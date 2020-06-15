Servers Leftovers: Toolforge, Kubernetes, OVHcloud and Red Hat
A better Toolforge: a technical deep dive
In the previous post, we shared the context on the recent Kubernetes upgrade that we introduced in the Toolforge service. Today we would like to dive a bit more in the technical details.
With the Ingress controller, we want to ensure that Ingress objects only handle traffic to our internal domains, which by the time of this writing, are toolforge.org (our new domain) and tools.wmflabs.org (legacy). We safe-list the kube-system namespace and the tool-fourohfour namespace because both need special consideration. More on the Ingress setup later.
The registry controller is pretty simple as well. It ensures that only our internal docker registry is used for user-scheduled containers running in Kubernetes. Again, we exclude from the checks containers running in the kube-system namespace (those used by Kubernetes itself). Other than that, the validation itself is pretty easy. For some extra containers we run (like those related to Prometheus metrics) what we do is simply upload those docker images to our internal registry. The controls provided by this admission controller helps us validate that only FLOSS software is run in our environment, which is one of the core rules of Toolforge.
A Better Docs UX With Docsy
I'm pleased to announce that the Kubernetes website now features the Docsy Hugo theme.
The Docsy theme improves the site's organization and navigability, and opens a path to improved API references. After over 4 years with few meaningful UX improvements, Docsy implements some best practices for technical content. The theme makes the Kubernetes site easier to read and makes individual pages easier to navigate. It gives the site a much-needed facelift.
For example: adding a right-hand rail for navigating topics on the page. No more scrolling up to navigate!
OVHcloud drives flash storage strategy with LXD
OVHcloud offers a wide range of cloud-based services, and two of them – Public Cloud Block Storage, and Cloud Disk Array – rely on Ceph. About a year and a half ago, the company set its sights on creating a next-generation Ceph solution with all flash storage. However, this kind of solution would require newer versions of Ceph – versions that OVHcloud’s existing software environment could not support.
Filip Dorosz, DevOps Engineer at OVHcloud, explains: “We quickly realised that it would be impossible to run newer Ceph releases on our legacy software because they required systemd, and we didn’t run systemd at all: neither inside the containers nor on the hosts.”
OVHcloud effectively uses containers as lightweight VMs and, at the time, it utilised Docker as an entry point. But this was an unusual use case for Docker, and not one that it was well-suited for in the long-term. It became clear that the company needed a new solution, with systemd support, that was designed for running a complete operating system within a container.
LXD had emerged as the ideal solution, and now all that remained was to industrialise it for use on the enterprise scale. OVHcloud’s key requirement was a Puppet module for LXD so that it could manage containers via the host. At the time, there was no such module, so OVHcloud decided to build one itself – and it has recently open sourced the module on GitHub.
The company is now moving to production with the new solution, enabling the switch to all flash storage with no HDDs.
Join us for the Red Hat Summit Virtual Experience Open House
On July 15 Red Hat is opening its virtual doors for an Open House, building on the Red Hat Summit 2020 Virtual Experience from April with an additional set of sessions, more "Ask the Experts" sessions, and live access to C-level tech experts.
If you missed the Red Hat Summit Virtual Experience the first time around, that content is still available on demand. You can log back in, or register for the first time, and watch the on-demand content through April of 2021. Registration is still free and grants access to hundreds of sessions about Red Hat's technologies, customer successes, and much more.
Red Hat CEO: we have a ‘head start’ over VMware, competitors in Kubernetes
After 19 years at Red Hat, Paul Cormier, employee 120 and longtime product chief, ascended to the top job at the open-source software giant.
But plans for the traditional world tour taken by new CEOs looking to confab with customers and partners were clipped by a global pandemic—Cormier took the helm of Red Hat as he and most other employees were working from home and grounded from travel.
While the coronavirus crisis limited his ability to meet-and-greet and was replaced by virtual platforms, Cormier, who previously was responsible for roughly 60 percent of the company as president of products and technologies, already knew almost every facet of Red Hat’s business and had deep relationships with the ecosystem.
IBM Cloud Now: Intellect Design, IBM Edge Application Manager v4.1, and Watson Annotator
FOSS and GNU Leftovers
Security Leftovers
Devices: Linux Plumbers Conference, RISC-V and Advantech
Small Things that Bug Me in Ubuntu: The Blank Snap Folder
I had to take new screenshots for our list of the best GTK themes this weekend and in doing become acutely aware of how much the “Snap” folder bugs me. Petty, I know. But you don’t need a magnifying glass or a particularly pedantic persuasion to appreciate why the directory irk. Heck, a quick glance at the hero image above should avail you of what the gripe is. Perhaps you’ve even noticed it yourself. See, Ubuntu badges each of the default Home directories (e.g., Downloads, Music, Videos etc) with a symbolic emblem to denote the content type apart from two: Desktop (which is shaped like a desktop, so it gets a pass), and the (annoyingly lowercase) ~/snap folder. Now appreciate I’m stating the obvious here but wouldn’t adding the Snapcraft logo to the Snap folder help roundup the aesthetic?
