Kustomize Transformer Configurations for Cluster API v1alpha3

A few days ago I wrote an article on configuring kustomize transformers for use with Cluster API (CAPI), in which I explored how users could configure the kustomize transformers—the parts of kustomize that actually modify objects—to be a bit more CAPI-aware. By doing so, using kustomize with CAPI manifests becomes much easier. Since that post, the CAPI team released v1alpha3. In working with v1alpha3, I realized my kustomize transformer configurations were incorrect. In this post, I will share CAPI v1alpha3 configurations for kustomize transformers.

In the previous post, I referenced changes to both namereference.yaml (to configure the nameReference transformer) and commonlabels.yaml (to configure the commonLabels transformer). CAPI v1alpha3 has changed the default way labels are used with MachineDeployments, so for v1alpha3 you may be able to get away with only changes to namereference.yaml. (If you know you are going to want/need additional labels on your MachineDeployment, then plan on changes to commonlabels.yaml as well.)

Here are the CAPI v1alpha3 changes needed to namereference.yaml:

- kind: Cluster
  group: cluster.x-k8s.io
  version: v1alpha3
  fieldSpecs:
  - path: spec/clusterName
    kind: MachineDeployment
  - path: spec/template/spec/clusterName
    kind: MachineDeployment

- kind: AWSCluster
  group: infrastructure.cluster.x-k8s.io
   Continue reading

Google Cloud Next Now Postponed Due to COVID-19

How to Efficiently Detect Domain Generation Algorithms (DGA) in Kubernetes with Calico Enterprise

Introduction

2020 is predicted to be an exciting year with more organizations adopting Kubernetes than ever before. As critical workloads with sensitive data migrate to the cloud, we can expect to encounter various Advanced Persistent Threats (APT) targeting that environment.

Domain Generation Algorithm (DGA) – What is It?

DGA is a technique that fuels malware attacks. DGA by itself can’t harm you. But it’s a proven technique that enables modern malware to evade security products and counter-measures. Attackers use DGA so they can quickly switch the command-and-control (also called C2 or C&C) servers that they’re using for malware attacks. Security software vendors act quickly to block and take down malicious domains hard-coded in malware. So, attackers used DGA specifically to counter these actions. Now DGA has become one of the top phone-home mechanisms for malware authors to reach C2 servers. This poses a significant threat to cloud security.

Mitre defines DGA as “The use of algorithms in malware to periodically generate a large number of domain names which function as rendezvous points for malware command and control servers”. Let’s examine this definition more closely. DGA at its core generates domains by concatenating pseudo-random strings and a TLD (e.g. .com, . Continue reading

Daily Roundup: Remote Workers Strain Services

Using Ansible Automation Platform, GitLab CE and Webhooks to Deploy IIS Website

Inside Red Hat Ansible Automation Platform, the Ansible Tower REST API is the key mechanism that helps enable automation to be integrated into processes or tools that exist in an environment. With Ansible Tower 3.6 we have brought direct integration with webhooks from GitHub and GitLab, including the enterprise on-premises versions. This means that changes in source control can trigger automation to apply changes to infrastructure configuration, deploy new services, reconfigure existing applications, and more. In this blog, I’ll run through a simple scenario and apply the new integrated webhook feature.

Environment

My environment consists of Ansible Tower (one component of Red Hat Ansible Automation Platform), GitLab CE with a project already created, and a code server running an IDE with the same git repository cloned. A single inventory exists on Ansible Tower with just one host, an instance of Windows 2019 Server running on a certified cloud. For this example, I’m going to deploy IIS on top of this Windows server and make some modifications to the html file that I’d like to serve from this site. 

My playbook to deploy IIS is very simple:

 ---
- name: Configure IIS
  hosts: windows

  tasks:
  - name: Install  Continue reading

A new era for Cumulus in the Cloud

When we launched Cumulus in the Cloud (CitC) over two years ago, we saw it as a way for our customer base to test out Cumulus Linux in a safe sandboxed environment. Looking back, September 2017 feels like an eternity ago.

