VSHN – The DevOps Company Pronounced ˈvɪʒn – like "vision" Founded 2014 Switzerland’s leading DevOps, Docker, Kubernetes, Rancher, OpenShift and 24/7 cloud operations partner First Kubernetes Certi ed Provider in 3
VSHN – The DevOps Company 42 VSHNeers 350+ di erent customers partners 1’500+ servers Di erent cloud providers On-premises 88’000+ services Some Figures 5
VSHN – The DevOps Company Pre-integrated set of tools to provision, update, backup, observe and react/alert production applications on Kubernetes and in the cloud. It supports DevOps through full self-service and automation using containers, Kubernetes and GitOps. 6
VSHN – The DevOps Company Automated service deployment with Backup of data with and GitOps with Secrets management with Monitoring and alerting with , and Bene ts for Developers Crossplane K8up Restic Argo CD Vault Prometheus Alertmanager Signalilo 8
VSHN – The DevOps Company Con guration management with , and with a hierarchical store Central cluster registry and inventory (including GitOps Git repository management) provided by , and Automated component maintenance with Policy control through Bene ts for Operations Commodore Kapitan Jsonnet Lieutenant API Lieutenant Operator Steward Renovate Open Policy Agent 10
VSHN – The DevOps Company All about auditability Based on Signed commits required for triggering changes Git commit history provides key information Who When What Con guration rollback 1. GitOps ArgoCD 13
VSHN – The DevOps Company All about vulnerability All images provided from a centralized repository Images validated by VSHN team Compatible with plain K8s & OpenShift Vulnerability scanning by default 2. Container Registry 14
VSHN – The DevOps Company All about immutability Based on Keep all systems up-to-date, continuously Matches tags with hashes to avoid spoo ng Integrated through manifests Central view of open maintenance pull requests 3. Maintenance Renovate 15
VSHN – The DevOps Company All about enforceability Based on (OPA project from the CNCF) Policies described in the Rego language "All images must come from this registry" "No images allowed with the :latest tag" "No image runs as root" Con guration policy enforcement 5. Policy Management Open Policy Agent 17
VSHN – The DevOps Company 1 Reject request and show error message msg if the conditions in the body are true. 2 Object being sought after 3 Condition that must never be true 4 Error message returned to the caller package kubernetes.admission deny[msg] { input.request.kind.kind == "Pod" image := input.request.object.spec.containers[_].image not startswith(image, "verboten.com/") msg := sprintf("image '%v' comes from untrusted registry", [image]) } 1 2 3 4 18