0

Using kubectl via an SSH Tunnel

In this post, I’d like to share one way (not the only way!) to use kubectl to access your Kubernetes cluster via an SSH tunnel. In the future, I may explore some other ways (hit me on Twitter if you’re interested). I’m sharing this information because I suspect it is not uncommon for folks deploying Kubernetes on the public cloud to want to deploy them in a way that does not expose them to the Internet. Given that the use of SSH bastion hosts is not uncommon, it seemed reasonable to show how one could use an SSH tunnel to reach a Kubernetes cluster behind an SSH bastion host.

If you’re unfamiliar with SSH bastion hosts, see this post for an overview.

To use kubectl via an SSH tunnel through a bastion host to a Kubernetes cluster, there are two steps required:

1. The Kubernetes API server needs an appropriate Subject Alternative Name (SAN) on its certificate.
2. The Kubeconfig file needs to be updated to reflect the tunnel details.

Ensuring an Appropriate SAN for the API Server

As is the case with just about any TLS-secured connection, if the destination to which you’re connecting with kubectl doesn’t match any of Continue reading

0

HPE Edge Orchestrator Targets Telco 5G, Edge Plans

The platform is designed to allow telecom operators to maintain more control over their edge...

Read More »

0

Telefónica’s ElevenPaths Taps Fortinet for Industrial Security

Fortinet’s platform provides visibility and management across IT and OT devices, which allows...

Read More »

0

Internet Society and Alliance for Affordable Internet Partner to Promote Community Networks and Expand Access for All

The Internet Society and the Alliance for Affordable Internet (A4AI), an initiative of the World Wide Web Foundation, have entered into a Memorandum of Understanding (MoU) to further their existing partnership to collaborate on promoting community networks to expand meaningful connectivity, and other areas of joint interest.

A4AI is a global coalition working to drive down the cost of Internet access in low- and middle-income countries through policy and regulatory reform. The Internet Society is a member of A4AI, and the two organizations share a vision of an open, globally connected, secure, and trustworthy Internet for everyone.

Both organizations have emphasized the importance of solid research, capacity building, and advocacy to develop the policies needed to reduce the cost to connect and enable everyone, everywhere to access Internet connectivity. A4AI and ISOC believe community networks provide a sustainable solution to address connectivity gaps that exist in underserved urban, remote, and rural areas around the world.

This MoU formalizes a longstanding relationship between the two organizations. In the past, we’ve worked together to collaborate on common policy and regulatory objectives across numerous UN and international fora to promote and advocate for the expansion of public access solutions through community networks, Continue reading

0

Full Stack Journey 043: Lighting Up The Firecracker Project For Serverless Computing

Firecracker is an open-source project, launched by AWS, for serverless computing. On today's Full Stack Journey podcast, Michael Hausenblas of AWS joins host Scott Lowe to talk about Firecracker, how it works, its adoption, and more. They also touch on EKS, Fargate, and Lambda.

0

Full Stack Journey 043: Lighting Up The Firecracker Project For Serverless Computing

Firecracker is an open-source project, launched by AWS, for serverless computing. On today's Full Stack Journey podcast, Michael Hausenblas of AWS joins host Scott Lowe to talk about Firecracker, how it works, its adoption, and more. They also touch on EKS, Fargate, and Lambda.

The post Full Stack Journey 043: Lighting Up The Firecracker Project For Serverless Computing appeared first on Packet Pushers.

0

Automate Image Compression for Blogging

Adding images and screenshots to posts is good but size is a consideration

The post Automate Image Compression for Blogging appeared first on EtherealMind.

0

EVPN: The Great Unifying Theory of VPN Control Planes?

I claimed that “EVPN is the control plane for layer-2 and layer-3 VPNs” in the Using VXLAN and EVPN to Build Active-Active Data Centers interview a long long while ago and got this response from one of the readers:

To me, that doesn’t compute. For layer-3 VPNs I couldn’t care less about EVPN, they have their own control planes.

Apart from EVPN, there’s a single standardized scalable control plane for layer-3 VPNs: BGP VPNv4 address family using MPLS labels. Maybe EVPN could be a better solution (opinions differ, see EVPN Technical Deep Dive webinar for more details).

0

Dell PowerScale Restores Order to Unstructured Data

In addition to the new unstructured data storage systems, Dell unveiled intelligent data software...