Since then, CitC has become a place where we’ve been able to roll out new functionality and solutions to customers and Cumulus-curious alike — and we’ve done some really interesting things (some of our favs include integrating it with an Openstack demo and Mesos demo). It’s pretty much become a Cumulus technology playground.

As our CitC offering has evolved, we’ve also taken stock of the requirements from our customers and realized the direction we want to take CitC. So where is it heading? We’re excited to share that with the launch of our production-ready automation solution last week, CitC will have a new user experience and user interface.

Out with the old:

In with the new:

This redesigned UI comes with some really great enhancements:

• Auto-deployed production ready demos

• Customized external connectivity to oob-mgmt-server to run user customized applications

• Default lifetime increased to 12 hours

• NetQ native integration within the demo

• Ability to store and wake up Continue reading

Coronavirus: What companies are ready for our new reality?

One class of companies is already equipped to work in a fully distributed employee model. Another going to have a difficult time adapting to most employees having to work from home. Some won’t survive if this lasts more than a few weeks.

Infinera Pushes 800G Further in Latest Trial

Cisco, Hitachi Vantara Slicing Hundreds of Silicon Valley Jobs

Liqid Composes Inspur OCP Racks, Western Digital Storage

BiB089 Why Coronavirus Pandemic Could Ignite Cloud Repatriation

BiB089 Why Coronavirus Pandemic Could Ignite Cloud Repatriation

Could COVID19 lead to walk back from public cloud ? A discussion with Mike Dvorkin.

The post BiB089 Why Coronavirus Pandemic Could Ignite Cloud Repatriation appeared first on Packet Pushers.

Post: Fauna, Sisu, Educative, PA File Sight, Etleap, Triplebyte, Stream

Who's Hiring? 

• Sisu Data is looking for machine learning engineers who are eager to deliver their features end-to-end, from Jupyter notebook to production, and provide actionable insights to businesses based on their first-party, streaming, and structured relational data. Apply here.


• Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.


• Need excellent people? Advertise your job here! 

Cool Products and Services

• Level up on in-demand technologies and prep for your interviews on Educative.io, featuring popular courses like the bestselling Grokking the System Design Interview. For the first time ever, you can now sign up for a subscription to get unlimited access to every course on the platform at a discounted price through the holiday period only. You'll also get to lock in this price as long as you're a subsciber. 


• Stateful JavaScript Apps. Effortlessly add state to your Javascript apps with FaunaDB. Generous free tier. Try now!


• PA File Sight - Actively protect servers from ransomware, audit file access to see who is deleting files, reading files or moving files, Continue reading

Beyond Kube-Proxy: Project Calico Harnesses eBPF for a Faster Data Plane

Thanks to the power of the newly-introduced Calico network management software with a new data plane mode, one that can speed pod-to-pod data communication and eliminate the dependency on Kubernetes’ kube-proxy for traffic management. Tigera had started releasing work with eBPF almost a year ago, but this is the first release of Calico that fully harnesses the power of the new Linux kernel technology, Tigera co-founder and chief technology officer, said. “We wanted to derive what we were doing from fundamentals, to be confident we were building the right thing for users,” said scale Continue reading

Telnyx api/sms saves my plants! Every single time.

When its a holiday, I do some house-hold farming, mostly into Hydroponics which is based on water and associated nutrients and does not require soil as a medium.

Let me show an example.

As you can see, Plant drinks up water, and the one which you are seeing is lemon plant from its seed stage, Monitoring water level is extremely important and for me there are many more in home so cant be keeping track of everything.

So sensor gets the data, Raspberry Pi talks to AWS IOT securely since Microcontrollers are still a pain to handle SSL and Rpi makes it easy and after processing MQTT message AWS IOT will process based on the Rules, in our case if the treshold is below 500 then plant is drying up.

Why Not Inbuilt SES/SMS with AWS ?

