forked from KTH/devops-course
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
42 changed files
with
1,005 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Infrastructure as Code Using Salt | ||
|
||
## Names and KTH ID | ||
|
||
- Alexander Liu ([email protected]) | ||
- Jakob Ström ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 5 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
|
||
## Description | ||
Our demo will be of the CMT Saltstack. Our Demo will first introduce a brief overhead of some common configuration management tools and Saltstack's place among these. After this we will show Saltstacks flexibility in its features and its Event features. | ||
|
||
|
||
**Relevance** | ||
Our demo will showcase one of the alternatives to scalable configuration management tools, Saltstack (Salt), and how it shines in terms of customizability and flexibility. | ||
SaltStack has significant relevance to DevOps practices, as it provides tools that directly align with the core principles of DevOps: automation, collaboration, continuous delivery, and infrastructure management. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
|
||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Disaster Recovery using Terraform | ||
|
||
## Names and KTH ID | ||
|
||
- Linus Svensson ([email protected]) | ||
- Muhammadsodiq Nematjanov ([email protected]) | ||
|
||
## Deadline | ||
|
||
Week 5 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
|
||
|
||
## Description | ||
|
||
This demo will demonstrate mainly how terraform can be used as a strong tool for disaster recovery and creating Virtual Machines on Google Cloud Services, as well as how to create an infrastructure as desired using terraform. | ||
|
||
**Relevance** | ||
|
||
By automating recovery processes, organizations can improve resilience, efficiency, reliability, compliance, and customer experience. This is essential in today's fast-paced, technology-driven world, where downtime can have severe | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Creating Spotify playlist using Terraform | ||
|
||
## Names and KTH ID | ||
|
||
- Prerna Gupta ([email protected]) | ||
- Florian Jerome Immig ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 5 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
Using Terraform to create a Spotify playlist as an application of Infrastructure as Code (IaC) demonstrates how we can automate the management of infrastructure through code. This can then be transitioned to OpenTofu, an open-source Terraform fork, to highlight flexibility in tool choice within a DevOps pipeline. | ||
|
||
**Relevance** | ||
|
||
OpenTofu is a fork of Terraform that was created after HashiCorp, the company behind Terraform changed the licensing model. OpenTofu retains the same core functionality as Terraform but is community-driven and free from licensing restrictions. Transitioning from Terraform to OpenTofu for managing the Spotify playlist highlights the ability to switch tools without drastically changing the overall workflow. The configuration files remain largely the same, demonstrating tooling flexibility and the importance of open-source alternatives in DevOps environments. Using Terraform/OpenTofu to manage a Spotify playlist makes the process more collaborative. Anyone with access to the codebase can propose changes to the playlist, enabling more structured and transparent change management between teams. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Declarative Infrastructure with Terraform, NixOS, and Nomad | ||
|
||
## Names and KTH ID | ||
|
||
- Rafael Oliveira ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 5 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
As an organization's systems grow in breadth and complexity, it becomes paramount to have a single source of truth which can accurately document how the organization's infrastructure is organized, what services should be running where, and what state exists to be kept under consideration for, e.g., backups. Additionally, it is important that this information is sufficient to rebuild the entire network (or parts thereof), ideally in an automated manner and with the least friction possible. | ||
|
||
I intend to present a solution to this problem, which comprises a tight integration of three different tools, each of which specializing in declarative definitions at different levels: Terraform is used to provision machines and configure them, NixOS ensures their reproducibility and of the environment they provide, and Nomad handles runtime orchestration of jobs according to concrete specifications. | ||
|
||
This is the solution currently in use by KTH's Computer Science Chapter (Datasektionen), where I am responsible for all systems and overarching IT infrastructure. My plan for this demo is to showcase how one might introduce a new host running a new service (e.g., Vaultwarden), highlighting the different steps and considerations involved. The goal is not to explain how to set up the base declarative structure, but rather to demonstrate an incremental change that would be realistic in day-to-day operations and thus exemplify the benefits and quirks of using Infrastructure-as-Code. | ||
