Tetragon in Action
• we will inject into a Pod via Log4Shell
• then observe the process execution
• and finally block it
• more details
• https://github.com/cilium/tetragon
• don’t miss the workshops later today!
© white duck GmbH 2023

Questions?
• Slides
• https://www.slideshare.net/nmeisenzahl
• Demo
• https://github.com/nmeisenzahl/prevent-your-k8s-from-being-hacked
© white duck GmbH 2023
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org

Mais conteúdo relacionado

Semelhante a Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

Nico will show how to hijack a Kubernetes cluster based on common attack vectors. You'll also learn why it's important to implement zero-trust to prevent data leaks and malicious workloads from being executed on a hijacked cluster. Furthermore, he will show you how to protect your cluster from being taken over by sharing useful insights, configurations, and toolsets. This talk is not intended to be an in-depth security talk, but to provide you with best practices and also make you aware of certain attack vectors and how to prevent them.

Continuous Lifecycle: Hijack Kubernetes

Nico Meisenzahl

Microsoft DevOps Forum 2021 – DevOps & Security

Nico Meisenzahl

Join Nico to learn how to enhance your Kubernetes CI/CD pipelines with GitLab FOSS/CE features as well as Open Source projects. Learn how GitLab can help you to better integrate your CI/CD pipelines with Kubernetes. Nico will talk about newer GitLab FOSS/CE features like the Web Application Firewall for Kubernetes Ingress, Monitoring and Logging as well as Serverless with Knative. Besides this, you will also learn how Open Source projects like Kaniko and Kustomize can help you to streamline your pipelines. Walk away with knowledge and best practices that will help you to enhance your own Kubernetes CI/CD Pipelines with Gitlab and Open Source!

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...

Cloud Native Rosenheim Meetup

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...

Nico Meisenzahl

Azure Rosenheim Meetup: Azure Service Operator

Nico Meisenzahl

Hijack a Kubernetes Cluster - a Walkthrough

Nico Meisenzahl

In this talk, Nico will introduce you to the Azure Service Operator project. The Azure Service Operator allows you to manage your Azure resources with a cloud-native approach using a Kubernetes Controllers and Custom Resource Definitions (CRDs). We will show you how Azure Service Operator works and share how customers and partners use it to take their Azure infrastructure management to the next level. Get insights into how Azure Service Operator can help you to package your application with its infrastructure dependencies, how you can use a GitOps approach to manage your Azure infrastructure, or how Azure Service Operator allows you to create your own composable abstraction to build your own implementations and self-service solutions. Walk away and know everything you need to know to successfully provision your Azure resources with Azure Service Operator.

Azure Service Operator - Provision Your Resources in a Cloud-Native Way

Nico Meisenzahl

FestiveTechCalendar2021 - Have Yourself An Azure Container Registry

Philip Welz

The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines! Use containerized GitLab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. If you are building a Go project, deploying an app to Kubernetes or just building your infrastructure. It doesn’t matter, anything is possible! Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with GitLab CI/CD, Kubernetes and Kaniko.

Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...

Nico Meisenzahl

GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...

Nico Meisenzahl

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines! Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton - an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.

DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD

Nico Meisenzahl

Containerisierte Anwendungen sind zu einem wesentlichen Bestandteil unseres täglichen Lebens geworden. Wir bauen diese mehrmals täglich, sowohl innerhalb unserer CI-Pipelines als auch lokal zu Debugging- und Testzwecken. Vor einigen Jahren konnten wir hierzu nur auf "docker build" zurückgreifen. Inzwischen gibt es jedoch viele alternative Projekte, die verschiedene Funktionen und Vorteile bieten. Nico führt Sie in diesem Vortrag in die Evolution der Container-Builds ein. Sie erhalten Einblicke in Werkzeuge wie BuildKit, buildx, Kaniko, buildah, img und weitere. Neben den Unterschieden werden Sie auch die Vor- und Nachteile der einzelnen Tools kennenlernen. Nach diesem Vortrag wissen Sie alles, was Sie benötigen, um Ihre Container Builds auf die nächsten Level zu heben.

