Service mesh integration software provider BumbleBee, a new open source project that it extended Berkeley Packet Filter (eBPF) in order to “shortcut the HTTP stack,” said Solo.io CEO and founder BPF Type Format (BTF), explained Levine, “(along with some smarts added to clang) enables the BPF program loader to fix the BPF byte code to work correctly on different versions of the kernel. For example, if a BPF program accesses a struct, clang now stores all these struct access in a special location in the BPF program binary. libbpf can go to each of these struct accesses, and use BTF information from the current kernel (obtained at runtime) to fix these accesses to the correct offset.”
BumbleBee to the Rescue
With the addition of BTF, Solo.io created BumbleBee, which not only uses BTF to parse and bring to the user space the maps of eBPF programs, but also uses the get started.
At this year’s F5 behind the popular open source web server/load balancer and reverse proxy several declarations as to its intentions concerning open source software, undefined upcoming open source releases and its participation in the blog post and during his keynote at Sprint 2.0,
The number of requirements around stability, adoption, maturity, and governance, and joins more than a dozen other graduated projects, such as Helm, Prometheus, Envoy, and Kubernetes.
In a press release regarding Linkerd’s graduation, H-E-B is quoted as saying that they didn’t “choose a service mesh based on hype,” and that they “weren’t worried about which mesh had the most marketing behind it.” The service mesh being alluded to here is Istio, which, in the most recent William Morgan. “And the fact that it has attained graduation, that it has this community of enthusiastic and committed adopters, I think it’s pretty remarkable given that context. It’s hard not to talk about Linkerd without also talking about Istio, although I think the reality is, there’s some pretty fundamental philosophical differences between those projects.”
Linkerd was created by Buoyant in 2016, and Morgan said its first iterations were rather complex before the project found its focus on simplicity. This simplicity, which starts with Linkerd using Envoy, is a key differentiator for the service mesh, and one of the fundamental philosophical differences Morgan speaks of.
“Naturally, as engineers, what you want to do when you’re building infrastructure is, you want to solve every possible problem with this beautiful platform that can do all things for all people,” Morgan said. “I think when you go down that path, which feels very natural to an engineer, you end up with something that is really unwieldy, and that’s complex, and that is fundamentally unsatisfying. It sounds great, but it’s so hard to operate that you never accomplish your goals.”
Part of the balancing act, said Morgan, is to deliver all the features of the service mesh around reliability, security, and observability, “without getting mired in all the complexity, without having to hire a team of developers or a team of engineers, service mesh experts, just to run your service mesh.”
In the past year, Linkerd has seen a 300% increase in downloads, and part of that acceleration may be attributed to a migration away from Istio due to its complexity. Rather than focusing on moving away from Istio, which he says some users may end up using simply because they see it first, Morgan again focuses on Linkerd’s simplicity as the reason behind its increased adoption.
“In the absence of having these marketing bullhorns, these huge marketing budgets, the way that Linkerd has grown has been by word of mouth,” said Morgan. “It’s been like the way that open source projects used to grow. The way that we’ve been able to accomplish that is by having a really clear vision and a really clear message around simplicity.”
Another key architectural decision made around simplicity was that Linkerd was made to focus on Kubernetes. An earlier version, said Morgan, was made to work with Mesos, Zookeeper, Kubernetes and others, and they instead decided that they had to go with the “lowest common denominator,” which was Kubernetes.
Linkerd’s decision to go with the Rust programming language, rather than Go, C, or C++, was another distinction for the service mesh in its evolution, and one Morgan stands behind.
“It was a scary choice, but we did that because we felt that the future of the service mesh, and in fact the future of all cloud native technology, really has to be built in Rust,” he said. “There’s no reason for us, in 2021, to ever write code in C++ or in C anymore. That was a pretty scary, risky, controversial decision at the time, but it’s paid off because now we have the adoption to kind of show it off.”
While Morgan calls the project’s CNCF graduation “a nice moment for us to reflect and to be grateful for all the people around the world who worked so hard to get Linkerd to this point,” he says that there is a long roadmap ahead, which includes things like server and client-side policies, and “mesh expansion” to allow the Linkerd data plane to operate outside of Kubernetes.
But when your focus is on simplicity, where do you draw the line on additional features? Morgan said that, as a project designer, you have to ask yourself some questions.
“What is the maximum number of those problems that I can solve, and then the rest, we’re just not going to solve? Like, that’s the stopping point,” said Morgan. “There are going to be use cases that Linkerd is just not going to solve, and that’s okay. For those folks, I do actually sometimes tell people to use Istio. There’s a set of things that Istio can do, super complicated situations, where I just don’t want Linkerd to be able to solve that because it would be too complicated.”
The post Linkerd Graduates CNCF with Focus on Simplicity appeared first on The New Stack.
