Examining X.509 Certificates Embedded in Kubeconfig Files

While exploring some of the intricacies around the use of X.509v3 certificates in Kubernetes, I found myself wanting to be able to view the details of a certificate embedded in a kubeconfig file. (See this page if you’re unfamiliar with what a kubeconfig file is.) In this post, I’ll share with you the commands I used to accomplish this task.

First, you’ll want to extract the certificate data from the kubeconfig file. For the purposes of this post, I’ll use a kubeconfig file named config and found in the .kube subdirectory of your home directory. Assuming there’s only a single certificate embedded in the file, you can use a simple grep statement to isolate this information:

grep 'client-certificate-data' $HOME/.kube/config

Combine that with awk to isolate only the certificate data:

grep 'client-certificate-data' $HOME/.kube/config | awk '{print $2}'

This data is Base64-encoded, so we decode it (I’ll wrap the command using backslashes for readability now that it has grown a bit longer):

grep 'client-certificate-data' $HOME/.kube/config | \
awk '{print $2}' | base64 -d

You could, at this stage, redirect the output into a file (like certificate.crt) if so desired; the data you have is Continue reading

Not Attending DockerCon 2018? Here’s your Top 5 “To Do’s”

If you’re not one of the 6,000 expected attendees at DockerCon 2018 in San Francisco, don’t worry, you don’t have to miss a thing! We’ve put together a list of the Top 5 thing you can do to stay current on all things DockerCon, if you’re not attending this year.

1. Learn about the latest release – Docker Enterprise Edition (EE) 2.0

Learn about the only enterprise-ready container platform that enables IT leaders to choose how to cost-effectively build and manage their entire application portfolio at their own pace, without fear of architecture and infrastructure lock-in. Read the blog and watch the Docker EE 2.0 Launch Virtual Event with customer stories from Liberty Mutual, Franklin American Mortgage, and ADP.

2.  Watch the Livesteam of the DockerCon Keynotes and Cool Hacks

Register now to see the DockerCon keynote sessions live, from where in the world you may be, on June 13th and 14th at 9AM PDT . Hear the latest Docker announcements from Steve Singh (CEO) and Scott Johnston (Chief Product Officer) and enjoy the highly technical demos of the latest innovations from the Docker team.

3. Follow the News from your peers at DockerCon

Be sure to get Continue reading

Your Personal Journey at DockerCon

DockerCon San Francisco 2018 is here! From all of us at Docker HQ we want to welcome those that have travelled to be with us in San Francisco. For this year’s DockerCon we wanted to create an experience that uniquely helps YOU figure out where you are today and where you want to go next with your containerized applications and operations. As you get to the Moscone Center in San Francisco, you’ll see signs guiding you towards various stages of the technology adoption journey. Below we’ve summarized common traits that customer like you have at each phase of the journey: once you identify where you click to jump down to some last minute guidance of sessions and activities that we think will be most helpful for each stage.

Click to jump directly to your journey stage:

  • Getting Started: If you’re new to containerization and trying to figure what this Docker thing is and why people are using it, this DockerCon experience is for you
  • First Project: Check out this experience if you’ve got the fundamentals of containerization down and are ready to move on to using the Docker container platform on a real project and build your core Continue reading

Start with Business Requirements, not Technology

This is the feedback I got from someone who used ExpertExpress to discuss the evolution of their data center:

The session has greatly simplified what had appeared to be a complex and difficult undertaking for us. Great to get fresh ideas on how we could best approach our requirements and with the existing equipment we have. Very much looking forward to putting into practice what we discussed.

And here’s what Nicola Modena (the expert working with the customer) replied:

As I told you, the problem is usually to map the architectures and solutions that are found in books, whitepapers, and validated designs into customer’s own reality, then to divide the architecture into independent functional layers, and most importantly to always start from requirements and not technology.

A really good summary of what ipSpace.net is all about ;) Thank you, Nicola!

Optimus: an efficient dynamic resource scheduler for deep learning clusters

Optimus: an efficient dynamic resource scheduler for deep learning clusters Peng et al., EuroSys’18

(If you don’t have ACM Digital Library access, the paper can be accessed either by following the link above directly from The Morning Paper blog site).

It’s another paper promising to reduce your deep learning training times today. But instead of improving the programming model and/or dataflow engine, Optimus improves the scheduling of jobs within a cluster. You can run it on top of Kubernetes, and the authors claim about a 1.6x reduction in makespan compared to the mostly widely used schedulers today.

Deep learning clusters

We’re using ever larger models, with ever increasing amounts of data (at least, whenever we can get our hands on it). In general this improves the learning accuracy, but it also increases the training time. The most common approach is parallel training using a machine learning cluster. Typically a model is partitioned among multiple parameter servers, and training data is spread across multiple workers. Workers compute parameter updates and push them to the respective parameter server.

