List of Kubernetes Folks on Twitter

Earlier this morning, I asked on Twitter about good individuals to follow on Twitter for Kubernetes information. I received quite a few good responses (thank you!), and I though it might be useful to share the list of the folks that were recommended across all those responses.

The list I’ve compiled is clearly incomplete! If you think someone should be added to this list, feel free to hit me up on Twitter and let me know. Alternately, feel free to submit a pull request (PR) that adds them to this list. I’m not going to “vet” the list, so I’ll add any and all recommendations (unless they are clearly not related to Kubernetes, such as a news anchorman someone recommended to me—not sure about that one!).

Without further ado, here is the list I compiled from the responses to my tweet, in no particular order (I’ve included full name and employer, where that information is available):

• Kelsey Hightower (Google) - @kelseyhightower
• Jessie Frazelle (Microsoft) - @jessfraz
• Alex Ellis (VMware) - @alexellisuk
• Michael Hausenblas (Red Hat) - @mhausenblas
• Ahmet Alp Balkan (Google) - @ahmetb
• AdNaN Abdulhussein (Bitnami) - @prydonius
• Tim Hockin (Google) - @thockin
• Joe Beda (Heptio) - @jbeda
• Continue reading

Review: Lenovo ThinkPad X1 Carbon

As part of the transition into my new role at Heptio (see here for more information), I had to select a new corporate laptop. Given that my last attempt at running Linux full-time was thwarted due primarily to work-specific collaboration issues that would no longer apply (see here), and given that other members of my team (the Field Engineering team) are also running Linux full-time, I thought I’d give it another go. Accordingly, I’ve started working on a Lenovo ThinkPad X1 Carbon (5th generation). Here are my thoughts on this laptop.

This is now my second non-Apple laptop in the last year. My previous non-Apple laptop, a Dell Latitude E7370, was a pretty decent laptop (see my review). As good as the E7370 was, though, the X1 Carbon is better.

The X1 Carbon features a dual-core i7 7500U CPU, which (subjectively, anyway) outperforms the mobile CPU in the E7370. This makes the X1 Carbon feel quite snappy and responsive. CPU performance was an issue for me with the Dell—it didn’t take much to tax that mobile CPU. I haven’t seen that issue so far with the X1 Carbon. Coupled with 16GB of RAM, the X1 Carbon is no Continue reading

The Future is Containerized

Last week I announced my departure from VMware, and my intention to step away from VMware’s products and platforms to focus on a new technology area moving forward. Today marks the “official” start of a journey that’s been building for a couple years, a journey that will take me into a future that’s containerized. That journey starts in Seattle, Washington.

Why Seattle, Washington? Because that’s where Heptio is based, and because today I am joining Heptio as a senior member of the field engineering team to help drive the adoption of Kubernetes across the industry. Only a couple of folks guessed that I was headed to Heptio. If you were one of those folks, you guessed correctly!

Two questions are probably rolling around in your head right now:

1. Why Kubernetes?
2. Why Heptio?

Good questions!

It’s clear to me that containers will have a significant impact on how we as IT professionals will develop, deploy, upgrade, and manage applications. It’s also clear to me that when it comes to orchestrating containers, Kubernetes is the clear leader. So, if I accept that containers are going to be a significant part of IT moving forward, then it logically follows that Kubernetes is Continue reading

Technology Short Take 97

Welcome to Technology Short Take 97! This Tech Short Take marks the end of an era (sort of); it’s the last Tech Short Take published while I’m a VMware employee (today is my last day; see here for more details). But enough about me—let’s talk some tech! This Short Take may be a bit longer than some, so buckle up.

Networking

• Vadim Eisenberg has two articles that describe how to integrate external services into an Istio service mesh. The first article covers integrating external web services; the second article discusses consuming external TCP services.
• Matt Oswalt tackles the topic of unit testing (specifically with regard to network automation) with a post on unit testing JunOS with JSNAPy.
• This is an older post (more than 2 years old), but as far as I can tell the concepts are still quite applicable. Sean Howard talks about using the NSX Service Compose to create a more elegant ruleset for enforcing security policy.
• Jérôme Petazzoni test drives AppSwitch, the “network stack from the future.” I also recently received an invitation to give AppSwitch a look, so stay tuned for my feedback as well.
• Chris Young shares some details on a little Continue reading

Time to Evolve

I first started getting into VMware around 2003, possibly earlier (I can’t recall exactly when it was). I remember thinking that VMware’s impact on the industry was going to be significant, and I wanted to be part of this industry change. I was right—virtualization like what VMware offers has fundamentally changed the industry. However, just as technology evolves, technology careers must evolve as well. Specifically, my technology career must change and grow. It’s time to evolve.

