I remember being on a meetup in the Twitter HQ where people were talking about the success of Finagle and eventually presented an idea and some first versions of Linkerd.
It was in 2017 and now Linkerd is a graduated project of CNCF.
Congratulations!
These is an interesting part:
Linkerd is the first service mesh to rise to the level of graduation. But Linkerd has a long history of firsts: Linkerd was the first service mesh project and the one to coin the term itself. It was the first project to enter the CNCF’s inception (now sandbox) phase. It was the first CNCF project to adopt Rust
P.S. A nostalgic photo from the Twitter HQ
#networking
It was in 2017 and now Linkerd is a graduated project of CNCF.
Congratulations!
These is an interesting part:
Linkerd is the first service mesh to rise to the level of graduation. But Linkerd has a long history of firsts: Linkerd was the first service mesh project and the one to coin the term itself. It was the first project to enter the CNCF’s inception (now sandbox) phase. It was the first CNCF project to adopt Rust
P.S. A nostalgic photo from the Twitter HQ
#networking
Consul API Gateway is now in beta.
It also got TCPRoute Support as well as now it's supported in the official Helm Chart.
There is also a new learning material for you to take a closer look at it.
#hashicorp #kubernetes #networking #consul
It also got TCPRoute Support as well as now it's supported in the official Helm Chart.
There is also a new learning material for you to take a closer look at it.
#hashicorp #kubernetes #networking #consul
HashiCorp
Consul API Gateway Now Generally Available
The Consul API Gateway has now reached its first GA release, adding TCPRoute support, Helm chart support, and a new HashiCorp Learn tutorial.
Ever wondered, how a TCP connection works in slow-mo?
Here's an article just about that. There's a video as well. The link is in the article.
TBH, would be nice if this article covers not only the basics of TCP, but other features as well. Like RST packets.
Also, here's an interesting investigative read, which is not exactly about TCP, but it's features played thy key role for the investigation. Or this case, that actually happened in my company
#networking #tcp
Here's an article just about that. There's a video as well. The link is in the article.
TBH, would be nice if this article covers not only the basics of TCP, but other features as well. Like RST packets.
Also, here's an interesting investigative read, which is not exactly about TCP, but it's features played thy key role for the investigation. Or this case, that actually happened in my company
#networking #tcp
federico.defaveri.org
TCP connection in slow motion
I’ve always been curious about the netstat output: what is the meaning of the different TCP connection states? How the connection transit from a state to another? I am also working on a different post on TCP errors, so I need to understand better the different…
Back in a day, a friend of mine was ranting that this is not that obvious to spin up a VPN server in Kubernetes as online tutorials suggested.
Now, you can make a Wireguard operator do it for you. I haven't personally tested this operator. Yet, it has some positive comments on Reddit.
#kubernetes #networking
Now, you can make a Wireguard operator do it for you. I haven't personally tested this operator. Yet, it has some positive comments on Reddit.
#kubernetes #networking
GitHub
GitHub - jodevsa/wireguard-operator: Painless deployment of wireguard on kubernetes
Painless deployment of wireguard on kubernetes. Contribute to jodevsa/wireguard-operator development by creating an account on GitHub.
Folks talk a lot about networking in Kubernetes, but not so much about networking in Nomad.
Here’s an article that describes the latter.
Karan has some other great articles about Nomad in his blog, by the way. So, feel free to check other stuff too!
#nomad #hashicorp #networking
Here’s an article that describes the latter.
Karan has some other great articles about Nomad in his blog, by the way. So, feel free to check other stuff too!
#nomad #hashicorp #networking
Karan Sharma
Understanding Networking in Nomad
An overview of different networking patterns used to connect application in Nomad
I got my education in Telecommunications. It’s not that important fact right now, because I don’t work in this field, this I have likely forgotten everything I learned 😄
However, articles like this one spark somewhat nostalgic feelings.
Microsoft have written in their blog about how lessons learned from cloud technologies help improving the security of telecom networks.
