Technology Short Take 99
Published on 11 May 2018 · Filed in Information · 794 words (estimated 4 minutes to read)Welcome to Technology Short Take 99! What follows below is a collection of various links and articles about (mostly) data center-related technologies. Hopefully something I’ve included will be useful. Here goes!
Networking
- David Gee makes the connection between coffee and network automation. No, really. It’s worth reading.
- Matt Oswalt, one of the co-authors of our recently-released network automation book from O’Reilly, recently tackled the topic of running Kubernetes with Tungsten Fabric (formerly known as OpenContrail). A network engineer using AWS and CloudFormation? Yep, get used to it folks—it’s where the industry is headed.
- Vince Power provides a high-level overview of some of the key principles underlying Kubernetes networking.
Servers/Hardware
Sorry, I don’t have anything for you. Feel free to send me links you’d like me to consider for inclusion in the next Tech Short Take!
Security
- Mike Foley talks about new support for Virtualization Based Security (VBS) and Credential Guard in vSphere 6.7.
- Chris Short examines some of the security-related aspects of the adoption of containers.
- The Kubernetes community reflects on fixing the subpath volume vulnerability in Kubernetes.
- Michael Ducy of Sysdig outlines a configuration combining Sysdig Falco, NATS, and Kubeless for “active Kubernetes security.” While the post is clearly Sysdig-oriented (as would be fully expected), it’s also cool to see how powerful the assembly of various open source projects can be.
Cloud Computing/Cloud Management
- Trond Hindenes shares a bit on how his company is using Traefik as a Kubernetes ingress controller for both internal and external traffic.
- Typhoon, which describes itself as a “free and minimal Kubernetes distribution,” has announced support for Typhoon on Fedora Atomic systems.
- I haven’t tried it yet, but Click looks somewhat interesting.
- You may have noticed that Rancher Labs recently announced the GA of version 2.0 of Rancher. Check out the announcement blog post for more details.
- Alen Komlien discusses the idea of a Kubernetes descheduler. My take: “static” scheduling that occurs at the start of a pod’s lifecycle is useful (and Kubernetes is doing reasonably well here), but “dynamic” scheduling that accounts for a greater portion of the pod’s lifecycle and the infrastructure underneath it is even more powerful. This is a lesson VMware learned years ago with Distributed Resource Scheduler (DRS).
- This is a pretty in-depth article (to me, at least), but it did help me better understand Custom Resource Definitions (CRDs) and the role of controllers in Kubernetes.
Operating Systems/Applications
- Robert Paprocki of Kong discusses how to design a scalable rate limiting algorithm, then proceeds to show how the Kong API gateway could be used to implement such an algorithm.
- As the use of APIs for everything increases, API tools like Postman become ever more useful—like this example of using Postman to audit AWS infrastructure.
- Thomas Graf explains why the Linux kernel community is replacing
iptableswith BPF. He gives a great overview of BPF along the way, so if you’re unfamiliar with BPF this may be a good read. - This practical introduction to container terminology by Scott McCarty has a decidedly “Red Hat” feel to it, but is otherwise useful for folks who are new to the container space and need some terminology defined for them.
- Brendan Burns uses the term “serverless” in a slightly different way than it is commonly used; in this article, he seems to use the term to refer primarily to “container-as-a-service”-type offerings—like Azure Container Instances (ACI) or AWS Fargate—instead of the more common link to functions-as-a-service. Along the way, he explains the virtual kubelet project as well, so if you’re unfamiliar with that effort this article will help.
Storage
Nothing this time around, but I’ll see what I can find to include next time!
Virtualization
- Nigel Poulton’s quick review of gVisor (see his thoughts here) confirms my prediction some time ago that the lines between “VMs” and “containers” will continue to blur, and that we’ll see a spectrum of isolation options emerging. Which isolation option should you use? Well, that will depend on what you’re trying to achieve, right? Right?
- William Lam discusses the new MAC learning functionality present in vSphere 6.7 which addresses some of the overhead of nested ESXi configurations.
Career/Soft Skills
- Last week while at Interop ITX, I chatted with Keith Townsend regarding my recent career shift. If you’ve been wondering about why I made this shift, give the video of our chat a look, and then feel free to hit me up on Twitter.
- And speaking of career shifts, you might find Massimo’s recent introspection of his first 6 months at AWS to be informative as well.
OK, that’s it for now. As always, feel free to hit me up on Twitter if you have questions or suggestions for links I should consider including in future Technology Short Takes. Here’s hoping you found something helpful!