0

Building an Isolated Kubernetes Cluster on AWS

In this post, I’m going to explore what’s required in order to build an isolated—or Internet-restricted—Kubernetes cluster on AWS with full AWS cloud provider integration. Here the term “isolated” means “no Internet access.” I initially was using the term “air-gapped,” but these aren’t technically air-gapped so I thought isolated (or Internet-restricted) may be a better descriptor. Either way, the intent of this post is to help guide readers through the process of setting up a Kubernetes cluster on AWS—with full AWS cloud provider integration—using systems that have no Internet access.

At a high-level, the process looks something like this:

1. Build preconfigured AMIs that you’ll use for the instances running Kubernetes.
2. Stand up your AWS infrastructure, including necessary VPC endpoints for AWS services.
3. Preload any additional container images, if needed.
4. Bootstrap your cluster using kubeadm.

It’s important to note that this guide does not replace my earlier post on setting up an AWS-integrated Kubernetes cluster on AWS (written for 1.15, but valid for 1.16 and 1.17). All the requirements in that post still apply here. If you haven’t read that post or aren’t familiar with the requirements for setting up a Kubernetes cluster with the AWS Continue reading

0

The Fourth Wave Of FPGA Compute

Ahead of The Next FPGA Platform event that we hosted recently in San Jose, we talked to Manoj Roge, vice president of product planning and business development at Achronix, about the three waves of FPGAs that have occurred over the past three decades, and in the course of our live conversation, we got a little more insight into the addressable market for FPGAs and also talked about the fourth wave, which is just starting now. …

The Fourth Wave Of FPGA Compute was written by Timothy Prickett Morgan at The Next Platform.

0

How SD-Branch Supports Bank Transformation

Customers expect more of a digital experience out of their financial institutions. Here's how...

Read More »

0

Vodafone CEO: Huawei RAN Quota Will Slow 5G Plans

Nick Reed said a delay of up to five years could result if it has to replace Huawei equipment that...

Read More »

0

Learn, Contribute, and Engage! Introducing the Chapter Training Program!

Our members plays a vital role in working for a open, globally-connected, and secure Internet for all – through their experience, knowledge, and passion. For this reason, we’re excited to announce the Internet Society’s 2020 Chapters Training Program.

The Chapters Training Program will be the first engagement and learning program for members that focuses on developing new community leaders.  These community leaders can work together with their respective Chapters and create local awareness of our 2020 Action Plan work and explore options for members to become involved.

Growing and developing our communities is one of our main priorities. By launching this program we aim to strengthen three important development components for Chapters: Chapter alignment to Organizations Strategy, Capacity Building, and Community engagement.

Enrollment for Chapters interested in being part of the program will be open until February 9th . Chapters can subscribe here.

For Chapters interested on getting more details about the program, a video session is available.

We hope to get as many Chapters as possible for this first year pilot!

We can only grow if we innovate and work together. New ideas will always bring new opportunities. Join us and be part of this global initiative!

The post Learn, Contribute, Continue reading

0

Cisco patches a security glitch affecting routers, switches and phones

Cisco has issued fixes for five security glitches that can be found in a wealth of its networked enterprise products – from switches and routers to web cameras and desktop VoIP phones.  The problems center around vulnerabilities in the implementation of the Cisco Discovery Protocol (CDP) that could let remote attackers take over the products without any user interaction. While no public exploit has been found, an attacker simply needs to send a maliciously crafted CDP packet to a target device located inside the network to take advantage of the weakness, Cisco stated.Cisco’s CDP is a Layer 2 protocol that runs on Cisco devices and enables networking applications to learn about directly connected devices nearby, according to Cisco. It enables management of Cisco devices by discovering networked devices, determining how they are configured, and letting systems using different network-layer protocols learn about each other, according to Cisco.To read this article in full, please click here

0

Cisco patches a security glitch affecting routers, switches and phones

Cisco has issued fixes for five security glitches that can be found in a wealth of its networked enterprise products – from switches and routers to web cameras and desktop VoIP phones.  The problems center around vulnerabilities in the implementation of the Cisco Discovery Protocol (CDP) that could let remote attackers take over the products without any user interaction. While no public exploit has been found, an attacker simply needs to send a maliciously crafted CDP packet to a target device located inside the network to take advantage of the weakness, Cisco stated.Cisco’s CDP is a Layer 2 protocol that runs on Cisco devices and enables networking applications to learn about directly connected devices nearby, according to Cisco. It enables management of Cisco devices by discovering networked devices, determining how they are configured, and letting systems using different network-layer protocols learn about each other, according to Cisco.To read this article in full, please click here

0

Part 4: When a ‘Service Mesh Lite’ Proxy Is Right for Your Organization

Prometheus, Spinnaker, Fluentd  and Pixabay. The post Part 4: When a ‘Service Mesh Lite’ Proxy Is Right for Your Organization appeared first on The New Stack.

