Technology Short Take 91
Published on 8 Dec 2017 · Filed in Information · 907 words (estimated 5 minutes to read)Welcome to Technology Short Take 91! It’s been a bit longer than usual since the last Tech Short Take (partly due to the US Thanksgiving holiday, partly due to vacation time, and partly due to business travel), so apologies for that. Still, there’s a great collection of links and articles here for you, so dig in and enjoy.
Networking
- Amanpreet Singh has a two-part series on Kubernetes networking (part 1, part 2).
- Anthony Spiteri has a brief look at NSX-T 2.1, which recently launched with support for Pivotal Container Service (PKS) and Pivotal Cloud Foundry, further extending the reach of NSX into new areas.
- Jon Benedict has a brief article on OVN and its integration into Red Hat Virtualization; if you’re unfamiliar with OVN, it might be worth having a look.
- sFlow is a networking technology that I find quite interesting, but I never seem to have the time to really dig into it. For example, I was recently browsing the sFlow blog and came across two really neat articles. The first was on RESTful control of Cumulus Linux ACLs (this one isn’t actually sFlow-related); the second was on combining sFlow telemetry and RESTful APIs for visibility and control in campus networks.
- David Gee’s “network automation engineer persona” content continues; this time he tackles some thoughts around proof-of-concepts (PoCs).
Servers/Hardware
- Frank Denneman (with an admittedly vSphere-focused lens) takes a look at the Intel Xeon Scalable Family in a two-part (so far) series. Part 1 covers the CPUs themselves; part 2 discusses the memory subsystem. Both articles are worth reviewing if hardware selection is an important aspect of your role.
- Kevin Houston provides some details on blade server options for VMware vSAN Ready Nodes.
Security
- The security of Kubernetes is coming under greater scrutiny, as would be expected as adoption (and attention) increases. Josselin Costanzi discusses the security problems with Kubernetes as deployed via
kops
. - In a somewhat backwards manner, I first stumbled upon this list of sites that have third-party “session replay” scripts that could potentially exfiltrate sensitive customer data. The list was quite surprising, to be honest; there were some sites on the list that I didn’t expect to see. It was only after reviewing this list that I decided it would probably be a good idea to read the associated blog post that explains the list. Let’s just say this: after reading it, I went back to reconfigure my ad-blocking and tracker-blocking plugins.
Cloud Computing/Cloud Management
- The Cloud-Native Computing Foundation (CNCF) and the Kubernetes community introduced the Certified Kubernetes Conformance Program, and the first announcements of certification have started rolling in. First, here’s Google’s announcement of renaming Google Container Engine to Google Kubernetes Engine (making the GKE acronym much more applicable) as a result of its certification. Next, here’s an announcement on the certification of PKS (Pivotal Container Service).
- Henrik Schmidt writes about the
kube-node
project, an effort to allow Kubernetes to manage worker nodes in a cluster. - Helm is a great way to deploy applications onto (into?) a Kubernetes cluster, but there are some ways you can improve Helm’s security. Check out this article from Matt Butcher on securing Helm.
- This site is a good collection of “lessons learned from the trenches” on running Kubernetes on AWS in production.
- I have to be honest: this blog post on using OpenStack Helm to install OpenStack on Kubernetes with Rook sounds like a massive science experiment. That’s a lot of moving pieces!
- User “sysadmin1138” (I couldn’t find a mapping to a real name, perhaps that’s intentional) has a great write-up on her/his experience with Terraform in production. There’s some great information here for those of you thinking of (or currently) using Terraform to manage production workloads/configurations.
Operating Systems/Applications
- Michael Crosby outlines support for multi-client support in containerD.
- Speaking of containerD, it just recently hit 1.0.
- This is a slightly older post by Alex Ellis on attachable networks, which (as I understand it) enable interoperability between declarative workloads (deployed via
docker stack deploy
) and imperative workloads (launched viadocker run
).
Storage
- VMware’s Cloud-Native group discussed some recent updates to Project Hatchway, an effort to bring expanded support for persistent storage into cloud-native platforms such as Kubernetes. It’s nice to see that CSI support is also in the mix.
- J Metz has an outstanding “deep in the weeds” discussion on how flash memory avoids data loss. Good stuff.
Virtualization
- The “blurring” between VMs/hypervisors and containers/container daemons continues; for one example, see this recent article by Docker discussing Linux containers on Windows (LCOW).
- Alan Renouf discusses the ability to manage VMware Cloud on AWS (VMC) using the latest release of PowerCLI (version 6.5.4).
- William Lam (with some help from Anthony Burke) outlines how to move ESXi hosts with LACP/LAG between vCenter Servers.
- John Slack describes how to copy files into a Hyper-V VM using Vagrant by using a feature of the Hyper-V provider known as the guest service interface.
Career/Soft Skills
- Pat Bowden discusses the idea of learning styles, and how combining learning styles (or multiple senses) can typically contribute to more successful learning.
- I also found some useful tidbits on learning over at The Art of Learning project website.
That’s all for now (but I think that should be enough to keep you busy for a little while, at least!). I’ll have another Tech Short Take in 2 weeks, though given the holiday season is nigh upon us it might be a bit light on content. Until then!