Workload access control: Securely connecting containers and Kubernetes with the outside world

Containers have changed how applications are developed and deployed, with Kubernetes ascending as the de facto means of orchestrating containers, speeding development, and increasing scalability. Modern application workloads with microservices and containers eventually need to communicate with other applications or services that reside on public or private clouds outside the Kubernetes cluster. However, securely controlling granular access between these environments continues to be a challenge. Without proper security controls, containers and Kubernetes become an ideal target for attackers. At this point in the Kubernetes journey, the security team will insist that workloads meet security and compliance requirements before they are allowed to connect to outside resources.

As shown in the table below, Calico Enterprise and Calico Cloud offer multiple solutions that address different access control scenarios to limit workload access between Kubernetes clusters and APIs, databases, and applications outside the cluster. Although each solution addresses a specific requirement, they are not necessarily mutually exclusive.

 

Your requirement Calico’s solution Advantages
You want to use existing firewalls and firewall managers to enforce granular egress access control of Kubernetes workloads at the destination (outside the cluster) Egress Access Gateway Security teams can leverage existing investments, experience, and training in firewall infrastructure and Continue reading

IPv6 Buzz 087: How Merit Network Used Carrots Over Sticks To Drive IPv6 Adoption

Merit Network is a non-profit ISP that provides network and security services for universities, K-12 schools, libraries, and other educational communities in Michigan. On today's IPv6 Buzz we speak with Lola Killey, Infrastructure and Research Support Analyst, about how Merit encouraged IPv6 adoption and what other institutions can learn from that effort.

The post IPv6 Buzz 087: How Merit Network Used Carrots Over Sticks To Drive IPv6 Adoption appeared first on Packet Pushers.

Creating Reusable Kuma Installation YAML

Using CLI tools—instead of a “wall of YAML”—to install things onto Kubernetes is a growing trend, it seems. Istio and Cilium, for example, each have a CLI tool for installing their respective project. I get the reasons why; you can build logic into a CLI tool that you can’t build into a YAML file. Kuma, the open source service mesh maintained largely by Kong and a CNCF Sandbox project, takes a similar approach with its kumactl tool. In this post, however, I’d like to take a look at creating reusable YAML to install Kuma, instead of using the CLI tool every time you install.

You might be wondering, “Why?” That’s a fair question. Currently, the kumactl tool, unless configured otherwise, will generate a set of TLS assets to be used by Kuma (and embeds some of those assets in the YAML regardless of the configuration). Every time you run kumactl, it will generate a new set of TLS assets. This means that the command is not declarative, even if the output is. Unfortunately, you can’t reuse the output, as that would result in duplicate TLS assets across installations. That brings me to the point of this Continue reading

InfluxDB Cloud


InfluxDB Cloud is a cloud hosted version of InfluxDB. The free tier makes it easy to try out the service and has enough capability to satisfy simple use cases. In this article we will explore how metrics based on sFlow streaming telemetry can be pushed into InfluxDB Cloud.

The diagram shows the elements of the solution. Agents in host and network devices are configured to stream sFlow telemetry to an sFlow-RT real-time analytics engine instance. The Telegraf Agent queries sFlow-RT's REST API for metrics and pushes them to InfluxDB Cloud.

docker run -p 8008:8008 -p 6343:6343/udp --name sflow-rt -d sflow/prometheus

Use Docker to run the pre-built sflow/prometheus image which packages sFlow-RT with the sflow-rt/prometheus application. Configure sFlow agents to stream data to this instance.

