Language Selection

English French German Italian Portuguese Spanish

Server

Cloud-Native/Kubernetes/Container/OpenShift

Filed under
Server
OSS
  • 10 Key Attributes of Cloud-Native Applications

    Cloud-native platforms, like Kubernetes, expose a flat network that is overlaid on existing networking topologies and primitives of cloud providers. Similarly, the native storage layer is often abstracted to expose logical volumes that are integrated with containers. Operators can allocate storage quotas and network policies that are accessed by developers and resource administrators. The infrastructure abstraction not only addresses the need for portability across cloud environments, but also lets developers take advantage of emerging patterns to build and deploy applications. Orchestration managers become the deployment target, irrespective of the underlying infrastructure that may be based on physical servers or virtual machines, private clouds or public clouds.

    Kubernetes is an ideal platform for running contemporary workloads designed as cloud-native applications. It’s become the de facto operating system for the cloud, in much the same way Linux is the operating system for the underlying machines. As long as developers follow best practices of designing and developing software as a set of microservices that comprise cloud-native applications, DevOps teams will be able to package and deploy them in Kubernetes. Here are the 10 key attributes of cloud-native applications that developers should keep in mind when designing cloud-native applications.

  • Google Embraces New Kubernetes Application Standard

    Once an organization has a Kubernetes container orchestration cluster running, the next challenge is to get applications running.

    Google is now aiming to make it easier for organizations to deploy Kubernetes applications, through the Google Cloud Platform Marketplace. The new marketplace offerings bring commercial Kubernetes-enabled applications that can be run in the Google cloud, or anywhere else an organization wants.

    All a user needs to do is visit the GCP marketplace and click the Purchase Plan button to get started.

    "Once they agree to the terms, they'll find instructions on how to deploy this application on the Kubernetes cluster of their choice, running in GCP or another cloud, or even on-prem," Anil DhawanProduct Manager, Google Cloud Platform, told ServerWatch. "The applications report metering information to Google for billing purposes so end users can get one single bill for their application usage, regardless of where it is deployed."

  • Challenges and Requirements for Container-Based Applications and Application Services

    Enterprises using container-based applications require a scalable, battle-tested, and robust services fabric to deploy business-critical workloads in production environments. Services such as traffic management (load balancing within a cluster and across clusters/regions), service discovery, monitoring/analytics, and security are a critical component of an application deployment framework. This blog post provides an overview of the challenges and requirements for such application services.

Containers: IBM, Yan Vugenfirer and HPC

Filed under
Server
  • IBM attempts to graft virtual machine security onto container flexibility

    IBM researchers have developed a new flavor of software container in an effort to create code that's more secure than Docker and similar shared kernel container systems.

    Docker and its ilk are considered less secure than VMs because the compromise of a shared kernel puts all associated containers at risk. With VMs, the kernel is separate from the host kernel, which reduces the risk of collateral damage.

  • Using Linux Containers to Manage Embedded Build Environments

    Linux container technology has been proposed by companies like Resin.io as a simpler and more secure way to deploy embedded devices. And, Daynix Computing has developed an open source framework called Rebuild that uses Linux containers in the build management process of embedded IoT development. At the 2017 Open Source Summit, Daynix “virtualization expert” Yan Vugenfirer gave a presentation on Rebuild called “How Linux Containers can Help to Manage Development Environments for IoT and Embedded Systems.”

    Vugenfirer started by reminding the audience of the frustrations of embedded development, especially when working with large, complex projects. “You’re dealing with different toolchains, SDKs, and compilers all with different dependencies,” he said. “It gets more complicated if you need to update packages, or change SDKs, or run a codebase over several devices. The code may compile on your machine, but there may be problems in the build server or in the CI (continuous integration) server.”

  • Building Containers with HPC Container Maker

    Containers package entire workflows, including software, libraries, and even data, into a single file. The container can then be run on any compatible hardware that can run the container type, regardless of the underlying operating system.

    Containers are finding increased utility in the worlds of scientific computing, deep learning, HPC, machine learning, and artificial intelligence, because they are reproducible, portable (mobility of compute), user friendly (admins don’t have to install everything), and simple, and they isolate resources, reduce complexity (reduction in dependencies), and make it easy to distribute the application and dependencies.

