3 minute read
In just a couple of weeks, we will be off to Germany for the SREcon18 Europe/Middle East/Africa, a gathering of engineers who care deeply about site reliability, systems engineering and working with complex distributed systems at scale. The conference will run from August 29 - 31 and our developers, Felix Glaser, Daniel Turner, and Niko Kurtti will be presenting talks at the event. The conference has a culture of critical thought, deep technical insights, and continuous improvement and we hope to see you there!
Know Your Kubernetes Deploys - Felix Glaser
Containers changed the way we develop and package our code. Kubernetes made it easy to deploy and orchestrate our workloads. Now that those steps are well understood, it is time to draw attention to securing the software supply chain. This talk shows how Shopify secures and tracks its workloads.
We secure our software supply chain by creating signatures on our containers which state that they originate from the correct deploy pipeline, got tested and contain no known vulnerabilities or outdated software.
During deployment, we use an admission controller that enables us to enforce deploy time policies that check the presence of the before created signatures so that we prevent privilege escalation via code deployment.
Since new exploits show up all the time, we need to add another piece to the puzzle to sure containers: a place to track all the metadata created during the lifetime of a container. For example, where it's deployed so that if it becomes vulnerable it gets pulled out of production, fixed, and redeployed.
Thursday, 2018, August 30 (09:55 – 10:30)
What Medicine Can Teach Us about Being On-Call - Daniel Turner
Being on-call is a critical and stressful part of being a SRE. While most organizations want and are willing to take steps to reduce the on-call burden, few have used quantitative research methods to try and optimize being on-call.
At the same time, being on-call is a part of most physician’s practice. This is especially true for medical residents—postgraduate doctors in training—who can be on-call as often as once every three days. The field of medicine has undertaken numerous studies and research projects to optimize the handling of on-call duties. These studies have explored work-life balance, ways to decrease the number of critical incidents (which can literally mean life or death), as well as reducing mistakes.
This talk breaks down the techniques and research that have led to practices that can be adopted for SREs. It also looks at issues that remain unsolved in both fields, like pages sent to the wrong team or those that shouldn’t have been sent at all. Finally, it concludes with words of warning that SREs are not physicians, and as with any interdisciplinary study, we must be mindful of these differences when borrowing techniques.
Friday, 2018, August 31 (12:15 – 12:40)
Keep Building Fresh: Shopify's Journey to Kubernetes - Niko Kurtti
Shopify, in 2014, was one of the first large-scale users of Docker in production. We ran 100% of our production traffic in hundreds of containers. We saw the value of containerization and aspired to also introduce a real orchestration layer.
Fast forward two years to 2016, when instead we had a clumsy and fragile homemade middleware for controlling containers. We started looking at orchestration solutions again and the technology behind Kubernetes intrigued us.
In this talk I'll briefly go over challenges we saw in moving from a traditional host-based infrastructure to a cloud native one, moving not only our core app to Kubernetes but also hundreds of our other apps at the same time. I'll focus on the cluster tooling solutions we've built like controllers, cluster creators, and deploy tools. We've automated things ranging from our DNS to certificates and even complex cluster creations—and all with a real programming language and projects rather than a handful of random scripts.
The ability to extend Kubernetes to fit our needs has been the greatest reward of this project. It's given us a new paradigm on which to build upon rather than relying on old patterns.
Friday, 2018, August 31 (14:00 – 14:50)