SlideShare a Scribd company logo

Securing Windows workloads.pdf

L
LibbySchulze

This document summarizes a presentation about securing Windows workloads in a hybrid Kubernetes cluster. It begins with an overview of Calico and describes what a hybrid cluster is. It then discusses running Windows containers and the need to choose container base images wisely. The presentation covers how Calico can be used to secure Windows workloads by providing networking and policy enforcement capabilities. It concludes with information about demo environments and resources for working with Windows and Kubernetes.

Internet
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Securing Windows workloads Thursday, Jun 02, 2022
Your Speaker Today: ● Reza Ramezanpour - Developer Advocate @ Tigera (Project Calico)
Agenda ● Calico overview ● A hybrid cluster ● Windows workloads ● Securing Windows workloads ● Demo
Calico overview 01
https://projectcalico.org https://slack.projectcalico.org @projectcalico https://github.com/projectcalico/community https://discuss.projectcalico.org 6000+ Slack channel members 150+ Contributors 1,000,000+ Nodes powered by Calico every day
eBPF iptables HNS
Host Network Service
A hybrid cluster 02
© 2022 Tigera, Inc. Proprietary and Confidential 9 What is a hybrid cluster?
Β© 2022 Tigera, Inc. Proprietary and Confidential 10 ● Linux node (System) ● Windows Server 2019 or higher ● Kubernetes v1.21 or higher ● A CNI Hybrid environment (psst try Calico)
Windows workloads 03
Β© 2022 Tigera, Inc. Proprietary and Confidential 12 Windows Containers ● Run anywhere * ● Deploy at scale ● Lightweight * ● Isolated *
© 2022 Tigera, Inc. Proprietary and Confidential 13 Choose your base image wisely It can be lightweight Windows Server (ltsc2022+) ServerCore NanoServer 7GB+ 4.8GB+ 2.5GB+ 90M+
© 2022 Tigera, Inc. Proprietary and Confidential 14 Kernel Compatibility
© 2022 Tigera, Inc. Proprietary and Confidential 15 Isolation
Securing Windows workloads 04
Β© 2022 Tigera, Inc. Proprietary and Confidential 17 ● Networking ● Policy engine Securing workloads K8s Node Networking layer eth0 eth1 Network Foundation CNI
Demo (Azure Cloud) 05
Demo (On-premises) 06
Stuff used for the demo: https://github.com/frozenprocess/Tigera-Presentations/tr ee/master/2022-06-02.CNCF-securing-windows-workloa ds Do-It-Yourself Resources When things are not working: Github: https://github.com/frozenprocess Twitter: https://twitter.com/fr0zenprocess Linkedin: https://www.linkedin.com/in/rramezanpour/
Securing Windows workloads.pdf
academy.tigera.io
Follow us on: Kubernetes.io https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/adding- windows-nodes/ --- Calico for WIndows https://projectcalico.docs.tigera.io/getting-started/windows-calico/ --- AKS Netwokring https://www.youtube.com/watch?v=JyLtg_SJ1lo --- Kubernetes Windows (community) https://github.com/kubernetes-sigs/sig-windows-tools ---- containerd https://github.com/containerd/containerd --- Wincontiner workload https://github.com/frozenprocess/wincontainer Credits
Follow us on: Thank you!

More Related Content

PDF
CNCF Live Webinar 2023, 12 Apr - Exploring Kubernetes Windows HostProcess Ins...
LibbySchulze1
Β 
PPTX
GDSC EPITA Docker Presentation
ssuser540861
Β 
PDF
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Daniel Oh
Β 
PDF
Free GitOps Workshop
Weaveworks
Β 
PDF
[Global logic] container runtimes and kubernetes
GlobalLogic Ukraine
Β 
PDF
Cloud Native Applications on Kubernetes: a DevOps Approach
Nicola Ferraro
Β 
PDF
Jenkins x gitops
Jose Luis SΓ‘nchez Rebollo
Β 
PDF
E bpf and profilers
LibbySchulze
Β 
CNCF Live Webinar 2023, 12 Apr - Exploring Kubernetes Windows HostProcess Ins...
LibbySchulze1
Β 
GDSC EPITA Docker Presentation
ssuser540861
Β 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Daniel Oh
Β 
Free GitOps Workshop
Weaveworks
Β 
[Global logic] container runtimes and kubernetes
GlobalLogic Ukraine
Β 
Cloud Native Applications on Kubernetes: a DevOps Approach
Nicola Ferraro
Β 
Jenkins x gitops
Jose Luis SΓ‘nchez Rebollo
Β 
E bpf and profilers
LibbySchulze
Β 