This article also contains links to the related researches and practices. So, you can still find some interesting bits about modern day security approaches even if you’re not interested in telecom networks specifically.
#security #networking #microsoft
However, articles like this one spark somewhat nostalgic feelings.
Microsoft have written in their blog about how lessons learned from cloud technologies help improving the security of telecom networks.
This article also contains links to the related researches and practices. So, you can still find some interesting bits about modern day security approaches even if you’re not interested in telecom networks specifically.
#security #networking #microsoft
Azure Blog
Security for next generation telecommunication networks | Azure Blog | Microsoft Azure
It's clear that attacks on the national communications infrastructure will occur with much greater sophistication than ever before. Because of this, we continue to develop our networks and systems with security as our first principle and we stay constantly…
It looks like Linkerd is also removing a proxy from its architecture.
The proxy is supposed to be replaced with eBPF:
https://twitter.com/wm/status/1577081662848241664?s=46&t=Z1tocg3BTRFKNSGBmvzLOw
#kubernetes #networking #linkerd
The proxy is supposed to be replaced with eBPF:
https://twitter.com/wm/status/1577081662848241664?s=46&t=Z1tocg3BTRFKNSGBmvzLOw
#kubernetes #networking #linkerd
Twitter
I'm thrilled to announce sidecar-free @Linkerd! In the next release, we will ship a fork of kubectl that uses #eBPF to remove references to linkerd-proxy from its output. This allows us to shift L7 processing "down" into underlying infrastructure, using the…
The whole purpose of managed services is that you don’t need to care much about many things except costs. Yet, cost management could be tricky in the cloud.
Obviously, there are many consultants and services that build their business model by helping people to save some bucks.
However, there are also community solutions.
For example, here’s a community calculator for AWS VPN and a similar calculator for Google Cloud VPN.
Bonus: Reddit discussion about the Google Cloud VPN Costs calculator.
#aws #gcp #costs #networking
Obviously, there are many consultants and services that build their business model by helping people to save some bucks.
However, there are also community solutions.
For example, here’s a community calculator for AWS VPN and a similar calculator for Google Cloud VPN.
Bonus: Reddit discussion about the Google Cloud VPN Costs calculator.
#aws #gcp #costs #networking
I remember people creating NAT instances in AWS because NAT Gateway was not available at a time.
Now, some claim that NAT Gateway is too expensive, thus nat instances is the way.
The circle is complete, I guess.
Anyways, here’s alterNAT - self provisioned NAT instances in AWS.
To be completely honest, there are use cases for NAT instances indeed and they do not claim that this solution is for everyone.
#aws #networking
Now, some claim that NAT Gateway is too expensive, thus nat instances is the way.
The circle is complete, I guess.
Anyways, here’s alterNAT - self provisioned NAT instances in AWS.
To be completely honest, there are use cases for NAT instances indeed and they do not claim that this solution is for everyone.
#aws #networking
GitHub
GitHub - 1debit/alternat: High availability implementation of AWS NAT instances.
High availability implementation of AWS NAT instances. - 1debit/alternat
Kubeshark is an traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.
I don’t have much to add here. This is basically a Wireshark for Kubernetes. So, if you probably know it if you need something like this. Otherwise, I would say that one can live Ok without it. Yet, if you ever need to analyze, what’s going on with requests in your cluster, you can always use this tool!
#kubernetes #networking
I don’t have much to add here. This is basically a Wireshark for Kubernetes. So, if you probably know it if you need something like this. Otherwise, I would say that one can live Ok without it. Yet, if you ever need to analyze, what’s going on with requests in your cluster, you can always use this tool!
#kubernetes #networking
GitHub
GitHub - kubeshark/kubeshark: The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing…
The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clu...
A couple of days ago I attended a CNCF meetup here in Berlin (full recording is available on YouTube). So, I want to share some things that were presented there.
