Nixing challenges of Kubernetes packaging with Nix
Software supply chain management (SSCM) systems should provide software bill of materials (SBOM) and auditability as well as scanning for vulnerabilities and licensing conflicts. Furthermore, it should offer flexible configuration options and the ability to define comprehensive specifications e.g. for regulatory compliance and every change should undergo a quality assurance (QA) process. These requirements are addressed by Nix, a functional language and package manager allowing to create reproducible, declarative, and reliable builds. We present a packaging of Kubernetes manifests based on Nix and show how this enrichs the features of SSCM and improve reliability and operational safety.Vorkenntnisse
The audience should have basic knowledge of the Kubernetes API and be familiar with managing Kubernetes workloads. Experience with package management systems and software supply chain is helpful, as well as structured data formats and functional programming languages.
Lernziele
This talk shows the advantages of packaging Kubernetes manifests. These result in higher transparency of software supply chain management (SSCM) and a potential enrichment of its feature sets. Furthermore, we demonstrate potential improvements in reliability and operational safety. The presented concept is part of the SSCM and system development life cycle (SDLC) product by SysEleven, which will be published under a FOSS license.
Speaker
Arik Grahl is a Berlin-based DevOps engineer with more than 10 years of
experience in full-stack development and operation of infrastructure on bare metal. He is currently developing Golang applications, which are close to Kubernetes and other technologies from the cloud native environment. He enjoys being engaged in the Nix ecosystem.