Create an InfluxDB Cloud account. Click the Data tab. Click on the Telegraf option and the InfluxDB Output Plugin button to get the URL to post data. Click the API Tokens option and generate a token.
[agent]
  interval = "15s"
  round_interval = true
  metric_batch_size = 5000
  metric_buffer_limit = 10000
  collection_jitter = "0s"
  flush_interval = "10s"
  flush_jitter = "0s"
  precision = "1s"
  hostname = ""
  omit_hostname = true

[[outputs.influxdb_v2]]
  urls = ["INFLUXDB_CLOUD_URL"]
  token =  Continue reading

Reimagining ‘Show IP Interface Brief’

Welcome back! In my first post here on Packet Pushers (Applying A Software Design Pattern To Network Automation – Packet Pushers) we explored the Model View Controller (MVC) software design pattern and how it can be applied to network automation. This post will go a little deeper into how this is achieved and the mix […]

The post Reimagining ‘Show IP Interface Brief’ appeared first on Packet Pushers.

How to right-size edge storage

Edge computing is shaping up as the most practical way to manage the growing volume of data being generated by remote sources such as IoT and 5G devices.A key benefit of edge computing is that it provides greater computation, network access, and storage capabilities closer to the source of the data, allowing organizations  to reduce latency. As a result, enterprise are embracing the model: Gartner estimates that 50% of enterprise data will be generated at the edge by 2023, and PricewaterhouseCoopers predicts the global market for edge data centers will reach $13.5 billion in 2024, up from $4 billion in 2017. To read this article in full, please click here

How to right-size edge storage

Edge computing is shaping up as the most practical way to manage the growing volume of data being generated by remote sources such as IoT and 5G devices.A key benefit of edge computing is that it provides greater computation, network access, and storage capabilities closer to the source of the data, allowing organizations  to reduce latency. As a result, enterprise are embracing the model: Gartner estimates that 50% of enterprise data will be generated at the edge by 2023, and PricewaterhouseCoopers predicts the global market for edge data centers will reach $13.5 billion in 2024, up from $4 billion in 2017. To read this article in full, please click here

Fine tuning a T5 text-classification model on colab

One of the most interesting recent developments in natural language processing is the T5 family of language models. These are transformer based sequence-to-sequence models trained on multiple different tasks. The main insight is that different tasks provide a broader context for tokens and help the model statistically approximate the natural language context of words.

Tasks can be specified by providing an input context, often with a “command” prefix and then predicting an output sequence. This google AI blog article contains an excellent description of how multiple tasks are specified.

Naturally, these models are attractive to anyone working on NLP. The drawback, however, is that they are large and require very significant computational resources, beyond the resources of most developers desktop machines. Fortunately, google makes their Colaboratory platform free to use (with some resource limitations). It is the ideal platform to experiment with this family of models in order to see how their perform on a specific application.

As I decided to do so, for a text-classification problem, I had to pierce together information from a few different sources and try a few different approaches. I decided to put together a mini tutorial of how to fine-tune a T5 model Continue reading

Fine tuning a T5 text-classification model on colab

One of the most interesting recent developments in natural language processing is the T5 family of language models. These are transformer based sequence-to-sequence models trained on multiple different tasks. The main insight is that different tasks provide a broader context for tokens and help the model statistically approximate the natural language context of words.

Tasks can be specified by providing an input context, often with a “command” prefix and then predicting an output sequence. This google AI blog article contains an excellent description of how multiple tasks are specified.

Naturally, these models are attractive to anyone working on NLP. The drawback, however, is that they are large and require very significant computational resources, beyond the resources of most developers desktop machines. Fortunately, google makes their Colaboratory platform free to use (with some resource limitations). It is the ideal platform to experiment with this family of models in order to see how their perform on a specific application.

As I decided to do so, for a text-classification problem, I had to pierce together information from a few different sources and try a few different approaches. I decided to put together a mini tutorial of how to fine-tune a T5 model Continue reading

Circular Dependencies Considered Harmful

A while ago, my friend Nicola Modena sent me another intriguing curveball:

Imagine a CTO who has invested millions in a super-secure data center and wants to consolidate all compute workloads. If you were asked to run a BGP Route Reflector as a VM in that environment, and would like to bring OSPF or ISIS to that box to enable BGP ORR, would you use a GRE tunnel to avoid a dedicated VLAN or boring other hosts with routing protocol hello messages?