SES works great but I check my emails only once in two days and there is no way to alert based on the email, SMS I wanted to used multiple number pool (thinking to expand) and Cost with Telnyx is Really Amazing to do any Communication services

I have tried other vendors and results are not great either my carrier has some integration problems Continue reading

Working from Home: Keeping It Secure and Private

With the global efforts to curb the spread of COVID-19 coronavirus underway, we’re seeing an unprecedented disruption of day-to-day operations across virtually all work sectors.

Coronavirus coverage is dominating headlines as more country borders, schools, major events and public venues are shut down in hopes of flattening the infection curve. Likewise, companies around the world are making tough calls to prioritize employee safety with business continuity in mind.

But thanks to the Internet, many workplaces are rapidly adapting operations to do their part and accommodate for what may soon become a new normal: remote working.

There are no shortage of web-based applications and services that allow us to continue core functions like meetings and collaboration that we’d do in an office-based setting. And not just the proverbial meeting that could have been an email.

But how do we ensure confidentiality when working remotely? There are some simple ways businesses and employees can ensure they are protecting themselves and their workplaces from malicious actors.

The answer is simple: encryption.

Encryption is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state.

It allows all our online Continue reading

On the shoulders of giants: recent changes in Internet traffic

As the COVID-19 emergency continues and an increasing number of cities and countries are establishing quarantines or cordons sanitaire, the Internet has become, for many, the primary method to keep in touch with their friends and families. And it's a vital motor of the global economy as many companies have employees who are now working from home.

Traffic towards video conferencing, streaming services and news, e-commerce websites has surged. We've seen growth in traffic from residential broadband networks, and a slowing of traffic from businesses and universities.

The Cloudflare team is fully operational and the Network Operating Center (NOC) is watching the changing traffic patterns in the more than 200 cities in which we operate hardware.

Big changes in Internet traffic aren't unusual. They often occur around large sporting events like the Olympics or World Cup, cultural events like the Eurovision Song Contest and even during Ramadan at the breaking of the fast each day.

The Internet was built to cope with an ever changing environment. In fact, it was literally created, tested, debugged and designed to deal with changing load patterns.

Over the last few weeks, the Cloudflare Network team has noticed some new patterns and we wanted to Continue reading

First Docker GitHub Action is here!

We are happy to announce that today Docker has released its first Github Action! We’ve been working with GitHub, looking into how developers have been using GitHub Actions with Docker to set up their CI/CD workflows. The standard flows you’ll see if you look around are what you’d expect: building an image, tagging it, logging into Hub, and pushing the image. This is the workflow we’ve aimed to support with our Docker build-push action.

Simplify CI/CD workflows

At Docker traditionally much of our CI/CD workflows has been handled through Jenkins using a variety of products to set up and maintain it. For some things this is the best solution like when we are testing Docker Desktop on a whole variety of different hosts and configurations. For others it’s a bit overkill. Like many, we at Docker have been looking at how we can leverage GitHub Actions to simplify our workflows, including how we use Docker itself.

GitHub Actions already leverages Docker in a lot of its workflows. From having Docker pre-installed and configured on the cloud runners to having first class support for containerized actions allows developers to easily use the same Docker workflows they use locally to configure Continue reading

Cisco Meraki vMX 100 deployment in Azure

Generalities There are many ways to connect your “on Premises” Data Center workloads with Microsoft Azure. I own the full meraki suite at home and have enjoyed it for the past three years. It provides all the features I need. I also have some workloads in Microsoft Azure and wanted to access them using a private and encrypted network instead of accessing them using their public IP. Meraki have the possibility to deploy a vMX 100 in Microsoft Azure. You can deploy a vMX100 either in Azure or in AWS and it will be part of your full mesh VPN as any other MX device that you own. It can support up to 500 Mbps of VPN throughput which can [Read More...]

The post Cisco Meraki vMX 100 deployment in Azure appeared first on VPackets.net.

Automation Story: Tools

As the last part of his network automation journey, Anne Baretta described the automation tools he used.

Notes

• We covered numerous automation tools (including the ones Anne used) in our Building Network Automation Solutions online course;
• For an overview of automation tools, watch the Network Automation Tools webinar.