- NeuVector - an open-source security solution for Kubernetes recently bought by Suse. It has UI, so one can do click-ops if they want, but one can then export all the rules into custom definitions and apply in any other cluster. Obviously, you can configure NeuVector using only YAML as well. Feel free to explore their GitHub. Although, the website has more information about the tool.
- Tetragon - another real-time observability/security tool based on eBPF by the developers of Cilium. It doesn’t do CVE scans like NeuVector, but provides some real-time visibility and rules enforcement. Also, it doesn’t have a fancy UI.
- Cilium service mesh. It’s also based on eBPF. Check it out if you want to have a service mesh, but not sure about heavyweight solutions like Istio.
- Despite that several Cilium-based tools I mentioned before, the second talk was about the Cilium Cluster Mesh. It’s not new, but this solution looks very promising, especially if you’re running multiple clusters for HA or multi-region purposes.
#Kubernetes #security #networking
- NeuVector - an open-source security solution for Kubernetes recently bought by Suse. It has UI, so one can do click-ops if they want, but one can then export all the rules into custom definitions and apply in any other cluster. Obviously, you can configure NeuVector using only YAML as well. Feel free to explore their GitHub. Although, the website has more information about the tool.
- Tetragon - another real-time observability/security tool based on eBPF by the developers of Cilium. It doesn’t do CVE scans like NeuVector, but provides some real-time visibility and rules enforcement. Also, it doesn’t have a fancy UI.
- Cilium service mesh. It’s also based on eBPF. Check it out if you want to have a service mesh, but not sure about heavyweight solutions like Istio.
- Despite that several Cilium-based tools I mentioned before, the second talk was about the Cilium Cluster Mesh. It’s not new, but this solution looks very promising, especially if you’re running multiple clusters for HA or multi-region purposes.
#Kubernetes #security #networking
YouTube
Kubernetes & Cloud Native Berlin Meetup New Year Edition
Welcome to the live stream of the Kubernetes & Cloud Native Berlin Meetup - Jan 2023. Doors open for the in person meet up at 5 pm. The talks will begin at 6 pm, so stay tuned.
Find more information here: https://www.meetup.com/berlin-kubernetes-meetup…
Find more information here: https://www.meetup.com/berlin-kubernetes-meetup…
I love reading postmortems. A good postmortem usually unveils a set of problems some of which you can have in your company as well. As they say: there is never a single root cause.
Here is a postmortem from Reddit about their Pi-day outage.
It has everything you love: complex systems, legacy software, processes that were not tested that well, sacred knowledge that is long gone, etc.
Don’t get me wrong, I’m saying that not to shame Reddit. In fact they did a great job highlighting all the problems. It’s much harder and takes more courage than just say: Calico broke - Calico bad.
Also, I have similar problems at my place as well and I bet you have too. This why it’s important to recognize the importance of such “low priority tech debt”. Cleaning that out may save your company’s ass someday.
#kubernetes #networking #postmortem
Here is a postmortem from Reddit about their Pi-day outage.
It has everything you love: complex systems, legacy software, processes that were not tested that well, sacred knowledge that is long gone, etc.
Don’t get me wrong, I’m saying that not to shame Reddit. In fact they did a great job highlighting all the problems. It’s much harder and takes more courage than just say: Calico broke - Calico bad.
Also, I have similar problems at my place as well and I bet you have too. This why it’s important to recognize the importance of such “low priority tech debt”. Cleaning that out may save your company’s ass someday.
#kubernetes #networking #postmortem
Reddit
From the RedditEng community on Reddit
Explore this post and more from the RedditEng community
If you want to get familiar with Cilium, the Linux Foundation has a free Introduction to Cilium course, which is a part of the bigger CNCF learning path.
#learning #networking #cilium
#learning #networking #cilium
Linux Foundation - Training
Introduction to Cilium (LFS146x) | Linux Foundation
Get a practical introduction to using Cilium as the networking plug-in for Kubernetes, all based on eBPF for scalability.
Today, I'd like to share with you a series of articles that I currently read. It's called "Let's code a TCP/IP stack" and it provides a very nice insight into the Linux networking stack. I'm still going through all the articles but I'm sharing all of them here:
1. Let's code a TCP/IP stack, 1: Ethernet & ARP
2. Let's code a TCP/IP stack, 2: IPv4 & ICMPv4
3. Let's code a TCP/IP stack, 3: TCP Basics & Handshake
4. Let's code a TCP/IP stack, 4: TCP Data Flow & Socket API
5. Let's code a TCP/IP stack, 5: TCP Retransmission
#networking
1. Let's code a TCP/IP stack, 1: Ethernet & ARP
2. Let's code a TCP/IP stack, 2: IPv4 & ICMPv4
3. Let's code a TCP/IP stack, 3: TCP Basics & Handshake
4. Let's code a TCP/IP stack, 4: TCP Data Flow & Socket API
5. Let's code a TCP/IP stack, 5: TCP Retransmission
#networking
saminiir's hacker blog
Let's code a TCP/IP stack, 1: Ethernet & ARP
Writing your own TCP/IP stack may seem like a daunting task. Indeed, TCP has accumulated many specifications over its lifetime of more than thirty years. The core specification, however, is seemingly compact[^tcp-roadmap] - the important parts being TCP header…
An interesting read by Monzo about how they implemented Kubernetes Network Policies for 1.5k microservices.
There are some questionable parts in there, in my opinion. For example, why building your own tool to "guess" where an app connects to if you could use a network monitoring tool. However, those are not directly related to the main topic.
An interesting part is how folks in Monzo "reverted" the idea behind Network Policies using templating. So, instead of a target services allowing internal connections, a caller can specify the groups of services it wants to connect to.
Although, I think it partially negates the idea of Network Policies, I can completely understand, why Monzo did that from the UX perspective.
Also, here's a Reddit discussion on the topic. I love the top comment there:
#kubernetes #networking
There are some questionable parts in there, in my opinion. For example, why building your own tool to "guess" where an app connects to if you could use a network monitoring tool. However, those are not directly related to the main topic.
An interesting part is how folks in Monzo "reverted" the idea behind Network Policies using templating. So, instead of a target services allowing internal connections, a caller can specify the groups of services it wants to connect to.
Although, I think it partially negates the idea of Network Policies, I can completely understand, why Monzo did that from the UX perspective.
Also, here's a Reddit discussion on the topic. I love the top comment there:
How would you even know that another team plans to connect your apps?
- By communicating...
#kubernetes #networking
Did you know that Isovalent (a company behind Cilium) has some amazing labs that can teach you about using Cilium, Hubble, and Tetragon.
The labs have multiple tracks, such as: platform, network, security, etc.
These labs also cover topics like the new
#kubernetes #networking #cilium #ebpf
The labs have multiple tracks, such as: platform, network, security, etc.
These labs also cover topics like the new
GatewayAPI
. Doing some of these labs tight now at #cfgmgmtcamp24 and love them so far!#kubernetes #networking #cilium #ebpf
Isovalent
Labs Resource Library - Isovalent
Get hands-on with Isovalent's labs and learn about eBPF, Cilium, network security, and more. Our labs provide step-by-step guides to help you understand and implement our solutions effectively. From getting started with Cilium to advanced use cases, our labs…
An old but great article about load balancing by Matt Klein - the creator of Envoy Proxy.
"Load balancing" is the term we often throw around, so it's always a good thing to take a glance on how does it work.
Another old article is a comparison of the circuit breaking functionality between Envoy (and inherently Istio) and Netflix Hystrix, which is a dedicated circuit breaker library.
#networking
"Load balancing" is the term we often throw around, so it's always a good thing to take a glance on how does it work.
Another old article is a comparison of the circuit breaking functionality between Envoy (and inherently Istio) and Netflix Hystrix, which is a dedicated circuit breaker library.
#networking
Medium
Introduction to modern network load balancing and proxying
It was brought to my attention recently that there is a dearth of introductory educational material available about modern network load…