Both the Service Mesh Performance (SMP) projects joined the Cloud Native Computing Foundation (CNCF) earlier this month at the Sandbox level.
Meshery is a multiservice mesh management plane offering lifecycle, configuration, and performance management of service meshes and their workloads, while SMP is a standard for capturing and characterizing the details of infrastructure capacity, service mesh configuration, and workload metadata.
When the projects first applied in April for inclusion, the Technical Oversight Committee (TOC) had one clarifying question for them: should they be combined with or aligned in some manner with the Lee Calcote, founder of verifies that, in fact, it is a certain kind of a service mesh,” said Calcote. “So all in one Continue reading
Network software provider Linkerd service mesh, has launched the public beta of William Morgan emphasizes that operational simplicity has always been a focus, he says that they expect Buoyant Cloud to take that one step further.
“We want to take the operational burden off of the shoulders of whoever is bringing Linkerd into their organization. We want to handle that for you,” he said. “We want to carry the pager for you, we want to make it so that running Linkerd in production is a trivial task. This falls right in line with everything we’ve been doing with Linkerd since the very beginning — our focus has been really heavily on operational simplicity and on making it so that when you operate Linkerd, you’re not in this horrendous situation where you need to hire a team of experts just to maintain your service mesh. With Buoyant Cloud, we have the opportunity to take on a lot of those operational tasks for you, and make it so you get all Continue reading
Crossplane, has created what it says is the first enterprise distribution of Crossplane called Bassam Tabbara, Upbound founder and CEO, in an interview. Crossplane “becomes your universal control plane that you could use, using the same style that the Kubernetes community pioneered, to manage essentially all the infrastructure that an enterprise touches from a single control plane.”
UXP, then, is an open source, vendor-supported, enterprise-grade distribution of Crossplane that also adds on a layer of 24/7 support, priority bug fixes, and consultation with a subscription. UXP is available free for individual users and by subscription for larger deployments, and is a drop-in replacement for Crossplane that installs with a single command.
Tabbara noted that UXP is “vendor-supported, not community-supported,” in that Upbound will “help enterprises deploy it, support it, and give them a number of features that makes it easier for them to deploy and manage it in their environment.” As a long-term supported project, UXP also lags behind Crossplane upstream to ensure reliability, and Upbound describes UXP as “designed to help enterprises adopt a universal control plane, moving beyond infrastructure as code,” in a press statement.
In the case of UXP, Crossplane is further extended with its integration with both Upbound Cloud and Upbound Registry, both of which became generally available at the same time as the release of UXP. Upbound Cloud provides teams with visibility into their UXP instances and the infrastructure being managed, giving them a place to see what is running where, and by who it was provisioned. Upbound Registry then provides a place to both publicly and privately share Crossplane Configurations, and for providers to share managed resources.
“With UXB, with Upbound Cloud and Upbound Registry, we believe we have a set of products now that can actually take this approach of using control planes in the enterprise and turn it into essentially a new way of managing infrastructure,” Tabbara said. “We see this with existing customers today, maybe even replacing a lot of what they do today with tools like Terraform and infrastructure-as-code approaches and going more towards a control plane approach, or even gitOps on top of a control plane.”
The big difference Tabbara sees in all of this is that, by taking the API-driven approach rather than relying on templates, as with infrastructure as code, Crossplane and UXP can deliver a more scalable experience to managing infrastructure across large and varied environments. He explained that part of the appeal of Crossplane lies in the fact that teams can use the same Kubernetes-based tools and approaches that they are already using to deploy software to provision and manage infrastructure.
LaunchDarkly is a feature management platform that empowers all teams to safely deliver and control software through feature flags. By separating code deployments from feature releases, LaunchDarkly enables you to deploy faster, reduce risk, and iterate continuously.
“If you are using Helm, or kustomize, or if you’re using literally any of the tools that people are deploying and love and use today with Kubernetes, as a container orchestrator, those tools work exactly in the same way,” said Tabbara. “When you’re using Kubernetes plus Crossplane to manage the rest of the cloud infrastructure and deployments across clouds and hybrid clouds, those tools work exactly in the same way. They are using Crossplane APIs that are extensions of Kubernetes extensions of the Kubernetes control plane.”
Following the most recent KubeCon+CloudNativeCon, there were some
Buoyant has released version 2.10 of William Morgan, CEO of Linkerd, in an interview. “An extension is basically a Kubernetes controller or operator. We’re relying as much as possible on Kubernetes primitives, but what we are doing is, there’s a little bit of wrapper magic that happens that makes those extensions feel like the rest of Linkerd.”
Among those formerly-default features now being offered as extensions are the multicluster extension, which contains cross-cluster communications tools, the
After a couple of years in development and just released Gloo Mesh Enterprise service mesh to general availability this month, marking API stability and a slate of new features, built in response to customer feedback during the beta period. Gloo Mesh Enterprise is the company’s enterprise-grade, Kubernetes-native solution to help organizations install and manage Istio service mesh deployments.