Die Evolution von Container Image Builds

Nico Meisenzahl

GitHub Actions 101

Nico Meisenzahl

Secure Your Code Implement DevSecOps in Azure

kloia

Learn how to eliminate any dependencies on your CI/CD build nodes and don’t bother yourself with multiple versions of your toolchain and any corresponding constraints. Walk away with knowledge and best practices that will help you to optimize your builds and deployments with containerized pipelines Use containerized Gitlab CI/CD pipelines and Kaniko to move your build and deployment workloads into your Kubernetes cluster. Build your apps and infrastructure without any external dependencies and constraints. You are building a Go project, deploying an app to Kubernetes or building your infrastructure. It doesn’t matter. Anything is possible! Nico will also introduce you to Tekton – an open source project which helps you building a cloud native toolchain by moving your whole CI/CD into Kubernetes. Join Nico on a deep dive into the secrets of building hassle-free containerized build and deployment pipelines with Gitlab CI/CD, Kaniko and Tekton.

DevOpsCon London: How containerized Pipelines can boost your CI/CD

Nico Meisenzahl

Containerized Workloads sind mittlerweile nicht mehr aus unserem Alltag wegzudenken. Warum also nicht auch Container und deren Vorteile als Grundlage unserer Build- und Deployment-Pipelines nutzen? Nico wird in seinem Talk über die Grundlagen und Vorteile von Containerized Pipelines sprechen sowie nützliche Best Practices vorstellen, die sich direkt umsetzen lassen. Darüber hinaus wird Nico die folgenden Themen anhand von Demos präsentieren und vertiefen: * Pipeline Workload auf Kubernetes mit Hilfe von Gitlab Runner * Docker Image Builds mit Kaniko * Ausblick auf Kubernetes-native Pipelines mit Tekton

Containerized Build & Deployment Pipelines

Nico Meisenzahl

Docker Rosenheim Meetup: Policy & Governance for Kubernetes

Nico Meisenzahl

Lernen Sie, wie Sie mit containerisierten Pipelines Abhängigkeiten in Ihren CI/CD-Umgebung eliminieren, um sich nicht mit verschiedenen Versionen Ihrer Toolchain und Abhängigkeiten herumschlagen zu müssen. Nutzen Sie die containerisierten Gitlab CI/CD-Pipelines und Kaniko, um Build- und Deployment-Workloads in Ihrem Kubernetes-Cluster zu verlagern. Stellen Sie Ihre Microservices und/oder Infrastruktur ohne externe Abhängigkeiten und Einschränkungen bereit. Nico wird Sie auch in Tekton einführen - ein Open-Source-Projekt, das Ihnen hilft, eine Cloud-native Toolchain aufzubauen, indem Sie Ihr gesamtes CI/CD (Workload sowie Konfiguration) in Kubernetes verlagern. Begleiten Sie Nico auf einem Deep Dive in die Geheimnisse von containerisierten Build und Deployment Pipelines mit Gitlab CI/CD, Kaniko und Tekton.

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

Nico Meisenzahl

Join this talk to learn about Azure Service Operator v2. In the first part, we will introduce Azure technologies like Azure Service Operator v2, Azure Workload Identity, and GitOps for Azure Kubernetes Service. We will explain how they are linked together to provision Azure resources from Kubernetes. In the second part, we will then show step-by-step how to deploy an application to Kubernetes together with the needed Azure resources only using Git. So don't miss joining us!

AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...

Philip Welz

Semelhante a Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked (20)

Continuous Lifecycle: Hijack Kubernetes

Microsoft DevOps Forum 2021 – DevOps & Security

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...

GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...

Azure Rosenheim Meetup: Azure Service Operator

Hijack a Kubernetes Cluster - a Walkthrough

Azure Service Operator - Provision Your Resources in a Cloud-Native Way

FestiveTechCalendar2021 - Have Yourself An Azure Container Registry

The Future of Workflow Automation Is Now- Hassle-Free ARM Template Deploymen...

Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...

GitLab London Meetup: How Containerized Pipelines and Kubernetes Can Boost Yo...

DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD

Die Evolution von Container Image Builds

GitHub Actions 101

Secure Your Code Implement DevSecOps in Azure

DevOpsCon London: How containerized Pipelines can boost your CI/CD

Containerized Build & Deployment Pipelines

Docker Rosenheim Meetup: Policy & Governance for Kubernetes

Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das

AzDevCom 2022 - YAMLize your infrastructure with the Azure Service Operator a...

Mais de Nico Meisenzahl

Cloud-native technologies have revolutionized the way we build and deploy applications, enabling greater scalability, flexibility, and reliability. In this talk, Nico will explore the concept of sustainability in the context of cloud-native workloads and discuss the benefits of building sustainable applications. Nico will cover best practices for designing and implementing sustainable cloud-native workloads, as well as share real-world examples. This talk will guide you through the technical details of sustainable cloud-native workloads and provide actionable steps for everyone interested in building sustainable applications in the cloud.