|
||
**Relevance** | ||
|
||
Reproducibility and centralized self-documentation are very attractive core tenets to a growing number of organizations, given the immense benefits they usually imply - this makes Infrastructure-as-Code (IaC) a very important concept to understand and keep in mind when considering different solutions and architectures. However, IaC is difficult to explain due to the multitude of parts involved, so one may sometimes find it hard to understand concretely how it works and what normal usage looks like. My demo strives to show a realistic example of how a professional might make use of IaC to assist them in their normal operations. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Kubernetes secrets with Sealed Secrets | ||
|
||
## Names and KTH ID | ||
|
||
- Amin Nouiser ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 6 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
Managing Kubernetes secrets can be challenging, especially when the infrastructure is defined in code in a public git repository. By default, Kubernetes secrets are only base64 encoded but not encrypted which is not sufficiently secure. Sealed Secrets is a tool that allows secrets to be encrypted by the developer and remain so until they reach the cluster. | ||
|
||
In this demo, I will begin by demonstrating how secrets can be distributed without Sealed Secrets to illustrate the security risk. I will then introduce Sealed Secrets and demonstrate how it solves this problem and makes the distribution more secure. | ||
|
||
**Relevance** | ||
|
||
This demo is relevant to DevOps as it addresses secure secret management in Kubernetes which is a key principle in DevSecOps. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# Assignment Proposal | ||
## Title | ||
Automating Private Dependency Management and Version Integration | ||
## Names and KTH ID | ||
- Chandni Rakhashiya ([email protected]) | ||
- Emir Catir ([email protected]) | ||
## Deadline | ||
- Week 6 | ||
## Category | ||
- Demo | ||
## Description | ||
In this demo, we will explore how to effectively manage private dependencies in web applications using Azure Artifacts. We will display how to store, publish, and manage packages securely within Azure Artifacts and automate its integration into applications. Additionally, we will demonstrate how to streamline version updates by integrating new version of dependency across multiple applications or environments. | ||
|
||
Relevance | ||
|
||
This topic directly addresses key aspects of dependency management by demonstrating how to securely manage private packages. This approach enhances control and efficiency in managing dependencies. By leveraging CI/CD, the process of handling version updates is automated and this ensures faster, more reliable updates. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Integrate RetireJS into Github workflow | ||
|
||
## Names and KTH ID | ||
|
||
- Olle Gunnemyr ([email protected]) | ||
- Sam Maltin ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 6 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
RetireJS is an open-source tool that can detect the use of JavaScript library versions with known vulnerabilities when developing a web application. By integrating the scan into a Github CI/CD pipeline via Github Actions, it would mitigate the risks from vulnerable libraries early in the Software Development Life Cycle (SDLC). Modifications/uses of RetireJS within Github for further security measures will also be demonstrated. | ||
|
||
_Relevance | ||
With the growing number of Javascript libraries on the web and Node.js applications, it is easier to unknowingly choose insecure libraries during development. Automating the vulnerability detection in the CI/CD pipeline by integrating RetireJS, would earlier mitigate the risks of security breaches from these vulnerable libraries, such as Cross-Site Scripting or Remote Code Execution attacks, and thus would be a relevant aspect within DevSecOps. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Using static analysis with SonarCloud to identify security flaws. | ||
|
||
## Names and KTH ID | ||
|
||
- Daniel Lai Wikström ([email protected]) | ||
- Rafael Bechara ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 6 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
We'll be showing how integrating SonarCloud with GitHub Actions can help developers automatically discover potential security flaws in their applications. Before the demo we'll set up a repo with GitHub Actions that automatically run a sonar scan upon pushing new code. | ||
|
||
