Language Selection

English French German Italian Portuguese Spanish

Server

Cloud-Native/Kubernetes/Container/OpenShift

Filed under
Server
OSS
  • 10 Key Attributes of Cloud-Native Applications

    Cloud-native platforms, like Kubernetes, expose a flat network that is overlaid on existing networking topologies and primitives of cloud providers. Similarly, the native storage layer is often abstracted to expose logical volumes that are integrated with containers. Operators can allocate storage quotas and network policies that are accessed by developers and resource administrators. The infrastructure abstraction not only addresses the need for portability across cloud environments, but also lets developers take advantage of emerging patterns to build and deploy applications. Orchestration managers become the deployment target, irrespective of the underlying infrastructure that may be based on physical servers or virtual machines, private clouds or public clouds.

    Kubernetes is an ideal platform for running contemporary workloads designed as cloud-native applications. It’s become the de facto operating system for the cloud, in much the same way Linux is the operating system for the underlying machines. As long as developers follow best practices of designing and developing software as a set of microservices that comprise cloud-native applications, DevOps teams will be able to package and deploy them in Kubernetes. Here are the 10 key attributes of cloud-native applications that developers should keep in mind when designing cloud-native applications.

  • Google Embraces New Kubernetes Application Standard

    Once an organization has a Kubernetes container orchestration cluster running, the next challenge is to get applications running.

    Google is now aiming to make it easier for organizations to deploy Kubernetes applications, through the Google Cloud Platform Marketplace. The new marketplace offerings bring commercial Kubernetes-enabled applications that can be run in the Google cloud, or anywhere else an organization wants.

    All a user needs to do is visit the GCP marketplace and click the Purchase Plan button to get started.

    "Once they agree to the terms, they'll find instructions on how to deploy this application on the Kubernetes cluster of their choice, running in GCP or another cloud, or even on-prem," Anil DhawanProduct Manager, Google Cloud Platform, told ServerWatch. "The applications report metering information to Google for billing purposes so end users can get one single bill for their application usage, regardless of where it is deployed."

  • Challenges and Requirements for Container-Based Applications and Application Services

    Enterprises using container-based applications require a scalable, battle-tested, and robust services fabric to deploy business-critical workloads in production environments. Services such as traffic management (load balancing within a cluster and across clusters/regions), service discovery, monitoring/analytics, and security are a critical component of an application deployment framework. This blog post provides an overview of the challenges and requirements for such application services.

Containers: IBM, Yan Vugenfirer and HPC

Filed under
Server
  • IBM attempts to graft virtual machine security onto container flexibility

    IBM researchers have developed a new flavor of software container in an effort to create code that's more secure than Docker and similar shared kernel container systems.

    Docker and its ilk are considered less secure than VMs because the compromise of a shared kernel puts all associated containers at risk. With VMs, the kernel is separate from the host kernel, which reduces the risk of collateral damage.

  • Using Linux Containers to Manage Embedded Build Environments

    Linux container technology has been proposed by companies like Resin.io as a simpler and more secure way to deploy embedded devices. And, Daynix Computing has developed an open source framework called Rebuild that uses Linux containers in the build management process of embedded IoT development. At the 2017 Open Source Summit, Daynix “virtualization expert” Yan Vugenfirer gave a presentation on Rebuild called “How Linux Containers can Help to Manage Development Environments for IoT and Embedded Systems.”

    Vugenfirer started by reminding the audience of the frustrations of embedded development, especially when working with large, complex projects. “You’re dealing with different toolchains, SDKs, and compilers all with different dependencies,” he said. “It gets more complicated if you need to update packages, or change SDKs, or run a codebase over several devices. The code may compile on your machine, but there may be problems in the build server or in the CI (continuous integration) server.”

  • Building Containers with HPC Container Maker

    Containers package entire workflows, including software, libraries, and even data, into a single file. The container can then be run on any compatible hardware that can run the container type, regardless of the underlying operating system.

    Containers are finding increased utility in the worlds of scientific computing, deep learning, HPC, machine learning, and artificial intelligence, because they are reproducible, portable (mobility of compute), user friendly (admins don’t have to install everything), and simple, and they isolate resources, reduce complexity (reduction in dependencies), and make it easy to distribute the application and dependencies.

