Kyverno, the open source Kubernetes-native policy engine built by Cloud Native Computing Foundation (CNCF) this week at the sandbox level. The development team hopes the software will help adoption of Kubernetes policies, by providing a method for doing so with native tools and languages, rather than requiring users to learn and adopt new ones.
kubectl, kustomize. Bugwadia explained that, by contrast, cert-manager, another new CNCF sandbox project, which Bugwadia said has expressed interest in using Kyverno for policies for certificate management.
Joining the CNCF, he said, leads to those forms of collaboration, which we would not have been able to do otherwise.
The Cloud Native Computing Foundation and KubeCon+CloudNativeCon are sponsors of The New Stack.
Feature image by Pixabay.
The post Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management appeared first on The New Stack.
gRPC: Up and Running, published by O’Reilly Media. gRPC (gRPC Remote Procedure Calls) is one of the most popular inter-process communication protocols in the modern microservices and cloud native era. With the increasing adoption of gRPC, we thought it was important to write a book on gRPC and share our experience of building cloud native microservices apps with it.
So, before we dive into the details of the book, let me give you a brief overview of what gRPC is.
gRPC is modern inter-process communication technology that can overcome most of the shortcomings of the conventional inter-process communication technologies, such as RESTful services. Owing to the benefits of gRPC, most modern applications and servers are increasingly converting their inter-process communication protocols to gRPC.
The foundation of a gRPC-based application is the service and Continue reading
Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, new three-tier product offering for Styra Declarative Authorization Service (DAS).
Before diving into DAS, though, let’s make sure we’re all on the same page with OPA and policies in general.
OPA is an open source, general-purpose policy engine that unifies policy enforcement across the stack. You write these policies in its high-level declarative language Datalog query language. With Rego, you can specify policy as code and create simple APIs to offload policy decision-making from your software. You can then use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.
And, what’s a policy engine you ask?
Linkerd, the open source service mesh, has been updated with a number of new features, including support for the ARM architecture, a new multicore proxy runtime, and the automatic enabling of mutual TLS (mTLS) security for all TCP connections.
Buoyant, the company behind AWS Graviton, and support for Kubernetes’s new service topology feature will again increase operating efficiency with the ability to decide routing preferences.
A complete rundown of Linkerd improvements, performance enhancements, and bug fixes can be found in the Ralf Skirr on
SD-WAN ( software-defined networking in a wide area network) and Kubernetes are two major technological developments of interest for businesses on the journey toward digital transformation. SD-WAN extends the SDN feature programmable network and automation to the WAN networks. And Kubernetes has largely adopted a containerized application orchestrator that has solid API architecture, autoscaling, deep monitoring, and load balancing capabilities for dynamic and distributed infrastructures.
Many companies are using them together, given that business applications are distributed to different data centers and edge cloud locations. Here, different Kubernetes clusters are connected to end-user applications and workloads, and SD-WAN is used to connect all the clusters and end users.
Sagar Nangare is technology blogger, focusing on data center technologies (Networking, Telecom, Cloud, Storage) and emerging domains like Edge Computing, IoT, Machine Learning, AI). He is currently serving Calsoft Inc. as Digital Strategist. He is based in Pune. You can reach to him on Twitter @sagarnangare.
But there are still gaps in this amalgamated solution. SD-WAN is used mostly on the public internet, which has different performances in different parts of the world. When we deploy microservice-based applications there may be cases where some microservices may have specific latency requirements Continue reading
eBPF could provide a “fundamentally better data plane” for cloud native operations, explained eBPF maintainers as well as an engineer at Linux networking company eBPF Summit last week.
The eXpress Data Path, a Linux hook to
77-year-old Vint Cerf is credited as the father of the internet — but he’s now tackling an even bigger challenge. He’s joined with the scientists who envision a network that can scale across hundreds of millions of miles, in an airless vacuum, where data transmissions can be blocked by, for example, the planet Jupiter. Cerf’s working with a team whose lofty new dream is an internet which can connect our spacecraft in outer space — to the other spacecraft, and to listeners waiting here on earth.
It’s instructive to see how engineers approach a task that stretches endless on an interplanetary scale — and what it took to lead scientists to this galaxy-sized dream.
Guide to the Galaxy
Back in the 1970s, Cerf co-developed the TCP/IP protocol with Bob Kahn, which became the foundation for all internet communication today. (Though in a recent article in Quanta, Cerf stresses that “A lot of people contributed to the creation of the internet.”) But what’s less known is that Cerf has also held a lifelong interest in outer space. One
KubeCon + CloudNativeCon North America 2020 – Virtual, Nov. 17-20.
Lior is KubeMQ’s technology leader and product architect. As a serial technology entrepreneur with over 20 years of experience in software ventures and product development, he brings cloud native expertise and hands-on experience. Lior founded Tradency (financial trading technology) 14 years ago and led as the CEO since inception. Previously he held key management positions at DSPG, Alpha Cell and TdSoft. Lior holds a B.A. in Mathematics and Computer Science from the Open University in Tel-Aviv Israel and AMP from the University of Pennsylvania-The Wharton School. @lior_nabat
Hybrid cloud is a powerful IT architecture — backed by market leaders and used by many enterprise organizations — that connects a company’s on-premises, private cloud services and third-party, public cloud services into a single, flexible infrastructure for running the organization’s applications and workload.
