Language Selection

English French German Italian Portuguese Spanish

Cilium 1.0.0-rc4 Released: Transparently Secure Container Network Connectivity Utilising Linux BPF

Filed under

Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. Cilium 1.0.0-rc4 has recently been released, which includes: the Cloud Native Computing Foundation (CNCF)-hosted Envoy configured as the default HTTP/gRPC proxy; the addition of a simple health overview for connectivity and other errors; and an improved scalable kvstore interaction layer.

Microservices applications tend to be highly dynamic, and this presents both a challenge and an opportunity in terms of securing connectivity between microservices. Modern approaches to overcoming this issue have coalesced around the CNCF-hosted Container Network Interface (CNI) and the increasingly popular "service mesh" technologies, such as Istio and Conduit. According to the Cilium documentation, traditional Linux network security approaches (such as iptables) filter on IP address and TCP/UDP ports. However, the highly volatile life cycle of containers and IP addresses cause these approaches to struggle to scale alongside the application as the large number of load balancing tables and access control lists must be updated continually.

Read more

More in Tux Machines

ZTE launches container networking solution for open source NFV

ZTE has unveiled an end-to-end container networking solution for open-source NFV, which it hopes will promote the development of cloud native technology and the open source ecosystem. The vendor says operators need the ability to quickly adapt to changing network demands with low cost solutions while maintaining continuous innovation. As such, it believes that containers are the best carrier for NFV transformation. ZTE says that container-based cloud native applications will become the trend for communications technology applications. However, the native Kubernetes network model used in the IT industry is too simple to meet telco service requirements. Read more

LuxMark OpenCL Performance On Windows vs. Linux With Radeon/NVIDIA

When carrying out this week's Windows vs. Linux gaming tests with AMD Radeon and NVIDIA GeForce GPUs on the latest drivers, I also took the opportunity to run some fresh OpenCL benchmarks on Windows and Linux with the competing GPU vendors. I was particularly interested in running this test given the maturing state of ROCm on Linux for providing a new and modern compute stack... That coming with Linux 4.17+ will even begin to work from a mainline Linux kernel. Albeit for this round of testing was using AMD/GPUOpen's stock ROCm Ubuntu packages for 16.04 LTS as outlined on their GitHub page. Read more

Top Linux tools for writers

If you've read my article about how I switched to Linux, then you know that I’m a superuser. I also stated that I’m not an “expert” on anything. That’s still fair to say. But I have learned many helpful things over the last several years, and I'd like to pass these tips along to other new Linux users. Read more

i.MX6 ULL module runs Linux with real-time patch

Artila’s “M-X6ULL” COM runs Linux 4.14 with the PREEMPT_RT patch on an 800MHz i.MX6 ULL, and offers dual LAN controllers, 4GB eMMC or an optional microSD slot, and an optional carrier board. The M-X6ULL, which follows other Artila i.MX based modules such as the i.MX537 based M-5360A, measures only 68 x 43mm. Still, that’s hardly a record for modules featuring NXP’s Linux-driven, power-sipping i.MX6 ULL. MYIR’s MYC-Y6ULX measures 39 x 37mm. Read more