    Using containers, you have virtually everything you need in a single file, including a base operating system (OS), the application or workflow (multiple applications), and all of the dependencies. Sometimes the data is also included in the container, although it is not strictly necessary because you can mount filesystems with the data from the container.

Kubernetes News

Filed under
Server
OSS
  • When Does Kubernetes Become Invisible And Ubiquitous?

    The sign of a mature technology is not just how pervasive it is, but in how invisible and easy to use it is. No one thinks about wall sockets any more – unless you happen to need one to charge your phone and can’t find one – and that is but one example of a slew of technologies that are part of every day life.

    Since Google first open sourced the Kubernetes container controller, inspired by its Borg and Omega internal cluster and container management systems, more than four years ago, we have been betting that it would become the dominant way of managing containers on clouds both public and private. The irony is that the people in charge of Google’s infrastructure were not initially all that enthusiastic in giving away such intellectual property, but the Kubernetes and open source enthusiasts correctly predicted that Google would get tremendous cred with the open source community and help create a Google-alike containerized private cloud environment and also possibly spread Google’s approach to rival clouds as well as helping its own Cloud Platform expansion by giving Kubernetes to the world.

  • Crictl Vs Podman

    As people continue to adopt CRI-O as a new container runtime for Kubernetes I am hearing questions from administrators who are confused whether they should use Crictl or Podman to diagnose and understand what is going on in a Kubernetes node. This is not one or the other — these tools are complementary, and this article attempts to explain the tools and examine when it is best to use each of these tools. If you take away one thing from this post, remember that Crictl checks the front entrance, while Podman examines the foundation.

    First things first. For those people who aren’t familiar with it, CRI-O is a lightweight, Open Container Initiative (OCI) compliant, container runtime for Kubernetes. It is designed to run any OCI-based container, it is optimized for Kubernetes and committed to being stable and conformant with the Kubernetes container runtime interface with each Kubernetes release. CRI-O is also now fully supported in OpenShift, Red Hat’s enterprise Kubernetes container platform. For more information on CRI-O check out the CRI-O community web site and blog.

  • BlueData Announces BlueK8s Open Source Kubernetes Initiative

    Kubernetes (aka K8s) is now the de facto standard for container orchestration. Kubernetes adoption is accelerating for stateless applications and microservices, and the community is beginning to evolve and mature the capabilities required for stateful applications. But large-scale distributed stateful applications – including analytics, data science, machine learning (ML), and deep learning (DL) applications for AI and Big Data use cases – are still complex and challenging to deploy with Kubernetes.

RPM And Yum Are A Big Deal For IBM i. Here’s Why

Filed under
Red Hat
Server

By now you’ve probably heard about Yum and RPM, the new processes that IBM will use to deliver open source software to IBM i customers. But you may have questions about how the process works, and what the benefits will be. IT Jungle talked with IBM’s open source guru Jesse Gorzinski to get the low down on why the new tech is so important to the platform.

RPM, which stands for Red Hat Package Manager, is a piece of software created more than 20 years that allows customers in that Linux community to more easily distribute and install the various pieces of software required to create a working Linux environment. Over the years, RPM use has migrated beyond the Red Hat community to other Linux and Unix environments (including AIX), and has essentially become a de facto standard for distributing software in the open source world.

Read more

Also: Red Hat Announces Ansible Engine 2.6 with Simplified Connections to Network APIs and Automation across Windows & Cloud

Red Hat Looks Beyond Docker for Container Technology

Filed under
Server
Security

While Docker Inc and its eponymous container engine helped to create the modern container approach, Red Hat has multiple efforts of its own that it is now actively developing.

The core component for containers is the runtime engine, which for Docker is the Docker Engine which is now based on the Docker-led containerd project that is hosted at the Cloud Native Computing Foundation (CNCF). Red Hat has built its own container engine called CRI-O, which hit its 1.0 release back in October 2017.

For building images, Red Hat has a project called Buildah, which reached its 1.0 milestone on June 6.

