Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take 109

Welcome to Technology Short Take #109! This is the first Technology Short Take of 2019. It may be confirmation bias, but I’ve noticed of number of sites adding “Short Take”-type posts to their content lineup. I’ll take that as flattery, even if it wasn’t necessarily intended that way. Enjoy!

Networking

  • Niran Even-Chen says service mesh is a form of virtualization. While I get what Niran is trying to say here, I’m not so sure I agree with the analogy. Sometimes analogies such as this are helpful, but sometimes the analogy brings unnecessary connotations that make understanding new concepts more difficult. One area where I do strongly agree with Niran is in switching your perspective: looking at service mesh from a developer’s perspective gives one quite a different viewpoint than viewing service mesh in an infrastructure light.
  • Jim Palmer has a detailed write-up on DHCP Option 51 and different behaviors from different DHCP clients.
  • Niels Hagoort talks about some network troubleshooting tools in a vSphere/ESXi environment.

Servers/Hardware

Nothing this time around, but I’ll stay alert for items to include next time.

Security

Cloud Computing/Cloud Management

Operating Systems/Applications

  • Jorge Salamero Sanz describes how to use the Sysdig Terraform provider to do “container security as code.” I’m a fan of Terraform (despite some of its limitations), so it’s kind of cool to see new providers coming online.
  • OS/2 lives on. ‘Nuff said.
  • This project purports to help you generate an AWS IAM policy with exactly the permissions needed. It’s a bit of a brute force tool, so be sure to read the caveats, warnings, and disclaimers in the documentation!
  • I do manage most of my “dotfiles” in a Git repository, but I’d never heard of rcm before reading this Fedora Magazine article. It might be something worth exploring to supplant/replace my existing system.
  • I found this article by Forrest Brazeal on a step-by-step exploration of moving from a relational database to a single DynamoDB table to be very helpful and very informative. DynamoDB—along with other key-value store solutions—have been something I’ve been really interested in better understanding, but never could quite understand how they fit with traditional RDBMSes. I still have tons to learn, but at least now I have a bit of a framework by which to learn more. Thanks Forrest!
  • Steve Flanders provides an introduction to Ambassador, an open source API gateway. This looks interesting, but embedding YAML configuration in annotations seems…odd.
  • Mark Hinkle, a co-founder at TriggerMesh, announces TriggerMesh KLR—the Knative Lambda Runtime that allows users to run AWS Lambda functions in a Knative-enabled Kubernetes cluster. This seems very powerful to me, but I’m no serverless expert so maybe I’m missing something. Would the serverless experts care to weigh in?
  • Via Jeremy Daly’s Off-by-None newsletter, I found Jerry Hargrove’s Cloud Diagrams & Notes site. I haven’t dug in terribly deep yet, but at first glance Jerry’s site looks to be enormously helpful. (I have a suspicion that I’ve probably seen references to Jerry’s site via Corey Quinn’s Last Week in AWS newsletter, too.)
  • AWS users who prefer Visual Studio Code may want to track the development of the AWS Toolkit for Visual Studio Code. It’s early days yet, so keep that in mind.
  • And while we’re talking about Visual Studio Code, Julien Oudot highlights why users should choose Code for their Kubernetes/Docker work.

Storage

Virtualization

  • Marc Weisel shares how to use Cisco IOSv in a Vagrant box with VMware Fusion.
  • Paul Czarkowski talks about how the future of Kubernetes is virtual marchines. The title is a bit of linkbait; what Paul is really addressing here is how to solve the multi-tenancy challenges that currently exist with Kubernetes (which wasn’t really designed for multi-tenant deployments). VMs provide good isolation, so VMs could be the method whereby operators can provide the sort of strong isolation that multi-tenant environments need. One small clarification to Paul’s otherwise excellent post: by admission on their own web page, gVisor is not a VM container technology, but rather uses a different means to providing additional security.

Career/Soft Skills

In the infamous words of Porky Pig, that’s all folks! Feel free to engage with me on Twitter if you have any comments, questions, suggestions, corrections, or clarifications (or if you just want to chat!). I also welcome suggestions for content to include in future instances of Technology Short Take. Thank you for reading!

Metadata and Navigation

Be social and share this post!