Open Source Summit Europe 2024

In the realm of sustainability, grassroots initiatives often emerge as powerful catalysts for change, driven by the collective wisdom of practitioners. Enter Impact Framework, an open-source tool designed to quantify the environmental impact of software. It takes observations you can easily gather from running systems such as CPU utilization, page views, installs, and prompts, and induces them into environmental impacts like carbon, waste, and water. Drawing parallels to the evolution of open-source software, Impact Framework embodies the ethos of openness—open source, open standards, and open data—as the bedrock of its mission. In this talk, I'll explain the history of Impact Framework and its core concepts and take the audience through a live exercise to demonstrate how to use it to measure the environmental impacts of a piece of software. As we embark on this journey, we echo the sentiment of our community: to do for sustainability what open source did for software—a seismic shift rather than a mere agreement. Join us as we explore the transformative power of open-source principles in driving sustainable impact at scale.

Modern cloud-native applications are frequently distributed across multiple Kubernetes clusters or virtual machines. But what exactly are the requirements for securing communication among these cloud native applications? Is encryption alone sufficient? Do applications require unique identities? How can we ensure the integrity of our applications' data? Do we need to control who can access what? And what are the considerations when dealing with multi-cluster environments? This presentation will explore the essentials of securing application communications within a zero-trust architecture framework. Lin will explain how mutual TLS (mTLS) meets these requirements through its handshake and record protocols. Moreover, she’ll demonstrate live how you can implement mTLS for applications by simply labeling their namespaces, without any restart of applications or sidecars using Istio's ambient mesh.

eBPF has become something of a buzzword recently, but why is it being used in so many tools for observability, security and networking? What does it bring that other approaches don't offer? How can you leverage the power of eBPF in your organization? Join this session to learn from the creators and maintainers of leading open source eBPF projects about how this kernel technology enables high-performance, scalable cloud infrastructure tools.

One of the most powerful aspects of Kubernetes is its extensibility. But with flexibility comes complexity. Deploying Kubernetes add-ons extend its functionality, but with most platform engineers managing and maintaining multiple clusters across different environments comes the pain. Giving a breather to platform administrators will allow them to be more productive and creative, while enabling them to perform deployments easily, quickly and reliably. From a small home lab to large-scale production environments, keeping up with Kubernetes add-ons deployment and management in a consistent, reliable, and maintainable manner can be like trying to find Nemo on the CNCF landscape. In this engaging session, we will demonstrate: - How smoothly Flux synchronises Kubernetes resources - How to use different add-on formats, including Helm charts, raw YAML/JSON highlighting the Lua language template creation for advanced deployments and logical application - How to deploy Cilium as a CNI - How to deploy Kyverno policies to clusters based on their scope as templates Attendees will learn a new, easy and creative way of deploying applications whether on-prem or in the cloud.

The fine-grained nature of cloud native deployments requires fine-grained authorization at each component. However, this may require security policies to be centrally defined and the configurations reflecting them to be defined in each microservice to enable uniform, consistent enforcement across the entire system which is hard to model and maintain. OpenFGA is an open source solution to Fine-Grained Authorization that applies the concept of Relationship-based access control (ReBAC) where a subject's permission to access a resource is defined by the presence of relationships between those subjects and resources. It was designed for reliability and low latency at a high scale. This talk will offer an overview of OpenFGA, ReBAC and its advantages over more traditional RBAC and ABAC in the context of Zero Trust.