Networking – The New Stack Archives - Page 12 of 18

Gloo Edge 2.0: A Fully Istio-Integrated API Gateway for Multiple Clusters

Version 2.0 of Solo.io’s Gloo Edge will integrate the Gloo Edge, an ingress controller, and the open source Istio service mesh will form a single control plane, Solo.io said this week during its Torsten Volk, an analyst for Enterprise Management Associates (EMA), said. “Most organizations have regarded Istio as something to ‘attack once it’s become more approachable and easier to manage,’” Volk said. “These Solo.io announcements might ring in this new age of “service mesh for everyone.” In a Continue reading

Liz Rice: Following the ‘Superpower’ Promise of eBPF

Liz Rice Liz Rice, chair of the CNCF’s technical oversight committee For lots of folks in software engineering, every now and again a technology comes along that really sparks the imagination. I’m sure that many readers of The New Stack will recall their first encounters with containers, very possibly through Docker, and the realization that this was a technology that could change everything. Containerization is arguably the lynchpin of the move to cloud native. But every step forward creates new challenges, and new boundaries to push. For me, eBPF is another transformational technology and one that I’m excited to get more deeply involved in, as I join the leadership team at eBPF pioneers, Brendan Greggs from Netflix coined the phrase “superpowers for Linux,” and that’s no exaggeration. In my role as chair of the Continue reading

Application Management Across the Net Requires ‘Google Maps’ Visibility

ThousandEyes sponsored this podcast. The cloud has become that new data center for how business gets done, and the internet is the new enterprise network backbone for how services are connected, said

Linkerd Goes on a Diet with Opt-In Extensions

Buoyant has released version 2.10 of William Morgan, CEO of Linkerd, in an interview. “An extension is basically a Kubernetes controller or operator. We’re relying as much as possible on Kubernetes primitives, but what we are doing is, there’s a little bit of wrapper magic that happens that makes those extensions feel like the rest of Linkerd.” Among those formerly-default features now being offered as extensions are the multicluster extension, which contains cross-cluster communications tools, the

Applying a DevOps Approach to the Network Your App Runs On

ThousandEyes sponsored this post. Mike Hicks Mike is a principal solutions analyst at ThousandEyes, a part of Cisco, and a recognized expert with more than 30 years of experience in network and application performance. If you were to put application and network teams into a single room and ask them if ensuring optimal application performance and availability for their end users was critical to the success of their companies, you would undoubtedly have all heads shaking yes. The question, of course, is how? Many of us have lived through war rooms urgently called in response to degraded customer experiences, due to a performance or availability problem with a key application. Today’s modern applications are more distributed and modular than ever before, so not only has the number of stakeholders increased, but the lines of demarcation have also become blurred — causing confusion over responsibilities. Managing and optimizing application performance today is dependent on an increasingly complex underlying network and internet infrastructure that traditional application monitoring solutions fail to bridge, leaving visibility gaps for DevOps and NetOps to struggle with. These heterogeneous environments introduce changing conditions that are sparking new tactics to manage the application experience; and monitoring is one of Continue reading

5 Key Takeaways from IstioCon 2021

Lin Sun Lin is the Director of Open-Source at Solo.io. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she served on the Istio Steering Committee for three years and was a Senior Technical Staff Member and Master Inventor at IBM for 15+ years. She is the author of the book Istio Explained and has more than 200 patents to her name. This year’s first-ever Istio service mesh connects microservices. As the conference program co-chair, I had the incredible honor to work with the rest of the program committee to select conference submissions from a diverse range of world-class speakers. I wanted to share my five key takeaways from the show: 2020: A Year of Istio Innovation I have heard repeatedly from users that Istio is much easier to use thanks to the consolidation of all control plane components into Istiod. The removal of Mixer and the introduction of Web Assembly extensibility capabilities has also been widely lauded by the community. A complete list Continue reading

Why the Service Mesh Will Be Essential for 5G Telecom Networks

Sagar Nangare Sagar Nangare is technology blogger, focusing on data center technologies (Networking, Telecom, Cloud, Storage) and emerging domains like Edge Computing, IoT, Machine Learning, AI). Based in He is based in Pune, he is currently serving Calsoft Inc. as Digital Strategist. Despite the service mesh being a fairly new technology, as compared to other cloud native technologies, a March 2020 Cloud Native Computing Foundation report

