GitLab / GitLab Tech Talks

How do you visualize your environments when some loads are deployed with push-based approaches from your CI/CD pipeline while others are managed by GitOps? How can you manage access when your teams live primarily in your Git tool, not in the Kubernetes cluster? At GitLab, we tried tackling this problem with different strategies, leveraging the Kubernetes API, user impersonation, and more RBAC strategies. Join this talk to learn more about the iterations we made on the way: From talking to hundreds of users to leveraging the GitLab platform to come up with a solution for environment visualization. This talk will walk you through environment management in GitLab and visualizing cluster resources for users. We will dive into the frontend framework in detail, and show you how to use it for your use cases.

Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

From Monitoring to Observability: Left Shift your SLOs with Chaos - Michael Friedrich, GitLab

Security has shifted left in CI/CD pipelines. Traditional service monitoring moved on with metrics, logs and traces and observability embraces the unknown unknowns. Developers and SREs are instrumenting applications with distributed tracing. How do service level objectives (SLOs) add to the bigger picture? This talk invites into a developer’s tale about ops deployment scalability, availability threshold definitions and measuring application performance. What are the benefits of app instrumentation, metrics and traces and where does the journey start? Dev becomes Ops: SLOs need to be well understood and simulated early in the development process. New building blocks come to play: Continuous Delivery, quality gates and chaos engineering - is it possible to left shift SLOs with Chaos in your CI/CD pipelines?

At GitLab, we’ve built an extensive framework for defining service level indicators (SLIs) for our different services. This allows us to take a simple definition, and turn that into dashboards and alerts. There are different owners involved: Infrastructure and stage groups. The SLIs we use to monitor GitLab.com are attributed to groups building the features we run. Everyone is held to the same 99.95% SLO, everyone can contribute to our observability.

Join this talk to learn about the challenges with SLOs and error budgets. Hear how we are aggregating our infrastructure SLIs by features groups, and how we are involving groups in improving our SLI definitions.

Developers and SREs are instrumenting applications and apply observability workflows with metrics, traces, logs, and beyond. The first service level objective (SLO) is defined, now what - wait for the first production incident?

Think of day-2-Ops: SLOs need to be well understood and simulated early in the development process. False-positive alerts can lead to on-call fatigue. How to simulate an incident? Add chaos to production and simulate network failures, broken apps, etc. - and validate the SLOs. Developers can add their own chaos experiments too.

Join this talk to learn how SLOs can be shifted left with chaos, and get inspired by new tools and workflows for your production environment.

This talk introduces a developer`s view on using cloud native resources and mistakes turned into visible failures. Learn about the first steps with metrics, SLOs and app instrumentation, quality gates in a CI/CD pipeline, and chaos engineering - my experience in the past 15 years.

Michael Friedrich is a Senior Developer Evangelist at GitLab focussing on backend dev, ops and sec. He studied Hardware/Software Systems Engineering and moved into a role on DNS and monitoring development at the University of Vienna and ACO.net. Michael was a maintainer of Icinga, an OSS monitoring software, for 11 years before joining GitLab. He loves engaging with new technologies in the Monitoring/Observability, CI/CD and security area and regularly speaks at events and meetups. Current projects involve Prometheus exporters, tracing and pipeline efficiency. Michael hosts a technology coffee chat called “#everyonecancontribute cafe” on everyonecancontribute.com.

Connect with Michael,
Twitter: https://twitter.com/dnsmichi
LinkedIn: https://www.linkedin.com/in/dnsmichi/

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Practical Kubernetes Monitoring with Prometheus - Michael Friedrich, GitLab

Monitoring for microservices and distributed workloads isn’t an easy task. Imagine that you become responsible after years of traditional service monitoring. You start your research - Kubernetes as a container orchestrator already is a complex ecosystem to understand. Join this talk for a journey on the first steps, best practices with Prometheus, Grafana and the Prometheus Operator. The adventure does not stop here: Use client libraries to instrument your own application with metrics, deploy it to Kubernetes and what now? Explore how service discovery, long term storage with Thanos/Cortex and alerting help complete cloud native monitoring. It’s also an iterative process, with new workloads, changes, and a constant work in progress. This talk will help prepare you for cold winters and hot summers, silencing alerts before they exist. Spoiler: The end will peek into observability with logs, traces and SLOs, and show monitoring use cases on GitLab.com SaaS.

