Kubernetes network security foundations: Get started on building your Kubernetes network security policies with Calico!

The adoption of cloud native applications has become a necessity for organizations to run their businesses efficiently. As per Gartner, more than 85% of organizations will embrace a cloud-first principle by 2025, which will rely on adopting cloud native applications for complete execution. The massive increase in adoption of cloud native applications has given rise to more security challenges such as container image vulnerabilities, configuration errors and a larger runtime attack surface. Kubernetes has become the de facto standard platform to host and run cloud native applications. However, as Kubernetes adoption gains momentum, so does the security risk associated with business-critical applications that communicate with multiple external and internal systems. Kubernetes network security is a critical aspect of securing cloud native applications and the Kubernetes platform itself. This multi-part blog series aims to explore the network security challenges of the Kubernetes environment and provide insights into mitigating them using Calico security controls. The series will cover various aspects of network security, including security policies, application layer security, host network security, Pod traffic encryption, and the importance of a defense-in-depth security approach. Let’s dive into the world of Kubernetes network security and learn how to protect your organization’s valuable assets.

AI Is Coming In The Front Door To Get The Back Office

Large language models can be fun, as shown by the wild popularity of ChatGPT since OpenAI tossed the generative AI chatbot into the public sphere in late November and let people have at it. …

AI Is Coming In The Front Door To Get The Back Office was written by Jeffrey Burt at The Next Platform.

Startup NEO Semiconductor promises 8x increase in memory density

System memory is a complex problem. More memory means more performance, especially in a virtualized environment. But more memory also requires more power, and that can add up as you start to get into thousands of memory sticks.Plus, you can only put so many memory sticks in a server, depending on the number of slots available. So how do you increase memory capacity? By increasing memory density on the chips, which is easier said than done. However, a startup called NEO Semiconductor is claiming it will be able to increase memory density by up to eight times over standard memory with a breakthrough 3D design.It’s not a new concept; 3D memory stacking has been used in NAND flash to increase capacity for a decade now. Memory transistors can only be so large to fit in the confines of a DRAM chip. Rather than an increase the number of transistors laid out side by side, memory makers began stacking it on top of each other, thus increasing capacity in the same physical space. In the 10 years since 3D stacking began, NAND flash DRAM has reached the 170-layer mark, and SSDs have seen a significant increase in capacity without Continue reading

Startup NEO Semiconductor promises 8x increase in memory density

Making Cloudflare the best place for your web applications

Hey web developers! We are about to shake things up a bit here at Cloudflare and wanted to give you a heads-up, so that you know what we are doing and where we are going. You might know Cloudflare as one of the best places to come to when you need to protect, speed up, or scale your web application, but increasingly Cloudflare is also becoming the best place to deploy and run your application!

Why deploy your application to Cloudflare? Two simple reasons. First, it removes lots of hassle of managing many separate systems and allows you to develop, deploy, monitor, and tune your application all in one place. Second, by deploying to Cloudflare directly, there is so much more we can do to optimize your application and get it to the hands, ears, or eyes of your users more quickly and smoothly.

So what’s changing? Quite a bit, actually. I’m not going to bore you with rehashing all the details as my most-awesome colleagues have written separate blog posts with all the details, but here is a high level rundown.

Cloudflare Workers + Pages = awesome development platform

Cloudflare Pages and Workers are merging into a single unified Continue reading

A whole new Quick Edit in Cloudflare Workers

Quick Edit is a development experience for Cloudflare Workers, embedded right within the Cloudflare dashboard. It’s the fastest way to get up and running with a new worker, and lets you quickly preview and deploy changes to your code.

We’ve spent a lot of recent time working on upgrading the local development experience to be as useful as possible, but the Quick Edit experience for editing Workers has stagnated since the release of workers.dev. It’s time to give Quick Edit some love and bring it up to scratch with the expectations of today's developers.

Before diving into what’s changed—a quick overview of the current Quick Edit experience:

We used the robust Monaco editor, which took us pretty far—it’s even what VSCode uses under the hood! However, Monaco is fairly limited in what it can do. Developers are used to the full power of their local development environment, with advanced IntelliSense support and all the power of a full-fledged IDE. Compared to that, a single file text editor is a step-down in expressiveness and functionality.

VSCode for Web

Today, we’re rolling out a new Quick Edit experience for Workers, powered by VSCode for Web. This is a huge Continue reading

Bringing a unified developer experience to Cloudflare Workers and Pages

Today, we’re thrilled to announce that Pages and Workers will be joining forces into one singular product experience!

We’ve all been there. In a surge of creativity, you visualize in your head the application you want to build so clearly with the pieces all fitting together – maybe a server side rendered frontend and an SQLite database for your backend. You head to your computer with the wheels spinning. You know you can build it, you just need the right tools. You log in to your Cloudflare dashboard, but then you’re faced with an incredibly difficult decision:

Cloudflare Workers or Pages?

Both seem so similar at a glance but also different in the details, so which one is going to make your idea become a reality? What if you choose the wrong one? What are the tradeoffs between the two? These are questions our users should never have to think about, but the reality is, they often do. Speaking with our wide community of users and customers, we hear it ourselves! Decision paralysis hits hard when choosing between Pages and Workers with both products made to build out serverless applications.

In short, we don’t want this for our users — Continue reading

Modernizing the toolbox for Cloudflare Pages builds

Cloudflare Pages launched over two years ago in December 2020, and since then, we have grown Pages to build millions of deployments for developers. In May 2022, to support developers with more complex requirements, we opened up Pages to empower developers to create deployments using their own build environments — but that wasn't the end of our journey. Ultimately, we want to be able to allow anyone to use our build platform and take advantage of the git integration we offer. You should be able to connect your repository and have it just work on Cloudflare Pages.

