How to integrate Calico Image Scanner with Argo CI/CD

In today’s fast-paced software development environment, developers often use common public libraries and modules to quickly build applications. However, this presents a significant challenge for DevOps teams who must ensure that these applications are safe to use. As organizations move towards dynamic models of software development that rely on Continuous Integration and Continuous Deployment, the responsibility for deploying secure applications has shifted from traditional security teams to development teams.

To address this challenge, I will provide general guidelines on how to integrate the Calico Image Scanning feature into a CI/CD pipeline, using Argo. This will help ensure that images are built safely and free from Common Vulnerabilities and Exposures (CVEs). In this blog post, we will use a Kubernetes validating webhook configuration to attach a Calico Cloud admission controller that can accept or reject certain actions on resources, such as the creation of pods. This will prevent the deployment of images that contain known CVEs, thus strengthening the overall security of your software development process.

Overall Architecture

The building blocks to use Argo as an example of this integration are below:

Relevant Calico configuration

Before even committing changes to our application, we must setup the Calico Admission Controller within our Continue reading

Aruba Isn’t A Wireless Company (Any More)

Remember when Aruba was a wireless company? I know it sounds like something that happened 40 years ago but the idea that Aruba only really made wireless access points and some campus switches to support them isn’t as old as you think. The company, now known as HPE Aruba Networking (née Aruba, a Hewlett Packard Enterprise Company), makes more than just Wi-Fi gear. Yet the perception of the industry is that they’re still a wireless company looking to compete with the largest parts of the market.

Branching Out of Office

This year’s Aruba Atmopshere showed me that Aruba is trying to do more than just campus wireless. The industry has shifted away from just providing edge connectivity and is now focused on a holistic lineup of products that are user-focused. You don’t need to go much further than the technical keynote on the second day of the conference to see that. Or the Networking Field Day Experience videos linked above.

Do you know what Aruba wanted to showcase?

  • Campus Switches
  • Data Center Switches
  • Private 5G/LTE
  • SASE/SSE
  • IoT
  • Cloud-Enabled Management

You know what wasn’t on that list? Access points. For a “wireless” company that’s a pretty glaring omission, right? I think Continue reading

Technology Short Take 168

Welcome to Technology Short Take #168! Although this weekend is (in the US, at least) celebrated as Mother’s Day weekend—don’t forget to call or visit your mom!—I thought you all might want some light weekend reading. I’m here to help, after all. To that end, here’s the latest Technology Short Take, with links to a variety of articles in various disciplines. Enjoy!

Networking

Security

Magic in minutes: how to build a ChatGPT plugin with Cloudflare Workers

Magic in minutes: how to build a ChatGPT plugin with Cloudflare Workers
Magic in minutes: how to build a ChatGPT plugin with Cloudflare Workers

Today, we're open-sourcing our ChatGPT Plugin Quickstart repository for Cloudflare Workers, designed to help you build awesome and versatile plugins for ChatGPT with ease. If you don’t already know, ChatGPT is a conversational AI model from OpenAI which has an uncanny ability to take chat input and generate human-like text responses.

With the recent addition of ChatGPT plugins, developers can create custom extensions and integrations to make ChatGPT even more powerful. Developers can now provide custom flows for ChatGPT to integrate into its conversational workflow – for instance, the ability to look up products when asking questions about shopping, or retrieving information from an API in order to have up-to-date data when working through a problem.

That's why we're super excited to contribute to the growth of ChatGPT plugins with our new Quickstart template. Our goal is to make it possible to build and deploy a new ChatGPT plugin to production in minutes, so developers can focus on creating incredible conversational experiences tailored to their specific needs.

How it works

Our Quickstart is designed to work seamlessly with Cloudflare Workers. Under the hood, it uses our command-line tool wrangler to create a new project and deploy it to Workers.

Continue reading

How Pingora keeps count

How Pingora keeps count
How Pingora keeps count

A while ago we shared how we replaced NGINX with our in-house proxy, Pingora. We promised to share more technical details as well as our open sourcing plan. This blog post will be the first of a series that shares both the code libraries that power Pingora and the ideas behind them.

Today, we take a look at one of Pingora’s libraries: pingora-limits.

pingora-limits provides the functionality to count inflight events and estimate the rate of events over time. These functions are commonly used to protect infrastructure and services from being overwhelmed by certain types of malicious or misbehaving requests.

For example, when an origin server becomes slow or unresponsive, requests will accumulate on our servers, which adds pressure on both our servers and our customers’ servers. With this library, we are able to identify which origins have issues, so that action can be taken without affecting other traffic.

The problem can be abstracted in a very simple way. The input is a (never ending) stream of different types of events. At any point, the system should be able to tell the number of appearances (or the rate) of a certain type of event.

In a simple example, colors are Continue reading

Hedge 178: Defined Trust Transport with Kathleen Nichols

The Internet of Things is still “out there”—operators and individuals are deploying millions of Internet connected devices every year. IoT, however, poses some serious security challenges. Devices can be taken over as botnets for DDoS attacks, attackers can take over appliances, etc. While previous security attempts have all focused on increasing password security and keeping things updated, Kathleen Nichols is working on a new solution—defined trust transport in limited domains.

Join us on for this episode of the Hedge with Kathleen to talk about the problems of trusted transport, the work she’s putting in to finding solutions, and potential use cases beyond IoT.

download

You can find Kathleen at Pollere, LLC, and her slides on DeftT here.

Weekend Reads 051223


Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.