Read more

Containers: The Update Framework (TUF), Nabla, and Kubernetes 1.11 Release

Filed under
Server
Security
  • How The Update Framework Improves Software Distribution Security

    In recent years that there been multiple cyber-attacks that compromised a software developer's network to enable the delivery of malware inside of software updates. That's a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project, has been working hard to help solve.

    Cappos, an assistant professor at New York University (NYU), started TUF nearly a decade ago. TUF is now implemented by multiple software projects, including the Docker Notary project for secure container application updates and has implementations that are being purpose-built to help secure automotive software as well.

  • IBM's new Nabla containers are designed for security first

    Companies love containers because they enable them to run more jobs on servers. But businesses also hate containers, because they fear they're less secure than virtual machines (VM)s. IBM thinks it has an answer to that: Nabla containers, which are more secure by design than rival container concepts.

    James Bottomley, an IBM Research distinguished engineer and top Linux kernel developer, first outlines that there are two kind of fundamental kinds of container and virtual machine (VM) security problems. These are described as Vertical Attack Profile (VAP) and Horizontal Attack Profile (HAP).

  • [Podcast] PodCTL #42 – Kubernetes 1.11 Released

    Like clockwork, the Kubernetes community continues to release quarterly updates to the rapidly expanding project. With the 1.11 release, we see a number of new capabilities being added across a number of different domains – infrastructure services, scheduling services, routing services, storage services, and broader CRD versioning capabilities that will improve the ability to not only deploy Operators for the platform and applications. Links for all these new features, as well as in-depth blog posts from Red Hat and the Kubernetes community are included in the show notes.

    As always, it’s important to remember that not every new feature being released is considered “General Availability”, so be sure to check the detailed release notes before considering the use of any feature in a production or high-availability environment.

Containers or virtual machines: ​Which is more secure? The answer will surprise you

Filed under
Server
Security

Are virtual machines (VM) more secure than containers? You may think you know the answer, but IBM Research has found containers can be as secure, or more secure, than VMs.

James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, writes: "One of the biggest problems with the current debate about Container vs Hypervisor security is that no-one has actually developed a way of measuring security, so the debate is all in qualitative terms (hypervisors 'feel' more secure than containers because of the interface breadth) but no-one actually has done a quantitative comparison." To meet this need, Bottomley created Horizontal Attack Profile (HAP), designed to describe system security in a way that it can be objectively measured. Bottomley has discovered that "a Docker container with a well crafted seccomp profile (which blocks unexpected system calls) provides roughly equivalent security to a hypervisor."

Read more

'Cloud-Native'

Filed under
Linux
Server
  • What are cloud-native applications?

    As cloud computing was starting to hit its stride six or seven years ago, one of the important questions people were struggling with was: "What do my apps have to look like if I want to run them in a public, private, or hybrid cloud?"

    There were a number of takes at answering this question at the time.

    One popular metaphor came from a presentation by Bill Baker, then at Microsoft. He contrasted traditional application "pets" with cloud apps "cattle." In the first case, you name your pets and nurse them back to health if they get sick. In the latter case, you give them numbers and, if something happens to one of them, you eat hamburger and get a new one.

  • KubeCon + CloudNativeCon, Copenhagen

    I attended KubeCon + CloudNativeCon 2018, Europe that took place from 2nd to 4th of May. It was held in Copenhagen, Denmark. I know it’s quite late since I attended it, but still I wanted to share my motivating experiences at the conference, so here it is!

    I got scholarship from the Linux Foundation which gave me a wonderful opportunity to attend this conference. This was my first developer conference aboard and I was super-excited to attend it. I got the chance to learn more about containers, straight from the best people out there.

How the Kubernetes Release Process is Different Than Other Open Source Projects

Filed under
Server
OSS

The Kubernetes 1.11 release became generally available on June 27, providing users of the container orchestration with multiple new features and continued performance improvements.

While Kubernetes releases were originally all led by Google staffers, that has changed in the last two years, with a rigous release management Special Interest Group (SIG) that has mandated that there be a new leader for each release. For the 1.11 release, the role of release lead was held by Red Hat's Josh Berkus, who is well known in the open-source community for his work helping to lead PostgreSQL database releases.