Solo.io Launches Gloo Mesh Enterprise to General Availability

After a couple of years in development and just released Gloo Mesh Enterprise service mesh to general availability this month, marking API stability and a slate of new features, built in response to customer feedback during the beta period. Gloo Mesh Enterprise is the company’s enterprise-grade, Kubernetes-native solution to help organizations install and manage Istio service mesh deployments. While Gloo Mesh Enterprise may just now be reaching this milestone, Idit Levine speaks of massive, unnamed customers already using the product in production, in deployments spanning more than 40 data centers, and 1,200 clusters and Istio service mesh instances. “When you’re running with that scale, there are a lot of things that you need to do. This is exactly what Gloo Mesh is for. Gloo Mesh is basically saying, ‘crawl, walk, run, fly.'” said Levine, referring to the product’s ability to help not only with the initial steps of service mesh adoption and installation but also the day two operations and added capabilities to handle complex multicluster, multicloud, multiregion deployments. To start (or “crawl”), Gloo Mesh Enterprise provides Federal Information Processing Standards (FIPS) compliance and long-term support for Istio Continue reading

Tetrate’s GetIstio Promises to Simplify Management of a Istio Service Mesh

While the open source GetIstio, a commercial service mesh based on Istio and Varun Talwar. “The thing is, these are not static projects, right? Neither Kubernetes, nor Istio, nor Envoy,” said Talwar. “Every three months, you typically have new releases from these projects, Continue reading

Behind the Scenes of the SunBurst Attack

Check Point sponsored this post. Lior Sonntag Lior is a Security Researcher at Check Point Software Technologies. He is a security enthusiast who loves to break stuff and put it back together. He's passionate about various InfoSec topics such as Cloud Security, Offensive Security, Vulnerability Research and Reverse Engineering. The biggest cyberattack in recent times came in the form of what seems like a

Why You Should Choose NGAC as Your Access Control Model

Tetrate sponsored this post. Jimmy Song Jimmy is a developer advocate at Tetrate, CNCF Ambassador, co-founder of ServiceMesher, and Cloud Native Community (China). He mainly focuses on Kubernetes, Istio, and cloud native architectures. Different companies or software providers have devised countless ways to control user access to functions or resources, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). In essence, whatever the type of access control model, three basic elements can be abstracted: user, system/application, and policy. In this article, we will introduce ABAC, RBAC, and a new access control model — Next Generation Access Control (NGAC) — and compare the similarities and differences between the three, as well as why you should consider NGAC. What Is RBAC? Ignasi Barrera Ignasi is a founding engineer at Tetrate and is a member of the Apache Software Foundation. RBAC, or Role-Based Access Control, takes an approach whereby users are granted (or denied) access to resources based on their role in the organization. Every role is assigned a collection of permissions and restrictions, which is great because you don’t need to keep track of every system user and their attributes. You just Continue reading

Best Practices for Securely Setting up a Kubernetes Cluster

David Bisson David Bisson is an information security writer and security junkie. He's a contributing editor to IBM's Security Intelligence, Tripwire's The State of Security Blog, and a contributing writer to Bora. He also regularly produces written content for Zix and a number of other companies in the digital security space. Organizations are increasingly looking to containers to fuel their digital transformations. In 2020, documentation: Load balancing. Organizations turn to Kubernetes to make Continue reading

HAProxy Kubernetes Ingress Controller Moves Outside the Cluster

The HAProxy Kubernetes Ingress Controller 1.5. With the introduction of features around different types of authentication, configuration, and the ability to run the controller external to a Kubernetes cluster, the release marks a new release cadence for the software, said HAProxy director of product

Tetrate: A Service Mesh Can Be the Security Kernel for Distributed Systems

If you are going to use a service mesh to manage a set of microservices, you might as well start thinking of the service mesh as the “security kernel” for these distributed systems, suggested Tetrate Senior Engineer U.S. National Institute of Standards and Technology (NIST) and Tetrate, a purveyor of an

Why Open Source Project Maintainers are Reluctant to use Digital Signatures, Two-Factor Authentication

We all agree that open source development methods help create better code. The Cathedral and the Bazaar,” which explained how the methodology of openness worked in Fetchmail project. But, that’s a general rule. Open source can still be abused by unscrupulous developers. So, why don’t we make sure when a programmer attempts to merge code into a program that they’re really who they say they are, by using two-factor authentication (2FA) or a digital signature? Good question. You might not think this is a real problem. Alas, it is. For example, in 2019 CursedGrabber malware was successfully Linux Foundation’s 2020 FOSS Contributor Survey, when developers were asked if the open source projects Continue reading

