Resiliency by Design: Internal Platforms' Contributions to Cloud Stability

In today's complex enterprise environments, building and maintaining resilient data streaming platforms requires a strategic approach that empowers developers while ensuring security and operational efficiency. This presentation explores how Internal Developer Platforms (IDPs) can streamline development workflows, enhance application portability, and fortify your software supply chain, including the use of CNCF projects. We'll delve into: Internal Developer Platforms (IDPs): Understanding the core principles of IDPs and how they enable self-service infrastructure, reduce cognitive load for developers, and promote consistent development practices. Open Application Model (OAM): Leveraging OAM to define applications in a platform-agnostic way, separating application logic from infrastructure concerns. This promotes portability and simplifies management across diverse environments. Crossplane: Using Crossplane to extend your Kubernetes cluster and manage infrastructure resources (databases, message queues, etc.) directly from within your IDP, enabling a unified control plane for both applications and infrastructure. A key focus will be on building a hardened software supply chain: Melange, Apko, and Wolfi: Building minimal, secure container images using these next-generation tools. We'll discuss the benefits of reduced attack surface and improved image scanning results. Sigstore Project (Cosign, Fulcio, Rekor): Ensuring the integrity and authenticity of container images through signing and attestation. We'll demonstrate how to use Sigstore to sign images built from managed CI pipelines and push to jFrog Artifactory securely. Kubernetes Admission Control: Implementing KubeWarden, a Kubernetes admission controller, to enforce policies and verify image signatures before deployment, preventing the execution of untrusted code. Workload Attestation using SPIFFE: Using SPIFFE for workload attestations.