Using Existing AWS Security Groups with Cluster API

I’ve written before about how to use existing AWS infrastructure with Cluster API (CAPI), and I was recently able to help update the upstream documentation on this topic (the upstream documentation should now be considered the authoritative source). These instructions are perfect for placing a Kubernetes cluster into an existing VPC and associated subnets, but there’s one scenario that they don’t yet address: what if you need your CAPI workload cluster to be able to communicate with other EC2 instances or other AWS services in the same VPC? In this post, I’ll show you the CAPI functionality that makes this possible.

One of the primary mechanisms used in AWS to control communications among instances and services is the security group. I won’t go into any detail on security groups, but this page from AWS provides an explanation and overview of how security groups work.

In order to make a CAPI workload cluster able to communicate with other EC2 instances or other AWS services, you’ll need to somehow use security groups to make that happen. There are at least two—possibly more—ways to accomplish this:

You could add other instances or services to the CAPI-created security groups. The Cluster API Provider Continue reading

Daily Roundup: IBM Container Apps Hide Behind Fortanix

IBM and Fortanix doubled down on confidential computing; Google Anthos built a bridge to AWS; and...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Kernel of Truth season 3 episode 5: Routing protocols in the datacenter fabric

Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Cast Box and Sticher!

Click here for our previous episode.

Hosts Roopa Prabhu and Pete Lumbis are joined by a special guest to the podcast, Russ White! The group come together virtually to discuss what we should think about when it comes to routing protocols in the datcenter. What are the tradeoffs when using traditional protocols like OSPF or BGP? What about new protocols like RIFT or a hybrid approach with things like BGP-link state? Spoiler alert: it depends.

Guest Bios

Roopa Prabhu: Roopa Prabhu is Chief Linux Architect at Cumulus Networks. At Cumulus she and her team work on all things kernel networking and Linux system infrastructure areas. Her primary focus areas in the Linux kernel are Linux bridge, Netlink, VxLAN, Lightweight tunnels. She is currently focused on building Linux kernel dataplane for E-VPN. She loves working at Cumulus and with the Linux kernel networking and debian communities. Her past experience includes Linux clusters, ethernet drivers and Linux KVM virtualization platforms. She has a BS and MS in Computer Science. You can find her on Twitter at @__roopa.

Pete Lumbis: Pete, CCIE R&S #28677 and CCDE 2012::3, is Continue reading

Ericsson Weathers Pandemic With ‘Limited Impact’

Ericsson closed Q1 with 86 commercial 5G contracts and 29 live 5G networks. It activated an...

Read More »

Drilling Down Into The SiPearl European Arm Server Chip

The European Union has made it clear that it wants to be able to stand on its own two feet in the design of server processors, for both general purpose uses and for exascale-class supercomputers. …

Drilling Down Into The SiPearl European Arm Server Chip was written by Timothy Prickett Morgan at The Next Platform.

How close are we to breaking encryption with quantum computing?

Not as close as you might fear, but quantum encryption cracking is on its way. So, it's time to start getting ready for it.

NetApp Introduces Project Astra for Kubernetes Portability

Project Astra offers a normalized application data management approach that results in the...

Read More »

AT&T Boasts Confidence Amid Chaos

“AT&T’s been through a lot of other crises before and each time you’ve seen us emerge in...

Read More »

Aqua Attacks Container Image-Based Malware in Sandbox

Dynamic Threat Analysis protects containerized applications from image-based malware by...

Read More »

Using Docker Desktop and Docker Hub Together – Part 1

Introduction

In today’s fast-paced development world CTOs, dev managers and product managers demand quicker turnarounds for features and defect fixes. “No problem, boss,” you say. “We’ll just use containers.” And you would be right but once you start digging in and looking at ways to get started with containers, well quite frankly, it’s complex.

One of the biggest challenges is getting a toolset installed and setup where you can build images, run containers and duplicate a production kubernetes cluster locally. And then shipping containers to the Cloud, well, that’s a whole ‘nother story.

Docker Desktop and Docker Hub are two of the foundational toolsets to get your images built and shipped to the cloud. In this two-part series, we’ll get Docker Desktop set up and installed, build some images and run them using Docker Compose. Then we’ll take a look at how we can ship those images to the cloud, set up automated builds, and deploy our code into production using Docker Hub.