During the demo we'll push some code with a security flaw such as not sanitizing user input which makes us vulnerable to XSS attack. We'll then show how this vulnerability fails the quality gate check. We’ll then show the analysis page that gives us information of where in the code the vulnerabilities are, how the vulnerabilities work and suggestions about how we can fix them. | ||
|
||
**Relevance** | ||
|
||
Using GitHub Actions for static code analysis upon pushing to a repo is a pretty textbook example of DevOps by facilitating Continous Integration through automatic testing upon source code changes. Since we're adding the capability of identifying security flaws to our DevOps workflow it's also relevant to DevSecOps. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Secure your git and CD pipeline with SOPS. | ||
|
||
## Names and KTH ID | ||
|
||
- Sina Khoraman ([email protected]) | ||
- Robin Eggestig ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 6 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
In this assignment we will demonstrate how to securely store sentitive files in git using SOPS: an open-source tool specially created for encrypting and decrypting the values in the configuration files of the software application that is being developed. We will first quickly showcase how passwords stored in configuration files can be a vulnerability. Then, we will quickly deploy SOPS and secure our CD pipeline. Our goal is to showcase how a simple script can greatly improve the security of the delivery process. | ||
|
||
In this demo we aim to demonstrate that the gap between "proper security" (e.g. using Vault and dynamic keys) and "no security" (storing passwords in files) can be filled with minimal effort. | ||
|
||
**Relevance** | ||
|
||
Implementing security mechanisms is itself an entire task. Especially in the starting phase, the focus is always put on functionality and features, and thus, security has a tendency to be left behind. That is at least until the application reaches a certain level of maturity where proper security becomes less of a feature and more of a requirement. But, until that happens, a lot of software is left defenseless in the face of potential attackers. Thus, even minimal security, such as encrypting the passwords in configuration files, can make a huge difference. It is then important that developers are at least aware of the potential solutions that could be implemented "in the meantime". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Using Semgrep to find vulnerabilities | ||
|
||
## Names and KTH ID | ||
|
||
- Viktor Fornstad ([email protected]) | ||
- Gustav Henningsson ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 6 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
We want to demo the static analysis tool called Semgrep. In the demo we will: | ||
- Connect Semgrep to a Github repo | ||
- Run Semgrep, with the basic rule-set, on the repo | ||
- Show and explain the information given by Semgrep | ||
- Create a custom rule that can be used with Semgrep | ||
We will also explain why it is important to use static analysis tools for DevSecOps. | ||
|
||
**Relevance** | ||
|
||
There are hundreds of different vulnerabilities that exist and it's therefor difficult for your average developer to know of and remember all of them. To know why and how to use static analysis tools to identify vulnerabilities is important to combat this problem. |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Assignment Proposal | ||
|
||
## Title | ||
|
||
Data Version Control for MLOps with DVC | ||
|
||
## Names and KTH ID | ||
|
||
- David Streuli ([email protected]) | ||
- Wenqi Cao ([email protected]) | ||
|
||
## Deadline | ||
|
||
- Week 7 | ||
|
||
## Category | ||
|
||
- Demo | ||
|
||
## Description | ||
|
||
In this demo, we will explore the importance of Data Version Control (DVC) in the context of Machine Learning operations (MLOps). We'll start by discussing the challenges associated with managing and versioning large datasets and ML models, especially when these assets need to evolve alongside the codebase to maintain project coherence and reproducibility. We'll introduce DVC, a powerful tool designed to handle data and model versioning seamlessly alongside code changes. We will demonstrate how to integrate DVC into the Continuous Integration/Continuous Deployment (CI/CD) pipeline, ensuring that changes in data and models are as traceable and manageable as changes in the application code. | ||
|
||
**Relevance** | ||
|
||
Data versioning is indispensable in the sphere of MLOps as it guarantees that changes to datasets and models are consistently applied across all stages of the development lifecycle. This approach enhances collaboration between data scientists and engineers, while also minimizing risks like data drift and model drift. By incorporating DVC into the MLOps pipeline, teams can then maintain reliable, reproducible workflows and safeguard the integrity of machine learning models as they scale. | ||
|
Oops, something went wrong.