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

As Strong As the Weakest Link: Securing the Software Supply Chain- Brendan O'Leary, GitLab

The Solarwinds breach is an event that we won't truly understand for some time - if ever. Several discussions we've been having in the abstract for years have become very concrete. The systems we use to develop, build and deploy our code are essential production systems. Securing the software supply chain is one of the most underrated security aspects today. All software today is built with dependencies. However, a discussion of these dependencies - both explicit and transient - as links in the software supply "chain" couldn't be more accurate. And the truth is, a chain is only as strong as its weakest link. In this talk, we'll examine the complexities and sophisticated tradecraft from the various supply chain attacks. We'll also explore securing the cloud native supply chain with CNCF tools from Helm & Distribution to Cloud Custodian & Porter. More importantly, we'll delve into the simple, practical security measures that can help prevent such attacks.

Slides with exercises: https://docs.google.com/presentation/d/1xs4-mlf5L95aER_pVo6i5U0d5DW4f_AIG0RKk8SpKIc/edit
Project with solutions: https://gitlab.com/gitlab-de/workshops/go-tanuki-cicd-workshop-talentql-pipeline-program
TalentQL Pipeline: https://pipeline.talentql.com/

TOC
7:08 First Steps
14:59 CI/CD: Terminology & First Steps
24:53 Pipeline Editor
34:37 CI/CD: Development Workflows
36:40 Go Tanuki Build
46:13 Pipeline jobs and stages
46:28 Go Tanuki Binary build and code tests with CI/CD
54:43 Run the binary
1:01:13 Visualize the pipeline
1:02:03 Faster feedback with CI/CD
1:04:03 JUnit test reports
1:06:03 Security
1:16:03 What's next
1:16:29 Exercises for async practice
1:19:29 Q&A

https://about.gitlab.com/blog/2021/10/19/top-10-gitlab-hacks/
https://about.gitlab.com/pricing/
https://about.gitlab.com/solutions/open-source/
https://about.gitlab.com/solutions/education/

Slides: https://osad-munich.org/wp-content/uploads/2021/10/Michael-Friedrich-Slides_OSAD2021.pdf

Security has shifted left in CI/CD pipelines. Tools and cultural changes enable teams to focus on their cloud-native journey. Traditional service monitoring moved on with metrics, logs and traces and observability embraces the unknown unknowns. Developers and SREs are instrumenting applications with distributed tracing. How do service level objectives (SLOs) add to the bigger picture?

This talk invites into a developer’s tale about ops deployment scalability, availability threshold definitions and measuring application performance. Estimated SLOs could be simulated early in the development process. New building blocks come to play: Quality gates and chaos engineering – is it possible to left shift the SLOs in your CI/CD pipelines?

Attendees go on a hands-on deep dive into cloud native resources with Keptn and Prometheus as quality gates, and explore ways of chaos engineering with Litmus. This includes best practices and tips to start in a cloud native deployment journey.

GitLab enables the efficient implementation of GitOps and infrastructure and code strategies with tools like HashiCorp Terraform, allowing organizations to efficiently and continuously roll out updates to infrastructure with shorter TTRs, Time to Recovery. It does this by enabling teams to leverage several other integrations:

- HashCorp Vault to manage secrets during CI job execution securely
- HashiCorp Packer to build images
- HashiCorp Waypoint for application delivery

The joint solutions developed by HashiCorp and GitLab are helping organizations find a better way for application development and keeping delivery, and infrastructure management workflows in lockstep.
This session will show how GitLab integrates with HashiCorp Terraform, Packer, Vault and Waypoint.

