Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

Technology Short Take #86

Welcome to Technology Short Take #86, the latest collection of links, articles, and posts from around the web, focused on major data center technology areas. Enjoy!

Networking

  • Csilla Bessenyei has a series of articles on step-by-step automation that you might find helpful. I found the articles at step 5, the benefits of Git for network engineers, but the previous four articles also look helpful.
  • James Governor provides a useful explanation of a service mesh in the context of Istio and Linkerd; this is helpful for those of you out there who’ve heard the terms/names but haven’t had time to really dig in and understand what’s happening here.
  • Speaking of service mesh: a couple related articles passed across my desk(top) recently. The first of these is an article on using Traefik with Kubernetes and Let’s Encrypt (throwing in a Consul back-end for the fun of it). The second is this post on Istio plus Linkerd, which talks about how to use Linkerd in conjunction with Istio to build a service mesh. (Do I need to talk about how understanding a service mesh is a good thing for networking professionals? That might be a good blog post topic right there!)

Servers/Hardware

  • Werner Ruegg has a post on an alternative hardware solution for vSphere home labs.

Security

  • RedLock shares some guidelines around AWS access key deletion (in the event that an access key gets compromised). Given the increasing reliance on AWS, good security posture is a must.
  • Here’s a handy CLI tool for working with AWS IAM configurations.
  • Moritz Heiber of ThoughtWorks has a veritable treatise on using AWS with security as a first-class citizen. There is a wealth of information in this lengthy post. I think I’m going to have to read it multiple times just to digest all the information here.
  • Andson Tung shares how a Dirty Cow container exploit sticks around even after the container is destroyed. Good reason to make sure your systems and your images are patched!

Cloud Computing/Cloud Management

  • Diego Roberto dos Santos (via Fedora Magazine) shared a simple but useful trick for combining some Bash shell programming and the AWS CLI to upload the same SSH key to a list of AWS regions. I think this is a useful tip, though I will point out that someone on Twitter commented that this felt like using the same password everywhere. It’s up to you to decide whether this is a security risk or not.
  • Microsoft’s Azure team is doing some very interesting (in my opinion) things. First, there is July’s announcement of Azure Container Instances (ACI), which—as far as I’ve been able to tell—leverages hypervisor isolation for containers while offering Container-as-a-Service (CaaS) functionality. Add to that an ACI connector for Kubernetes that allows Kubernetes to use ACI underneath, and then add to that a CNI plugin to allow containers to connect to Azure VNETs. This is definitely something I’d like to explore further.
  • Here’s a new acronym I just coined: YAKD. It stands for Yet Another Kubernetes Deployer, and I thought this up after finding this article on kube-spawn, a tool for starting up a local multi-node Kubernetes cluster (primarily for testing and development). I guess it’s not really fair of me to make this statement, given that kube-spawn is focused on local Kubernetes clusters for testing and development. It does seem, though, that Kubernetes deployment tools abound.

Operating Systems/Applications

  • Here’s how to run Steam in a systemd-nspawn container.
  • Toni Willberg provides a set of instructions for running Fedora 26 on Azure.
  • Shawn Hartsock shows how to build SSHFS on Photon OS.
  • Jeff Geerling—author of Ansible for DevOps—has a post on how various Ansible configuration files may conflict with one another.
  • Need a comparison of CloudFormation versus Terraform? No worries, Andreas Wittig has you covered. (Personally, I’m a Terraform fan.)
  • The Open Containers Initiative (OCI) has finally released version 1.0 of its Runtime Specification (for building a container runtime) and Image Format Specification (for container images). It will be interesting now to see what (if anything) Docker does in response.

Storage

Nothing this time around. Feel free to submit something for inclusion in the next Technology Short Take.

Virtualization

  • Emad Younis has a three-part series (so far) on vSphere 6.5 upgrade considerations (part 1, part 2, and part 3).
  • Did you catch the official announcement about the future of vCenter Server for Windows? Martin Yip has all the details here.

Career/Soft Skills

  • Julia Evans has a few nice tips on learning at work.
  • A number of folks have recently been jumping on the “static site” movement, moving away from WordPress and other platforms in favor of static site generators such as Jekyll or Hugo. Cody De Arkland is one, having recently migrated his blog from WordPress to Hugo. Grant Orchard also recently migrated to Jekyll as well. I love how folks are using these migrations as a vehicle for expanding their skill sets.

That’s it for now. Next week is VMworld in Las Vegas, NV, and I’ll be there live-blogging the keynotes (no sessions though, unfortunately—VMware employees generally can’t get into sessions). However, I’ll be around, so be sure to look me up if you’re going to be there. Thanks for reading!

Metadata and Navigation

Be social and share this post!