Docker Desktop

Docker Desktop is the easiest way to get started with containers on your development machine. The Docker Desktop comes with the Docker Engine, Docker CLI, Docker Compose and Kubernetes. With Docker Desktop there Continue reading

Bufferbloat in Action due to Covid-19

Four people now live and work in my home 24×7; my wife Andi, her mother, my daughter and myself. Many of you now live in similar situations. jigsawfish2

Very occasionally, everyone will have network trouble, such as occurred to us this morning. Sometimes it is our “last mile” connection: it is easy to see these failures in our cable modem log. (Often available by looking at the address 192.168.100.1, which seems to be the default address for cable modems.). Occasionally it can be the ISP (in our case, Comcast), either due to some routing failure or DNS failure. These can be harder to diagnose.

Bufferbloat, however, is insidious. It comes and goes, and most users have been “trained” to ignore temporary bad behavior over many years. When you go to diagnose it, you usually stop the operation that is causing it. This blog has recorded our efforts to fix bufferbloat. Now that there are many more people at home at the same time trying to do more demanding applications, this problem is much more common. Other people in your home can inflict the bufferbloat problem on you without you or they understanding what is happening.

Yesterday afternoon Continue reading

Day Two Cloud 045: Tackling Multi-Cloud Challenges With An Actual Multi-Cloud Consumer

We get the architectural nitty-gritty on a multi-cloud migration to Azure and Oracle Cloud on today's Day Two Cloud podcast. Guest Snehal Patel, Network and Cloud Architect for a large corporation, walks us through design and migration details as his company moves applications into two different public clouds.

Day Two Cloud 045: Tackling Multi-Cloud Challenges With An Actual Multi-Cloud Consumer

The post Day Two Cloud 045: Tackling Multi-Cloud Challenges With An Actual Multi-Cloud Consumer appeared first on Packet Pushers.

How does the IETF work? – John Scudder, Distinguished Engineer @ Juniper Networks

In this episode we discuss with John Scudder how to drive an idea to a standard via the standards organisation IETF.
John is a IETF veteran and tells us all about workgroups, chairs, drafts and RFCs.

Listen below, in your favourite podcast app or subscribe on the homepage!

The Management Plane of Multi-Cloud Networking – Aviatrix CoPilot

Recently, Aviatrix launched a new product called CoPilot to address the dire need of operational visibility in multi-cloud networking. This piqued my interest because the none of the Cloud Service Providers (CSPs) provide any topology tools for end-to-end visualization, monitoring and troubleshooting. So I decided to attend the launch event. Some of the biggest challenges … Continue reading →

Next Generation Cognitive Networking

Just a decade ago, public cloud titans Amazon Web Services and Microsoft Azure Cloud, became synonymous with elastic scaling, and software provisioning through APIs. This was a phenomenon that didn’t exist within closed legacy systems.

Private clouds, by contrast, saw the relevance of enterprise customers recreating an infrastructure based on public cloud principles operating at a smaller scale. In an ideal world, both clouds would allow application developers to create and choose where to deploy applications without trade-offs. Arista pioneered technology development in this cloud networking category and today with Covid-19 restrictions driving millions of users to work-from-home, there are tremendous pressures on network access and bandwidth.

Next Generation Cognitive Networking

Arista Bakes AI Into WiFi Software

Cognitive WiFi provides visibility into WiFi users’ experience and initiates root cause analysis...

Read More »

Deploying IPv6 in Public Clouds is Easy

One of the hands-on exercises in our Networking in Public Cloud Deployments online course asks the attendees to deploy a full-blown virtual networking solution with a front-end (web) server in a public subnet, and back-end (database) server in a private subnet.

The next (optional) exercise asks them to add IPv6 to the mix for a full-blown dual-stack deployment.

On Duplicates

Packet duplication wastes bandwidth and can lead to significant network performance degradation or even outages.

In multicast routing, packets are replicated by the network, so there is always a fundamental risk of duplicate traffic. Special safeguards exist to avoid …

« Previous 1 … 1,006 1,007 1,008 1,009 1,010 … 3,874 Next »