On the cloud native journey, there are both general lessons and best practices that apply to nearly all companies as well as industry-specific challenges. Cloud native journeys aren’t one-size-fits-all; the best way to handle storage, networking, security and even back-ups depends on the specifics of both the industry and the individual company.
We spoke with Nokia, about the specific challenges faced by telecom companies as they adopt containers and Kubernetes and how the industry is addressing them. Here’s what he had to say about best practices both for other telecoms as well as everyone making the move to cloud native.
Can you give an overview of Nokia’s cloud native journey? When did it start, how far are you in maturity? What have been major turning points/landmarks on the journey?
Nokia, as with many other telecom infrastructure vendors, has a long history in implementing and utilizing massively distributed systems. We started to build our own cluster management system back in the 1970s, which was based on proprietary hardware and software.
As network function virtualization (NFV) technology gained momentum in 2016, we began offering infrastructure solutions and virtual network functions (VNFs) for the ETSI NFV Management and Orchestration (MANO) standard, leveraging OpenStack. Today, Nokia’s CloudBand MANO solution is Continue reading
The whole agile move towards autonomous development is great to embrace the individual team and even engineer preference. However, there’s no doubt it makes it difficult for governance. It’s hard to monitor, observe and learn from disparate tooling.
Tetrate.io, KubeCon + CloudNativeCon Europe, virtual edition, a new Envoy extension as a single interpretation for these many languages.
He started by saying how: “One fundamental purpose of Envoy is its ability to see into every single request received or made by your application.”
Skopets says the next step is to extend Envoy as a way to learn from actual traffic in an efficient, flexible and simple manner. This usually involves natively developing Envoy in C++ and statically linking into the Envoy binary. He says this involves a lot of custom builds of Envoy which leads to “a lot of investment and commitment upfront.”
Skopets suggests instead using AssemblyScript, which is a subset of the Fork the code for this instance on Github.
KubeCon + CloudNativeCon is a sponsor of The New Stack.
Feature image by Pixabay.
The post KubeCon EU: Envoy Looks to WebAssembly to Extend Microservices Monitoring appeared first on The New Stack.
happens! Security isn’t in a much better state, because the need for scale and connectivity opens us up to more vulnerability. Security researcher James Mickens sounded the alarm in his 2015
KubeCon + CloudNativeCon and VMware sponsored this post, in anticipation of the virtual an incubation-level hosted project with the Cloud Native Computing Foundation (CNCF). This is a very proud moment and on behalf of the other project maintainers we want to thank the community for all of the work they put in to get us to this point.
If you don’t already know it, Contour is a simple and scalable open source ingress controller for routing traffic to applications running in Kubernetes. We’ll be offering an in-depth look at how Contour works and outlining our development roadmap at a
Although Istio has been in the headlines, Microsoft has released its new crowded and Service Mesh Interface (SMI) specification and like Linkerd but unlike Istio, Open Service Mesh can be configured by that SMI and it may even serve Continue reading
The release of HashiCorp’s push to widen the scope of its managed services offerings on the cloud.
The GA release of HCS on Armon Dadgar, co-founder and CTO of HashiCorp, said the Azure HCS release is part of HashiCorp’s shift to a more managed-services business model.
“We are transitioning from being a desktop software vendor to becoming more of a cloud software vendor,” said Dadgar.
Dadgar said HashiCorp opted for Azure since there is a lot of overlap between the kinds of customer organizations HashiCorp and Microsoft tend to focus on.
The launch Continue reading
For enterprises operating at scale and requiring high availability, ensuring failover at the Kubernetes node level simply isn’t enough. Instead, many are operating in a multicluster environment, ensuring that even if something fails at the cluster level their applications will remain operational.
For companies also running API gateway and ingress controller, this multicluster environment had become a pain point, as each cluster would require its own Gloo deployment, which in turn meant configuration, management, and control plane. In response, Solo.io has launched Idit Levine.
With federation, Levine said, not only is Gloo able Continue reading
When the proposed to be included in the still v.02, had only been around less than six months, and yet it aimed to skip the entry-level most young projects enter at and instead applied for inclusion at the secondary incubation tier. While the project was founded primarily by Google and IBM, and boasted numerous other contributors such as Yahoo, Apprenda, Concur, and AT&T, it was met with skepticism — it was so new, it didn’t really have adoption to speak of quite yet, and there were some Solo.io CEO
Cloudflare’s Jonathan Sullivan, NS1 chief technology officer and co-founder, told The New Stack.
While Cloudflare — an NS1 competitor — did have DNS redundancy built into its infrastructure, the resulting traffic drop in its network infrastructure was about 50% throughout its network and resulted in a 27-minutes outage of Cloudflare Internet properties and services, Cloudflare Chief Technology Officer blog post.
A router overload in the state of Georgia resulted in the Cloudflare outage. One way Cloudflare learned to prevent such an event from recurring was to set a limit on the Georgia router’s traffic for BGP sessions. This will result in the shutdown of Continue reading
Matthew O’Riordan
A serial entrepreneur and seasoned developer with over 15 years of hands-on development experience. Matthew is the CEO of Ably, an Infrastructure-as-a-Service (IaaS) provider. He was co-founder and technical director of Aqueduct, a leading digital agency in London and Founder of easyBacklog, a SaaS agile backlog management tool. Matthew co-founded Econsultancy, a global digital marketing publishing, training and research business, with Ashley Friedlein and exited via a £25m trade sale to Centaur Media plc in 2012.