Read More »

0

COVID-19 fallout: Q1 enterprise data center sales dip, but public cloud grows

This should come as no surprise, but spending on data-center hardware and software dipped in Q1 and cloud sales grew, but neither as much as you would think.Q1 figures from Synergy Research Group show that spending on enterprise software and hardware shrank globally by a modest 2% year on year to $35.8 billion, with the biggest non-cloud players, such as Microsoft, Dell, HPE, Cisco and VMware, down 4%.[Get regularly scheduled insights by signing up for Network World newsletters.] When it comes to public cloud infrastructure, sales rose 3% to $9.66 billion year on year. The top vendors were Chinese ODMs that hyperscalers like: Dell, Microsoft, Inspur and Cisco.To read this article in full, please click here

0

Extreme’s New Normal Looks Like Unlimited Cloud Data, WiFi 6

The networking vendor is set to begin offering unlimited data to its cloud customers for the...

Read More »

0

China Unicom Selects Nokia Core Networking Products for 5G

Deal includes multiple Nokia Software, ION products, including Unified Data Management, User Plane...

Read More »

0

AT&T Continues to Build 5G on the Nation’s Best Wireless Network

AT&T’s 5G network is now live for consumers in 137 additional markets across the country and...

Read More »

0

Wipro Partners With Citrix and Microsoft to Drive Business Continuity for Customers

Wipro Limited, a leading global information technology, consulting, and business process services...

Read More »

0

Great Scott: Spanning Supercomputing And Clouds

System architects that live in the Seattle area who don’t want to uproot their lives and move to California or Texas or New York or maybe possibly Illinois or Oregon or even overseas to Japan or China have a fairly small number of job opportunities. …

Great Scott: Spanning Supercomputing And Clouds was written by Timothy Prickett Morgan at The Next Platform.

0

Daily Roundup: IBM Buys Cloud Security Startup

IBM bought cloud security startup Spanugo; Nokia added Broadcom 5G chips to its ReefShark...

Read More »

0

4 years on air.

Hello my friend,

Traditionally in the beginning of June (5th of June to be accurate), we celebrate the anniversary of our blogging. And in this year it is already 4 years, since we started in 2016!

In terms of the absolute numbers, we have crossed the mark in 100 posted blogs! Hurray! And we were marked as Cisco Champion 2020 one more time! Also Hurray!

Let’s reflect what has happened global as well…

Live automation training

The biggest new introduction is the live online network automation training. Years of real practical experience of implementing and automating network solutions for service provider and data centres across Europe and North America are now available for you. Just join our network automation training in this run or in any next and learn:

• Why to automate?
• How to automate?
• What is the toolkit (YANG, XML, YAML, JSON, Protobuf, NETCONF, RESTCONF, gNMI/gRPC, VS Code, Atom, POSTman, Python, Ansible, Linux, Docker and many others)?
• How do different vendors behave (Cisco, Nokia, Arista, Cumulus)?

GitHub projects

There were multiple mini-series of the blogposts supported by the code at the GitHub:

• Collection of the Python, Ansible and Bash scripts to work with the REST API (GET, POST, Continue reading

0

Measuring the Core

This last week I was a guest on the TechSequences podcast with Leslie and Alexa discussing the centralization of the routed infrastructure in the ‘net. When that episode posts, I’ll cross post it here (but, of course, you should really just subscribe to their podcast, as they always have interesting guests—I’ll have Leslie and Alexa on the Hedge at some point, as well). The topic is related to this post on CircleID about the death of transit, which was a reaction to Geoff Huston’s article on the death of transit some time before.

All that to say… while reading through some research papers this week, I ran into a recent (2018) paper where Carisimo et al. try out different ways of measuring which autonomous systems belong to the “core” of the ‘net. They went about this by taking a set of AS’ “everyone” acknowledges to be “part of the core,” and then trying to find some measurement that successfully describes something all of them have in common.

The result is the k-metric, which measures the connectivity of an AS’ peers. If an AS has peers who are just as connected as they are, then k-metric is high. Otherwise, the k-metric Continue reading

0

GSMA Cancels MWC LA Event Due to COVID-19 Concerns

The trade group was forced to nix this year’s MWC Barcelona event just as the pandemic was...

Read More »

0

Nokia Adds Broadcom ASICs to 5G ReefShark Portfolio

Earlier this year Nokia announced plans to use Intel and Marvell's base station chips in its...

Read More »