Red Hat OpenShift / Commons Briefings 2018 | OpenShift Commons

Case Study: Securing OKD at Multiple Layers with Marc Boorshtein (Tremolo Security) Edit
Dec 19 @ 9:00 am
Case Study presentation on Securing OKD at multiple layers – OKD, FreeIPA, OPA and OpenUnison. Marc Boorshtein of Tremolo Security will do a deep dive into securing an OKD (Red Hat's OpenShift open source) deployment both at the OKD level and at the host level. We’ll also walk through how we integrated OPA to provide both validating webhooks and mutating webhooks for injecting Kerberos keys into containers for accessing Windows file shares and SQL Server databases.
Slides: https://blog.openshift.com/wp-content/uploads/OpenShift-Commons-Briefing-Securing-OKD-Tremolo-Security.pdf

Recorded live on Dec 5th 2018
OpenShift Commons Briefing
Running Databases in Production on OpenShift - Michael Ferranti Portworx

recorded as part of OpenShift Commons Telco SIG Nov 30 2018
Containers at the Edge
Azhar Sayeed (Red Hat)

Serverless in Kubernetes: Knative and OpenShift Cloud Function
Speaker: Natale Vinto (Red Hat)

Serverless paradigm is becoming a new methodology for developing and deploying applications without worrying about configuring any server to run them on. Hear the latest updates from Red Hat serverless open source solution based on OpenShift and K-Native, discussing all use cases matching serverless context for container-based workloads.

Natale Vinto gave an update on State of Serverless in Kubernetes: Knative and OpenShift.

Serverless, Kubernetes,Knative, OpenShift Cloud Functions

The briefing reviews and explains the security concerns associated with container technologies and make practical recommendations for addressing those concerns when planning for, implementing, and maintaining containers that are outline in NIST’s Special Publication 800-190 Application Container Security Guide

Speakers: John Morello, CTO Twistlock and Dirk Herrmann, Product Manager, Red Hat

The User Experience Design Team gave a preview of the marketplace and catalog experience coming in OpenShift 4.0. If you’re looking to get a preview of what’s to come or learn how you can team with the OpenShift UX team to help shape the new experience, please watch this! We are looking to identify customers interested in working with our team to validate use cases around multi cluster management, operator subscriptions and the service catalog. Interested? Fill out this survey!
Speaker: Serena Chechile Nichols (Red Hat)

OpenShift Commons Briefing Launching Applications on OpenShift with Launcher

OpenShift Commons Briefing
OpenShift 3.11 Release Update with Scott McCarty Red Hat
link to slides: https://red.ht/2OBR7yM

from OpenShift Commons Operator Framework SIG October 2018


Lightbend's Chaoran Yu on GCP Spark Operator
https://github.com/GoogleCloudPlatform/spark-on-k8s-operator
slides: https://docs.google.com/presentation/d/15WnTa7WYuQ5klkWbKmf0Ch_bVMR5rpgPfkfZmWwLlmk/edit?usp=sharing

OpenShift Commons Briefing: CoreOS Integration Strategy Update with Jeff Ligon and Ben Breard (Red Hat)

Machine Learning on OpenShift SIG Using Ceph for ML Workloads on OpenShift - Kyle Bader (Red Hat)

Jirika Kresmer (Red Hat)
GCP Spark Operator
Radanalytic.io Spark Operator
JVM Operators
Kubernetes and Operators
Operator Framework

Stephen Augustus is the Product Management Chair for the Kubernetes project. Additionally, he leads the Special Interest Group for Azure and is currently the Features Lead for the Kubernetes 1.12 Release Team.

Details on the Kubernetes Release Schedule can be found here: https://github.com/kubernetes/sig-release/blob/master/releases/release-1.12/README.md

The CYBRIC platform integrates seamlessly into the DevOps process on OpenShift and enables continuous scanning capabilities at every stage. As code gets written and committed to code repositories, as build processes complete, CYBRIC can submit the code or build artifacts to scanning by a variety of open source and commercial SAST and SCA tools. The platform provides a unified integration to all products, which lowers the barriers for adoption and potential switching costs. Similarly, container images can be scanned as soon as they are built or posted to repositories such a Docker Hub, Artifactory or Nexus.