While there might be good reasons for doing that, my first knee-jerk reaction was:

Read more …

Circular Dependencies Considered Harmful

A while ago my friend Nicola Modena sent me another intriguing curveball:

Imagine a CTO who has invested millions in a super-secure data center and wants to consolidate all compute workloads. If you were asked to run a BGP Route Reflector as a VM in that environment, and would like to bring OSPF or ISIS to that box to enable BGP ORR, would you use a GRE tunnel to avoid a dedicated VLAN or boring other hosts with routing protocol hello messages?

While there might be good reasons for doing that, my first knee-jerk reaction was:

Read more …

Gartner says IT spending to top $4 trillion in 2022

With IT budgets growing at the fastest rate in 10 years, worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest Gartner forecasts.All IT spending segments—from data-center systems to communications services—are forecast to grow next year, according to Gartner.  [Get regularly scheduled insights by signing up for Network World newsletters.] Enterprise software is likely to have the highest growth in 2022 at 11.5%, driven by infrastructure software spending. Global spending on devices grew over 15% as remote work, telehealth and remote learning took hold, and Gartner expects 2022 will continue that growth as enterprises upgrade devices and/or invest in multiple devices to support the hybrid work setting. “Enterprises will increasingly build new technologies and software, rather than buy and implement them, leading to overall slower spending levels in 2022 compared to 2021,” said John-David Lovelock, distinguished research vice president at Gartner.To read this article in full, please click here

Gartner says IT spending to top $4 trillion in 2022

With IT budgets growing at the fastest rate in 10 years, worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest Gartner forecasts.All IT spending segments—from data-center systems to communications services—are forecast to grow next year, according to Gartner.  [Get regularly scheduled insights by signing up for Network World newsletters.] Enterprise software is likely to have the highest growth in 2022 at 11.5%, driven by infrastructure software spending. Global spending on devices grew over 15% as remote work, telehealth and remote learning took hold, and Gartner expects 2022 will continue that growth as enterprises upgrade devices and/or invest in multiple devices to support the hybrid work setting. “Enterprises will increasingly build new technologies and software, rather than buy and implement them, leading to overall slower spending levels in 2022 compared to 2021,” said John-David Lovelock, distinguished research vice president at Gartner.To read this article in full, please click here

Gartner says IT spending to top $4 Trillion in 2022

With IT budgets growing at the fastest rate in 10 years, worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest Gartner forecasts.All IT spending segments—from data-center systems to communications services—are forecast to grow next year, according to Gartner.  [Get regularly scheduled insights by signing up for Network World newsletters.] Enterprise software is likely to have the highest growth in 2022 at 11.5%, driven by infrastructure software spending. Global spending on devices grew over 15%  as remote work, telehealth and remote learning took hold, and Gartner expects 2022 will continue that growth as enterprises upgrade devices and/or invest in multiple devices to support the hybrid work setting. “Enterprises will increasingly build new technologies and software, rather than buy and implement them, leading to overall slower spending levels in 2022 compared to 2021,” said John-David Lovelock, distinguished research vice president at Gartner.To read this article in full, please click here

Gartner says IT spending to top $4 Trillion in 2022

With IT budgets growing at the fastest rate in 10 years, worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest Gartner forecasts.All IT spending segments—from data-center systems to communications services—are forecast to grow next year, according to Gartner.  [Get regularly scheduled insights by signing up for Network World newsletters.] Enterprise software is likely to have the highest growth in 2022 at 11.5%, driven by infrastructure software spending. Global spending on devices grew over 15%  as remote work, telehealth and remote learning took hold, and Gartner expects 2022 will continue that growth as enterprises upgrade devices and/or invest in multiple devices to support the hybrid work setting. “Enterprises will increasingly build new technologies and software, rather than buy and implement them, leading to overall slower spending levels in 2022 compared to 2021,” said John-David Lovelock, distinguished research vice president at Gartner.To read this article in full, please click here

1 635 636 637 638 639 3,837