The principle behind hybrid cloud is a mix of public and private cloud resources — with a level of orchestration between them. This gives an organization the flexibility to choose the optimal cloud for each application or workload (and to move workloads freely Continue reading
Earlier this month, NGINX NGINX Service Mesh (NSM), a free and open source service mesh that uses NGINX proxy, to power its data plane. While many service meshes are built from entirely open source components, NGINX Vice President of Marketing Aspen Mesh, the more advanced, Istio-based service mesh built by its now-parent company Service Mesh Interface (SMI) is not supported, but it is on the roadmap, and the NGINX Unit to “introduce something that’s a little bit different and more novel to advance the industry dialogue.”
“We think there’s an option in the future to have a sidecar-less service mesh, where you’re not injecting sidecars in each service,” said Whitely. “Instead, you load your code, and you execute it, and the default runtime environment that’s executing your code has all the built-in proxying capabilities needed to handle east-west. It would take things down from a two container to one container kind of model.”
Feature image by Unsplash.
The post NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative appeared first on The New Stack.
Similar to container-native storage, the container-native network abstracts the physical network infrastructure to expose a flat network to containers. It is tightly integrated with Kubernetes to tackle the challenges involved in pod-to-pod, node-to-node, pod-to-service and external communication.
Kubernetes can support a host of plugins based on the Cloud Native Computing Foundation.
KubeCon + CloudNativeCon conferences gather adopters and technologists to further the education and advancement of cloud native computing. The vendor-neutral events feature domain experts and key maintainers behind popular projects like Kubernetes, Prometheus, Envoy, CoreDNS, containerd and more.
Container-native networks go beyond basic connectivity. They provide dynamic enforcement of network security rules. Through a predefined policy, it is possible to configure fine-grained control over communications between containers, pods and nodes.
Choosing the right networking stack is critical to maintain and secure the CaaS platform. Customers can select the stack from open source projects including Contiv, Project CalicoTungsten Fabric and
Intel sponsored this post.
Smart Network Interface Controllers (SmartNICS) puts the service mesh at center stage where the network and the application layer meet. The new dimensions that come with the integration of hardware and software is ushering in a new generation of capabilities such as cryptographic operations and new approaches to resource utilization.
At VMworld last month, VMware featured SmartNICs as part of
Although the $40 billion deal still faces long scrutiny by regulators, the reasons behind proposed acquisition of planning to buy FPGA maker Xilinx.
NVidia doesn’t plan to change Arm’s IP licensing business model, or replace its Mali GPU with NVidia technology, CEO
In the previous article, I discussed how Rancher’s Calico networking software, and the Intel NUCs. The infrastructure is based on K3s, Calico, and Portworx that provide the core building blocks of the Kubernetes cluster.
The sensors attached to the fans of the turbine provide the current rotational speed, vibration, temperature, and noise level. This telemetry data stream along with the deviceID from each fan acts as the input to the predictive maintenance solution.
InfluxDB is connected to Mosquitto via Grafana dashboard to InfluxDB to build a beautiful visualization for our AIoT solution.
In the next part of this tutorial, I will discuss the deployment architecture along with the storage and network considerations based on K3s, Calico, and Portworx. Stay tuned.
Janakiram MSV’s Webinar series, “Machine Intelligence and Modern Infrastructure (MI2)” offers informative and insightful sessions covering cutting-edge technologies. Sign up for the upcoming MI2 webinar at
Every network admin on the planet knows this dirty little secret: We’re running out of IPv4 addresses. This was an inevitability, given how wide-spread the network and network devices have become. Even on your LAN, you sometimes have to use subnetting, simply because you’ve found the devices on your massive enterprise network have gobbled up all the 192.68.1.x addresses.
It’s a problem.
Which is why IPv6 was developed. IPv6 offers a larger pool of addresses from which to use. The problem is that IPv6 isn’t nearly as easy to employ as IPv4. After all, 192.168.1.1 is much easier to remember than 0:0:0:0:0:ffff:c0a8:101.
But what’s a network administrator to do? Migrate all of those servers and various hardware devices from IPv4 to IPv6? In theory, yes, that is exactly what should happen. However, that’s not nearly as easy as one would like to think it would be. After all, you might have hundreds upon hundreds of devices and numerous locations. On top of which, there’s always that pesky DNS that must be updated (which could equate to downtime).
Oh, and let’s not forget that IPv6 is not backward compatible with IPv4. Why was this decision Continue reading
On the cloud native journey, there are both general lessons and best practices that apply to nearly all companies as well as industry-specific challenges. Cloud native journeys aren’t one-size-fits-all; the best way to handle storage, networking, security and even back-ups depends on the specifics of both the industry and the individual company.
We spoke with Nokia, about the specific challenges faced by telecom companies as they adopt containers and Kubernetes and how the industry is addressing them. Here’s what he had to say about best practices both for other telecoms as well as everyone making the move to cloud native.
Can you give an overview of Nokia’s cloud native journey? When did it start, how far are you in maturity? What have been major turning points/landmarks on the journey?
Nokia, as with many other telecom infrastructure vendors, has a long history in implementing and utilizing massively distributed systems. We started to build our own cluster management system back in the 1970s, which was based on proprietary hardware and software.
As network function virtualization (NFV) technology gained momentum in 2016, we began offering infrastructure solutions and virtual network functions (VNFs) for the ETSI NFV Management and Orchestration (MANO) standard, leveraging OpenStack. Today, Nokia’s CloudBand MANO solution is Continue reading