Within an OpenShift environment CYBRIC discovers and automatically scans all applications deployed, as well as the published external routes, with a range of DAST open source or commercial products. As new applications get deployed or new routes created, CYBRIC can detect them, automatically create new targets and scan them immediately for any vulnerabilities or misconfigurations. Scan results from the entire security toolchain are collected, normalized and deduplicated in order to provide the most concise and accurate view of the customer’s Security Posture at an application level. Static and dynamic scan results are correlated to provide valuable information about the most critical vulnerabilities as well as point out the root causes of the exploits observed against the applications.

CYBRIC Dashboards present data relevant to the executive level as well as for application stakeholders and individual contributors. Ultimately, the platform provides a clear view of Application and Enterprise Risk and helps users answer key business questions regarding the security and quality of the applications within the enterprise.

SLA is essential for those mission-critical applications running on OpenShift. Federator.ai, ProphetStor’s AIOps technologies, can empower OpenShift scaler/scheduler to ensure the operation of containers, and eliminate noisy neighbors by accurately predicting resource demand/ supply, performance and HW failure.

We’ll demonstrate the below:

HW failure prediction (ex. If a Ceph OSD was coming to fail in the next 2 weeks, how Federator.ai predicted the disk failure for Rook and rendered an impact analysis on pods)
Available capacity prediction for Rook with Ceph
Node and pod performance prediction for OpenShift
Pod allocation planning for OpenShift (plan resources in according to the above predictive demands and supplies)

Takayoshi Tanaka (Red Hat) talks about deploying SQL Server on RHEL

Takayoshi Tanaka (Red Hat)
Back in May, at Red Hat Summit, it was announced Red Hat and Microsoft would jointly engineer a fully managed OpenShift on Azure as a service. While the technology is still in preview — and there’s not much information available about the service, our guest speaker Takayoshi Tanaka is in the “know” and is going to give us an update on the current status of OpenShift on Azure.

Takayoshi Tanaka (Red Hat) will talk about:

– Introduction of Azure Stack for Red Hat users
– Current status of OpenShift on Azure Stack
– Azure Cloud Provider features on OpenShift 3.9 & 3.10

https://www.redhat.com/en/about/press-releases/red-hat-and-microsoft-co-develop-first-red-hat-openshift-jointly-managed-service-public-cloud


https://azure.microsoft.com/en-us/blog/openshift-on-azure-the-easiest-fully-managed-openshift-in-the-cloud/.

Depoloying, Managing and Updating Wordpress (or Drupal) in an .EDU environment can be daunting. OpenShift Commons .EDU SIG Chair Stephen Braswell (UNC) talks about how they are doing it at UNC and a lively discussion follows with insights shared from McMasters, UMIch and others.

UMich Chris Kretler and Bob Killen on Academia and Cloud Native Technologies

Shawn Hurley (Red Hat) talk recorded at August 17th 2018 OpenShift Commons Operator Framework SIG meeting

The Ansible Operator is:
- using the new Ansible k8s modules to manage kubernetes resources, allowing for easy templating
- using Ansible Runner to allow for structured output
- using helpers that wil help a user set metadata of a resource in kubernetes i.e. the owner reference

Dan Kozlowski (PlanetScale)
from August 17th, 2018 OpenShift Commons Operator Framework SIG Meeting
- what is vitess?
- why build an operator?
- common crd patterns
- potential beyond provisioning

OpenShift Commons Operator Lifecycle Management with Evan Cordell Red Hat

Operator Lifecycle Management offers:
- app store-like experience for discovering and installing operators
- automated upgrades for operators
- framework for building rich, re-usable user interfaces
- package management and dependency resolution
Recorded as part of August 17th 2018 Operator Framework SIG

Bringing Policy-As-Code into the Container Delivery Pipeline with Khash Sajadi (Cloud 66)
Containers bring Devs and Ops closer together, and at the pace of commits on a microservices app, that can be daunting to some IT Ops teams. A delicate balance is required between operational governance and developer freedom—and that balance needs to be automated. Now that they’ve put in place cutting edge containerized infrastructure on the likes of OpenShift, how do IT Ops teams and dev managers ensure infrastructure and security policies are embedded into the deployment pipeline, in an easily-maintainable way, and without slowing down code? How do they avoid building custom technology for deployment, in a rapidly commoditizing world?



