Technology Short Take 97
Published on 30 Mar 2018 · Filed in Information · 1008 words (estimated 5 minutes to read)Welcome to Technology Short Take 97! This Tech Short Take marks the end of an era (sort of); it’s the last Tech Short Take published while I’m a VMware employee (today is my last day; see here for more details). But enough about me—let’s talk some tech! This Short Take may be a bit longer than some, so buckle up.
Networking
- Vadim Eisenberg has two articles that describe how to integrate external services into an Istio service mesh. The first article covers integrating external web services; the second article discusses consuming external TCP services.
- Matt Oswalt tackles the topic of unit testing (specifically with regard to network automation) with a post on unit testing JunOS with JSNAPy.
- This is an older post (more than 2 years old), but as far as I can tell the concepts are still quite applicable. Sean Howard talks about using the NSX Service Compose to create a more elegant ruleset for enforcing security policy.
- Jérôme Petazzoni test drives AppSwitch, the “network stack from the future.” I also recently received an invitation to give AppSwitch a look, so stay tuned for my feedback as well.
- Chris Young shares some details on a little side project he did to show how to use the Arista eAPI to do dynamic VLAN assignment based on MAC address. While this specific use case may not be something worth implementing, the example of how to use eAPI from Python may prove useful for other use cases.
Servers/Hardware
- Thomas Maurer has a “first impressions” post on the Microsoft Surface Book 2. (I must admit I’ve been considering adding a Microsoft device to my collection.)
Security
- Nitsan Bin-Nun of Twistlock provides a deep dive on two recent (and severe) Kubernetes vulnerabilities. I definitely recommend reviewing this post and taking action to ensure your Kubernetes deployments are not at risk.
- Dan Walsh has a bit of a rant on SELinux and blocking access to the Docker socket.
- And while we’re discussing the Docker socket, the inimitable Jessie Frazelle shares some useful details on building container images securely on Kubernetes.
- And while I’m talking about Jessie Frazelle: check out her guide to running Tor Socks5 and Privoxy containers. (Yes, I know privacy and anonymity aren’t the same as security…work with me here.)
- If you’re running an etcd cluster, please make sure to secure access to it. Giovanni Collazo shares some disturbing information about unsecured etcd clusters.
- I’ve long said that if you’re going to use Docker, you need to exercise caution about blindly throwing some container on the “FROM” line of your
Dockerfile
. If you don’t know how that image was built, this is no different than downloading a compiled executable from the Internet and running it. (Good luck with that.) In any case, this is something that Tern is intended to help address.
Cloud Computing/Cloud Management
- William Lam has a series of posts on VMware Pivotal Container Service (PKS), which at the time of this writing was up to 4 posts in the series. William provides an overview in part 1, discusses client tools in part 2, reviews NSX-T integration in part 3, and actually kicks off the PKS installation with Ops Manager and BOSH in part 4.
- Gerald Venzi shows how to use Vagrant and VirtualBox to deploy a local Kubernetes cluster, using some Kubernetes support recently added to an Oracle GitHub repository of Vagrant boxes.
- Thorsten Hans walks through upgrading a Kubernetes cluster on AKS using the Azure CLI. I myself have done this a couple of times—it’s really straightforward.
- Trying to decide between GKE, AKS, and EKS? Tirumarai Selvan has a comparison.
- Richard Li discusses strategies for ingress in Kubernetes and the tradeoffs associated with each approach.
Operating Systems/Applications
- Eben Freeman shows how to integrate Istio, Envoy, and Honeycomb for detailed application statistics.
- Antonio Murdaca outlines how to use
kubeadm
to bootstrap a Kubernetes cluster with CRI-O (instead of Docker). I haven’t tried this myself yet—I’m waiting for CRI-O to get a bit more mature so that I don’t have to compile it from source (although this is an older article, so we might be there by now). - If I ever get my hands on a Windows 10 box (I’m seriously considering adding a Windows 10 box to my home office setup), I’m going to try this process. Hmmm…maybe I could install Windows 10 on my quad-proc Mac Pro, then run macOS virtualized on it…that might be something to try one day (as if I’ll ever have time for that!).
- Ansible 2.5 was recently released; check out this post detailing some of the new features and functionality.
- Dusty Mabe talks about using BTRFS snapshots to snapshot and rollback entire installations of Fedora, and (rightfully) mentions Atomic Workstation as a (probably) better alternative. Still, the idea is pretty cool.
- Flatcar Linux is a “friendly fork” of Container Linux (of CoreOS).
- Windows Server 2019 is now in preview (see this blog post), and will include Kubernetes support. Also see this VentureBeat article.
- Nick Joyce walks through a few tips to build more minimal Docker containers for Python applications.
- JJ Asghar provides some direct steps to getting PowerCLI 10+ working on Ubuntu Linux.
Storage
No links for you this time, but I’ll stay alert for something to include next time. If you have links you’d like to see included in the next Technology Short Take, send them my way!
Virtualization
Nothing this time around—it seems like all the “cool kids” are talking about cloud, containers, and Kubernetes these days! Don’t worry, though, I’ll keep my eyes peeled for some content to include here next time around.
Career/Soft Skills
- Finding yourself procrastinating more than usual recently? There can be a lot of different reasons; this post by Leo Babauta explores some reasons and some antidotes for procrastination.
- Guess I should’ve read this post by Greg Ferro on why you will never make serious money working for a startup before I took a job at a startup. (Oops! That’s a hint toward Monday’s announcement!)
It’s time to wrap up. Have a great weekend, everyone!