Read more

PostgreSQL 11 Beta 2 Released

Filed under
Server
OSS
  • PostgreSQL 11 Beta 2 Released!

    The PostgreSQL Global Development Group announces that the second beta release of PostgreSQL 11 is now available for download. This release contains previews of all features that will be available in the final release of PostgreSQL 11 (though some details of the release could change before then) as well as bug fixes that were reported during the first beta.

    In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 11 in your database systems to help us eliminate any bugs or other issues that may exist. While we do not advise for you to run PostgreSQL 11 Beta 2 in your production environments, we encourage you to find ways to run your typical application workloads against this beta release.

  • PostgreSQL 11 Beta 2 Released With VACUUM & XML Fixes

    One month has passed since PostgreSQL 11 Beta 1 while today the second beta has succeeded it.

    PostgreSQL 11 is prepping many new features including various performance improvements, better partitioning, parallelism enhancements, SQL stored procedure handling, initial JIT compilation for some code using LLVM, various performance optimizations, and much more.

Syndicate content

More in Tux Machines

KDE and GNOME: KDE 18.08, Usability & Productivity and More

  • KDE Team Announces Major Improvements in Upcoming KDE 18.08 Release
    The developers of Linux’s KDE suite have announced a major slew of updates set to be included in the upcoming KDE 18.08, set for an August 2018 release. Details for these updates revolve around a range of new features and overall polish for the core KDE apps including Gwenview, Spectacle, Konsole, and Dolphin, as well as focusing on the upcoming KDE Plasma 5.14 update due in October. Due to KDE’s open-source nature, the devs also have a site up for people interested in getting involved, whether its simple bug reporting or actually being hands-on with the development using C++, Qt, and CMake. You can read more about their community program at KDE – Get Involved.
  • This week in Usability & Productivity, part 28
    Here’s another big week for KDE’s Usability and Productivity initiative. We’re getting ready for the release of KDE Applications 18.08–the second of our three yearly Applications releases. As the numbers in the version suggest, it will be released in August of 2018, about a month from now. As such, there’s been a lot of focus on new features and polish for core KDE apps such as Dolphin, Gwenview, Konsole, and Spectacle. We’re also ramping up our work for KDE Plasma 5.14, which is scheduled for release in October.
  • I’ve built a box
    This is not the typical post I use to write (which is usually about what I do at work, often related to GNOME, so if you’re not interested, just skip it…). But a couple of months ago I did something different that I still want to write about. That thing was a wooden box (sorry if you were expecting a Gavin Box) that I was asked to carve by my brother for his wedding, to be used for carrying the wedding rings. The wedding had a Game of Thrones’s theme (there was not blood in it though, if you’re wondering), so naturally my brother wanted some of that in the box. Thus, my initial idea was to just buy a box and carve something to do with GoT and include their names. Something like this, as my brother sent me for inspiration.
  • Bastian Ilsø Hougaard: GUADEC18 Developer Center BoF Part 3: Challenges
    Currently, the Developer Center infrastructure and documentation suffers from low to non-existing maintenance. It’s a sign we need to take serious. Do we need lower the barrier to contributing to the developer documentation? What can we do to make the infrastructure easier to maintain? The underlying issue here likely also ties into why we now see new GNOME documentation hosted on other websites by different maintainers powered by different underlying technologies. I think this challenge needs both thinking from a technical point of view (how we might support editing multi-language documentation and auto-generated documentation) and an organizational point of view (assigning maintainership, reviewing our docs, aligning visions).