This session will walk through tools (open source and otherwise) developed by Cloud 66, which runs 4,000 customer workloads on Kubernetes, supported by over 2,000 lines of configuration. These tools enable teams to:

secure images and manage secrets and IP in the build;

bring in configuration validation into the pipeline;

ensure fine-grained access control; and

Complement CI tools with powerful multi-environment, multi-team deployment capabilities.

Speaker: Khash Sajadi, Cloud 66 co-founder & CEO

Laval University Case Study
Guest Speaker: Guillaume Moutier (Laval University)
Data Science Services (Valeria)

Jeremy Wei and Brian Huang of Jeremy Wei (Prophetstor) – Demonstration of predicting computing resources usage for both nodes and containers, as well as predicting hardware issues.

"Data Hub" is a collection of open source and cloud components deployed as a "machine learning-as-a-service" platform to solve internal business problems at Red Hat that enables teams to build, deploy, and execute analytic, machine learning and AI models.

Repeatable human tasks are being replaced by automation, creating significant opportunity and risk for Red Hat. AI can be applied to our core business and direct customer services. To do so, data must be seamlessly unified from a broad range of sources and made accessible to analytic models.

This presentation is about how Red Hat runs AI and machine learning workloads on OpenShift.

In this briefing, learn if Spinnaker is the right choice for your Continuous Delivery solution for OpenShift deployments. Your developers have adopted containers and microservices applications. You have implemented continuous integration tools like Jenkins. But your software delivery is still slow due to high ceremony release approvals, manual judgment of releases and myriad of scripts to roll-out and roll-back cloud deployments into OpenShift and other clouds. So in essence, you need to modernize your software delivery to meet the increasing demand for speed of innovation from your developers.
What you will learn:

- OpenShift users top requirements for next-generation Continuous Delivery solutions
- Introduction to Spinnaker enterprise CD solution
- Top features and benefits of Spinnaker
- Spinnaker demo - Deploying to OpenShift

Speakers:
Balaji Sivasubramanian (balaji@opsmx.com)
Gopinath Rebala (gopinath@opsmx.com)

Istio, an open source tool to connect and manage microservices, has become a category leading service mesh (essentially a configurable infrastructure layer for microservices) for Kubernetes. This week, Istio celebrated a milestone of the general availability of Istio 1.0.

Istio provides a method of integrating services like load balancing, mutual service-to-service authentication, transport layer encryption, and application telemetry requiring minimal (and in many cases no) changes to the code of individual services.

In this, briefing Istio Product Manager, Brian 'redbeard' Harrington gives a great introduction and overview along with a 1.10 release update .

In this talk, Veda gives an overview of MapD and shows how to launch MapD as a service on Red Hat’s OpenShift Origin and demonstrate deploying MapD Community Edition as a Docker container both on a node with CPU only and on a node with Nvidia GPU.

Agenda:

MapD on OpenShift Origin
Overview of MapD Core – GPU Accelerated SQL Engine
Overview of MapD Immerse – Visual Analytics Platform
OpenShift Origin Test Infrastructure and Deployment
GPU Setup – Nvidia Driver Installation
Deploying GPU Version of MapD Community Edition
Deploying CPU Version of MapD Community Editio

The Red Hat Performance Team, along with our partners Solarflare and Supermicro, have been working together to leverage the latest technologies and features in the container orchestration space to demonstrate that it is possible to containerize extreme low-latency applications without any degradation in performance. The team used the well-known STAC-N1TM benchmark (https://stacresearch.com/nio) from STAC® (the Securities Technology Analysis Center), to prove out the technology.
STAC-N1 is a financial services-focused benchmark which focuses on how quickly applications in the trade flow (algorithmic “black boxes”, matching engines, smart order routers, etc.) can get information from and to the network. The STAC-N1 benchmark suite measures the performance of network stacks under a simulated market data environment using a convenient, software-only test harness.

