Mike Melanson

Author Archives: Mike Melanson

Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management

Kyverno, the open source Kubernetes-native policy engine built by Cloud Native Computing Foundation (CNCF) this week at the sandbox level. The development team hopes the software will help adoption of Kubernetes policies, by providing a method for doing so with native tools and languages, rather than requiring users to learn and adopt new ones. kubectl, kustomize. Bugwadia explained that, by contrast, cert-manager, another new CNCF sandbox project, which Bugwadia said has expressed interest in using Kyverno for policies for certificate management. Joining the CNCF, he said, leads to those forms of collaboration, which we would not have been able to do otherwise. The Cloud Native Computing Foundation and KubeCon+CloudNativeCon are sponsors of The New Stack.  Feature image by Pixabay. The post Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management appeared first on The New Stack.

Linkerd Adds Default mTLS to Kubernetes to Enable Zero Trust

Linkerd, the open source service mesh, has been updated with a number of new features, including support for the ARM architecture, a new multicore proxy runtime, and the automatic enabling of mutual TLS (mTLS) security for all TCP connections. Buoyant, the company behind AWS Graviton, and support for Kubernetes’s new service topology feature will again increase operating efficiency with the ability to decide routing preferences. A complete rundown of Linkerd improvements, performance enhancements, and bug fixes can be found in the Ralf Skirr on 

NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative

Earlier this month, NGINX NGINX Service Mesh (NSM), a free and open source service mesh that uses NGINX proxy, to power its data plane. While many service meshes are built from entirely open source components, NGINX Vice President of Marketing Aspen Mesh, the more advanced, Istio-based service mesh built by its now-parent company Service Mesh Interface (SMI) is not supported, but it is on the roadmap, and the NGINX Unit to “introduce something that’s a little bit different and more novel to advance the industry dialogue.” “We think there’s an option in the future to have a sidecar-less service mesh, where you’re not injecting sidecars in each service,” said Whitely. “Instead, you load your code, and you execute it, and the default runtime environment that’s executing your code has all the built-in proxying capabilities needed to handle east-west. It would take things down from a two container to one container kind of model.” Feature image by Unsplash. The post NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative appeared first on The New Stack.

Gloo Federation Brings Unified Control Plane, Stitchable APIs Across Multicluster Deployments

For enterprises operating at scale and requiring high availability, ensuring failover at the Kubernetes node level simply isn’t enough. Instead, many are operating in a multicluster environment, ensuring that even if something fails at the cluster level their applications will remain operational. For companies also running API gateway and ingress controller, this multicluster environment had become a pain point, as each cluster would require its own Gloo deployment, which in turn meant configuration, management, and control plane. In response, Solo.io has launched Idit Levine. With federation, Levine said, not only is Gloo able Continue reading

Google’s Management of Istio Raises Questions in the Cloud Native Community

When the proposed to be included in the still v.02, had only been around less than six months, and yet it aimed to skip the entry-level most young projects enter at and instead applied for inclusion at the secondary incubation tier. While the project was founded primarily by Google and IBM, and boasted numerous other contributors such as Yahoo, Apprenda, Concur, and AT&T, it was met with skepticism — it was so new, it didn’t really have adoption to speak of quite yet, and there were some Solo.io CEO

Contour Ingress Controller Joins CNCF at Incubation Level

The open source Envoy proxy, joined the Cloud Native Computing Foundation (CNCF) as an incubation level project, skipping over the traditional sandbox level entry point. The project, originally developed in 2017 at Heptio before the company’s acquisition by VMware, displayed a level of usage in the field, support in the community and activity in its ecosystem that warranted skipping the sandbox, said

Cisco Previews Managed HyperFlex Application Platform for Kubernetes

AppDynamics Customer Journey Map, HyperFlex Application Platform for Kubernetes, and it has said that all three are expected to be generally available sometime within the next few months. The first two products are meant to provide insight into and optimization of application performance, and even target business metrics such as cost. The HyperFlex Application Platform for Kubernetes, meanwhile, is Cisco’s new managed Kubernetes product, which will not only provide a “turnkey” Kubernetes platform, but also a number of other managed services, including container networking, container storage, ingress and L7 load balancer, logging, monitoring, a container registry, and service mesh. Gerd Altmann from 

Apstra’s Intent-Based Networking Brings Enterprises to Cloud Parity

For some companies, things like cloud native deployments on Kubernetes with microservices is a given. For others, those technologies comprise a still distant future, and contemporary complexities include the stuff of network switches, proprietary, vendor-specific configurations, and on-prem networks that require manual operations to manage. For companies in the latter category, intent-based networking (IBN), which means to replace the manual processes of configuring networks and reacting to network issues with a system that responds to a system administrator’s outcome-focused requests. Apstra has been in the business of delivering intent-based networking since 2014, emerging from stealth in 2016. Apstra CEO and co-founder SONiC network operating system, which is based on Linux and is meant to run on switches from various vendors. Much like Apstra’s initial intention of providing a singular, automated entry point to manage a variety of different network components, SONiC provides “a full-suite of network functionality, like BGP and RDMA” that functions regardless of proprietary hardware. Feature image by Pixabay. The post Apstra’s Intent-Based Networking Brings Enterprises to Cloud Parity appeared first on The New Stack.

Snapt Launches Project Nova, a Scalable Cloud Native Application Delivery Controller

Application delivery controller provider Project Nova, a cloud native, hosted ADC service that is managed from a browser. Nova is a response to customers using their existing ADC device in a manner that was never intended, Snapt CEO request access, with a community edition providing free access for up to five deployed nodes. At launch, Project Nova provides support for native service discovery on Kubernetes, Docker, Rancher, Consul and more, as well as full-automation with a REST API. Blakey says they expect Project Nova’s beta to be available by mid-November and a full integration with service meshes by mid-December, with ” the real idea to be this app delivery fabric, which just takes responsibility for the delivery of your app across whatever infrastructure you’re running in.” General availability, he says, is expected by early 2020. Feature image

Containous Builds a Service Mesh on Its Traefik Proxy

Traefik and Maesh, a new open source service mesh, one designed to be easy to use by developers. Maesh is built using Traefik to provide proxy functionality, which Containous CEO Service Mesh Interface (SMI) compliance. “This is really important because this standard means that everybody knows already how we work. And it’s provider agnostic, so if you want to change your service mesh, it can be done easily,” said Vauge. “This means that we are able to provide some observability features, some traffic management features like canary deployments, and some safety features like access control, which is super important. All of this is done thanks to the compliance to the SMI standard.” Feature image by Pixabay. The post Containous Builds a Service Mesh on Its Traefik Proxy appeared first on The New Stack.

Dell Joins AT&T to Further Develop Airship, Metal3-io, Ironic

Dell Technologies has joined with AT&T to collaborate on a number of open source technologies that the companies say will contribute to edge computing and 5G deployments, namely the Metal3-io (for Kubernetes) and Ryan Van Wyk, AT&T assistant vice president of network cloud software engineering at AT&T, in an interview with The New Stack. “The net effect is we’re helping to accelerate the deployment of open infrastructure that supports [software defined network] workloads. We see it as a flywheel effect in terms of making it easier for folks to deploy infrastructure and that makes it easier for them to grow their SDN ecosystem,” said Van Wyk. “Dell’s going to bring some focus to an area that’s core to their competency. When it comes to working on how to manage the RAID, the discs, the servers, the BIOS configurations, and validation of the hardware itself, and then integrate some of that stuff natively back into the Kubernetes Cluster API, those are things that are Continue reading