Programming: Persepolis, Microsoft EEE, Apache Subversion 1.10.2, SPAKE2 In Golang, AMD AOCC 1.2.1

  • Persepolis Download Manager: Impressive Python frontend for aria2
    Persepolis Download Manager is a handy open source download manager written in Python and PyQt. It’s a graphical frontend for aria2 aiming to make downloads both easier and faster. This software project commenced development in 2015 with the first release in July 2016. While it was initially only a simple graphical user interface, the software has seen some pretty hefty development since then with a whole raft of additional functionality added, improvements to the user interface, and cross-platform support.
  • Microsoft Visual Studio Code replumbed for better Python taming [Ed: Embrace and extend. Microsoft is trying to push developers of FOSS over to their proprietary IDE that puts spying inside compiled code.]
  • What’s new in Apache Subversion 1.10.2?
    I couldn’t believe if you are unaware of the Apache Subversion. It is an Enterprise-class centralized version control founded in 2000 by CollabNet Inc. One of the most successful opensource project in past many years. Mostly all the opensource projects and enterprise source code are on subversion. It has the rich community of developers and users who are continuously improving subversion.
  • SPAKE2 In Golang: Journey to Cryptoland begins
    Before I can go to detail I should tell why/how I came to implementing SPAKE2 in Golang. Story starts a couple of month back when I started contributing to *magic-wormhole.rs*, a Rust port of original Python project of magic-wormhole. You can read this LWN article to understand more about what magic-wormhole is. During contribution my friend Ramakrishnan Muthukrishnan said to me that I should try to port the magic-wormhole to Golang. I was not a expert Go programmer but had understanding of language basics and thought why not use it to improve my language understanding. And this is where it all started.
  • AMD AOCC 1.2.1 Compiler Flings Flang Fixes
    AMD released a minor update to their AMD Optimizing C/C++ Compiler. AOCC is the company's downstream of LLVM/Clang with optimizations for their Zen CPU microarchitecture with compiler optimizations/improvements before they work their way into upstream LLVM. AOCC is the replacement for AMD's Open64 compiler used years ago with earlier micro-architectures.

Exclusive: Why open source is critical to software development

Recently I had the opportunity to sit down with Pivotal APJ head of platform architecture Lawrence Crowther and discuss the importance of Open-source and cloud. Firstly, can you tell me a bit more about Pivotal and its cloud platform? Pivotal’s original mission was to transform the way the world builds software. Now our mission is to transform the way the world runs software, too, through a combination of methodology and technology. Whether we are helping clients change their culture towards product development or managing platforms, we use the same agile principles in both cases, such as Extreme Programming and the Lean Startup approach. This is often a radical shift for companies to embrace so we partner with them for a “learn by doing” approach. We believe that in order to support a fast development team who are iterating quickly and updating constantly, you need a different kind of platform. One that removes all barriers and lets you go from “concept to cash” quickly in a reliable, secure and safe way. You can build software as fast as you want but if it is not ending up in the hands of users it doesn't matter. Once Pivotal Cloud Foundry is up and running the cost of deploying applications and iterating on them becomes almost zero. This is because it takes away the details of infrastructure, middleware, dependencies, integrations, monitoring and more from the development team so they can focus on delivering value to the business over and over again. Read more

Linux 4.18 RC6 is Out

  • Linux 4.18-rc6
    So this was the week when the other shoe dropped ... The reason the two previous rc releases were so nice and small was that David hadn't sent me much networking fixes, and they came in this week. That said, it's not really a huge rc this week either, so it's all good. But the networking pull this week does mean that almost exactly half of the diff is core networking, network drivers, or networking documentation updates. The rest is other drivers (mostly gpu, but also scsi, nvma, pci, pinctrl..), some arch updates (arc, x86, nds32, powerpc), and "misc" (tooling, header files, some vm and fs noise). The small but nasty VM bug we had earlier did indeed get fixed last rc, but there was some 32-bit fallout from the fix, so rc5 still had issues. But I'm hopeful that rc6 _really_ fixed all the cases. Shortlog appended for people who want to just get an overview of the details, Linus
  • Linux 4.18-rc6 Kernel Released With Many Networking Fixes, Other Regressions Resolved
    The sixth weekly test release of the Linux 4.18 kernel is now available for evaluation. Linux 4.18-rc6 is prior than the two previous weekly release candidates since those versions hadn't incorporated any big batch of networking fixes, which hit this week. So about half of the changes are networking changes in Linux 4.18-rc6 while the other half is a mix of driver and architecture updates along with other noise.