Graham Hayes
Infrastructure and Software Architect at Udemy.
Previously K8S contributor, OpenStack DNSaaS Lead and Technical Committee Member
Sessions
As part of our learning tools at Udemy, we allow students to access real cloud (AWS, Azure, soon GCP) accounts and boot real resources.
Obviously, in the age of cryptojacking, bot nets, and people looking to make a HackerOne bounty this is a risky proposition for us, and could be open to abuse, which combined with the major cloud providers billing data being 8-12 hours delayed could cause a lot of additional cost.
To help combat this, our team prototyped a "Digital Twin" style system based on audit events for resource creation & deletion. We will run through the successes, failures, and long term issues we ran into, and how this could be fixed in the longer term, and how (and why) we abused the K8S APIs to drive an event based system for it.