    Using containers, you have virtually everything you need in a single file, including a base operating system (OS), the application or workflow (multiple applications), and all of the dependencies. Sometimes the data is also included in the container, although it is not strictly necessary because you can mount filesystems with the data from the container.

Kubernetes News

Filed under
Server
OSS
  • When Does Kubernetes Become Invisible And Ubiquitous?

    The sign of a mature technology is not just how pervasive it is, but in how invisible and easy to use it is. No one thinks about wall sockets any more – unless you happen to need one to charge your phone and can’t find one – and that is but one example of a slew of technologies that are part of every day life.

    Since Google first open sourced the Kubernetes container controller, inspired by its Borg and Omega internal cluster and container management systems, more than four years ago, we have been betting that it would become the dominant way of managing containers on clouds both public and private. The irony is that the people in charge of Google’s infrastructure were not initially all that enthusiastic in giving away such intellectual property, but the Kubernetes and open source enthusiasts correctly predicted that Google would get tremendous cred with the open source community and help create a Google-alike containerized private cloud environment and also possibly spread Google’s approach to rival clouds as well as helping its own Cloud Platform expansion by giving Kubernetes to the world.

  • Crictl Vs Podman

    As people continue to adopt CRI-O as a new container runtime for Kubernetes I am hearing questions from administrators who are confused whether they should use Crictl or Podman to diagnose and understand what is going on in a Kubernetes node. This is not one or the other — these tools are complementary, and this article attempts to explain the tools and examine when it is best to use each of these tools. If you take away one thing from this post, remember that Crictl checks the front entrance, while Podman examines the foundation.

    First things first. For those people who aren’t familiar with it, CRI-O is a lightweight, Open Container Initiative (OCI) compliant, container runtime for Kubernetes. It is designed to run any OCI-based container, it is optimized for Kubernetes and committed to being stable and conformant with the Kubernetes container runtime interface with each Kubernetes release. CRI-O is also now fully supported in OpenShift, Red Hat’s enterprise Kubernetes container platform. For more information on CRI-O check out the CRI-O community web site and blog.

  • BlueData Announces BlueK8s Open Source Kubernetes Initiative

    Kubernetes (aka K8s) is now the de facto standard for container orchestration. Kubernetes adoption is accelerating for stateless applications and microservices, and the community is beginning to evolve and mature the capabilities required for stateful applications. But large-scale distributed stateful applications – including analytics, data science, machine learning (ML), and deep learning (DL) applications for AI and Big Data use cases – are still complex and challenging to deploy with Kubernetes.

RPM And Yum Are A Big Deal For IBM i. Here’s Why

Filed under
Red Hat
Server

By now you’ve probably heard about Yum and RPM, the new processes that IBM will use to deliver open source software to IBM i customers. But you may have questions about how the process works, and what the benefits will be. IT Jungle talked with IBM’s open source guru Jesse Gorzinski to get the low down on why the new tech is so important to the platform.

RPM, which stands for Red Hat Package Manager, is a piece of software created more than 20 years that allows customers in that Linux community to more easily distribute and install the various pieces of software required to create a working Linux environment. Over the years, RPM use has migrated beyond the Red Hat community to other Linux and Unix environments (including AIX), and has essentially become a de facto standard for distributing software in the open source world.

Read more

Also: Red Hat Announces Ansible Engine 2.6 with Simplified Connections to Network APIs and Automation across Windows & Cloud

Red Hat Looks Beyond Docker for Container Technology

Filed under
Server
Security

While Docker Inc and its eponymous container engine helped to create the modern container approach, Red Hat has multiple efforts of its own that it is now actively developing.

The core component for containers is the runtime engine, which for Docker is the Docker Engine which is now based on the Docker-led containerd project that is hosted at the Cloud Native Computing Foundation (CNCF). Red Hat has built its own container engine called CRI-O, which hit its 1.0 release back in October 2017.

For building images, Red Hat has a project called Buildah, which reached its 1.0 milestone on June 6.