Similar to Securing Windows workloads.pdf (20)

PDF
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
Β 
PDF
NVIDIA GTC 2019: Red Hat and the NVIDIA DGX: Tried, Tested, Trusted
Jeremy Eder
Β 
PPTX
Top 5 benefits of docker
John Zaccone
Β 
PDF
Docker London Meetup: Docker Engine Evolution
Phil Estes
Β 
PDF
Environment management in a continuous delivery world (3)
Victor Iglesias
Β 
PDF
Introduction to Containers
Dharmit Shah
Β 
PPTX
GitOps and Its tools.pptx
ShivlalSharma5
Β 
PPTX
GitOps and Its tools.pptx
ShivlalSharma5
Β 
PDF
Taking Docker to Production: What You Need to Know and Decide
Docker, Inc.
Β 
PDF
Taking Docker to Production: What You Need to Know and Decide
Bret Fisher
Β 
PDF
Developer workflow with docker
Lalatendu Mohanty
Β 
PPTX
The State of CI/CD Tooling in 2019
CloudOps2005
Β 
PDF
OpenStack Cinder - Victoria Release Update - 2020
Brian Rosmaita
Β 
PPTX
[20200720]cloud native develoment - Nelson Lin
HanLing Shen
Β 
PDF
Delivering a bleeding edge community-led openstack distribution: RDO
Chandan Kumar
Β 
PDF
WTF is GitOps & Why Should You Care?
All Things Open
Β 
PDF
WTF is GitOps and Why You Should Care?
Weaveworks
Β 
PDF
CHIPS Alliance_Object Automation Inc_workshop
Object Automation
Β 
PDF
Webinar: From Development to Production with Docker and MongoDB
MongoDB
Β 
PDF
8.cncf en
Juraj Hantak
Β 
Free GitOps Workshop (with Intro to Kubernetes & GitOps)
Weaveworks
Β 
NVIDIA GTC 2019: Red Hat and the NVIDIA DGX: Tried, Tested, Trusted
Jeremy Eder
Β 
Top 5 benefits of docker
John Zaccone
Β 
Docker London Meetup: Docker Engine Evolution
Phil Estes
Β 
Environment management in a continuous delivery world (3)
Victor Iglesias
Β 
Introduction to Containers
Dharmit Shah
Β 
GitOps and Its tools.pptx
ShivlalSharma5
Β 
GitOps and Its tools.pptx
ShivlalSharma5
Β 
Taking Docker to Production: What You Need to Know and Decide
Docker, Inc.
Β 
Taking Docker to Production: What You Need to Know and Decide
Bret Fisher
Β 
Developer workflow with docker
Lalatendu Mohanty
Β 
The State of CI/CD Tooling in 2019
CloudOps2005
Β 
OpenStack Cinder - Victoria Release Update - 2020
Brian Rosmaita
Β 
[20200720]cloud native develoment - Nelson Lin
HanLing Shen
Β 
Delivering a bleeding edge community-led openstack distribution: RDO
Chandan Kumar
Β 
WTF is GitOps & Why Should You Care?
All Things Open
Β 
WTF is GitOps and Why You Should Care?
Weaveworks
Β 
CHIPS Alliance_Object Automation Inc_workshop
Object Automation
Β 
Webinar: From Development to Production with Docker and MongoDB
MongoDB
Β 
8.cncf en
Juraj Hantak
Β 
Ad