It’s our belief that Linux containers and container orchestration engines, most notably Kubernetes, are positioned to power the future of enterprise applications across industries. Along the way, challenges to this perception are bubbling up. In the area of performance-sensitive workloads, like portfolio risk analysis and
other financial transactions where a matter of microseconds can mean the difference between success and failure, there are strong concerns. This is why Red Hat has embarked on a mission to enable Red Hat OpenShift as a performance-sensitive application platform (P-SAP) to better
support these critical workloads.

While the STAC-N1 benchmark is important, we believe this effort can have an impact beyond financial services. Artificial intelligence, machine learning, high
performance computing, and big data, to name a few areas, are all examples of workloads where the set of Performance-Sensitive Application Platform features are critical.

Guest Speakers: Josh Berkus and Stephen Augustus (Red Hat)

Kubernetes 1.11: In-Cluster Load Balancing and CoreDNS Plugin Graduate to General Availability

This release continues to advance maturity, scalability, and flexibility of Kubernetes, marking significant progress on features that the team has been hard at work on over the last year. This newest version graduates key features in networking, opens up two major features from SIG-API Machinery and SIG-Node for beta testing, and continues to enhance storage features that have been a focal point of the past two releases. The features in this release make it increasingly possible to plug any infrastructure, cloud or on-premise, into the Kubernetes system.

Notable additions in this release include two highly-anticipated features graduating to general availability: IPVS-based In-Cluster Load Balancing and CoreDNS as a cluster DNS add-on option, which means increased scalability and flexibility for production applications.

Guest Speaker: Stephen Gordon (Red Hat)

Container-native Virtualization (CNV) – based on the KubeVirt community project – turns OpenShift into a unified platform where developers can build, modify, and deploy applications residing in both Application Containers as well as Virtual Machines. Using a unified management approach simplifies deployments, allows for better resource utilization, and supports different workloads in a more optimal way.

This session will outline how Container-native virtualization seeks to provide this while using the extensible nature of Kubernetes in a way that provides a developer workflow that is as consistent as possible with the same patterns used for working with application containers.

Join Us for future Briefings here: https://commons.openshift.org#join

Guest Speakers: Alessandro Arrichiello, Luca Bigotta and Luca Gabella (Red Hat)

Containers could be the perfect medium for IoT Edge Deployments: in this scenario OpenShift is the right platform for helping developers to build Edge Applications. We’ll see in a real use case scenario how developers may leverage OpenShift features for enabling Hybrid deployments on standalone Red Hat Enterprise Linux. In the demonstration, we’ll also use OpenShift’s Ansible Service Broker for automating the external deployment, looking forward to use Ansible Tower when large scale ones will be needed.

Sebastien Pahl - How to Get Started with Operators, Update on Operator Framework and discussion of resources

OpenShift Commons Briefing
July 2018 Operator Framework SIG

OpenShift Commons Briefing on Strimzi Operator with Tom Bentley (Red Hat) Operator SIG Meeting July 2018


Meeting Notes: https://gist.github.com/dmueller2001/502b1237f783e2062ed5c93b7d7174da

Guest Speakers:
Larry Brigman, Principal Software Engineer with ARRIS Group
Tim Mackey, Technical Evangelist at Black Duck by Synopsys
Host: Diane Mueller, Director, Community Development Red Hat Cloud Platform

Containers have restructured the way we think about our infrastructure, bringing development and operations teams closer together than ever before, and placing applications center stage in the infrastructure environment. Teams are massively scaling containerized deployments with Kubernetes and Kubernetes-based solutions, like Red Hat’s enterprise-grade container orchestration platform, OpenShift Container Platform. But in containerized deployments, because applications sit closer to the infrastructure, without an intervening hypervisor and host OS, application security is more important than ever. In fact, security remains among the most important barriers to container adoption. Issues of Governance, Trust and License Management are top of mind for companies like ARRIS Group with large deployments on OpenShift. Figuring out how to get the licenses of all the code within a container automatically and generate a proper attribution file are non-trivial in the new containerized world order.

