ADLS WORKSHOPS 24.5.
Das Austrian DataLAB and Services Projekt organisierte ein Workshop mit Training im Kontext einer österreichweiten wissenschaftlichen cloud (Austrian wide science cloud). Es wurden Trainings für Kubernetes (Anfänger sowie Fortgeschrittene), Docker (Bauen von Images und arbeiten mit Docker) sowie Vorträge zur „Security in the cloud and compliance“, „virtual HPC“ und „Openstack vs. public cloud providers“ angeboten. Das Treffen fand am 24. Mai 2022 in Wien statt. Unterhalb finden Sie das Programm auf englisch. Am Vortag fand das Symposium Cluster Forschungsdaten 2022 statt und die ADLS Folien sind hier verlinkt – News post zum Event mit den Folien der anderen Projekte.
Prerequisites for Training:
- Please bring a recent laptop and a Smartphone with the Microsoft Authenticator App installed, you will receive an invite from Azure Active Directory in your email-inbox, please follow the instructions therein to configure MFA.
- Install the following software on your laptop:
- az-cli https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
- git
- vscode https://code.visualstudio.com/download
- rancher-desktop https://rancherdesktop.io
- Additionally for Kubernetes: recent browser (chrome preferred) and https://k8slens.dev
- Additionally for Docker: free disk space and at least 6 Gb RAM, root/sudo level access (local admin for windows)
Program:
TRACK A
9:00 – 12:00 Training Kubernetes for Beginners – Constanze Roedig
- Learn about the architecture and the core components of Kubernetes
- What are container-runtimes?
- How to work with the command line interface (kubectl) and using a client-UI (lens)
- How to expose a service
- How Kubernetes manages packages: explore a simple helm chart and modify it
- Introduction to Role Based Access Control
- Comparison of Kubernetes Distros: RKE2/Rancher, OKD/Openshift, AKS
- Hands-on working with our Kubernetes cluster from your laptop and in Rancher-UI: deploy your first app and work with it (this will be most of the workshop): we will deploy a pacman game and add to it more and more components
14:00 – 17:00 Training Kubernetes for Intermediate – Thomas Weber
- Write your first helm chart
- Work with a Kubernetes operator
- Working with secrets
- Deep dive into cert manager
- Deep dive into ingress
- Container Storage Interface CSI, Container Networking Interface CNI : what is that and in how far is it relevant for a user?
TRACK B
9:00 – 10:30 Training Building and Working with Docker Images – Thomas Weber
- What are different Image Types?
- How are containers different from a VM?
- Choice of baseimages
- Best practices for building an image
- Multi-stage builds
- Avoiding secrets
- build-test-scan-push pipelines
- Container registries
10:45 – 12:00 virtual HPC, Demonstration – Peter Kandolf
- What is the purpose of a vHPC (a virtual High Performance Cluster)
- Insight in the basic setup and the employed technologies
- See how automation, gitOps and CI/CD can be employed
- Slurm Rest API and Authentication
TRACK C
14:00 – 16:00 Security in the Cloud and Compliance – Constanze Roedig
- 14:00 – 15:00 Talk:
- The new perimeter: Cloud
- Zero Trust architecture and how DevOps changes many paradigms
- Threat Modeling for ADLS
- New frameworks for old concepts: Confidentiality, Integrity and Availability -> Security by Design
- Compliance: How ADLS (will) leverage Cloud capabilities and gitOps for most critical aspects
- 15:00 – 16:00 Technical Demos:
- Container Security 101 -> Demo of a container escape
- Supply Chain Security with gitOps -> How ADLS protects its assets
- IAM: the importance of integrated identity and access management -> Demo of a federated machine identity
- Demo of smuggling a nasty package into Kubernetes and what you can do with that