Open Source Summit Europe 2024

Almost seventy years ago, wilderness firefighters who reeled from major losses developed a set of rules with the goal of improving incident management. These rules came to be known as the "Ten Standard Firefighting Orders" and have been the authoritative way of preparing and training for critical operations. In this talk, Kerim explains how the systematic approach of these orders can be adapted to a software engineering context, with the ultimate goal of improving operational reliability and, in the case of an outage, limit damage to human operators and (IT) infrastructure.

ASML is building a self-service, multi-tenant data platform that enables teams to work independently on data products and applications. In a secure multi-tenant Kubernetes setup, tenants get an isolated view of the cluster, allowing them to deploy workloads independently of each other. Data sharing among tenants is governed by a global policy-based access control layer. Our challenge was to introduce a shared Kafka cluster into this setup, with proper tenant isolation and seamless integration with the global access control layer. We used Istio to enable zero-configuration authentication for Kafka clients operating inside the Kubernetes cluster. This allows Kafka authentication to be done with the Kubernetes-native tenant/namespace/serviceaccount idiom. A custom operator reconciles the tenant's topic definitions and topic access requests with the platform administrator's resource allocations and the global data sharing policy, and dynamically configures the right Kafka ACLs and resource quota.

As policy makers are rushing towards standardizing open source security best practices, it is critical to make sure that the standards developed to organize open source software development and mainteance are themselves open source-compatible. Why is this important? What makes a standard open source-compatible? What can we learn from previous efforts such as OpenStand and what can we improve? We'll cover this and more in this talk.

Are you interested in building distributed applications or microservice architectures, but don't know where to start? Join this session and learn how the Dapr building block APIs can make your life easier! Dapr, the Distributed Application Runtime, provides a set of common APIs that makes building microservices a breeze. As the 10th largest CNCF project, Dapr is used in production by companies like IBM, Alibaba Cloud & Microsoft and is a trusted OSS technology backed by a vibrant developer community. This code heavy session covers the most popular building blocks of Dapr: service invocation, pub/sub messaging and state stores. In addition, the built-in cross-cutting concerns such as resiliency, observability, and security are covered. Code samples & live demos will be provided in .NET and JavaScript. After this session, you'll have a good understanding how Dapr can help you build reliable distributed applications faster.

One of the greatest out of the box features of K8s is its auto-scaling capabilities, which has a naive implementation or more advanced scheduling capabilities through native tooling. However, both of these models are reactive and not proactive in nature. What if we could employ proactive event-driven scaling of our clusters?! Over our many years of cloud native operations at scale, with the right tools we could! Enter KEDA (AKA Kubernetes Event-Driven Autoscaling). KEDA was built to make just this type of intelligent auto-scaling possible - this includes everything from event-driven and predictable actions like scaling up and down for predictable bursts of usage or shutting down dev clusters during specific and non-working hours, to managing scaling based on your workloads and message queues, or even your APMs and based on the metrics it ingests. In this talk we’ll walk through auto-scaling on steroids with KEDA, how it can be supercharged through CRDs, and in particular the cluster-API which now makes it possible to provision, update, customize and delete K8s clusters declaratively––that together are a game changer when it comes to the infinite scale K8s makes possible.

For the modern computing architectures involving multiple independent workloads and following the zero trust model, it is important that the calls between the workloads be properly authenticated and authorized. SPIFFE/SPIRE does solve the authentication part; however, it does not take into account the request context and other dynamic data. A new Internet draft called Transaction Tokens has been adopted by the IETF OAuth Working Group, which addresses the authorization part. A transaction token is a short-lived, cryptographically signed, request-specific token obtained from the new Transaction Token Service in exchange for the external OAuth/OIDC access token and other context-dependent data. The token is then included into every inter-workload call, which guarantees that only non-spurious calls between the workloads can take place. From this talk, the attendees will learn about how Transaction Tokens work, how they help to make the internal perimeter more secure, how we implemented this upcoming specification using a customized version of Keycloak, what challenges we faced and how we solved them.

Learn how combining traditional NLP techniques with LLMs can solve 'hallucination' issues and create robust applications. This session offers practical insights into leveraging foundational NLP principles alongside advanced LLM technology. It's based on a business problem where the need is to craft technical content that directly tackles the key challenges customers encounter. Rather than wading through hundreds of public forum posts or customer complaints manually, why not harness the combined power of traditional, explainable Natural Language Processing (NLP) techniques integrated with the advanced language generation capabilities of Large Language Models (LLMs). This session will provide architecture and lessons learned in the journey to uncover insights from our users' feedback. Centered around a topic modeling use case, this session offers actionable insights that go beyond mere buzzwords. At the end the audience will learn how to leverage text analytics and the strengths of Open Source LLMs to tailor content that resonates with their audience's needs and pain points. Bonus points: This use-case architecture is completely automated using CI/CD principles.