Training is an iterative process with a dataset divided into chunks, and each chunk further divided into mini-batches. A Continue reading

Network Labs Using Nested Virtualization in the Cloud

Many open-source network simulation and emulation tools use full virtualization technologies like VMware, QEMU/KVM, or VirtualBox. These technologies require hardware support for virtualization such as Intel’s VT-x and AMD’s AMD-V. To gain direct access to this hardware support, researchers usually run network emulation test beds on their own PCs or servers but could not take advantage of the inexpensive and flexible computing services offered by cloud providers like Amazon EC2, Google Compute Engine, or Microsoft Azure.

Creative Commons copyright: From http://d203algebra.wikispaces.com/Exponential+Functions-Target+D-Modeling+Data-Investigations

By August 2017, most of the major cloud service providers announced support for nested virtualization. In the cloud context, Nested Virtualization is an advanced feature aimed at enterprises, but it is also very useful for building network emulation test beds. I’ve written about nested virtualization for servers before but, until recently, I was limited to running nested virtual machines on my own PC. Now that the major cloud providers support nested virtualization, I can build more complex network emulation scenarios using cloud servers.

This post will discuss the cloud service providers that support nested virtualization and how this feature supports open source networking simulation and emulation in the cloud.

Cloud service providers support for nested virtualization

The cloud service providers Continue reading

Off the Cuff – Microsoft Aquires GitHub

On June 4, 2018, Microsoft announced it will acquire GitHub for $7.5 billion.  What does this acquisition mean for developers, the projects that use GitHub, and the online community surrounding it?  Listen is as Network Collective discusses with this acquisition means for Microsoft, GitHub, and the many projects and developers that rely on GitHub.

Alistair Woodman
Guest
Russ White
Host
Donald Sharp
Host
Eyvonne Sharp
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Off the Cuff – Microsoft Aquires GitHub appeared first on Network Collective.

DockerCon 2018 Survival Tips

Embark on your DockerCon 2018 journey like a pro with these helpful tips:

Tip 1: Things to bring

  • Laptop in tow! If you attending any of the hands-on labs or workshops this is a must have.
  • Bring charger for mobile device(s). Battery life is a major key to conference survival.
  • Remember your favorite notebook and writing apparatus.
  • Wear comfortable shoes! There will lots of walking and standing
  • Bring a jacket, sweater, or a coat – it may get cool in the venue and in San Francisco at night!

Tip 2: Stay in the Know with the DockerCon App

Download the official DockerCon application for DockerCon 2018:

GooglePlay

Apple Store iOS Devices

This app features attendee resources such as agendas, venue maps, access to Hallway Track, attendee networking and more! You can use the DockerCon App to take notes, rate both speakers and sessions.

Docker Hallway Track  is an innovative platform that helps you find and network with like-minded people and meet one-on-one. Make new and meaningful connections by sharing knowledge and meet with other attendees with using the: book a Hallway Track scheduling tool. Just log in once using your registration credentials to access.

The mapping section includes a map of the conference; giving Continue reading

Automation critical to scalable network security

Securing the business network has been and continues to be one of the top initiatives for engineers. Suffering a breach can have catastrophic consequences to a business, including lawsuits, fines, and brand damage from which some companies never recover.To combat this, security professionals have deployed a number of security tools, including next-generation firewalls (NGFW) such as Cisco’s Firepower, which is one of the most widely deployed in the industry. Managing firewalls becomes increasingly difficult Managing a product like Firepower has become increasingly difficult, though, because the speed at which changes need to be made has increased. Digital businesses operate at a pace never seen before in the business world, and the infrastructure teams need to keep up. If they can’t operate at this accelerated pace, the business will suffer. And firewall rules continue to grow in number and complexity, making it nearly impossible to update them manually.To read this article in full, please click here

Automation critical to scalable network security

Securing the business network has been and continues to be one of the top initiatives for engineers. Suffering a breach can have catastrophic consequences to a business, including lawsuits, fines, and brand damage from which some companies never recover.To combat this, security professionals have deployed a number of security tools, including next-generation firewalls (NGFW) such as Cisco’s Firepower, which is one of the most widely deployed in the industry. Managing firewalls becomes increasingly difficult Managing a product like Firepower has become increasingly difficult, though, because the speed at which changes need to be made has increased. Digital businesses operate at a pace never seen before in the business world, and the infrastructure teams need to keep up. If they can’t operate at this accelerated pace, the business will suffer. And firewall rules continue to grow in number and complexity, making it nearly impossible to update them manually.To read this article in full, please click here

1 1,573 1,574 1,575 1,576 1,577 3,841