Secrets Management at Scale with Vault & Rancher 24. June Robert de Bock Senior DevOps Engineer Adfinis robert.debock@adfinis.com Kapil Arora Senior Solution Engineer HashiCorp kapil@hashicorp.com Infrastructure Management (Run & Manage) GitOps Continuous Delivery Cluster Templates & Config Enforcement K8s Version Management Node Pool Management Cluster Provisioning & Lifecycle Management Platform Google GKE Cloud Datacenter Edge Branch Dev Secret Management in Kubernetes 16 17 18 Secret Management Challenges ● Secrets sprawl ● Secrets rotation ● X.509 certificates, SSH and Cloud access

Kubernetes Secrets Agenda • K8s Secrets: Overview • TEE-based K8s Secrets Protection: Solution • Production Experience @ Ant Group • Demo • Summary & Plan K8s Secrets: Overview Background: K8s Secrets Cluster Provider KMS Encryption Provider Background: K8s Secrets • Encryption Keys stored on API Server • Secrets encrypted prior to storage in etcd • Secrets decrypted on API Server prior to use • Encryption Encryption keys stored in a remote KMS • Use envelope encryption scheme • DEK & KEK Motivation: K8s Secrets Protection • Performance & latency • Network • Security • DEK in the clear in memory • Secret

Jason Turner @le�icus emptycrate.com/idocpp 1Copyright Jason Turner @le�icus emptycrate.com/idocpp Secrets of Scripting Bindings for C++ 2 . 1Copyright Jason Turner @le�icus emptycrate.com/idocpp Jason com/le�icus/5d94357725413dce5005b0b1b7f77836 25 . 8Copyright Jason Turner @le�icus emptycrate.com/idocpp Secrets of Scripting Bindings for C++ 26 . 1Copyright Jason Turner @le�icus emptycrate.com/idocpp Jason

GPU Resource Management On JDOS 梁永清 liangyongqing1@jd.com 提供的服务 1. 用于实验的 GPU 容器 2.基于 Kubeflow 的机器学习训练服务 3.模型管理和模型 Serving 服务 Experiment Training Serving 均基于容器，不对业务方直接提供 GPU 物理机 GPU 实验 JDOS 常规的容器服务

Node Operator: Kubernetes Node Management Made Simple 陈俊(Joe), Ant Financial Agenda • Background and Motivation • Introduction of Operators • Node-Operator • Advanced Topic: • Upgrade Master & Node Components reliably • Canary Rollout • Master & Node Component Versions Management Motivation: Work Order Deployment Worker Order • Upgrade Nodes Versions • Upgrade Node 10.10 Complicated architecture Work order deployment system can not meet the requirements of resource management. Operator Observe Action Analyze • Observe: watch desired resource and actual resource

1October 3, 2023 2 Libraries: A First Step Toward Standard C++ Dependency Management Bret Brown, C++ Infrastructure Lead, Bloomberg Bill Hoffman, CTO, KitwareHello! Welcome! Bret Brown C++ Infrastructure portable as the code they contain! ● ✓ Projects should be “cattle,” not “pets”! 7Why dependency management? 8Consensus: Managing dependencies == way too hard Q: Which of these do you find frustrating names: jsonlogConfig.cmake Jsonlog-config.cmake # ... CMake gives you some dependency management tips here ... 13 Aside: Coloring and bolding added for emphasisMotivation: What would we design

Turtles all the way down: securely managing Kubernetes secrets with secrets Alexandr Tcherniakhovski, Google Cloud Maya Kaczorowski, Google Cloud Nov 14 2018 Turtles all the way down Turtles @MayaKaczorowski Protecting secrets What’s a secret? Credentials, configurations, API keys, and other small bits of information needed by applications at build or run time Why protect secrets? ● Attractive target in public storage buckets Secret management requirements Identity Require strong identities and least privilege Auditing Verify the use of individual secrets Encryption Always encrypt before

Processing and Analytics Vasiliki (Vasia) Kalavri
 vkalavri@bu.edu Spring 2020 2/25: State Management Vasiliki Kalavri | Boston University 2020 Logic State <#Brexit, 520> <#WorldCup, 480> key of the current record so that all records with the same key access the same state State management in Apache Flink 5 Vasiliki Kalavri | Boston University 2020 Operator state Keyed state State state is stored, accessed, and maintained. State backends are responsible for: • local state management • checkpointing state to remote and persistent storage, e.g. a distributed filesystem or a database

Ov Over erview view Casdoor is a UI-first Identity Access Management (IAM) / Single-Sign-On (SSO) platform based on OAuth 2.0, OIDC, SAML, and CAS. Casdoor serves both the web UI and the login requests separate architecture, developed by Golang. It supports high concurrency, provides a web-based UI for management, and supports localization in 10+ languages. 2. Casdoor supports third-party application login and it supports extending third-party login with plugins. 3. Casdoor supports authorization management based on Casbin. It supports ACL, RBAC, ABAC, and RESTful access control models. 4. Casdoor provides