Speaker: Abubakar Siddiq Ango

#Terraform #GitLab #CICD #HashiCorpVault #Waypoint #HashiCorpPacker

If you liked this video and want to see more from HashiCorp, subscribe to our channel: https://www.youtube.com/c/HashiCorp?sub_confirmation=1

To learn more, visit our hands-on interactive lab environment, HashiCorp Learn: https://learn.hashicorp.com/

HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint are downloaded tens of millions of times each year and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality.

For more information, visit: www.hashicorp.com or follow us on social media:
Twitter: @hashicorp
LinkedIn: https://www.linkedin.com/company/hashicorp
Facebook: https://www.facebook.com/HashiCorp

The AWS UG OSTech Conference 2021 is a sprint immense event as the name suggests, a wide event that will have all the developers (SDEs), Cloud, DevOps, SRE, students, and industry enthusiasts all at one place with Interactive sessions by keynote speakers and a real-time application for everything.

Event website: https://www.awsugjaipur.tech/
Agenda: https://www.awsugjaipur.tech/#schedule

We will be having awesome swag opportunities for the attendees who are active throughout the event and also having some contests and quizzes during the event.

1. Quizzes: After each session participate in the quiz and grab a chance to earn a 250/- Amazon gift card.

2. Knowledge Share Contest: Check details on the website.
Submit entry here: https://lnkd.in/gXUjKgM

--
MapMyIndia Contest Submission: https://lnkd.in/g95hB32
--
Surprise Contest from Agora (SDK Integration)|
Top winners will get exiting swags:
Ref: https://docs.agora.io/en/video/start_call_web
Submit here: https://bit.ly/3tO2xjI
--

𝐖𝐚𝐧𝐭 𝐭𝐨 𝐛𝐞 𝐚 𝐦𝐞𝐦𝐛𝐞𝐫?
𝐅𝐨𝐥𝐥𝐨𝐰 & 𝐂𝐥𝐢𝐜𝐤 𝐨𝐧 𝐑𝐞𝐠𝐢𝐬𝐭𝐞𝐫: https://lnkd.in/dNcQKZU
𝐎𝐭𝐡𝐞𝐫 𝐒𝐨𝐜𝐢𝐚𝐥𝐬: https://www.awsugjaipur.tech/joinus

Michael Friedrich works for GitLab and talks about his 10 years and more journey from monitoring to DevOps. It's really interesting to see how he grew from his experience from the community and now helps to shape the open source community with it.

Slides: https://opensource.siemens.io/events/2021/slides/Michael_Friedrich_From_Monitoring_to_DevOps_10%2B_years_OSS_community_building.pdf

The yearly Open Source @ Siemens event in Zug, Switzerland, became fully virtual in 2020. This year, in 2021, we host the 8th edition, with the afternoon sessions being fully open to public for the first time.
From community building to technical deep dives, the Open Source @ Siemens 2021 event provides great insights for everyone interested in the Open Source and Inner Source topics and beyond.

Dev Loves CI/CD: Efficient Sec and Ops Pipelines - Michael Friedrich, GitLab

Continuous integration and delivery/deployment helps speed up development and review workflows. Developers can focus on code reliably tested in different environments. At some point, the operations team gets paged on broken pipelines and jobs being stuck. On top, the security audit unveiled plain text secret exposure and dependency exploits. The next horror story: The software cannot be deployed anymore because package dependencies are broken. In this talk we hear stories on making CI/CD pipelines more reliable and secure. Automated deployments and package/container repositories can help avoid redundant cycles and extra work hours. Monitoring/observability combined with automation ensures to sleep in busy on-call times. Learn how Dev meets Sec and Ops in the pipelines and hear best practices on efficiency, iteration and insights.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