While Gloo Mesh Enterprise may just now be reaching this milestone, Idit Levine speaks of massive, unnamed customers already using the product in production, in deployments spanning more than 40 data centers, and 1,200 clusters and Istio service mesh instances.
“When you’re running with that scale, there are a lot of things that you need to do. This is exactly what Gloo Mesh is for. Gloo Mesh is basically saying, ‘crawl, walk, run, fly.'” said Levine, referring to the product’s ability to help not only with the initial steps of service mesh adoption and installation but also the day two operations and added capabilities to handle complex multicluster, multicloud, multiregion deployments.
To start (or “crawl”), Gloo Mesh Enterprise provides Federal Information Processing Standards (FIPS) compliance and long-term support for Istio Continue reading
While the open source GetIstio, a commercial service mesh based on Istio and Varun Talwar.
“The thing is, these are not static projects, right? Neither Kubernetes, nor Istio, nor Envoy,” said Talwar. “Every three months, you typically have new releases from these projects, Continue reading
The HAProxy Kubernetes Ingress Controller 1.5.
With the introduction of features around different types of authentication, configuration, and the ability to run the controller external to a Kubernetes cluster, the release marks a new release cadence for the software, said HAProxy director of product
Lens, the integrated development environment (IDE) for Kubernetes, has seen some rapid growth in the past year, ever since it made some changes to its deployment model and found the backing of Mirantis, that company that in 2019 acquired Docker. At this month’s launched an extensions API alongside several pre-built extensions from popular cloud native products, which
Kyverno, the open source Kubernetes-native policy engine built by Cloud Native Computing Foundation (CNCF) this week at the sandbox level. The development team hopes the software will help adoption of Kubernetes policies, by providing a method for doing so with native tools and languages, rather than requiring users to learn and adopt new ones.
kubectl, kustomize. Bugwadia explained that, by contrast, cert-manager, another new CNCF sandbox project, which Bugwadia said has expressed interest in using Kyverno for policies for certificate management.
Joining the CNCF, he said, leads to those forms of collaboration, which we would not have been able to do otherwise.
The Cloud Native Computing Foundation and KubeCon+CloudNativeCon are sponsors of The New Stack.
Feature image by Pixabay.
The post Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management appeared first on The New Stack.
Linkerd, the open source service mesh, has been updated with a number of new features, including support for the ARM architecture, a new multicore proxy runtime, and the automatic enabling of mutual TLS (mTLS) security for all TCP connections.
Buoyant, the company behind AWS Graviton, and support for Kubernetes’s new service topology feature will again increase operating efficiency with the ability to decide routing preferences.
A complete rundown of Linkerd improvements, performance enhancements, and bug fixes can be found in the Ralf Skirr on
Earlier this month, NGINX NGINX Service Mesh (NSM), a free and open source service mesh that uses NGINX proxy, to power its data plane. While many service meshes are built from entirely open source components, NGINX Vice President of Marketing Aspen Mesh, the more advanced, Istio-based service mesh built by its now-parent company Service Mesh Interface (SMI) is not supported, but it is on the roadmap, and the NGINX Unit to “introduce something that’s a little bit different and more novel to advance the industry dialogue.”
“We think there’s an option in the future to have a sidecar-less service mesh, where you’re not injecting sidecars in each service,” said Whitely. “Instead, you load your code, and you execute it, and the default runtime environment that’s executing your code has all the built-in proxying capabilities needed to handle east-west. It would take things down from a two container to one container kind of model.”
Feature image by Unsplash.
The post NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative appeared first on The New Stack.
For enterprises operating at scale and requiring high availability, ensuring failover at the Kubernetes node level simply isn’t enough. Instead, many are operating in a multicluster environment, ensuring that even if something fails at the cluster level their applications will remain operational.
For companies also running API gateway and ingress controller, this multicluster environment had become a pain point, as each cluster would require its own Gloo deployment, which in turn meant configuration, management, and control plane. In response, Solo.io has launched Idit Levine.
With federation, Levine said, not only is Gloo able Continue reading
When the proposed to be included in the still v.02, had only been around less than six months, and yet it aimed to skip the entry-level most young projects enter at and instead applied for inclusion at the secondary incubation tier. While the project was founded primarily by Google and IBM, and boasted numerous other contributors such as Yahoo, Apprenda, Concur, and AT&T, it was met with skepticism — it was so new, it didn’t really have adoption to speak of quite yet, and there were some Solo.io CEO
The open source Envoy proxy, joined the Cloud Native Computing Foundation (CNCF) as an incubation level project, skipping over the traditional sandbox level entry point. The project, originally developed in 2017 at Heptio before the company’s acquisition by VMware, displayed a level of usage in the field, support in the community and activity in its ecosystem that warranted skipping the sandbox, said