Read more

Containers: The Update Framework (TUF), Nabla, and Kubernetes 1.11 Release

Filed under
Server
Security
  • How The Update Framework Improves Software Distribution Security

    In recent years that there been multiple cyber-attacks that compromised a software developer's network to enable the delivery of malware inside of software updates. That's a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project, has been working hard to help solve.

    Cappos, an assistant professor at New York University (NYU), started TUF nearly a decade ago. TUF is now implemented by multiple software projects, including the Docker Notary project for secure container application updates and has implementations that are being purpose-built to help secure automotive software as well.

  • IBM's new Nabla containers are designed for security first

    Companies love containers because they enable them to run more jobs on servers. But businesses also hate containers, because they fear they're less secure than virtual machines (VM)s. IBM thinks it has an answer to that: Nabla containers, which are more secure by design than rival container concepts.

    James Bottomley, an IBM Research distinguished engineer and top Linux kernel developer, first outlines that there are two kind of fundamental kinds of container and virtual machine (VM) security problems. These are described as Vertical Attack Profile (VAP) and Horizontal Attack Profile (HAP).

  • [Podcast] PodCTL #42 – Kubernetes 1.11 Released

    Like clockwork, the Kubernetes community continues to release quarterly updates to the rapidly expanding project. With the 1.11 release, we see a number of new capabilities being added across a number of different domains – infrastructure services, scheduling services, routing services, storage services, and broader CRD versioning capabilities that will improve the ability to not only deploy Operators for the platform and applications. Links for all these new features, as well as in-depth blog posts from Red Hat and the Kubernetes community are included in the show notes.

    As always, it’s important to remember that not every new feature being released is considered “General Availability”, so be sure to check the detailed release notes before considering the use of any feature in a production or high-availability environment.

Containers or virtual machines: ​Which is more secure? The answer will surprise you

Filed under
Server
Security

Are virtual machines (VM) more secure than containers? You may think you know the answer, but IBM Research has found containers can be as secure, or more secure, than VMs.

James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, writes: "One of the biggest problems with the current debate about Container vs Hypervisor security is that no-one has actually developed a way of measuring security, so the debate is all in qualitative terms (hypervisors 'feel' more secure than containers because of the interface breadth) but no-one actually has done a quantitative comparison." To meet this need, Bottomley created Horizontal Attack Profile (HAP), designed to describe system security in a way that it can be objectively measured. Bottomley has discovered that "a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor."

Read more

'Cloud-Native'

Filed under
Linux
Server
  • What are cloud-native applications?

    As cloud computing was starting to hit its stride six or seven years ago, one of the important questions people were struggling with was: "What do my apps have to look like if I want to run them in a public, private, or hybrid cloud?"

    There were a number of takes at answering this question at the time.

    One popular metaphor came from a presentation by Bill Baker, then at Microsoft. He contrasted traditional application "pets" with cloud apps "cattle." In the first case, you name your pets and nurse them back to health if they get sick. In the latter case, you give them numbers and, if something happens to one of them, you eat hamburger and get a new one.

  • KubeCon + CloudNativeCon, Copenhagen

    I attended KubeCon + CloudNativeCon 2018, Europe that took place from 2nd to 4th of May. It was held in Copenhagen, Denmark. I know it’s quite late since I attended it, but still I wanted to share my motivating experiences at the conference, so here it is!

    I got scholarship from the Linux Foundation which gave me a wonderful opportunity to attend this conference. This was my first developer conference aboard and I was super-excited to attend it. I got the chance to learn more about containers, straight from the best people out there.

How the Kubernetes Release Process is Different Than Other Open Source Projects

Filed under
Server
OSS

The Kubernetes 1.11 release became generally available on June 27, providing users of the container orchestration with multiple new features and continued performance improvements.

While Kubernetes releases were originally all led by Google staffers, that has changed in the last two years, with a rigous release management Special Interest Group (SIG) that has mandated that there be a new leader for each release. For the 1.11 release, the role of release lead was held by Red Hat's Josh Berkus, who is well known in the open-source community for his work helping to lead PostgreSQL database releases.

