Language Selection

English French German Italian Portuguese Spanish

Kata Containers and Running Kubernetes in the Federal Government

Filed under
Red Hat
  • Kata Containers, gVisor offer more secure container strategies

    Kata Containers and Google gVisor present two approaches to addressing container security issues that balance the speed of containers with the safety of VMs.

    Containers are fast, lightweight instances that can benefit a variety of workloads, especially ones that include microservices and serverless applications. Organizations that implement containers on bare-metal hardware introduce security risks because containers can expose the underlying infrastructure, which leaves the entire platform vulnerable to attack.

  • Running Kubernetes in the Federal Government

    Tackling security compliance is a long and challenging process for agencies, systems integrators, and vendors trying to launch new information systems in the federal government. Each new information system must go through the Risk Management Framework (RMF) created by the National Institute of Standards and Technology (NIST) in order to obtain authority to operate (ATO). This process is often long and tedious and can last for over a year. Open Control is a new standard by 18F, an agency bringing lean start-up methods to the U.S. Government, in order to address ATO repeatability. Red Hat has worked with 18F to help create a Kuberenetes implementation based on Open Control to automate much of the ATO process for Kubernetes systems.

Bose and Kubernetes

  • Bose and Kubernetes

    As a way to demonstrate the problem they were trying to solve, O'Mahony spoke to an Amazon "Alexa" device (an Echo Dot) and asked it to play a particular song "on stage". That led the nearby Bose smart speaker to start playing the tune. Since both devices have wireless interfaces, it would seem like making that work would not be all that difficult, he said. But it turns out to be harder than it looks. There is no direct interface between the two devices; it all must be handled in the cloud. So it takes hundreds of miles of cable to bridge the three-foot gap between the two devices on stage.

    The Amazon device does all of its voice processing in the Amazon cloud, which then hands off instructions to the Bose cloud. The speaker is not directly exposed on the internet; it can send out messages, but it is unable to receive random messages from the net. The easiest way to handle that is to have the speaker make a persistent connection to the Bose cloud when it powers up. MQTT was chosen as the protocol; a persistent bidirectional WebSocket connection is made between each speaker and the cloud service.

    The "crux of the problem" is scaling; solutions abound for thousands of connected devices. When he looked around a few years ago for Internet of Things (IoT) products, he couldn't find any that could handle the five-million (or more) connections envisioned for the system. Some managed services would scale to hundreds of thousands of connected devices, but not to millions, he said. That is why Bose engaged with Connected, which was able to help prototype a system that could handle that many connections using Kubernetes.

Migrating the Internet Archive to Kubernetes

  • Migrating the Internet Archive to Kubernetes

    The Internet Archive (IA) has been around for over 20 years now; many will know it for its Wayback Machine, which is an archive of old versions of web pages, but IA is much more than just that. Tracey Jaquith said that she and her IA colleague David Van Duzer would relate a "love/hate, long adventure story—mostly love" about the migration of parts of IA to Kubernetes. It is an ongoing process, but they learned a lot along the way, so they wanted to share some of that with attendees of KubeCon + CloudNativeCon North America 2018.

    Jaquith has been with IA for 18 years; she started when IA did, but left for four years and then came back. Van Duzer is a more recent addition, joining IA about a year and a half ago; he works on the web crawling process that feeds the Wayback Machine. Van Duzer said that IA has been around since the beginning of the web and, over that time, has created a daunting pile of code that he has now started to become comfortable with. At this point, IA is "dipping its toes" into the Kubernetes world; any big change like that is going to need to be sold to colleagues, pain points will need to be worked out, and so on. In order to do that, they needed to answer the question: "what's in it for us?"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

