ADLS WORKSHOPS 24.5.
The Austrian DataLAB and Services Project hosted a training and workshop day in the context of an Austrian wide science cloud. We offered Kubernetes (Beginner/Intermediate) and Docker (building and working with docker) trainings, as well as the following talks (with a lot of demos) on „Security in the cloud and compliance“, „virtual HPC“ and „Openstack vs. public cloud providers“. The meeting took place face to face in Vienna on the 24th of May 2022. Below you find schedule. The day before the Symposium Cluster Forschungsdaten 2022 was held and the ADLS slides are linked here – News post for the event with the slides of the other projects.
Prerequisites for Training:
- Please bring a recent laptop and a Smartphone with the Microsoft Authenticator App installed, you will receive an invite from Azure Active Directory in your email-inbox, please follow the instructions therein to configure MFA.
- Install the following software on your laptop:
- az-cli https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
- git
- vscode https://code.visualstudio.com/download
- rancher-desktop https://rancherdesktop.io
- Additionally for Kubernetes: recent browser (chrome preferred) and https://k8slens.dev
- Additionally for Docker: free disk space and at least 6 Gb RAM, root/sudo level access (local admin for windows)
Program:
TRACK A
Seminarraum BA 10A, Getreidemarkt 9, 1060 Wien, 10. Stock (Wegbeschreibung)
9:00 – 12:00 Training Kubernetes for Beginners – Constanze Roedig
- Learn about the architecture and the core components of Kubernetes
- What are container-runtimes?
- How to work with the command line interface (kubectl) and using a client-UI (lens)
- How to expose a service
- How Kubernetes manages packages: explore a simple helm chart and modify it
- Introduction to Role Based Access Control
- Comparison of Kubernetes Distros: RKE2/Rancher, OKD/Openshift, AKS
- Hands-on working with our Kubernetes cluster from your laptop and in Rancher-UI: deploy your first app and work with it (this will be most of the workshop): we will deploy a pacman game and add to it more and more components
14:00 – 17:00 Training Kubernetes for Intermediate – Thomas Weber
- Write your first helm chart
- Work with a Kubernetes operator
- Working with secrets
- Deep dive into cert manager
- Deep dive into ingress
- Container Storage Interface CSI, Container Networking Interface CNI : what is that and in how far is it relevant for a user?
TRACK B
Seminarraum BA 10B, Getreidemarkt 9, 1060 Wien, 10. Stock (Wegbeschreibung)
9:00 – 10:30 Training Building and Working with Docker Images – Thomas Weber
- What are different Image Types?
- How are containers different from a VM?
- Choice of baseimages
- Best practices for building an image
- Multi-stage builds
- Avoiding secrets
- build-test-scan-push pipelines
- Container registries
10:45 – 12:00 virtual HPC, Demonstration – Peter Kandolf
- What is the purpose of a vHPC (a virtual High Performance Cluster)
- Insight in the basic setup and the employed technologies
- See how automation, gitOps and CI/CD can be employed
- Slurm Rest API and Authentication
TRACK C
Seminarraum BA 10B, Getreidemarkt 9, 1060 Wien, 10. Stock (Wegbeschreibung)
14:00 – 16:00 Security in the Cloud and Compliance – Constanze Roedig
- 14:00 – 15:00 Talk:
- The new perimeter: Cloud
- Zero Trust architecture and how DevOps changes many paradigms
- Threat Modeling for ADLS
- New frameworks for old concepts: Confidentiality, Integrity and Availability -> Security by Design
- Compliance: How ADLS (will) leverage Cloud capabilities and gitOps for most critical aspects
- 15:00 – 16:00 Technical Demos:
- Container Security 101 -> Demo of a container escape
- Supply Chain Security with gitOps -> How ADLS protects its assets
- IAM: the importance of integrated identity and access management -> Demo of a federated machine identity
- Demo of smuggling a nasty package into Kubernetes and what you can do with that