Logging in Kubernetes with Fluentd and Elasticsearch

image In previous posts, we talked about running skyDNS and Heapster on your Kubernetes cluster.  In this post, I want to talk about the last of the cluster ‘addons’ available today in the Kubernetes repository.  This add on is a combination of Fluentd, Elasticsearch, and Kibana that makes a pretty powerful logging aggregation system on top of your Kubernetes cluster.   One of the major struggles with any large deployment is logging. Having a central place to aggregate logs makes troubleshooting and analysis considerably easier to do.   That being said, let’s jump right into the configuration.

Note: I have an open PR on this addon to make it a little more flexible from a configuration perspective.  Namely, I want to be able to specify the port and protocol used by the API server to access the backend service when using the API server as a service proxy.  That being said, some of my pod/controller definitions will be different from what you see on GitHub.  I’ll point out the differences below when we come across them.

The first step is to have the Kubernetes nodes collect the logs.  This is done with a local Fluentd Continue reading

Pin-pointing China’s attack against GitHub

For the past week, the website "GitHub" has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute.

GitHub is a key infrastructure website for the Internet, being the largest host of open-source projects, most famously Linux. (I host my code there). It's also a popular blogging platform.

Among the zillions of projects are https://github.com/greatfire and https://github.com/cn-nytimes. These are mirrors (copies) of the websites http://greatfire.com and http://cn.nytimes.com. GreatFire provides tools for circumventing China's Internet censorship, the NYTimes contains news stories China wants censored.

China blocks the offending websites, but it cannot easily block the GitHub mirrors. It's choices are either to block or allow everything on GitHub. Since GitHub is key infrastructure for open-source, blocking GitHub is not really a viable option.

Therefore, China chose another option, to flood those specific GitHub URLs with traffic in order to pressure GitHub into removing those pages. This is a stupid policy decision, of course, since Americans are quite touchy on the subject and are unlikely to comply with such pressure. It's likely GitHub itself can resolve the issue, as there are a zillion ways to respond. If Continue reading

Is an SDN Switch A New Form of a Firewall?

Many people anticipated that enterprise organizations would adopt Software Defined Network (SDN) technologies later than service providers or multi-tenant data centers and cloud service providers.  We are now seeing more use of Network Functions Virtualization (NFV) within enterprises and some enterprises are starting SDN pilot projects.  As enterprises consider how to utilize SDN technologies in their data center environments, they start to consider what new security capabilities SDN can provide.  SDN switches can drop packets for flows that are not permitted by the controller.  This article explores if SDN switches can behave like a traditional firewall.To read this article in full or to leave a comment, please click here

Techie April Fools’ Day – in pictures

The corporate world is serious businessThe annual scramble for momentary flashes of attention in the public eye has become an undignified, childish reversion to the mean, and a symptom of the terrible harm the Internet has done to the business world and to the media. It is with regret that we begrudgingly direct still more of your dwindling attention span to the following unedifying “pranks,” of which we hereby express our disapproval, our tongues far from our cheeks.To read this article in full or to leave a comment, please click here

Health care industry receives first mobile apps from Apple, IBM

An enterprise mobility partnership between Apple and IBM has yielded more iPhone and iPad apps, including the first ones for the health care industry and industrial production management.Under an agreement announced last July, the two companies develop enterprises mobile apps together, and IBM sells and supports Apple hardware. The first 10 mobile apps debuted in late December and a second batch was released in March. The apps released this week bring the total offered to 22.The four new health care apps are for nurses who work in hospitals and provide home care. Hospital RN replaces a nurse’s pager and phone with an iPhone, and allows them to access a patient’s records. The app uses iBeacon technology to identify patients and displays notifications including status updates on hospital equipment that is offline, backups at the lab and patient requests.To read this article in full or to leave a comment, please click here

Health care industry receives first mobile apps from Apple, IBM

An enterprise mobility partnership between Apple and IBM has yielded more iPhone and iPad apps, including the first ones for the health care industry and industrial production management.Under an agreement announced last July, the two companies develop enterprises mobile apps together, and IBM sells and supports Apple hardware. The first 10 mobile apps debuted in late December and a second batch was released in March. The apps released this week bring the total offered to 22.The four new health care apps are for nurses who work in hospitals and provide home care. Hospital RN replaces a nurse’s pager and phone with an iPhone, and allows them to access a patient’s records. The app uses iBeacon technology to identify patients and displays notifications including status updates on hospital equipment that is offline, backups at the lab and patient requests.To read this article in full or to leave a comment, please click here

Graphene is hot, hot, hot

Super substanceThe question is becoming what can't graphene do? The material, which is a form of carbon (what’s known as an allotrope of carbon), was recently described by the National Physical Laboratory as having many extraordinary properties including superior mechanical stiffness, strength and elasticity, electrical and thermal conductivity while being optically active, chemically inert and impermeable to gases. The possession of all of these properties in a single material makes graphene a potentially disruptive technology in sectors like optoelectronics, flexible electronics, bioelectric devices, energy storage and ultrafiltration, the lab stated. Indeed, take a look at just some of the recent applications being ascribed to the material.To read this article in full or to leave a comment, please click here

Raspberry Pi 2 laptop coming with Pi-Top assembly kit

Do you want a Raspberry Pi 2 laptop? A new hardware kit coming from Pi-Top will help you build one at home in a matter of minutes.The popular US$35 Raspberry Pi 2 is an uncased computer that is already being used in drones, robots, gadgets, tablets and even desktops. The otherwise stationary computer can be transformed into a laptop even by beginners with no hardware assembly experience.The full Pi-Top kit includes a 13.3-inch screen, battery, trackpad, mousepad, laptop casings and Raspberry Pi 2, which would serve as the main motherboard. Users will be able to run a full Linux-based operating system and surf the Web, check email and run productivity software.To read this article in full or to leave a comment, please click here

Facebook ‘riffs’ on Snapchat with new group video app

Facebook has released a new app for making videos that it thinks can win over the competition by allowing collaboration among friends.The company on Wednesday released Riff, a mobile app that lets people create short videos and then share them with friends. A video creation and sharing app alone is not unique—other services like YouTube, Snapchat and Twitter provide some other apps for this—but Facebook is hoping to distinguish its app by adding a strong collaborative element to it.After someone creates a video in Riff, that person’s Facebook friends can add to the video with a video of their own. From there, friends of the friend can add to it, and so on. This has the potential to give the video a communal effect, reminiscent of the Our Stories function in Snapchat that lets people watch videos taken by others during an event or over a period of time.To read this article in full or to leave a comment, please click here

Cisco to buy SDN startup Embrane

Cisco plans to beef up its SDN [software-defined networking] technology by acquiring Embrane, a startup with an architecture for virtualized network appliances.Terms of the deal were not disclosed. Cisco is already an investor in Embrane, which is based in Santa Clara, California, near Cisco headquarters. The acquisition is expected to close within three months.M&A: 2015 enterprise network & IT mergers and acquisition trackerEmbrane’s Heleos platform can deploy software-based appliances such as firewalls across a pool of commodity servers, using more or less computing power as demands rise and fall. It lets cloud service providers quickly deploy new, differentiated services, the company says. With open APIs, users can integrate Embrane’s technology with third-party billing and orchestration tools.To read this article in full or to leave a comment, please click here

War on Hackers: a Clear and Present Danger

President Obama has upped his war on hackers by declaring a "state of emergency". This triggers several laws that grant him expanded powers, such as seizing the assets of those suspected of hacking, or taking control of the Internet.

One one hand, this seems reasonable. Hackers from China and Russia are indeed a threat, causing billions in economic damage every year, by stealing money and intellectual property. This declaration specifically targets these issues. Presumably, in the next few weeks, we'll see announcements from the Treasure Department seizing assets from Chinese companies known to have stolen intellectual property via hacking.