The publish-subscribe (or pub/sub) messaging pattern is a design pattern that provides a framework for exchanging messages that allows for loose coupling and scaling between the sender of messages (publishers) and receivers (subscribers) on topics they subscribe to.
Messages are sent (pushed) from a publisher to subscribers as they become available. The host (publisher) publishes messages (events) to channels (topics). Subscribers can sign up for the topics they are interested in.
This is different from the standard request/response (pull) models in which publishers check if new data has become available. This makes the pub/sub method the most suitable framework for streaming data in real-time.
It also means that dynamic networks can be built at internet scale. However, building a messaging infrastructure at Continue reading
The open source Envoy proxy, joined the Cloud Native Computing Foundation (CNCF) as an incubation level project, skipping over the traditional sandbox level entry point. The project, originally developed in 2017 at Heptio before the company’s acquisition by VMware, displayed a level of usage in the field, support in the community and activity in its ecosystem that warranted skipping the sandbox, said
KubeCon + CloudNativeCon sponsored this post, in anticipation of Linkerd can deliver critical features such as transparent mutual TLS, gRPC load balancing, blue-green deploys, and golden metrics. But like all abstractions, these features come at a cost. Some of this cost is human in nature: the more complex the service mesh, the more effort required to operate it successfully. Some of the cost is system cost: a service mesh consumes CPU and memory, and introduces latency to the application.
Linkerd’s goal is to minimize this cost by being the smallest, fastest service mesh for Kubernetes (a claim which
“I’m pretty sure that you won’t hear anybody saying, ‘Oh, yeah, we implemented a service mesh, and it was easy to do.’ They were just extremely complicated systems,” said Marco Palladino. The first generation of service meshes, released around 2017, “came with lots of moving parts, lots of dependencies, and lots of assumptions that we did not necessarily agree with.”
Those meshes were hyperfocused on Kubernetes, he said, while customers, though perhaps running K8s, also were still running virtual machines. They don’t scale and require a new cluster for each mesh.
This month the tech industry’s lexicon is seeing a small but significant shift: Common technical phrases, most notably “Master/Slave” and “Whitelist/Blacklist” that have been red-flagged as offensive, or even racist, sometimes for decades, are getting updates. Android and GitHub Android, Splunk. Many orgs are also looking at replacing the concept of “whitelist” in both its documentation and in its APIs. Other companies and open source projects are following suit.
This work is in part to take another semantic and moral stand that Black Lives Matter. And, at times, it is
HashiCorp has expanded its Consul network control plane by widening its scope for different highly distributed services and environments — while simplifying and expanding its compliance and policy management capabilities.
By adding gateway options and compliance features with today’s release of Consul 1.8, HashiCorp has made the control plane able to manage many different environments in a single interface, the company says. These might include services and applications running in containers, Kubernetes or virtual machines (VMs) on bare metal, traditional data centers or multicloud environments that are often widely dispersed geographically.
“We are useful to customers because we offer a layer across [different environments] with a single management plane. The challenges customers have is they have many services that sit outside of service mesh, such as traditional applications, and need to bring them into the same fold,” HashiCorp, told The New Stack. “So how can services talk to your applications within your service mesh, and how do the applications in the service mesh talk out? Consul 1.8 solves that problem.”
Consul 1.8’s audit logging and single sign-on (SSO) features (which are part of the enterprise version) Continue reading
“Open source is free like a puppy,” said Aspen Mesh, provider of an enterprise version of the open source Linkerd, that is the only reason to turn to William Morgan, CEO of Buoyant. “This is more of a philosophical stance. However, if you want to have a commercial relationship with us, we will make sure the service mesh works for you, with services and integration and all that stuff.”
Taming Complexity
Service meshes are designed for very complex architectures. They only make sense for companies Continue reading
In 2016, when the digital media arm of the in increasingly large numbers.
“I remember the fear that the huge event we were experiencing could bring our platform down,” said recalled at HAProxy 2019. They kept watching the Grafana dashboard, searching for potential anomalies.
In the end, however, nothing bad happened. “We ended up drinking beers and eating pizzas,” he said. But Gallissot didn’t want to go through such a stressful experience again, and so started an initiative to move M6 to the cloud.
Like many organizations dealing with surges of traffic, M6 decided on Kubernetes as the platform for a multicloud architecture, to ease the process of easily scaling up and down traffic. And one of the most crucial parts of the Kubernetes setup is routing the incoming traffic to the appropriate services.
Kubernetes itself offers an option to capture the
Ian Baxter
Ian Baxter is the Vice President of Pre-Sales Engineering at IRONSCALES and has more than 20 years of extensive industry experience in the information security, technology and communications fields, having held various positions including both individual contributor and systems engineering management roles. During his career, Ian has regularly presented at various industry events on security topics such as threat prevention, ransomware, and best practices. Prior to IRONSCALES, Ian served as Americas' Director of Data Center Sales for NetApp covering Canada, Latin America and the US. He's also worked for large multinational technology companies such as Palo Alto Networks, Foundry Networks/Brocade, Alcatel Lucent, and Fore Systems/Marconi. Ian is originally from South Africa, and now resides in the United States.
Robert Metcalfe, co-inventor of Ethernet, is renowned for many things, but perhaps none more so than his namesake law: