 Hi and good evening everyone, I am Atul and I'm going to be talking about Parallus which is a CNCF sandbox project and the whole idea of building Parallus was to enable zero trust access for Kubernetes resources. I'm sure whenever we are dealing with Kubernetes we know that access management is a critical thing and often gets complex. What happens is that while it provides RBAC out of the box especially when you are scaling and when you have a lot of users, a lot of resources that come into play it becomes really difficult to manage all the permissions because you can lead into issues like free permissions roaming around. For example, you had a team and people move, there's a churn in the team then it becomes difficult to manage those permissions and track those permissions and who has what access and I think that's where zero trust as a principle comes in very handy and Parallus is one project that gives you RBAC but with zero trust access built in. One of the things that Parallus does great is just-in-time access management. So by tradition what happens in Kubernetes is you define roles, you define permissions, you define users and then you assign these things to them but one of the things that Parallus gives you out of the box is just-in-time access management plus it also allows you to mix and match your roles and permissions that you need. So you can create your own role, you can mix and match permissions whatever you need, you need to provide. We have a certain set of permissions that are provided by default and then after that you can add your own permissions that you want and assign it to the roles that you need. Also since this is just-in-time by default zero trust is embedded in it so by default if anyone tries to access obviously they don't have access to it. So it all happens just-in-time. Outside of that what it also does is it enables you to use your existing SSO. So currently it has support for GitHub, GitLab, Google and Microsoft I guess but apart from that if you have any other SSO third-party SSO that you're using something like a key clock you can easily integrate Parallus with it so it will keep everything whatever you have existing and you can just bring in any other SSO that you want and then you can manage resources from cluster level to the user level as well and you know you can again like I said you know it gives you control access using pre-configured roles so there are certain roles that we have given and everything in Parallus revolves around projects so you essentially create a project and within a project you import a cluster and then that's where that's when you start assigning permissions to users to a particular project and that's when they start interacting with your cluster as in when that is required. So how Parallus actually works so this is a very high-level overview of what Parallus is and what it does so if I have to keep it in very simple words it's a proxy that acts in the in the middle whenever any request is sent to your Kubernetes clusters what it does is that internally it uses Ory Kratos for identity management and it uses Casbin for admission policies so on the left hand side you can see you know developers DevOps QA so these are the people who will interact with your clusters sorry they interact with Parallus and this can be done in multiple ways so Parallus gives you a dashboard it also gives you a command line tool with which you can you know access your clusters you can configure it in your CI CD pipelines and on the other side you have all the cloud infrastructure cloud providers that are present so if you have any Kubernetes clusters irrespective of where it is you can bring them on to Parallus without poking any holes in your firewall so I don't have much time to dig deep into the architecture but what we do here is we have created something called as a relay so it has two components one is a relay server and other is a relay client so the relay client is put on all these you know clusters that we are trying to onboard and that is the one that communicates with the relay server so it essentially eliminates the need for a firewall the need for you know poking or configuring your firewall to give access to Parallus to your cluster so I think that's that's a very easy stuff on Parallus whenever you know you want to onboard a particular cluster and if I have to talk about the journey so the first release of Parallus was done in august 22 and then we submitted it to cncf in july 2022 and then December it was onboarded as a cncf sandbox project and since then we have had nine releases it's actively maintained by a four five office I'm the only one over here one of my colleagues he wasn't able to make it and then in the latest release we have implemented cosine as a requirement from the cncf to you know to maintain the health of the project and apart from that we have also enabled health checks so the Parallus dashboard that is provided what happens is whenever you are onboarding a cluster previously you wouldn't know whether your connection is broken with your cluster so you know you essentially had to run some commands run kubectl go go into the logs of relay server and see if the connection is working or not as expected and whether your cluster is actually connected to Parallus or not but now we have implemented health checks so the moment you log into the Parallus dashboard you will be able to see whether your cluster is actually connected to Parallus or not and if there are any issues or not so these are a couple of things the couple of latest features that you know we have added in the releases apart from that we have been present at a couple of events as well so we were there at kubectl where we had a virtual booth so we did a virtual you know talk hours with that at kubectl we had a physical booth and then we did a couple of talks at kcd pakistan and kcd bangalore as well this year we just have this lightning talk but then i am around and there are a couple of users who are using Parallus so you know we can surely interact and if you want to learn more about Parallus these are the github you know github github profile the website and twitter so you know if you want to get started with Parallus we have guides for working with different environments that you have so if you are running a mini cube cluster or if you are running an azure or if you are running an eks we have one click not one click but we have you know very easy to follow guide for each of these if you are on digital ocean we have Parallus available on the marketplace as well so if you want to try out Parallus and if you have a digital ocean account just go ahead and you know look for Parallus in the marketplace one click installation and you will get access to Parallus and we are open to contributions there are some open issues on the UI as well as on the back end and the relay side so if you are someone who is good at go and want to contribute please feel free to check out the open issues and help us you know build the project and take it further so yeah that's all i had that's my time thank you so much