But on the other hand, it's problematic. Declarations of emergency tend to be permanent. We already operate under 30 declarations of emergencies dating back to the Korean war. Once government grabs new powers, it tends not to give them back. Also, this really isn't an "emergency", the hacking it addresses goes back a decade. It's obvious corruption of the "emergency" provisions in the law for the President to bypass congress and rule by decree.

Moreover, while tailored specifically to the threats of foreign hackers, it ultimately affects everyone everywhere. It allows the government to bypass due process and seize Continue reading

White Box Acronym Soup

The LightReading blog, Open Networking Acronym Soup, covers all the interest groups, communities and standards bodies that are driving this idea of Open Networking, which in itself is a grab bag of topics around SDN, NFV and of course white box/bare metal switches. A recent blog post struck a chord with me at first because the author, Marc Cohn, is a good guy and a friend.

But secondly, and more importantly to everyone else, is to point out his astute observation that “we” (people, users and vendors) try to simplify stuff by using acronyms. I agree. In my past job at Infoblox, people always wanted to know what DDI meant, I would reply in my standard excited way “DNS, DHCP and IPAM’’ and most would agree that DDI was easier to say. So let’s take a look at the acronym soup and examine several key factors that you should know about white boxes. And I will lay them out here and try to keep it simple and break the list into two sections, what you should know now, and what you need to keep an eye on…for now.

OCP – Open Compute Project – This is an organization driven Continue reading

Where SDN falls down

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Software Defined Networking (SDN) promises faster network deployment times and increased agility. Unfortunately, early SDN architectures focused only on solving connectivity challenges at layers 2 through 4 of the OSI model and largely ignored application-centric challenges at layer 4 to layer 7. Yet, layers 4 – 7 are where many of the services reside that ensure applications are fast, highly available and secure.

To read this article in full or to leave a comment, please click here

Where SDN falls down

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Software Defined Networking (SDN) promises faster network deployment times and increased agility. Unfortunately, early SDN architectures focused only on solving connectivity challenges at layers 2 through 4 of the OSI model and largely ignored application-centric challenges at layer 4 to layer 7. Yet, layers 4 – 7 are where many of the services reside that ensure applications are fast, highly available and secure.To read this article in full or to leave a comment, please click here

ARM fades from Windows PCs and tablets, but grows in Chromebooks

You win some, you lose some. Microsoft this week dropped support for ARM processors from its Surface tablets with the Surface 3, but adoption of the chip architecture in Chromebooks is growing.Chromebooks from little-known companies HiSense and Haier went on sale this week for US$149, and come with an ARM-based chip made by Rockchip. These are the least expensive Chromebooks, which usually cost $200 and up.Asus also announced a new ARM-based 10.1-inch Chromebook Flip hybrid, which can be a tablet and laptop and will ship in a few months starting at $249. Acer announced a Chromebase, a 21.5-inch all-in-one PC with Chrome OS and an ARM-based processor from Nvidia.To read this article in full or to leave a comment, please click here

Over 100,000 devices can be used to amplify DDoS attacks via multicast DNS

Over 100,000 devices have a misconfigured service called multicast DNS that accepts requests from the Internet and can potentially be abused to amplify distributed denial-of-service (DDoS) attacks.The multicast Domain Name System (mDNS) is a protocol that allows devices on a local network to discover each other and their services. It is used both by PCs and embedded devices like network attached storage (NAS) systems, printers and others.The mDNS protocol allows queries to be sent to a specific machine using its unicast address. However, the official specification recommends that when receiving such queries, the mDNS service should check before responding that the address that made the request is located in the same local subnet. If it’s not, the request should be ignored.To read this article in full or to leave a comment, please click here

1 3,512 3,513 3,514 3,515 3,516 3,796