0

FatPipe SD-WAN Adds Ciena uCPE Support

The two companies aim to develop new service delivery models for communication services...

Read More »

0

White House Burnishes Big US Tech Firms for 5G Battle

President Donald Trump and his advisors have been talking about empowering U.S.-based technology...

Read More »

0

Cisco Patches Zero-Day Vulnerabilities in Millions of Devices

If exploited, the bugs would allow an attacker to eavesdrop on voice and video calls and steal...

Read More »

0

The End Of WAN As We Know It?

In today’s iteration of the Network Collective Community Roundtable, I join Kevin Myers and Darrel Clute to talk about what’s on their minds and whether or not the WAN as we know it is a thing of the past. Hardware independent software overlays are becoming more popular but does this mean that traditional WAN is going away? Hear what Keven, Darrel, and I have to say about it on this episode.

---

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post The End Of WAN As We Know It? appeared first on Network Collective.

0

Day Two Cloud 034: Everything As Code – Including Documentation

One key idea for automation and cloud is "everything as code." That includes networking, infrastructure, and documentation. Yes, documentation. On today's Day Two Cloud episode we dive into how to get beyond using Microsoft Office as your infrastructure management strategy. Our guest is William Collins, a cloud architect at a large healthcare company.

0

Day Two Cloud 034: Everything As Code – Including Documentation

One key idea for automation and cloud is "everything as code." That includes networking, infrastructure, and documentation. Yes, documentation. On today's Day Two Cloud episode we dive into how to get beyond using Microsoft Office as your infrastructure management strategy. Our guest is William Collins, a cloud architect at a large healthcare company.

The post Day Two Cloud 034: Everything As Code – Including Documentation appeared first on Packet Pushers.

0

Cumulus content roundup: January 2020

We understand the start of the new year can be pretty busy and you may have missed out on some of the great content we shared this month. You’re in luck though, we have the best of the best right here for you so you don’t have to a miss a thing.

January was full of partnership announcements, 2020 predictions, and a lot of great blogs that you can, figuratively speaking, sink you teeth into. Catch up below!

From Cumulus Networks:

It’s a fact: choosing your own hardware means lower TCO:Organizations have diverse needs, and these needs change with time. The ability to select the right hardware for the task can be a competitive advantage. Learn how choosing your own hardware means lower TCO in our blog here.

Kernel of Truth season 2 episode 15: 2019 retrospect and 2020 predictions: Hosts Brian O’Sullivan & Roopa Prabhu are joined by Kernel of Truth podcast guest pros Pete Lumbis and Rama Darbha. Listen to this jam-packed podcast to hear their 2019 retrospect & 2020 predictions. Buzzword teaser: Automation.

Cumulus Networks and Metsi Technologies partner to prepare customers for new wave of tech adoption: We’re excited to announce our partnership with Continue reading

0

Dictionary: sitzfleisch

The ability to persist in an activity

The post Dictionary: sitzfleisch appeared first on EtherealMind.

0

How to check your vulnerability to credential dumping

Use these techniques to see if attackers have harvested authentication credentials from your Windows network.

0

Changes to dockerproject.org APT and YUM repositories

While many people know about Docker, not that many know its history and where it came from. Docker was started as a project in the dotCloud company, founded by Solomon Hykes, which provided a PaaS solution. The project became so successful that dotCloud renamed itself to Docker, Inc. and focused on Docker as its primary product.

As the “Docker project” grew from being a proof of concept shown off at various meetups and at PyCon in 2013 to a real community project, it needed a website where people could learn about it and download it. This is why the “dockerproject.org” and “dockerproject.com” domains were registered.

With the move from dotCloud to Docker, Inc. and the shift of focus onto the Docker product, it made sense to move everything to the “docker.com” domain. This is where you now find the company website, documentation, and of course the APT and YUM repositories at download.docker.com have been there since 2017.

On the 31st of March 2020, we will be shutting down the legacy APT and YUM repositories hosted at dockerproject.org and dockerproject.com. These repositories haven’t been updated with the latest releases of Docker and Continue reading

0

The EVPN/BGP Saga Continues

Aldrin wrote a well-thought-out comment to my EVPN Dilemma blog post explaining why he thinks it makes sense to use Juniper’s IBGP (EVPN) over EBGP (underlay) design. The only problem I have is that I forcefully disagree with many of his assumptions.

He started with an in-depth explanation of why EBGP over directly-connected interfaces makes little sense:

Read more ...

0

POTS: protective optimization technologies