The Imperative to Stop Being Lazy and Do Better - Brendan O'Leary, GitLab
Speakers: Brendan O'Leary
There are a lot of challenging, unsolved problems in software. Building accessible, inclusive, smart software is a solved one...do better. My last name is valid. Despite what countless apps and websites have tried to tell me, it is reasonable to have an apostrophe in a name. I get it; SQL is hard. But it doesn't "solve" the problem to have validation, saying, "Please enter a valid last name." Talk about *invalidating* someone's experience in life. And that's not even that big of a deal. But this kind of carelessness is all too common in tech. Many other people's identities are marginalized even more severely when developers are careless. In this talk, we'll examine examples of each of these types of inclusion. We'll show how these issues have already been solved; it just requires the determination and compassion to choose to make our products more accessible and more inclusive.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

This talk covers GitLab's adoption of SLO monitoring, from our previous causal alerting strategy, which had outgrown its purpose as the complexity and traffic volumes grew, to our early attempts, building and maintaining configuration, and the problems that brought about, to our current, declarative approach. The talk will cover the challenges of getting buy-in from engineering, operations and product stakeholders, the benefits of having a common language of availability across the organisation and our future plans. This is a deep-dive, practical talk; all the code and configuration for GitLab.com's monitoring infrastructure is open-source, and the talk will include links to these resources.

Everyone talks about Security shifting left in your CI/CD pipeline. Tools and cultural changes enable teams to scale and avoid deployment problems. SLOs are left out - what if a software change triggers a regression and your production SLOs fail? As a developer, you want to detect these problems as early as possible. This talk dives deep into CI/CD pipelines and discusses ideas to calculate and match SLOs in the development lifecycle. Early in your Pull or Merge Request for review.

Modern development environments are not bound to a single application, oftentimes there are software dependencies to resolve and runtime limitations on operating systems to overcome. VMs and containers helped make this easier, recent times have moved development environments to the cloud. Everyone can contribute - no matter the hardware or software resources, operating systems, or runtime environments. Learn how GitLab uses Gitpod to onboard contributors with the GitLab Development Kit (GDK). The native integration into GitLab enables developers to apply best practices for their own projects. This talk shares use cases, best practices and hidden gems for the DevSecOps lifecycle.

Continuous Integration and Delivery/Deployment helps speed up development and review workflows. Developers now can focus on code reliably tested in different environments. Once in a while the operations team gets paged on broken pipelines and jobs being stuck. Then the security audit has unveiled plain text secret exposure and dependency exploits.
The next horror story: The software cannot be deployed anymore since package dependencies are broken in a new distribution.
In this talk Michael Friedrich, Developer Evangelist at GitLab, takes a different look on making CI/CD pipelines more secure.

Minimum Viable Documentation for RESTful APIs by Mike Jang, API The Docs Virtual 2020, 22 April.

Talk Description:
"To paraphrase a James Bond movie, “Swagger is not enough”. You’ve done the work to set up REST calls for your APIs (Inaccurately known as Swagger). You have reference information. But you discover that few users are actually trying REST calls on your system. You’re wondering: “What else do I need?”

This presentation will describe the Minimal Viable Documentation (MVD) for RESTful APIs, also known as “What do I need for my developer portal?”

Based loosely on Kristof Van Tomme’s presentations on Developer Experience, Mike will describe the MVD for a developer portal, which will help your developers try out your APIs. He will discuss the characteristics of:
- Landing Pages that describe the API
- Tutorials that help the user get started
- Details, or reference information satisfied by the OpenAPI specification
- Work in Progress such as blogs and release notes that show active development

While Mike gave an earlier version of this talk at the API Strategy Conference in 2018, he’ll update this talk for the latest API portals."

API The Docs Virtual 2020 recaps: https://pronovix.com/event/api-docs-virtual-2020

---

API the Docs is an event for tech writers, API developers, product owners and developer evangelists who embrace documentation as a crucial aspect of a great developer experience. The conference is a great opportunity to share and discuss the latest best practices, strategies and new trends relevant to API documentation and developer portals.

Pronovix Developer Portals Newsletter: http://bit.ly/devportals