End of LibrePlanet 2019

  • Questioning and Finding Purpose
    This is copied over from my spiritual blog. I'm nervous doing that, especially at a point when I'm more vulnerable than usual in the Debian community. Still, this is who I am, and I want to be proud of that rather than hide it. And Debian and the free software community are about far more than just the programs we write. So hear goes: The Libreplanet opening keynote had me in tears. It was a talk by Dr. Tarek Loubani. He described his work as an emergency physician in Gaza and how 3d printers and open hardware are helping save lives. They didn't have enough stethoscopes; that was one of the critical needs. So, they imported a 3d printer, used that to print another 3d printer, and then began iterative designs of 3d-printable stethoscopes. By the time they were done, they had a device that performed as well or better than than a commercially available model. What was amazing is that the residents of Gaza could print their own; this didn't introduce dependencies on some external organization. Instead, open/free hardware was used to help give people a sense of dignity, control of some part of their lives, and the ability to better save those who depended on them. Even more basic supplies were unavailable. The lack of tourniquets caused the death of some significant fraction of casualties in the 2014 war. The same solution—3d-printed tourniquets had an even more dramatic result. Dr. Loubani talked about how he felt powerless to change the world around him. He talked about how he felt like an insignificant ant.
  • LibrePlanet Day 2: Welcoming everyone to the world of free software
    One of the most important questions that free software is facing in the year 2019 is: how do we make the world of free software accessible to broader audiences? Vast numbers of people are using software every day -- how do we relate our message to something that is important to them, and then welcome them into our community? In order to achieve our mission, we need to invite people and get them to use, create, and proliferate ethical software, until it replaces until all technology is free. Many of the best talks at LibrePlanet 2019 echoed a message for the free software community to focus on building a culture that's respectful and encouraging for new people, respecting a wide variety of personalities and values. The first way to get people invested in the culture of free software is to make it fun, and that was the focus of the morning keynote, "Freedom is fun!", delivered by free software veteran Bdale Garbee. A prominent name in the free software world for decades, Bdale talked about how he has a habit of turning all of his hobbies into free software projects, starting with model rockets.

Python Programming: PyPy 7.1 and More

  • PyPy v7.1 released; now uses utf-8 internally for unicode strings
    The interpreters are based on much the same codebase, thus the double release. This release, coming fast on the heels of 7.0 in February, finally merges the internal refactoring of unicode representation as UTF-8. Removing the conversions from strings to unicode internally lead to a nice speed bump. We merged the utf-8 changes to the py3.5 branch (Python3.5.3) but will concentrate on 3.6 going forward. We also improved the ability to use the buffer protocol with ctype structures and arrays.
  • PyPy 7.1 As The Well Known Alternative Python Implementation
    Last month brought the release of PyPy 7.0 as the JIT-ed performance-optimized Python implementation. PyPy 7.0 brought alpha Python 3.6 support, an updated CFFI module, and other enhancements. Out now is PyPy 7.1 as its successor.
  • Python’s “else” clause for loops
  • EuroPython 2019: Presenting our conference logo for Basel
    The logo is inspired by graphical elements from the Basel Jean Tinguely Museum and Basel Rhine Swimming. It was again created by our designer Jessica Peña Moro from Simétriko, who had already helped us in previous years with the conference design.

15 Useful And Best Media Server Software For Linux

There is no doubt that Linux is multi-purpose operating systems. It has gone far from being the operating systems for system administrators or for the programmers. You can use it for many purpose. In this post, We will talk about some of the best Media server software for Linux so that you can turn your Linux to media server instantly. Read more

Video/Audio: Manjaro 18.0.4 KDE, Linux Action News, Linux Gaming News Punch and GNU World Order

  • Manjaro 18.0.4 KDE Through
    In this video, we look at Manjaro 18.0.4. Enjoy!
  • Linux Action News 98
    Is Linux gaming really being saved by Google's Stadia platform? We discuss the details and possibilities. Plus good news for KDE Connect users, Intel begins work on next-generation open source video drivers, and much more.
  • Linux Gaming News Punch - Episode 5
    The Linux Gaming News Punch - Episode 5 is here once again! Another week, another ton of news and so here's your bite-sized take at a few interesting topics for those struggling to keep up. As usual, it has a video to give your eyes as well as your ears a feast or just the plain audio to listen to on the go.
  • gnuWorldOrder_13x13