Read more

PostgreSQL 11 Beta 2 Released

Filed under
Server
OSS
  • PostgreSQL 11 Beta 2 Released!

    The PostgreSQL Global Development Group announces that the second beta release of PostgreSQL 11 is now available for download. This release contains previews of all features that will be available in the final release of PostgreSQL 11 (though some details of the release could change before then) as well as bug fixes that were reported during the first beta.

    In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 11 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise for you to run PostgreSQL 11 Beta 2 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release.

  • PostgreSQL 11 Beta 2 Released With VACUUM & XML Fixes

    One month has passed since PostgreSQL 11 Beta 1 while today the second beta has succeeded it.

    PostgreSQL 11 is prepping many new features including various performance improvements, better partitioning, parallelism enhancements, SQL stored procedure handling, initial JIT compilation for some code using LLVM, various performance optimizations, and much more.

Syndicate content

More in Tux Machines

KDE Applications 18.08 Software Suite Enters Beta, Adds Apple Wallet Pass Reader

With KDE Applications 18.04 reached end of life with the third and last point release, the KDE Project started working earlier this month on the next release of their open-source software suite, KDE Applications 18.08. KDE Applications is an open-source software suite designed as part of the KDE ecosystem, but can also be used independently on any Linux-based operating system. To fully enjoy the KDE Plasma desktop environment, users will also need to install various of the apps that are distributed as part of the KDE Applications initiative. KDE Applications 18.08 is the next major version of the open-source software suite slated for release on August 16, 2018. As of yesterday, July 20, the KDE Applications 18.08 software suite entered beta testing as version 18.07.80, introducing two new libraries, KPkPass and KItinerary. Read more

NetBSD 8.0 Released

  • Announcing NetBSD 8.0
    The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.
  • NetBSD 8.0 Officially Released With USB3 Support, Security Improvements & UEFI
    While it's been on mirrors for a few days, NetBSD 8.0 was officially released this weekend. NetBSD 8.0 represents this BSD operating system project's 16th major release and introduces USB 3.0 support, an in-kernel audio mixer, a new socket layer, Meltdown/Spectre mitigation, eager FPU support, SMAP support, UEFI boot-loader support for x86/x86_64 hardware, and a variety of long sought after improvements -- many of which are improving the security of NetBSD.
  • NetBSD 8.0 Released with Spectre V2/V4, Meltdown, and Lazy FPU Mitigations
    The NetBSD open-source operating system has been updated this week to version 8.0, a major release that finally brings mitigations for all the Spectre variants, Meltdown, and Lazy FPU security vulnerabilities, as well as many stability improvements and bug fixes. Coming seven months after the first and last point release of the NetBSD 7 series, NetBSD 8.0 is here with mitigations for both the Spectre Variant 2 (CVE-2017-5715) and Spectre Variant 4 (CVE-2018-3639) security vulnerabilities, as well as for the Meltdown (CVE-2017-5754) and Lazy FPU State Save/Restore (CVE-2018-3665) vulnerabilities.

Neptune 5.4

We are proud to announce version 5.4 of Neptune . This update represents the current state of Neptune 5 and renews the ISO file so if you install Neptune you don't have to download tons of Updates. In this update we introduce a new look and feel package called Neptune Dark. This comes together with an modified icon theme optimized for dark themes called Faenza Dark. We improved hardware support further by providing Linux Kernel 4.16.16 with improved drivers and bugfixes. Read more

Plasma 5.14 Wallpaper “Cluster”

The time for a new Plasma wallpaper is here, so for 5.14 I’m excited to offer up “Cluster”. But first, please allow me to gush for a moment. In tandem with Inkscape, this is the first wallpaper for KDE produced using the ever excellent Krita. For graphic design my computer has a bit of beef to it, but when I work with Inkscape or GIMP things always chug just a bit more than I feel they should. Whenever I’ve had the distinct pleasure of opening Krita, even on my lesser powered laptop, it’s always been productive, rewarding, and performant. I’m looking forward to using Krita more in future wallpapers. *claps for Krita* Read more