Today, we're introducing a new beta version of our build system (a.k.a. "build image") which brings the default set of tools and languages up-to-date, and sets the stage for future improvements to builds on Cloudflare Pages. We now support the latest versions of Node.js, Python, Hugo and many more, putting you on the best path for any new projects that you undertake. Existing projects will continue to use the current build system, but this upgrade will be available to opt-in for everyone.

New defaults, new possibilities

The Cloudflare Pages build system has been updated to not only support new versions Continue reading

Improved local development with wrangler and workerd

For over a year now, we’ve been working to improve the Workers local development experience. Our goal has been to improve parity between users' local and production environments. This is important because it provides developers with a fully-controllable and easy-to-debug local testing environment, which leads to increased developer efficiency and confidence.

To start, we integrated Miniflare, a fully-local simulator for Workers, directly into Wrangler, the Workers CLI. This allowed users to develop locally with Wrangler by running wrangler dev --local. Compared to the wrangler dev default, which relied on remote resources, this represented a significant step forward in local development. As good as it was, it couldn’t leverage the actual Workers runtime, which led to some inconsistencies and behavior mismatches.

Last November, we announced the experimental version of Miniflare v3, powered by the newly open-sourced workerd runtime, the same runtime used by Cloudflare Workers. Since then, we’ve continued to improve upon that experience both in terms of accuracy with the real runtime and in cross-platform compatibility.

As a result of all this work, we are proud to announce the release of Wrangler v3 – the first version of Wrangler with local-by-default development.

A new default for Wrangler

Ask JJX: How Can I Stop Users From Joining Personal Devices To Our Network Using Their AD Credentials?

Messy RADIUS policies and misconfigurations may be allowing users to join personal devices to your network. Jennifer Minella provides a quick overview of RADIUS and 802.1x, common holes, and three options for filling them in this installment of her "Ask JJX" series.

The post Ask JJX: How Can I Stop Users From Joining Personal Devices To Our Network Using Their AD Credentials? appeared first on Packet Pushers.

Restoring databases from backup requires hands-on practice

It’s important to back up your databases, but it’s even more important to be able to restore it, so once you’ve identified how you’re going to back it up, make sure you test the different recovery scenarios.Broadly speaking, there are two database types considered here, traditional and modern, and recovery is different for each. A traditional database in this context is a database that runs in a single server or virtual machine that you manage, and a modern database might run across many nodes or it might even be serverless, where you have no access to the underlying infrastructure.Recovering traditional databases Restoring a traditional database is straightforward as long as you have practiced how to handle different things that could go wrong. You don’t want to test your backup system for the first time during an actual database outage.To read this article in full, please click here

VPP MPLS – Part 2

VPP

About this series

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.

I’ve deployed an MPLS core for IPng Networks, which allows me to provide L2VPN services, and at the same time keep an IPng Site Local network with IPv4 and IPv6 that is separate from the internet, based on hardware/silicon based forwarding at line rate and high availability. You can read all about my Centec MPLS shenanigans in [this article].

In the last article, I explored VPP’s MPLS implementation a little bit. All the while, @vifino has been tinkering with the Linux Control Plane and adding MPLS support to it, and together we learned a lot about how VPP does MPLS forwarding and how it sometimes differs to other implementations. During the process, we talked a bit about implicit-null and explicit-null. When my buddy Fred read the [previous article], he also talked about a feature called penultimate-hop-popping which Continue reading

eBay scores cost savings and a bandwidth boost with white-box switches running SONiC

For online auction powerhouse eBay, customer service is everything. Or, as Parantap Lahiri, vice president of network and data center engineering, puts it, “We want to make the network more like air or water, so our people don’t have to worry about network resources when creating magical services for our users.”The demands on the eBay infrastructure are staggering: 1.8 billion active listings; 133 million active buyers. It’s main landing page gets 250 million visits per day. Unlike a static storefront site like Amazon, an eBay auction can entail multiple bidders from all over the world competing against each other as the clock ticks down to the end of the auction. And the eBay platform supports direct communication between sellers and buyers, with offers and counteroffers flying back and forth.To read this article in full, please click here

eBay scores cost savings and a bandwidth boost with white-box switches running SONiC

New: Disaster Recovery Resources

I wrote dozens of blog posts debunking disaster recovery fairy tales (mostly of the long-distance vMotion and stretched clusters variety) over the years. They are collected and sorted (and polished a bit) in the new Disaster Recovery Resources page. Hope you’ll find them useful.

Explore

New: Disaster Recovery Resources

Explore

IPv6 Adoption: China Steps on the Deployment Pedal

A new initiative from the Central Cyberspace Administration of China and others aims for 750 million active IPv6 users by year-end and sets a 2024 cut-off date for IPv4.

Kubernetes Security And Networking 7: Securing Kubernetes Manifests – Video

There’s lot of places to focus on application security, but don’t forget to scan your Kubernetes manifests! This video takes you step-by-step through scanning your repository using Kubescape. https://www.youtube.com/watch?v=kwF-JoIQRTA You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and […]

The post Kubernetes Security And Networking 7: Securing Kubernetes Manifests – Video appeared first on Packet Pushers.

Full Stack Journey 078: Using pyATS For Network Testing With John Capobianco

On today's Full Stack Journey podcast we examine pyATS, a Python testing framework typically used for network testing. Our guest to explain all things pyATS is John Capobianco. John is a Developer Advocate for Cisco Training Bootcamps and a proponent of Python and automation.

Full Stack Journey 078: Using pyATS For Network Testing With John Capobianco

The post Full Stack Journey 078: Using pyATS For Network Testing With John Capobianco appeared first on Packet Pushers.

« Previous 1 … 294 295 296 297 298 … 3,841 Next »