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads

Nico Meisenzahl

Festive Tech Calendar: Festive time with AKS networking

Nico Meisenzahl

ContainerConf 2022: Kubernetes is awesome - but...

Nico Meisenzahl

… you should also know when not to use it. This is what Philip and Nico will talk about in this session. They will share all the things they have learned and seen over the past years. Philip and Nico share real-world examples of what they've seen in projects and tell you what went wrong and what could have been done better. And why Kubernetes has been the wrong choice for some of them. Applications and use-cases that do not fit Kubernetes are just one example we will talk about. Join this talk to learn how to take full advantage of Kubernetes and learn where it fits to run your workload successfully. That said: We love Kubernetes!

Cloud Love Conference: Kubernetes is awesome, but...

Nico Meisenzahl

You are already running Kubernetes-based workloads on Azure Kubernetes Service and want to get more out of it? This is your session! In this talk, Nico will show you all the nice features you get with AKS besides just Kubernetes. Learn all the details about the available add-ons, integrations, and toolsets to integrate and secure your Kubernetes-based applications. Furthermore, Nico will give a preview of potential new features from the AKS roadmap.

Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...

Nico Meisenzahl

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with Open Policy Agent. Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join this session to learn all the details on how to stay compliant with project dependencies or control your Infrastructure and Kubernetes deployment pipelines.

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...

Nico Meisenzahl

Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with GitLab CI and Open Policy Agent. Philippe and Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join our session to learn how to improve compliance, from gating your dependencies to controlling your infrastructure.

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

Nico Meisenzahl

Infrastructure-as-code is key to keeping up with our rapidly changing world. In this talk, you will learn everything you need to get started with Terraform on Azure. Nico will show you all the fundamentals and best practices you need to know to use Terraform on Azure. Furthermore, you will learn how to scaffold a production-ready and secure Terraform project that you can use as a blueprint for your environments. Join Nico and walk away with all the details you need to use Terraform in production!

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

Nico Meisenzahl

In this session, Nico will talk about Helm and Operators as well as the battle between them. If you ever ask yourself one of the following questions, this talk is the right one for you: "Do I have to decide?" "Do I need to learn both?" "What are the best tools for my use-case?" In short: There is no battle. Both tools have different scopes. Nico will talk about the pros and cons, and what the projects themselves focus on. Join his talk to learn more!

DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?

Nico Meisenzahl

Cloud native environments are a double edged sword - used right, the benefits are immense. However, it also introduces multiple entry points for example security breaches. In this session, Nico will show how application vulnerabilities make it easy to hijack a Kubernetes cluster. He will also talk about why it's important to implement zero-trust to prevent data leaks and malicious workloads from being executed on a hijacked cluster. In addition, you will learn how GitLab can protect you from being hijacked. Nico will talk about how to create more secure applications by using Static Application Security Testing (SAST) as well as how to secure your Kubernetes cluster with Container Host Security, Container Network Security or a Web Application Firewall.

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...

Nico Meisenzahl

Every time we start a new project or learn a new technology, we're looking for zero to hero guides to help us get started quickly and easily. In most cases, however, these guidelines are not intended to be production-ready and secure. Join Nico and dive into the secrets and best practices of how to create fast, secure and production-ready Dockerfiles for your .NET Microservice. Walk away and learn everything you need to take your container builds to the next level.

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!

Nico Meisenzahl

In diesem Vortrag sprechen wir darüber, wie sich die Entwicklung und Bereitstellung von Cloud-nativen Anwendungen in der Zukunft verändern wird. Cloud-native Anwendungen, die oft auf Microservices und Kubernetes basieren, werden immer häufiger genutzt und sind inzwischen sehr verbreitet. Jedoch ist die Hürde noch immer recht hoch. Wir glauben, dass eine weitere Abstraktion notwendig ist, damit sich Entwickler und Administratoren auf ihre Arbeit konzentrieren können, anstatt sich mit zu vielen Implementierungsdetails zu beschäftigen. Aus diesem Grund möchten wir Ihnen die folgenden Open-Source-Projekte vorstellen: * Distributed Application Runtime (dapr) - Eine quellenoffene Laufzeitumgebung, die es Entwicklern leicht macht, robuste microservice-basierte Applikationen zu entwickeln. * Service Mesh Interface - Eine Standardschnittstelle für Service Meshes auf Kubernetes. Das Ziel ist es, einen gemeinsamen, portablen Satz von Service-Mesh-APIs bereitzustellen, den Entwickler und Administratoren providerunabhängig nutzen können. Verpassen Sie den Vortrag von Martin und Nico nicht und erhalten Sie nützliche Einblicke in die Zukunft der Entwicklung und des Betriebs Cloud-nativer Anwendungen.

Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021

Nico Meisenzahl

Join Nico, Philippe, and Wayne for a session full of Containers, Kubernetes, and security! In this talk, you will learn how GitLab Defend features can help you to effectively secure your applications and services. We will guide you through different features using real-scenarios use-cases and demos with demonstrations from the perspectives of a software developer, security engineer, and hacker. You will learn how to secure your application ingress using the Web Application Firewall, securing east-west application traffic with Container Network Security as well as threat detection with Container Behaviour Analytics. Everything within your GitLab project! Walk away and know everything you need to know to successfully secure your cloud native applications and services!

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...

Nico Meisenzahl

Mais de Nico Meisenzahl (13)

Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads

Festive Tech Calendar: Festive time with AKS networking

ContainerConf 2022: Kubernetes is awesome - but...

Cloud Love Conference: Kubernetes is awesome, but...

Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...

Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...

GitLab Commit: Enhance your Compliance with Policy-Based CI/CD

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...

Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!

Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...

Último

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

ICT role in 21st century education and its challenges

rafiqahmad00786416

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Exploring Multimodal Embeddings with Milvus

Zilliz

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

1. How to Prevent Your Kubernetes Cluster From Being Hacked ContainerDay Security 2023

2. Nico Meisenzahl • Head of DevOps Consulting & Operations at white duck • Microsoft MVP, GitLab Hero • Cloud Native, Kubernetes & Azure © white duck GmbH 2023 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org

3. Why do we need to care about security? https://www.redhat.com/en/resources/state-kubernetes-security-report © white duck GmbH 2023

4. It can be quite simple … • you don't think so? • check out my “Hijack Kubernetes” talk • https://github.com/nmeisenzahl/hijack-kubernetes • recordings on Youtube © white duck GmbH 2023

6. You should think about • rely on best practices and quick wins to get started • ensure secure application & deployment code • build secure container images • implement Kubernetes policies • introduce Kubernetes network policies • many more … © white duck GmbH 2023

7. Things we will focus on today • build secure images with Wolfi • image verification with Cosign • container runtime security with Tetragon © white duck GmbH 2023

8. Build secure images with Wolfi • “the first Linux (Un)distro designed for securing the software supply chain” • Undistro what? à Distroless v2 • provides a high-quality, build-time SBOM as standard for all packages • packages (based on apk) are designed to be independent • fully declarative and reproducible build system © white duck GmbH 2023

9. Demo: Wolfi in Action • we will build a Wolfi as base image • compare against others (size, vulnerabilities) • then build an image declarative and reproducible with apok & melange • more details • https://edu.chainguard.dev/open-source/wolfi • https://github.com/wolfi-dev • https://github.com/chainguard-dev/melange • https://github.com/chainguard-dev/apko • https://github.com/chainguard-images/images/tree/main/images/node © white duck GmbH 2023

10. Image verification with Cosign • “Cosign signs OCI containers using Sigstore” • integrated with K8s policies Cosign allows validating the source of images • verifying third-party images • signing and validating your own images • integrations are available with OPA Gatekeeper and Kyverno © white duck GmbH 2023

11. Demo: Cosign and Kyverno in Action • we will deploy a policy • then run signed and unsigned images • more details • https://kyverno.io • https://github.com/sigstore/cosign • https://www.sigstore.dev © white duck GmbH 2023

12. Container Runtime Security with Tetragon • “eBPF-based Security Observability and Runtime Enforcement” • gives you awareness into your cluster • without that you won't know what is going on • alerts you on malicious events and workloads • real-time enforcement © white duck GmbH 2023

13. Demo: Tetragon in Action • we will inject into a Pod via Log4Shell • then observe the process execution • and finally block it • more details • https://github.com/cilium/tetragon • don’t miss the workshops later today! © white duck GmbH 2023

14. Questions? • Slides • https://www.slideshare.net/nmeisenzahl • Demo • https://github.com/nmeisenzahl/prevent-your-k8s-from-being-hacked © white duck GmbH 2023 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org

Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked

Semelhante a Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked (20)

Mais de Nico Meisenzahl

Mais de Nico Meisenzahl (13)

Último

Último (20)

Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked