rynowak

Threats

Spoofing requests to the validating webhook

Description: If a malicious actor could circumvent webhook authentication, they could send unauthorized requests.

Impact: The webhook performs validation only and does not mutate any state. It's unclear what the security impact would be of spoofing.

Mitigations:

rynowak

UDT Jobs-to-be-done

• See: https://jobs-to-be-done.com/jobs-to-be-done-a-framework-for-customer-needs-c883cbf61c90
• See: https://online.hbs.edu/blog/post/jobs-to-be-done-examples
• See: https://odette-jansen.notion.site/Jobs-to-be-done-Template-353da3c0a31e4aa9aded5d3058afa58c

Identify the Job

Scenario:

rynowak

Adaptive Leadership Notes

• 5/28/24
• Speaker: Britt Aylor

This is just an overview, the actual training is more involved.

Overview

There have been multiple waves of adaptive leadership, this isn't totally new.

rynowak

From Thomas in GH Issue: To deploy applications successfully, there are efforts that often go hand in hand with infrastructure provisioning and deployment. As we see more projects from the infrastructure space in our TAG and identified (at a poll at KubeCon) that we should get more active in this area, there should be first investigations if it makes sense to build a working group for such topics, if there are enough interested people in this and what the potential scope of the WG could be.

As the Cloud space and CloudNative has gotten more mature, there are increasingly complex hybrid environments that do not run solely within the cloud. This can be a mixture of on-prem physical infrastructure, public/private cloud, and Edge/IOT. Various end-users are adopting CloudNative practices to modernize their stack with different levels of maturity.

Modern cloud-native applications depend on a variety of software infrastructure such as Kubernetes clusters, virtual networks, database servers, API gateways, or mac

rynowak

CNCF Landscape + Radius

Context: assessing the CNCF landscape to understand where Radius could integrate and leverage other CNCF projects. The end goal is to drive adoption of Radius via reach into other user communities.

I'm using this query to navigate the landscape. This query filters out non-CNCF projects that are on the landscape as well as CNCF archived (abandoned). I'm including sandbox projects in the analysis, but giving them lower weight than more mature projects. Our goal is to drive adoption of Radius, and sandbox projects will not have a significant user community attached.

Of the projects on the landscape, I thought XXX of them deserved serious consideration and thought. For many projects, while they are valuable, are just not relevant to Radius (eg: OperatorFramework) For projects that could be relevant with an increased scope (eg: Copacetic or Buildpacks) I'm including them in their own section. I'm

rynowak

Radius Maintainers' Day 2024

Agenda

10:00: welcome and coffee
10:15->11:00: First session: Governance and CNCF process
11:00->11: 45: Second session: Radius OSS project retro + direction setting 
11:45->12:00: Break
12:00->12:30: Third session: Technical Strategy and Roadmap + Dapr

rynowak

Demo Script

Outline

• Intro
  • Talking points: customer conversations
  • Talking points: pain for developers because of manual processes and troubleshooting connectivity
  • Tell them what you're going to tell them.
• Show rad init
• Talking points: it's easy to setup my local development environment.

rynowak

Resource Groups

Radius endeavors to provide rich resource audit and lifecycle management features for all kinds of resources. Radius can help the whole organization reason about their applications, the architectures and dependencies of those applications, and the cloud infrastructure that runs those applications.

In particular we're inspired by the capabilities of ARM (Azure Resource Manager) and we're generalizing those features to apply to all clouds. The ARM feature that users consistently rate as valuable is resource groups. Resource groups provide a way to list related resources, and to perform operations like RBAC assignment on the list rather than individual resources. Users can use resource groups to organize, audit and bulk-delete resources with a related lifecycle. While we often market Radius with statements like "graphs are better than list", it doesn't mean that the list is obsolete - they serve an important mechanical purpose.

Our vision for resource groups in Radius/UCP is that they pr

rynowak

Radius & Kubernetes Interop

• Status: SUPER pending
• Author: Ryan Nowak (@rynowak)

Overview

To adopt Radius, we ask users to describe their application using Bicep and Radius' application model. Moving customer workloads to Radius' application model supports our strategy for the project, we're trying to evangelize a broadly-applicable cloud-native abstraction and then build multiple implementations of that abstraction. As the end goal: users that adopt Radius can seamlessly move between Kubernetes, on-premises platforms, and serverless hosting platforms provided by various clouds. Unfortunately migrating existing applications complicated and dangerous work. To make that worse, few customers actually need the kind of hosting platform portability we're planning, and we're a long ways off from building it. We believe that these factors explain much of the hesitation we're seeing from customers when they have experienced the problems that Radius is solving, but don't become enthusiastic a

rynowak

Community call demo 8/8

Prep

Visual aids:

• API documentation
• Example API calls
• Component Diagram: https://excalidraw.com/#json=ZJfVrRxsbu8JKwKlcoCdN,yHZc3JnQAqe6YCBSm6DTrg
• API sequence Diagram: https://excalidraw.com/#json=MR2eRoGYwnysDEiqVGGjY,1DQ3eqw1A_DR5M-z0waWrA