Together Tim and Larry will have a conversation about the best practices and address some of these issues and others in this briefing.

Tim Mackey works within the Synopsys Software Integrity Group as a technology evangelist. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms.

OpenShift Origin 3.10 Release Update
Guest Speakers: Derek Carr and Mike Barrett
link to slides: https://blog.openshift.com/wp-content/uploads/Whats-New-in-Origin-3.10.pdf

Host: Diane Mueller

From OpenShift Commons .EDU SIG Meeting on July 13, 2018
OpenShift at Duke: State of the Cluster
Speakers: Christopher Collins Sr. Automation Engineer
Duke University Office of Information Technology

Dash is an Open Source Python library for creating reactive, web-based applications. No JavaScript required. Released in June of 2017, Dash is for those who use Python for data analysis, data exploration, visualization, modeling, instrument control, and reporting. Chelsea will provide an overview of the framework, and Anudha will demo a sample Dash application she has deployed on OpenShift.

Controlling Chaos: Bringing Microservices Under Control

Guest Speaker: Steve Ross-Talbot is the Chief Technology Officer at Estafet, a specialist integration consultancy based in London, UK and in Sofia, Bulgaria.

As our services shrink in size so the interactions between them become the dominant architectural norm and coupled with compensating transactions for eventual consistency so the complexity multiplies. Never has then been a more urgent need to bring such chaos under control. And this is what OpenTracing and Distributed Monitoring though tools like Zipkin, Hawkular, Prometheus and Jaeger bring.

In this session, we shall see how to leverage OpenTracing and Distributed Monitoring.

Kubernetes is a portable platform for managing containerized workloads and services with large growing ecosystem. OpenShift is a solution built on top of the Kubernetes to bring more secure and flexible for application developers deployments.
Come to learn the basics of the orchestration engines, find how to keep your clusters healthy, various ways you can monitor your clusters and forward logs to Splunk.

We will have an introduction in Kubernetes and OpenShift clusters, how they differ from Docker environments and Docker Swarm. Why would you choose OpenShift over Docker environments?

Learn about basics components of Kubernetes and OpenShift, including etcd, KubeAPI Server, KubeProxy, Kubelet, how they differ in between Kubernetes and OpenShift.
How to monitor them. How to forward logs from the Kubernetes and OpenShift, how to collect metrics. We will show some basics in different ways it can be implemented and demo solutions for Monitoring Kubernetes and OpenShift clusters. How to setup ACL based on Projects and Namespaces, how to define fields extractions.
Learn how to monitor and diagnose your clusters, best practices you need to apply to keep it secure and stable.

In this OpenShift Commons briefing, Aporeto's Ariful Huq discusses best practices around securing your microservices:

Comprehensive: Zero Trust security for Network and API access control. Run-time visibility
Identity-driven: Identity is central to access control – and why cryptographic methods for assigning an identity to workloads are essential
Heterogenous: Because enterprises have mixed environments, the right security solution has to operate across clouds as well as in non-cloud native and service mesh environments
Following the best practices discussion, we will have a quick overview of Aporeto 2.0 as well as a demonstration of:

Network access control & API access control for apps deployed across multiple clouds and clusters.
A kill chain scenario

Keycloak (https://keycloak.org) is an Open Source Identity and Access Management Solution for today’s Cloud Native Applications and Services. It provides easy ways to incorporate token based security (OAuth2/OpenID Connect) into your applications. In this briefing, Stian and Boleslaw demonstrate how Keycloak can be leveraged to securely invoke services deployed on Istio Service Mesh. You will also learn about current directions of development on consuming Keycloak within or integrating it with OpenShift.