This need to evolve has been building for a couple years. You’ve probably observed that the amount of VMware-centric content produced here on the site has slowly been replaced by topics like Linux, Docker, Vagrant, Terraform, AWS, Azure, and others. These topics represent where I think my next period of growth and change resides, and after a couple years of slow growth in these areas it’s now time to “put the pedal to the metal” and accelerate things.

As of this coming Friday, March 30, 2018, I will be leaving VMware after a little over 5 years with the company. My time with VMware (as an employee) has been an amazing adventure. I’m thankful to Brad Hedlund for his Continue reading

Interop ITX, Dell Technologies World, and Spousetivities

Spousetivities will be present at two additional events this year—in fact, these events are only about 6 weeks away! Both Dell Technologies World and Interop ITX are in Las Vegas the last week of April (both starting April 30), and Spousetivities is running events for both conferences.

<aside>In case you’re wondering why I blog about Spousetivities, it’s not only because my wife runs it (seriously). It’s primarily because I’m committed to supporting families, marriages, and relationships in the IT industry. IT companies ask a lot of their employees—often asking employees to give up evenings and/or weekends, or setting unfair expectations on employee responsiveness via email/Slack/IM during off-hours—so a program that enables spouses and/or significant others to join IT employees during a conference helps provide a little bit of balance, in my view.</aside>

Here’s a look at what’s planned during these two IT conferences:

• On Monday, April 30, there’s a full-day tour of Death Valley planned. This event is leaving the Mirage at 8:00 am and includes photo opportunities at Dante’s View and Zabriskie Point, a scenic drive through the Artist’s Pallet, and a stop at Bad Water Basin—the lowest point in the Western Hemisphere!

• On Tuesday, May 1, Spousetivities Continue reading

Technology Short Take 96

Welcome to Technology Short Take 96! Ahead, lying in wait, is a unique collection of links, articles, and thoughts about various data center technologies. Browse if you dare…OK, so I’m being a bit melodramatic. It’s still some good stuff here!

Networking

• Via Matt Oswalt and Michael Bushong, I came across this article on Juniper’s use of P4. Interesting stuff…P4 definitely has the potential to dramatically reshape networking in new ways, in my humble opinion.
• Maxime Lagresle of XING outlines how they went about troubleshooting an unexplained connection timeout on Kubernetes/Docker.
• Ajay Chenampara outlines how POAP (Power On Auto Provisioning), a feature of Cisco NX-OS, works to streamline provisioning new network switches.
• Don Schenck has a high-level overview of Istio and service meshes.
• Daniel Álvarez has a good article describing some OVN profiling and optimizing he recently performed. I believe the patches he mentioned in the post have already been accepted into the OVN codebase.

Servers/Hardware

Nothing this time around; sorry! If you have some articles you feel are worthy of inclusion in the next Tech Short Take, send them my way!

Security

• Joe Beda talks about securing the Kubernetes dashboard in the wake of several “cryptojacking” instances.
• CloudFlare discusses recent Continue reading

Recent Changes in my “Learning Tools” Repository

A couple years ago, I created a “learning-tools” repository on GitHub with the goal of creating environments/tools that would help others learn new technologies. At first, the contents of the repository were almost exclusively leveraging Vagrant, but over time I’ve extended the environments to also leverage Ansible and to use tools such as Terraform. Over the past month or so, I’ve made a few additional (albeit relatively minor) updates that I also wanted to share.

As I said, the updates are relatively minor:

• I’ve added environments for running generic versions of Fedora Atomic Host (26 and 27), Ubuntu 16.04, and Debian 9.x. These environments are probably of limited value by themselves, but in the future I may use them as the basis for more complex environments based on these operating systems. Of course, others may leverage them as the basis for projects of their own.
• I’ve added Libvirt support for a number of the Vagrant-based environments, based on my experience with the Vagrant Libvirt provider. This support is limited to areas where I was able to find Libvirt-formatted Vagrant boxes, so you’ll find Libvirt support for the environments using CentOS Atomic Host, Fedora Atomic Host, and Debian. Continue reading

Looking Ahead: My 2018 Projects

For the last six years or so, I’ve been publishing a list of projects/goals for the upcoming year (followed by a year-end review of how I did with those projects/goals). For example, here are my goals for 2017, and here’s my year-end review of my progress in 2017. In this post, I’m going to share with you my list of projects/goals for 2018.