More from LibbySchulze (20)

PDF
Running distributed tests with k6.pdf
LibbySchulze
Β 
PPTX
Extending Kubectl.pptx
LibbySchulze
Β 
PPTX
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
Β 
PDF
Fallacies in Platform Engineering.pdf
LibbySchulze
Β 
PDF
Intro to Fluvio.pptx.pdf
LibbySchulze
Β 
PPTX
Enhance your Kafka Infrastructure with Fluvio.pptx
LibbySchulze
Β 
PDF
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
Β 
PDF
Oh The Places You'll Sign.pdf
LibbySchulze
Β 
PPTX
Rancher MasterClass - Avoiding-configuration-drift.pptx
LibbySchulze
Β 
PPTX
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
LibbySchulze
Β 
PPTX
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
Β 
PDF
EnRoute-OPA-Integration.pdf
LibbySchulze
Β 
PDF
AirGap_zusammen_neu.pdf
LibbySchulze
Β 
PDF
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
LibbySchulze
Β 
PDF
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
LibbySchulze
Β 
PDF
CNCF_ A step to step guide to platforming your delivery setup.pdf
LibbySchulze
Β 
PDF
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
LibbySchulze
Β 
PDF
Securing Windows workloads.pdf
LibbySchulze
Β 
PDF
Advancements in Kubernetes Workload Identity for Azure
LibbySchulze
Β 
PDF
Containerized IDEs.pdf
LibbySchulze
Β 
Running distributed tests with k6.pdf
LibbySchulze
Β 
Extending Kubectl.pptx
LibbySchulze
Β 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
Β 
Fallacies in Platform Engineering.pdf
LibbySchulze
Β 
Intro to Fluvio.pptx.pdf
LibbySchulze
Β 
Enhance your Kafka Infrastructure with Fluvio.pptx
LibbySchulze
Β 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
Β 
Oh The Places You'll Sign.pdf
LibbySchulze
Β 
Rancher MasterClass - Avoiding-configuration-drift.pptx
LibbySchulze
Β 
vFunction Konveyor Meetup - Why App Modernization Projects Fail - Aug 2022.pptx
LibbySchulze
Β 
CNCF Live Webinar: Low Footprint Java Containers with GraalVM
LibbySchulze
Β 
EnRoute-OPA-Integration.pdf
LibbySchulze
Β 
AirGap_zusammen_neu.pdf
LibbySchulze
Β 
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigatin...
LibbySchulze
Β 
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Pr...
LibbySchulze
Β 
CNCF_ A step to step guide to platforming your delivery setup.pdf
LibbySchulze
Β 
CNCF Online - Data Protection Guardrails using Open Policy Agent (OPA).pdf
LibbySchulze
Β 
Securing Windows workloads.pdf
LibbySchulze
Β 
Advancements in Kubernetes Workload Identity for Azure
LibbySchulze
Β 
Containerized IDEs.pdf
LibbySchulze
Β 
Ad

Recently uploaded (20)

PDF
Behind the Smile Unmasking Ken Childs and the Quiet Trail of Deceit Left in H...
Kenneth Childs Exposed
Β 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
Β 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
Β 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
Β 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
Β 
PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
Β 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
Β 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
Β 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
Β 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
Β 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
Β 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
Β 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
Β 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
Β 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
Β 
PDF
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
Β 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
Β 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
Β 
Behind the Smile Unmasking Ken Childs and the Quiet Trail of Deceit Left in H...
Kenneth Childs Exposed
Β 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
Β 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
Β 
tcp ip networks nd ip layering assotred slides
pakadamfdp
Β 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
Β 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
Β 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
Β 
innovation process that make everything different.pptx
SoumyadipPaul18
Β 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
Β 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
Β 
SAP Ariba Sourcing PPT for learning material
NKKumar16
Β 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
Β 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
Β 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
Β 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
Β 
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
Β 
Internet___Basics___Styled_ presentation
poonam62133
Β 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
Β 

Securing Windows workloads.pdf