Language Selection

English French German Italian Portuguese Spanish

Kata Containers and Running Kubernetes in the Federal Government

Filed under
Red Hat
Server
OSS
  • Kata Containers, gVisor offer more secure container strategies

    Kata Containers and Google gVisor present two approaches to addressing container security issues that balance the speed of containers with the safety of VMs.

    Containers are fast, lightweight instances that can benefit a variety of workloads, especially ones that include microservices and serverless applications. Organizations that implement containers on bare-metal hardware introduce security risks because containers can expose the underlying infrastructure, which leaves the entire platform vulnerable to attack.

  • Running Kubernetes in the Federal Government

    Tackling security compliance is a long and challenging process for agencies, systems integrators, and vendors trying to launch new information systems in the federal government. Each new information system must go through the Risk Management Framework (RMF) created by the National Institute of Standards and Technology (NIST) in order to obtain authority to operate (ATO). This process is often long and tedious and can last for over a year. Open Control is a new standard by 18F, an agency bringing lean start-up methods to the U.S. Government, in order to address ATO repeatability. Red Hat has worked with 18F to help create a Kuberenetes implementation based on Open Control to automate much of the ATO process for Kubernetes systems.

Bose and Kubernetes

  • Bose and Kubernetes

    As a way to demonstrate the problem they were trying to solve, O'Mahony spoke to an Amazon "Alexa" device (an Echo Dot) and asked it to play a particular song "on stage". That led the nearby Bose smart speaker to start playing the tune. Since both devices have wireless interfaces, it would seem like making that work would not be all that difficult, he said. But it turns out to be harder than it looks. There is no direct interface between the two devices; it all must be handled in the cloud. So it takes hundreds of miles of cable to bridge the three-foot gap between the two devices on stage.

    The Amazon device does all of its voice processing in the Amazon cloud, which then hands off instructions to the Bose cloud. The speaker is not directly exposed on the internet; it can send out messages, but it is unable to receive random messages from the net. The easiest way to handle that is to have the speaker make a persistent connection to the Bose cloud when it powers up. MQTT was chosen as the protocol; a persistent bidirectional WebSocket connection is made between each speaker and the cloud service.

    The "crux of the problem" is scaling; solutions abound for thousands of connected devices. When he looked around a few years ago for Internet of Things (IoT) products, he couldn't find any that could handle the five-million (or more) connections envisioned for the system. Some managed services would scale to hundreds of thousands of connected devices, but not to millions, he said. That is why Bose engaged with Connected, which was able to help prototype a system that could handle that many connections using Kubernetes.

Migrating the Internet Archive to Kubernetes

  • Migrating the Internet Archive to Kubernetes

    The Internet Archive (IA) has been around for over 20 years now; many will know it for its Wayback Machine, which is an archive of old versions of web pages, but IA is much more than just that. Tracey Jaquith said that she and her IA colleague David Van Duzer would relate a "love/hate, long adventure story—mostly love" about the migration of parts of IA to Kubernetes. It is an ongoing process, but they learned a lot along the way, so they wanted to share some of that with attendees of KubeCon + CloudNativeCon North America 2018.

    Jaquith has been with IA for 18 years; she started when IA did, but left for four years and then came back. Van Duzer is a more recent addition, joining IA about a year and a half ago; he works on the web crawling process that feeds the Wayback Machine. Van Duzer said that IA has been around since the beginning of the web and, over that time, has created a daunting pile of code that he has now started to become comfortable with. At this point, IA is "dipping its toes" into the Kubernetes world; any big change like that is going to need to be sold to colleagues, pain points will need to be worked out, and so on. In order to do that, they needed to answer the question: "what's in it for us?"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Games: Zombie Panic! Source, Dicey Dungeon, NVIDIA RTX, Steam Play, Battle Motion, Ravva and the Cyclops Curse, Feudal Alloy