As I’ve done in previous years, I’ll list the projects/goals, along with an optional stretch goal (where it makes sense).

1. Become extremely fluent with Kubernetes. I’m focusing all my technical skills on Kubernetes this year, with the goal of becoming extremely fluent with the project in all its aspects. There are some aspects—like networking, for example—where some specialization/additional focus will be needed (focusing on particular network architectures/plugins). That means “leaving behind” other technologies, like OpenStack, in order to more fully focus on Kubernetes. (Stretch goal: Pass the Certified Kubernetes Administrator [CKA] exam.)

2. Learn to code/develop in Go. Given that Kubernetes is written in Go and that Go seems to be the language of choice for many new projects, tools, and utilities, I’m going to learn to code/develop in Go in 2018. Because I learned Continue reading

Technology Short Take 95

Welcome to Technology Short Take 95! This Short Take was a bit more challenging than normal to compile, given that I spent the week leading up to its publication visiting customers in Europe. (My travel schedule in Europe is also why it didn’t get published until Saturday instead of the typical Friday.) Nevertheless, I have persevered in order to deliver you this list of links and articles. I hope it proves useful!

Networking

• Larry Smith Jr. has a nice write-up on Cisco XR stemming from a presentation at NFD 17.
• VMware recently released a reference design guide for NSX-T; see here for more details.
• The engineering team at Lyft recently discussed a new overlay-free networking approach they’ve been working on for Kubernetes: IPVLAN-based CNI stack for running within VPCs on AWS. This is pretty cool, but does introduce some potential design considerations for deploying Kubernetes on AWS. (For those that may be unfamiliar: CNI, or Container Network Interface, is the means whereby network mechanisms “plug into” Kubernetes. IPVLAN is a low-latency means of providing IP connectivity to containers. VPCs, or Virtual Private Clouds, are Amazon’s software-defined networking mechanism for workloads running on AWS.)
• Viktor van den Berg writes Continue reading

Some Tools to Help Learn Kubernetes

Kubernetes is emerging as the clear leader in the container orchestration space. This makes it an important technology to know and understand. However, like other distributed systems, learning something like Kubernetes can be challenging due to the effort involved in getting Kubernetes up and running. It’s not about learning to set up Kubernetes (although that comes in time); at first, it’s about understanding what Kubernetes does and how to use Kubernetes. In this post, I’ll share some tools to help learn what Kubernetes does and how to use Kubernetes.

Note that this post is not intended to be a comprehensive list of learning resources for Kubernetes. Also, this post is not focused on providing resources to help you learn to deploy Kubernetes. Instead, I’m focusing here on tools and services that let you get Kubernetes up and running quickly and easily so that you can focus on using Kubernetes (deploying applications and workloads onto Kubernetes). I’m sure there are many more tools/options than what I have listed here; these are just some that I have used and feel might be useful for others.

I’ll briefly cover the following tools and services:

• Minikube
• Kops
• Kube-aws
• Azure Container Service (ACS/AKS)

You’ll note Continue reading

Technology Short Take 94

Welcome to Technology Short Take 94! Ready for another round of links, articles, and thoughts on data center technologies? (Who knows, maybe I’ll throw a rant or two in there.) OK, enough rambling…here’s the good stuff!

Networking

• Amit Aneja has a two-part series (so far) explaining the routing architecture in NSX-T (which brings multi-hypervisor and multi-cloud support to the NSX platform). This is some good content and reminds me of the the old NVP/NSX content I generated back in the day. Ah, good times…anyway, check out Amit’s stuff here and here.
• Sam McGeown has a nice diagram of the communications channels between the various VMware NSX components.
• Roie Ben Haim has a post providing an introduction to NSX and Kubernetes.
• Matt Oswalt tackles the idea of “intent-driven” or “intent-based” networking—all the rage right now—and outlines how something like this must interact with domains outside of networking in order to be effective. I particularly liked his (mini-)rant about how network automation can’t be only about making the network engineer’s life easier. Oh, snap!
• I’m not really sure if this belongs in networking or not (how does one classify OS kernel-level work on networking and security?), but we’ll stick it Continue reading

Running OVS on Fedora Atomic Host

In this post, I’d like to share the results of some testing I’ve been doing to run Open vSwitch (OVS) in containers on a container-optimized Linux distribution such as Atomic Host (Fedora Atomic Host, specifically). I’m still relatively early in my exploration of this topic, but I felt like sharing what I’ve found so far might be helpful to others, and might help spark conversations within the relevant communities about how this experience might be improved.