Using Traefik Ingress Controller with Istio Service Mesh

Tetrate sponsored this post. Petr McAllister Petr is an IT Professional with more than 20+ years of international experience and Master’s Degree in Computer Science. He is a technologist at Tetrate. The Istio service mesh comes with its own ingress, but we see customers with requirements to use a non-Istio ingress all the time. Previously, we’ve covered Traefik ingress. With some slight adjustments to the approach we suggested previously, we at Tetrate learned how to implement Traefik as the ingress gateway to your Istio Service Mesh. This article will show you how. The flow of traffic is shown on the diagram below. As soon as requests arrive at the service mesh from the Traefik ingress, Istio has the ability to apply security, observability and traffic steering rules to the request: Incoming traffic bypasses the Istio sidecar and arrives directly at Traefik, so the requests terminate at the Traefik ingress. Traefik uses the IngressRoute config to rewrite the “Host” header to match the destination, and forwards the request to the targeted service, which is a several step process: Requests exiting Traefik Ingress are redirected to the Istio sidecar Continue reading

Observe VM Service Meshes with Apache SkyWalking and the Envoy Access Log Service

Tetrate sponsored this post. Hongtao Gao Hongtao is a Tetrate engineer and former Huawei Cloud expert. One of PMC members of Apache SkyWalking, he participates in such popular open source projects as Apache ShardingSphere and Elastic-Job. Want to observe a service mesh that extends to virtual machines? A new analyzer in previous article, we talked about observability of service mesh in a Kubernetes environment and applied it to the bookinfo application in practice. But in that scenario, in order to map IP addresses to services, SkyWalking would need access to service metadata from a Kubernetes cluster — which is not available for services deployed in VMs. In this tutorial, we’ll demonstrate how SkyWalking’s new analyzer can give you better observability of a mesh that includes virtual machines. How It Works What makes VMs different from Kubernetes is that, for VM services, there are no places where we can fetch the metadata to map the IP addresses to services. The mechanics of SkyWalking Analyzer are the same Continue reading

HAProxy Bonds with HashiCorp Consul to Extend Automated Service Discovery

Version 2.2 of offers service discovery and native support for the HashiCorp’s Daniel Corbett, head of product, HAProxy Technologies, in a blog post. Through a RESTful HTTP API, HAProxy connects directly to a defined Consul server and ingests the list of services and nodes from a Consul catalog, Corbett later told The New Stack. The API will set off a process that can “define an HAProxy backend and pool of servers to match this catalog and automatically scale up or down nodes/servers on-demand based on changes within the Consul catalog,” Corbett said. Corbett noted in the has also released version 2.3 of HAProxy itself, adding features such as forwarding, prioritizing, and translating of messages sent over the Syslog Protocol on both UDP and TCP, an OpenTracing SPOA, Stats Contexts, SSL/TLS enhancements, an improved cache, and changes in the connection layer that lay the foundation for support for HTTP/3/QUIC. For more information on the HAProxy’s Data Plane API,

Istio’s Complexity Leads Some Users to Linkerd

Twain Taylor Twain is a guest blogger for Twistlock and a Fixate IO Contributor. He began his career at Google, where, among other things, he was involved in technical support for the AdWords team. His work involved reviewing stack traces and resolving issues affecting both customers and the Support team, and handling escalations. Today, as a technology journalist, he helps IT magazines, and startups change the way teams build and ship applications. Service meshes have been getting quite a bit of attention, and with good reason. By providing reliability, security, and observability at the platform layer, service meshes can play a mission-critical role in Kubernetes applications. But tales of adoption are mixed: some practitioners report shying away from adopting a service meshes due to their apparent complexity, while others report getting them up and running with apparent ease. So which is it? Are service meshes too complex to be worth the effort, or ready for adoption today? In this article I wanted to focus on

Offloading Authentication and Authorization from Application Code to a Service Mesh

Tetrate sponsored this post. Zack Butcher Zack is a Tetrate engineer. He is an Istio contributor and member of the Istio Steering Committee and co-author of 'Istio: Up and Running (O’Reilly: 2019).' In an upcoming Ramaswamy Chandramouli, we’ll be presenting recommendations around safely and securely offloading authentication and authorization from application code to a service mesh. We’ll be discussing the advantages and disadvantages of that approach. This article presents an overview of the paper that will be presented later this month, at

« Previous 1 … 10 11 12 13 14 … 18 Next »