  • The Beta of Zombie Panic! Source was updated recently, should work better on Linux
    Zombie Panic! Source is currently going through an overhaul, as part of this it's coming to Linux with a version now in beta and the latest update should make it a better experience. [...] I personally haven't been able to make any of the events yet, so I have no real thoughts on the game. Once it's out of beta and all servers are updated, I will be taking a proper look as it looks fun. No idea when this version will leave beta, might be a while yet.
  • Dicey Dungeons, the new unique roguelike from Terry Cavanagh and co introduces quests
    We have a lot of roguelikes available on Linux (seriously, we do) yet Dicey Dungeons from Terry Cavanagh, Marlowe Dobbe, and Chipzel still remains fresh due to the rather unique game mechanics. I still can't get over how fun the dice mechanic is, as you slot dice into cards to perform actions. It's different, clever and works really well.
  • Quake 2 now has real-time path tracing with Vulkan
    If you have one of the more recent NVIDIA RTX graphics cards, here's an interesting project for you to try. Q2VKPT from developer Christoph Schied implements some really quite advanced techniques.
  • Steam Play versus Linux Version, a little performance comparison and more thoughts
    Now that Steam has the ability officially to override a Linux game and run it through Steam Play instead, let's take a quick look at some differences in performance. Before I begin, let's make something clear. I absolutely value the effort developers put into Linux games, I do think cross-platform development is incredibly important so we don't end up with more lock-in. However, let's be realistic for a moment. Technology moves on and it's not financially worth it to keep updating old games, they just don't sell as well as newer games (with exceptions of course). As the years go on, there will be more ways to run older games better and better, of that I've no doubt.
  • Battle Motion, a really silly massive fantasy battle game will have Linux support
    Sometimes when looking around for new games I come across something that really catches my eye, Battle Motion is one such game as it looks completely silly.
  • Ravva and the Cyclops Curse looks like a rather nice NES-inspired platformer
    Another lovely looking retro-inspired platformer! Ravva and the Cyclops Curse from developer Galope just released this week with Linux support.
  • Become a fish inside a robot in Feudal Alloy, out now with Linux support
    We've seen plenty of robots and we've seen a fair amount of fish, but have you seen a fish controlling a robot with a sword? Say hello to Feudal Alloy.

Addressing Icons Themes (Again)

I wrote some time ago on how platforms have a responsibility to respect the identity of applications, but now there’s some rumblings that Ubuntu’s community-built Yaru icon set (which is a derivative of the Suru icon set I maintain) intends to ignore this and infringe upon applications’ brands by modifying their icons... [...] For instance, the entire point of the GNOME icon refresh initiative is to address visual mismatches between third-party app icons and GNOME icons and we been have reaching out to developers to see about updating their icons to new design—this is the appropriate approach for a platform visual overhaul, by the way—which could always use more help on. Now I don’t see this ever happening, but I have hopes that someday Ubuntu will fully embrace GNOME and promote it as its desktop solution—especially given the desktop is out of the scope of the Ubuntu business these days. Read more

Wine 4.0 RC7

  • Wine Announcement
    The Wine development release 4.0-rc7 is now available.The Wine development release 4.0-rc7 is now available.
  • Juicy like the good stuff, Wine 4.0 RC7 is out with a delightful aroma
    No need to worry about a sour aftertaste here, we're of course talking about the wonderful software and not the tasty liquid. As usual, they're in bug-fix mode while they attempt to make the best version of Wine they can and so no super huge features made it in.
  • Wine 4.0-RC7 Released With Fixes For Video Player Crashes, Game Performance Issues
    Wine 4.0 should be officially out soon, but this weekend the latest test release of it is Release Candidate 7 that brings more than one dozen fixes. Wine 4.0 remains in a feature freeze until its release, which will likely be within the next two weeks or so. Since last Friday's Wine 4.0-RC6, the RC7 release has 13 known bug fixes. Catching our interest are some game performance regressions being resolved, including for Hot Pursuit, Project CARS, Gas Guzzlers, and others. There are also video player crash fixes when opening audio or video files.

Wikipedia cofounder: How and why I transitioned to Linux—how you can, too

My first introduction to the command line was in the 80s when I first started learning about computers and, like many geeky kids of the time, wrote my first BASIC computer programs. But it wasn’t until my job starting Nupedia (and then Wikipedia) that I spent much time on the Bash command line. (Let me explain. “Bash” means “Bourne-again shell,” a rewrite of the class Unix shell “sh.” A “shell” is a program for interacting with the computer by processing terse commands to do basic stuff like find and manipulate files; a terminal, or terminal emulator, is a program that runs a shell. The terminal is what shows you that command line, where you type your commands like “move this file there” and “download that file from this web address” and “inject this virus into that database”. The default terminal used by Linux Ubuntu, for example, is called Gnome Terminal–which runs Bash, the standard Linux shell.) Even then (and in the following years when I got into programming again), I didn’t learn much beyond things like cd (switch directory) and ls (list directory contents). It was then, around 2002, that I first decided to install Linux. Back then, maybe the biggest “distro” (flavor of Linux) was Red Hat Linux, so that’s what I installed. I remember making a partition (dividing the hard disk into parts, basically) and dual-booting (installing and making it possible to use both) Linux and Windows. It was OK, but it was also rather clunky and much rougher and much less user-friendly than the Windows of the day. So I didn’t use it much. Read more