Enter OpenTelemetry, which provides a vendor-neutral standard for telemetry data, as well as the necessary tools to collect and export data from cloud-native applications.


DevEx drives business performance through increased efficiency, product quality, and employee retention.


Last January, thousands of users of two popular open source libraries, “faker” and “colors,” were shocked to see their applications breaking and showing gibberish data after being infected with a malicious package.


Netskope, a leader in Secure Access Service Edge (SASE), today unveiled new research confirming that attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware.


In keeping with WhoisXML API’s mission to make the Internet a transparent and safe place for users, we expanded the list of IoCs in hopes of identifying social media pages that could already be serving or used to serve as fraud vehicles.


According to research carried out across a sample of over failed 17,000 hard drives, the failure occurred after only two years and 6 months. Continue reading

Video: Kubernetes Container Networking Interface (CNI)

Ready for more Kubernetes details? How about Container Networking Interface (CNI) described by Stuart Charlton as part of Kubernetes Networking Deep Dive webinar?

Notes:

Watch the video

Video: Sample Kubernetes SDN Implementations

Read for more Kubernetes details? How about Container Networking Interface (CNI) described by Stuart Charlton as part of Kubernetes Networking Deep Dive webinar?

Notes:

Watch the video

Taking advantage of the grep command’s many options

The grep command makes it easy to find strings in text files on Linux systems, but that's just a start. It can be used to search through these files for multiple strings or regular expressions at the same time. It can also ignore case when needed, and it can count the lines in the resulting output for you. This post shows how to use grep in all these ways.Basic grep The simplest grep command looks like the one shown below. This "find string in file" command will show all the lines in the file that contain the string, even when that string is only part of a longer one.$ grep word story The wording suggests there was more to the story than anyone wanted to admit. The sword had been left behind the shed. It was several days before it was Finding multiple strings There are a number of ways to search for a group of strings in a single command. In the command below, the '|' character serves as an "or" function. The command will display any lines in the file that contain the word "xray", the word "tape" or both.To read this article in full, Continue reading

Taking advantage of the grep command’s many options

The grep command makes it easy to find strings in text files on Linux systems, but that's just a start. It can be used to search through these files for multiple strings or regular expressions at the same time. It can also ignore case when needed, and it can count the lines in the resulting output for you. This post shows how to use grep in all these ways.Basic grep The simplest grep command looks like the one shown below. This "find string in file" command will show all the lines in the file that contain the string, even when that string is only part of a longer one.$ grep word story The wording suggests there was more to the story than anyone wanted to admit. The sword had been left behind the shed. It was several days before it was Finding multiple strings There are a number of ways to search for a group of strings in a single command. In the command below, the '|' character serves as an "or" function. The command will display any lines in the file that contain the word "xray", the word "tape" or both.To read this article in full, Continue reading

Multivendor 5G network slicing test claims 70% gain in deployment speeds

A group of about a dozen vendors announced this week that a test program for 5G network slicing had achieved 70% gains in the time required to programmatically create a network slice, marking a major step forward in the development of private 5G for enterprise users.A network “slice,” as it’s called, is essentially a logically distinct subnetwork in a 5G deployment that can be used for a variety of purposes to maximize bandwidth use and provide on-demand 5G services to users. The basic idea is that automation in the 5G core can apply a layer of virtualization to wireless networks, letting a service provider “slice” off parts of its available spectrum and provide them to a customer as a discrete network.To read this article in full, please click here

When Push Comes To Shove, Google Invests Heavily In GPU Compute

A year ago, at its Google I/O 2022 event, Google revealed to the world that it had eight pods of TPUv4 accelerators, with a combined 32,768 of its fourth generation, homegrown matrix math accelerators, running in a machine learning hub located in its Mayes County, Oklahoma datacenter.

When Push Comes To Shove, Google Invests Heavily In GPU Compute was written by Timothy Prickett Morgan at The Next Platform.

Tigera named as one of Forbes America’s Best Startup Employers in 2023

We are proud to announce that we have been named one of America’s Best Startup Employers 2023 by Forbes!

The Forbes list of America’s Best Startup Employers 2023 was compiled by evaluating 2,600 companies with at least 50 employees in the United States. All of the companies considered were founded between 2013 and 2020, from the ground up, and were not spin-offs of existing businesses. Just like other Forbes lists, businesses cannot pay to be considered. Evaluation was based on three criteria: employer reputation, employee satisfaction, and growth.

Great Place to Work™ 2022

Inclusion in Forbes’ list comes after we were proudly certified as a Great Place to Work™ in 2022.

The Great Place to Work Certification recognizes employers that create an exceptional employee experience. The certification process involves surveying employees and the employer, and rankings are based on employee feedback and independent analysis. This means job searchers can rely on the certification to help them determine whether an organization is truly a great place to work.

Go Tigers!

Our core values are the foundation of everything we do. Tigera believes in a collaborative, flexible work environment built on mutual respect and commitment. We are delighted to hear that our Continue reading

Kubernetes Unpacked 025: The Kubernetes Developer Experience

Michael Levan and Calvin Hendryx-Parker talk about their experience using Kubernetes, the pros and cons of the orchestration platform, and its impact on infrastructure engineers and developers. Calvin offers great tips on how to make the developer experience better and what platform engineering teams can do to make everyone’s job flow properly.

The post Kubernetes Unpacked 025: The Kubernetes Developer Experience appeared first on Packet Pushers.

1 288 289 290 291 292 3,832