The reason for the use of Docker containers in this approach is twofold:

1. Many of the newer container-optimized Linux distributions—CoreOS Container Linux (soon to be part of Red Hat in some fashion), Project Atomic, etc.—eschew “traditional” package management solutions in favor of containers.
2. Part of the reason behind my testing was to help the OVS community better understand what it would look like to run OVS in containers so as to help make OVS a better citizen on container-optimized Linux distributions.

In this post, I’ll be using Fedora 27 Atomic Host (via Vagrant with VirtualBox). If you use a different version or release of Atomic Host, your results may differ somewhat. For the OVS containers, I’m using the excellent keldaio/ovs Docker containers.

Continue reading

Using Docker Machine with Azure

I’ve written about using Docker Machine with a number of different providers, such as with AWS, with OpenStack, and even with a local KVM/Libvirt daemon. In this post, I’ll expand that series to show using Docker Machine with Azure. (This is a follow-up to my earlier post on experimenting with Azure.)

As with most of the other Docker Machine providers, using Docker Machine with Azure is reasonably straightforward. Run docker-machine create -d azure --help to get an idea of some of the parameters you can use when creating VMs on Azure using Docker Machine. A full list of the various parameters and options for the Azure drive is also available.

The only required parameter is --azure-subscription-id, which specifies your Azure subscription ID. If you don’t know this, or want to obtain it programmatically, you can use this Azure CLI command:

az account show --query "id" -o tsv

If you have more than one subscription, you’ll probably need to modify this command to filter it down to the specific subscription you want to use.

Additional parameters that you can supply include (but aren’t limited to):

• Use the --azure-image parameter to specify the VM image you’d like to Continue reading

An Update on Using Docker Machine with Vagrant

As part of a project on which I’m working, I’ve been spending some time working with Docker Machine and Vagrant over the last few days. You may recall that I first wrote about using these two tools together back in August 2015. As a result of spending some additional time with these tools—which I chose because I felt like they streamlined some work around this project—I’ve uncovered some additional information that I wanted to share with readers.

As a brief recap to the original article, I showed how you could use Vagrant to quickly and easily spin up a VM, then use Docker Machine’s generic driver to add it to Docker Machine, like this:

docker-machine create -d generic \
--generic-ssh-user vagrant \
--generic-ssh-key ~/.vagrant.d/insecure_private_key \
--generic-ip-address <IP address of VM> \
<name of VM>

This approach works fine if the Vagrant-created VM is reachable without port forwarding. What do I mean? In the past, the VMware provider for Vagrant used functionality in VMware Fusion or VMware Workstation to provide an RFC 1918-addressed network that had external access via network address translation (NAT). In Fusion, for example, this was the default “Share with my Mac” network. Thus, when Continue reading

Technology Short Take 93

Welcome to Technology Short Take 93! Today I have another collection of data center technology links, articles, thoughts, and rants. Here’s hoping you find something useful!

Networking

• Matt Klein breaks down service mesh components, using terms networking professionals know well, like “data plane” and “control plane.” Those familiar with networking concepts will identify well with the ideas in this article, I think.
• This is pretty cool: a WYSIWYG topology designer for VMware NSX. Neat!
• Daniel Hertzberg provides an overview of Salt integration in Arista EOS.
• Barry Peddycord shares an update on Ansible support for the Cumulus Linux NCLU.

Servers/Hardware

Nothing this time around. Feel free to hit me up on Twitter if you have links you think I should include next time!

Security

• Detectify has a nice, in-depth write-up on AWS S3 access controls. Given the recent plethora of data breaches that have been attributed to misconfigured S3 buckets, now might be a good time to read this post.

