Home ¦ Posts ¦ Books ¦ Articles ¦ Talks ¦ Notes

Linux Conf AU 2018 Notes - Day 2

Operations with Containers: Myth vs. Reality

Talk overview

Notes

  • You no longer have a single server with everything running on it
  • Focus on standards-based implementations: OCI, CNI

Becoming the Admiral: mastering Docker orchestration

Talk overview

Notes

Puppet in the cloud

Talk overview

Notes

  • Why config management?
  • Even in the age of k8s and containers, config management matters!
  • Puppet has CA and cert model for authenticating clients (in server model) - Not cloud scalable
  • Use roles (via EC2 tags)
  • server boots -> Ask puppet to sign cert -> .. : exposes a attack vector
  • Autosigning is very dangeorous - if you get it wrong
  • Policy based autosigners
  • Use single use token to sign initially
  • [github.com/carnivalmobile/carnival-autosign-aws-puppet]
  • Untrusted facts are dangerous
  • Trusted facts
  • r10k
  • High availability
  • Bake AMI using puppet - don't rely on applying puppet manifests at provision time
  • Masterless puppet - pupistry

MQTT

Talk overview

Notes

© Amit Saha. Built using Pelican. Customised theme based on the one by Giulio Fidente on github.