Function-level Routing with Gloo and Envoy with Idit Levine (Solo.io)

Gloo is a function gateway built on top of the Envoy Proxy. Gloo provides a unified entry point for access to all services and serverless functions, translating from any interface spoken by a client to any interface spoken by a backend. Gloo aggregates REST APIs and events calls from clients, “glueing” together services in-cluster, out of cluster, across clusters, along with any provider of serverless functions. In this briefing, Idit Levine will give an introduction to Gloo and demonstrate how to use Gloo with OpenShift.

Guest Speaker: Idit Levine, solo.io Founder & CEO

Idit Levine is the founder and CEO of solo.io, where she is aiming to streamline the cloud stack. Prior to founding solo.io, Idit was the CTO of the cloud management division at EMC and a member of its global CTO Office. At EMC, Idit led, designed and implemented project UniK, an open source platform for automating unikernels compilation and deployment and project layer-x, an open source framework for cross-cluster scheduling . At solo, Idit recently released Squash, an open source platform for debugging microservices applications and Gloo, a function gateway built on top of the Envoy Proxy.

from the Machine Learning on OpenShift SIG meeting held on June 1 2018

from the OpenShift Commons Machine Learning on OpenShift SIG meeting June 1 2018

OpenShift Service Mesh on Multi-Cloud Environments - Paul Pindell (F5 Networks) & Dave Cain (Red Hat)

Load balancing applications with the OpenShift NGINX router. This presentation will cover:
- the basics of the OpenShift router and the NGINX implementation of it
- a demo of deploying the router
- some Q&A

The Operator Framework is an open source project that provides developer and runtime Kubernetes tools, enabling you to accelerate the development of an Operator. The Operator Framework includes:

Operator SDK: Enables developers to build Operators based on their expertise without requiring knowledge of Kubernetes API complexities.
Operator Lifecycle Management: Oversees installation, updates, and management of the lifecycle of all of the Operators (and their associated services) running across a Kubernetes cluster.
Operator Metering (joining in the coming months): Enables usage reporting for Operators that provide specialized services.

We believe that the new Operator Framework represents the next big step for Kubernetes by using a baseline of leading practices to help lower the application development barrier on Kubernetes. The project delivers a software development kit (SDK) and the ability to manage app installs and updates by using the lifecycle management mechanism while enabling administrators to exercise Operator capabilities on any Kubernetes cluster.

In this session, Rob Szumski (Red Hat) will give a deep dive into the Operatior Framework and we will have live Q/A afterwards.

In this briefing, Red Hat's Ramon Acedo Rodriguez presents the strategy, vision and current state of affairs for containers within Red Hat OpenStack Platform. In this session you will learn what role containers play in OpenStack, what we as Red Hat are focusing on, what we already have brought to our customers and what you can be expecting in the future in infrastructure as well as tenant layers.

Containers provide a compelling alternative virtualization for modern application development. OpenShift running on OpenStack allows combining the exposition of resources in the infrastructure layer such as network, compute and storage, provided by OpenStack, with in the consumption of these resources from the platform side by OpenShift.

SOS International is the leading assistance organisation in the Nordic region. From our alarm centres in Denmark, Sweden, Norway and Finland, they provide acute personal assistance all over the world.

In this briefing, SOS International’s Sverre Vincent Lenbroch discusses SOS’s Digital Transformation journey and the challenges that they worked thru on Cultural, trends and legal as well as their technical stack and OpenShift deployment with OpenShift. He covered their stack and discusses running on Open Shift and their new projects.

Implementing Enterprise-grade Network Security with OpenShift and Tigera CNX with Amit Gupta (Tigera).


In an earlier Commons webinar, we described Tigera's open source Project Calico, and how it enables simplified networking with secure network policies. Amit Gupta will expand on that topic today with an exploration of the additional features enabled by Tigera's flagship CNX product, and a preview of capabilities in the forthcoming 2.1 release, including even closer integration with OpenShift.