Cloud Computing/Cloud Management

• The VMware Cloud-Native Apps group has a breakdown of some of the new features/functionality found in the 1.9 release of Kubernetes.
• Via Maish Saidel-Keesing, I saw this post about 10 open source Kubernetes tools for Continue reading

Experimenting with Azure

I’ve been experimenting with Microsoft Azure recently, and I thought it might be useful to share a quick post on using some of my favorite tools with Azure. I’ve found it useful to try to leverage existing tools whenever I can, and so as I’ve been experimenting with Azure I’ve been leveraging familiar tools like Docker Machine and Vagrant.

The information here isn’t revolutionary or unique, but hopefully it will still be useful to others, even if only as a “quick reference”-type of post.

Launching an Instance on Azure Using Docker Machine

To launch an instance on Azure and provision it with Docker using docker-machine:

docker-machine create -d azure \
--azure-subscription-id $(az account show --query "id" -o tsv) \
--azure-ssh-user azureuser \
--azure-size "Standard_B1ms" azure-test

The first time you run this you’ll probably need to allow Docker Machine access to your Azure subscription (you’ll get prompted to log in via a browser and allow access). This will create a service principal that is visible via az ad sp list. Note that you may be prompted for authentication for future uses, although it will re-use the existing service principal once it is created.

Launching an Instance Using the Azure Provider Continue reading

Issue with VMware-Formatted Cumulus VX Vagrant Box

I recently had a need to revisit the use of Cumulus VX (the Cumulus Networks virtual appliance running Cumulus Linux) in a Vagrant environment, and I wanted to be sure to test what I was doing on multiple virtualization platforms. Via Vagrant Cloud, Cumulus distributes VirtualBox and Libvirt versions of Cumulus VX, and there is a slightly older version that also provides a VMware-formatted box. Unfortunately, there’s a simple error in the VMware-formatted box that prevents it from working. Here’s the fix.

The latest version (as of this writing) of Cumulus VX was 3.5.0, and for this version both VirtualBox-formatted and Libvirt-formatted boxes are provided. For a VMware-formatted box, the latest version is 3.2.0, which you can install with this command:

vagrant box add CumulusCommunity/cumulus-vx --box-version 3.2.0

When this Vagrant box is installed using the above command, what actually happens is something like this (at a high level):

1. The *.box file for the specific box, platform, and version is downloaded. This .box file is nothing more than a TAR archive with specific files included (see here for more details).

2. The *.box file is expanded into the ~/.vagrant.d/boxes directory Continue reading

Technology Short Take 92

Welcome to Technology Short Take 92, the first Technology Short Take of 2018. This one was supposed to be the last Tech Short Take of 2017, but I didn’t get it published in time (I decided to spend time with my family instead—some things are just more important). In any case, hopefully the delay of one additional week hasn’t caused any undue stress—let’s jump right in!

Networking

• Lindsay Hill walks through using Telegraf, InfluxDB, and Grafana to monitor network statistics.
• Via Ivan Pepelnjak, I found this article by Diane Patton at Cumulus Networks talking about container network designs. The article is a bit heavy on pushing the Host Pack (a Cumulus thing), but otherwise provides a good overview of several different possible container network designs, along with some of the criteria that might lead to each design.
• Erik Hinderer takes a stab (based on his field experience) at estimating how long it takes to upgrade VMware NSX. Erik’s figures are just estimates, of course; actual values will be determined based on each customer’s specific environment.
• This post is a bit older, but covers a challenge faced by cloud-native darling Netflix—how does one, exactly, identify which application used which IP address Continue reading

Looking Back: 2017 Project Report Card

As has become my custom for the past several years, I wanted to take a look at how well I fared on my 2017 project list. Normally I’d publish this before the end of 2017, but during this past holiday season I decided to more fully “unplug” and focus on the truly important things in life (like my family). So, here’s a look back at my 2017 projects and a report card on my progress (or lack thereof, in some cases).

For reference, here’s the list of projects I set out for myself in 2017:

1. Finish the network automation book.
2. Launch an open source book project.
3. Produce some video content.
4. Get the Full Stack Journey podcast back on track.
5. Complete a “wildcard project.”

So, how did I do with each of these projects?

1. Finish the network automation book: I’m happy to report that all the content for the network automation book I’ve been writing with Jason Edelman and Matt Oswalt is done, and the book is currently in production (and should be available to order from O’Reilly very soon). I had hoped to get the content done in time for the book to be available for order before the Continue reading