$30 off During Our Annual Pro Sale. View Details »

DevSecOps with Project Syn

DevSecOps with Project Syn

Presentation shown during the February 26th edition of the Zurich DevSecOps Meetup. https://www.meetup.com/Zurich-DevSecOps-Meetup-Group/events/267292394/

Adrian Kosmaczewski

February 26, 2020

More Decks by Adrian Kosmaczewski

Other Decks in Technology


  1. VSHN – The DevOps Company Adrian Kosmaczewski, Developer Relations DevSecOps

    with Project Syn 1
  2. VSHN – The DevOps Company 1. Introduction to Project Syn

    2. How Project Syn supports DevSecOps 3. Call to action Agenda 2
  3. VSHN – The DevOps Company Pronounced ˈvɪʒn – like "vision"

    Founded 2014 Switzerland’s leading DevOps, Docker, Kubernetes, Rancher, OpenShift and 24/7 cloud operations partner First Kubernetes Certi ed Provider in 3
  4. VSHN – The DevOps Company   4

  5. VSHN – The DevOps Company 42 VSHNeers 350+ di erent

    customers partners 1’500+ servers Di erent cloud providers On-premises 88’000+ services Some Figures 5
  6. VSHN – The DevOps Company Pre-integrated set of tools to

    provision, update, backup, observe and react/alert production applications on Kubernetes and in the cloud. It supports DevOps through full self-service and automation using containers, Kubernetes and GitOps. 6
  7. VSHN – The DevOps Company 7

  8. VSHN – The DevOps Company Automated service deployment with Backup

    of data with and GitOps with Secrets management with Monitoring and alerting with , and Bene ts for Developers Crossplane K8up Restic Argo CD Vault Prometheus Alertmanager Signalilo 8
  9. VSHN – The DevOps Company 9

  10. VSHN – The DevOps Company Con guration management with ,

    and with a hierarchical store Central cluster registry and inventory (including GitOps Git repository management) provided by , and Automated component maintenance with Policy control through Bene ts for Operations Commodore Kapitan Jsonnet Lieutenant API Lieutenant Operator Steward Renovate Open Policy Agent 10
  11. VSHN – The DevOps Company 11

  12. VSHN – The DevOps Company DevSecOps Container Registry Policy Management

    GitOps Maintenance Logging 12
  13. VSHN – The DevOps Company  All about auditability Based

    on Signed commits required for triggering changes Git commit history provides key information Who When What Con guration rollback 1. GitOps ArgoCD 13
  14. VSHN – The DevOps Company  All about vulnerability All

    images provided from a centralized repository Images validated by VSHN team Compatible with plain K8s & OpenShift Vulnerability scanning by default 2. Container Registry 14
  15. VSHN – The DevOps Company  All about immutability Based

    on Keep all systems up-to-date, continuously Matches tags with hashes to avoid spoo ng Integrated through manifests Central view of open maintenance pull requests 3. Maintenance Renovate 15
  16. VSHN – The DevOps Company  All about traceability Based

    on The full activity of the system in a single place 4. Logging Prometheus 16
  17. VSHN – The DevOps Company  All about enforceability Based

    on (OPA project from the CNCF) Policies described in the Rego language "All images must come from this registry" "No images allowed with the :latest tag" "No image runs as root" Con guration policy enforcement 5. Policy Management Open Policy Agent 17
  18. VSHN – The DevOps Company 1 Reject request and show

    error message msg if the conditions in the body are true. 2 Object being sought after 3 Condition that must never be true 4 Error message returned to the caller package kubernetes.admission deny[msg] { input.request.kind.kind == "Pod" image := input.request.object.spec.containers[_].image not startswith(image, "verboten.com/") msg := sprintf("image '%v' comes from untrusted registry", [image]) } 1 2 3 4 18
  19. VSHN – The DevOps Company GitOps Auditability Container Registry Vulnerability

    Maintenance Immutability Logging Traceability Policy Management Enforceability Summaribility 19
  20. VSHN – The DevOps Company DevSecOps Container Registry Policy Management

    GitOps Maintenance Logging 20
  21. VSHN – The DevOps Company Preview release 0.1 soon! Call

    to Action vshn.ch/en/syn docs.syn.tools github.com/projectsyn 21
  22. VSHN – The DevOps Company Adrian Kosmaczewski, Developer Relations: VSHN

    AG – Neugasse 10 – CH-8005 Zürich – +41 44 545 53 00 – – Thanks! adrian@vshn.ch vshn.ch info@vshn.ch 22