Amit will cover practical workflows demanded by enterprises including meeting compliance requirements for network isolation with auditing, monitoring and alerting. He will also talk about how CNX enables multiple teams (e.g. security, network and development/ops) to easily and collaboratively define hierarchical security policies with role-based access controls and graphical management of policies (at last, yaml is purely optional!), and will draw from examples of real-world users adopting both CNX and OpenShift.

FaaS (Function-as-a-Service) or serverless as some call it is a promising compute paradigm suitable for event-driven scenarios. In this briefing, Red Hat's Michael Hausenblas and Brian Gracely review the current open source offerings for FaaS on Kubernetes (Apache Open Whisk, kubeless, OpenFaaS, etc.) and address pros/cons both on an architectural level as well as from a UX point of view. They will also discuss the topic FaaS vs. containers from a developers as well as an operators perspective.

In this briefing, Red Hat's Joey Schorr gave a in-depth introduction on and demonstration of Quay, CoreOs’ Application Registry for Kubernetes with OpenShift. Quay is an container registry for building, storing, and distributing your private containers to your servers.

Carol Willing (Project Juytper) presentation of JuypterHub, BinderHub, repo2docker and how they all work on Kubernetes and on OpenShift to the Machine Learning on OpenShift SIG of OpenShift Commons

Will Benton (Red Hat OpenShift) demoing how to Operationalize Image Detection on OpenShift with Tensorflow to the Machine Learning on OpenShift SIG of OpenShift Commons

How to Securely Inject Secrets into Applications and Manage Machine Identities with Conjur - Kumbirai Tanekha (CyberArk)

Kumbirai Tanekha and Naama Schwartzblat,the lead developers on Conjur who both worked directly on the Conjur-OpenShift integration. They will be demonstrating how secrets can be managed and delivered securely to applications running in OpenShift without developer impedance, and how OpenShift security policy for secrets and machine identity can be managed as code.

In this briefing, DP Ayyadevara, Savithru Lokanath and Vinay Rao from Juniper Networks provide an update to the Juniper Contrail and OpenShift integration. In the previous gathering (session# 89), we demonstrated the value of Contrail as a multi-tenant SDN for OpenShift automating the full lifecycle of networking virtual domains, tenants, subnets, and security policies, all in sync with the lifecycle and workflow of OpenShift users and application builds, deployments and services.

In this demo, we will discuss an application build environment use case along with support for Network Policies leveraging Contrail Security integration. Contrail Security minimizes risk to the applications that run in multi-cloud environments. It discovers application traffic flows and drastically reduces policy proliferation across different environments. Contrail Security can also be used for easy monitoring and troubleshooting of inter- and intra-application traffic flows.

Guest Speakers:

- DP Ayyadevara (Director, Product Management for Contrail@Juniper)

- Savithru Lokanath (Solutions Engineer, Contrail@Juniper)

- Vinay Rao (Solutions Engineer, Contrail@Juniper)

In this briefing, Cole Mickens and Stefan Schimanski, Red Hat walk thru what's in the Kubernetes 1.10 Release. Key Features in this release include API aggregation which graduated to GA, along with Container Storage Interface (CSI) and Mechanism for hardware device support which both graduated to beta. As with previous release, there has been a strong focus on fixing bug and maturing existing features to beta and stable. As always, ensuring stability matters and the community continues to refine, polish, scale, and tighten Kubernetes for production use with each release.

Learn more at https://commons.openshift.org

Subin Modeel and Will Benton (Red Hat OpenShift) demo Kubeflow on OpenShift to the Machine Learning on OpenShift SIG of OpenShift Commons

David Aronchick (Google) gives an introduction to Kubeflow to the Machine Learning on OpenShift SIG of OpenShift Commons.

Lachlan Evenson (Microsoft) discusses the results of his team's research on Distributed Training Performance on Kubernetes with the Machine Learning on OpenShift SIG of OpenShift Commons.

