►
From YouTube: Sponsored Keynote: Day 2 with Kubernetes - This Is Fine! - Vaibhav Kamra, Chief Technology Officer
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Sponsored Keynote: Day 2 with Kubernetes - This Is Fine! - Vaibhav Kamra, Chief Technology Officer, Kasten by Veeam
A
Hello-
everyone
it's
great
to
be
here
at
kubecon
eu.
My
name
is
web
of
camara
and
I'm
the
cto
here
at
cast
and
by
veeam
at
castin.
We
focus
on
data
protection,
so
backup
and
recovery
for
kubernetes
applications.
This
is
my
sixth
year
here
at
kubecon.
It's
really
an
amazing
event.
I
love
coming
here
because
it's
a
great
way
to
learn
what
the
community
has
been
doing
as
well
as
share
experiences
with
with
everybody
out
there
in
the
same
journey.
A
So
in
that
spirit,
what
I'd
like
to
do
today
is
talk
a
little
bit
about
our
experiences
with
our
kubernetes
platform
development,
as
well
as
what
we've
observed
working
with
a
large
number
of
customers
as
they've
scaled
out,
the
number
of
users,
the
number
of
clusters,
the
number
of
applications
they
have
and
really
the
challenges
they
ran
into.
This
is
very
much
a
here
and
now
problem.
A
If
we
look
at
the
most
recent
cncf
survey,
80
of
us
who
took
the
survey
indicated
that
we
are
running
kubernetes
in
production
and
what
we're
also
seeing
is
that
the
journey
from
pilot
to
production
it's
going
much
faster
just
because
of
the
maturity
of
the
tooling
that's
out
there,
as
well
as
all
the
learnings
and
education
that's
available
to
us
now.
Security
and
business
continuity
are
two
key
challenges
that
I
wanted
to
focus
on.
How
do
we
keep
make
sure
our
environments
are
secure
both
from
internal
and
external
threats
from
breaches?
A
If
vulnerabilities
show
up,
how
are
we
going
to
address
them
soon
and
fast?
How
are
we
going
to
detect
those
things?
How
are
we
going
to
deal
with
ransomware,
so
these
are
some
of
the
key.
What
we
call
day,
two
challenges,
things
that
show
up
after
you've
gone
through
the
initial
stage
of
of
platform
development,
a
lot
of
issues
that
we
observe
actually
come
down
to
misconfigured
access,
that
is,
our
users
or
tenants,
have
too
much
access
to
the
platform.
A
A
It's
not
just
direct
access
to
api
resources
that
you
have
to
worry
about,
sometimes,
but
what
access
to
other
operators
do
users
have
in
this
environment?
Do
these
operators
that
often
have
privileged
access
to
the
cluster?
Do
they
expose
apis
that
allow
you
to
control
who
can
access
it
or
who
cannot?
Because
if
not,
then
users?
This
can
be
privileged
escalation
just
because
a
user
has
access
to
one
of
the
operator
apis
that
lets
them
do
something
that
they
shouldn't
be
allowed
to
do.
A
So
if
there
was
a
vulnerability
discovered
if
there's
a
zero
day
exploit
that
needs
to
be
a
patch
needs
to
be
rolled
out
for
can
we
do
this
fast
enough
without
business
with
with
minimum
business
impact,
because
not
being
able
to
do
that
just
leaves
us
vulnerable
as
well,
and
then
lastly,
the
third
one
I
wanted
to
talk
about
is
ransomware.
It's
a
big
topic
right
now.
It
has
a
large
financial
and
business
impact.
A
A
So
what
are
the
recommendations
and
learnings
over
here
so
well?
First
plan
early
on,
we
often
talk
about
shift
left
in
these
environments
and
what
that
means
is
planning
and
implementing
processes
that
are
required
for
production
as
early
as
possible
in
the
life
cycle
of
the
platform
in
dev
and
test
environments.
You
really
want
that
to
happen
early.
A
The
second
one
is
is
automation.
Automation
is
key
for
everything
we
do
in
in
the
cloud
native
world,
and
it's
no
different
over
here,
so
having
automation,
for
example,
that
builds
over
tooling,
like
oppa,
which
is
open
policy
agent
for
our
back
rule
creation
or
by
policy
creation.
That's
something
that
we've
seen
our
customers
do,
and
and
really
helps
with
that
misconfigured
access
issue
that
I
had
talked
about:
having
automation
to
roll
out
new
clusters
to
migrate
applications
over
from
your
old
clusters
that
need
to
be
patched
over
to
these
new
environments.
That's
also
key.
A
You
do
not
want
to
be
in
the
situation
or
we
don't
want
to
be
in
the
situation
where
we're
we're
stuck
with
environments
that
are
vulnerable.
That
need
to
be
patched,
and
we
can't
do
that
because
there's
a
large
business
impact.
So
that's
another
recommendation
over
here
and
then.
Lastly,
around
business
continue
to
have
a
plan
in
place
not
just
to
deal
with
things
like
user
error
or
or
disaster,
but
to
deal
with
things
like
ransomware
having
immutable
encrypted
backups
version
backups
available,
so
that
you
can
deal
with
such
issues
is
key
over
here.
A
The
basic
principles
here
are
not
very
different
from
our
operational
experiences.
In
other
environments,
it
comes
down
to
planning
detection
mitigation
planning
for
this
early
on
and
automating
all
of
the
things
that
we
we
just
talked
about.
Thank
you,
everyone
for
listening.
I,
I
hope
you
have
a
great
coupon,
so
thank.