Learn more at https://github.com/joyq-github/TensorFlowonK8s

Join OpenShift Commons https://commons.openshift.org#join and join the conversation

Daniel Whitenack (Pachyderm) discusses how to enable Machine Learning and AI Data Pipelines on Kubernetes and OpenShift with the Machine Learning on OpenShift SIG of OpenShift Commons.

Learn more at http://docs.pachyderm.io/en/latest/getting_started/getting_started.html

Join OpenShift Commons https://commons.openshift.org#join and join the conversation

Deep dive session on What’s New in OpenShift 3.9 with Red Hat’s OpenShift Product Management team

Michael Hausenblas (Red Hat OpenShift) discusses KAML-D (Kubernetes Advanced Machine Learning & Data Engineering Platform) open source project with the Machine Learning on OpenShift SIG of OpenShift Commons. Learn more about https://github.com/kaml-d/design

PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness. By containerizing PostgreSQL, we have enabled rapid deployment of PostgreSQL on a variety of different environments including Docker, Kubernetes, and OpenShift. The Crunchy PostgreSQL Containers‘ open source project delivers PostgreSQL-as-a-Service in addition to administration and monitoring tools in a standardized, scalable, and consistent manner.

In this talk, Sarah Conway, will give an introduction to the project and discuss how Kubernetes users of these containers can leverage an associated project, PostgresOperator [], that uses these containers and provides a higher level automation.

Sarah is a contributor to both Crunchy PostgreSQL Containers Project & Kubernetes’ PostgreSQL Operator open source projects. Sarah is a software engineer at Crunchy Data Solutions, Inc. Additionally, she is an active participant and volunteer in the PostgreSQL community through developing and maintaining various Postgres community websites as well as being on the PostgresOpen SV operations committee for four years. You can follow her here on twitter @xenophenes and on GitHub https://github.com/xenophenes

Learn how to simplify and strengthen your security posture by combining deep kernel-level container visibility with metadata from your Openshift deployment to define your security policies. SysDig’s Knox Anderson covers how the security landscape is changing, the architecture of Sysdig Secure, and even covers a live security instrumentation of a containerized environment.

The live demo will walk you through what Sysdig Secure can do:

– Implement application and OpenShift aware policies
– Block incoming attacks and container break-ins
– Audit executed commands
– OpenShift forensics: pre and post-attack investigation
– Unify monitoring & security workflows

WildFly Swarm is bringing the world of microservices to Enterprise Java developers. If you have experience developing with Java EE, then WildFly Swarm will ease the transition to a microservices architecture on OpenShift. This briefing will give an overview of WildFly Swarm and how it is delivered through Red Hat OpenShift Application Runtimes. We’ll also cover some practical techniques for coding and deploying effective Java microservices on OpenShift using WildFly Swarm. By the end of this session, you will have a good understanding of how to leverage your existing Java EE skills to develop microservices and how to get started with your own project.

It’s that time again, another release of Kubernetes is just being released and it’s time for another overview/update from Red Hat’s Clayton Coleman on all the many and varied new features and functions that are included in Kubernetes 1.8! We’ll also get a chance to hear from Derek Car and other Kubernetes contributors about the next release and beyond, so be sure to join us with your questions and feedback.

Derek Carr is Principal Software Engineer for application platforms in the cloud at Red Hat will be our guest speaker. Derek is a core contributor to both OpenShift and Kubernetes, the open source platform as a service and the containerized cluster manager.

In this session, Red Hat’s Graham Dumpleton discusses how to deploy JupyterHub on OpenShift and walks through the basics of Jupyter Notebook via JupyterHub.

With JupyterHub you can create a multi-user Hub which spawns, manages, and proxies multiple instances of the single-user Jupyter notebook (IPython notebook) server. The Jupyter notebook extends the console-based approach to interactive computing in a qualitatively new direction, providing a web-based application suitable for capturing the whole computation process: Developing, documenting, and executing code, as well as communicating the results. Jupyter community created JupyterHub to support many users. The Hub can offer notebook servers to a class of students, a corporate data science workgroup, scientific or machine learning research projects, or a high-performance computing group.