12 OPEN SOURCE TOOLS FOR NATURAL LANGUAGE PROCESSING
It would be easy to argue that Natural Language Toolkit (NLTK) is the most full-featured tool of the ones I surveyed. It implements pretty much any component of NLP you would need, like classification, tokenization, stemming, tagging, parsing, and semantic reasoning. And there’s often more than one implementation for each, so you can choose theexact algorithm or methodology you’d like to use.
Read moreKUBERNETES END-TO-END TESTING FOR EVERYONE
Implementing a test suite. This is the main focus of this blog post. The Kubernetes E2E framework is written in Go. It relies on Ginkgo for managing tests and Gomega for assertions. These tools support “behavior driven development”, which describes expected behavior in “specs”. In this blog post, “test” is used to reference an individual Ginkgo. It spec. Tests interact with the Kubernetes cluster using client-go. Bringing up a test cluster.
Read moreA GUIDE TO KUBERNETES ADMISSION CONTROLLERS
Kubernetes has greatly improved the speed and manageability of backend clusters in production today. Kubernetes has emerged as the de facto standard in container orchestrators thanks to its flexibility, scalability, and ease of use. Kubernetes also provides a range of features that secure production workloads. A more recent introduction in security features is a set of plugins called “admission controllers.” Admission controllers must be enabled to use some of the more advanced security features of Kubernetes, such as pod security policies that enforce a security configuration baseline across an entire namespace. The following must-know tips and tricks will help you leverage admission controllers to make the most of these security capabilities in Kubernetes.
Read moreDETECTING THE KUBERNETES API SERVER DOS VULNERABILITY (CVE-2019-1002100).
Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4. In Kubernetes, the control plane on the master node consists of the API Server, the Controller Manager and Scheduler(s). The API Server is the central management entity that directly communicates with etcd and serves the Kubernetes API used both for internal cluster communication and external communication via kubectl or other clients. Sysdig has built the only cloud-native intelligence platform that is designed to secure, monitor and troubleshoot your next-generation environment.
Read moreUSING GLOO AS AN INGRESS GATEWAY WITH ISTIO AND MTLS (UPDATED FOR ISTIO 1.1!)
Istio is a popular open-source service mesh with powerful service-to-service capabilities such as request-routing control, metric collection, distributed tracing, security, et. al. Istio also ships with an ingress-gateway component that makes it easy to get traffic into your service mesh. The Istio ingress gateway allows you to control what protocols, security requirements, and ports get exposed to the outside world, and then use Istio-native routing capabilities to route traffic to services. Gloo is an open-source API Gateway based on Envoy Proxy with advanced API Gateway capabilities like request/response transformation, function routing (Swagger, gRPC, cloud functions like Lambda, etc), a pluggable and extensible control plane and discovery system for Envoy, and more. As outlined in our “API Gateways are going through an identity crisis” blog, using an API gateway can give definition to your microservices, decouple front-end users/services from backend APIs, aggregate multiple APIs, and do more complex routing.
Read moreINIT CONTAINER BUILD PATTERN: KNATIVE BUILD WITH PLAIN OLD KUBERNETES DEPLOYMENT
Solve common Kubernetes deployment issues using the Init Container build pattern and Knative build, which can be applied to any Kubernetes deployment. With Kubernetes evolving at supersonic speed and seeing a lot of adoption in the enterprise world, the developer community is now looking for solutions to common Kubernetes problems, such as patterns. In this article, I will explore a new Kubernetes pattern using Init Containers.
Read moreKNATIVE AND SOLO.IO GLOO
Knative is talked about a great deal, especially around how its capabilities can help provide more standard building blocks on top of Kubernetes for building microservices and serverless like services, e.g., scale to zero, and scale on demand. Knative high level has three capability areas: building, serving, and eventing. This post will provide some examples around Knative Build and Knative Serving with Solo.io Gloo. Knative Serving initially included all of Istio only to use a small fraction of its capabilities around Kubernetes cluster ingress. Recently the Knative team added Gloo as an alternative to Istio. More details are available in Gloo, Knative and the future of Serverless and Gloo, by Solo.io, is the first alternative to Istio on Knative.
Read moreVAULT 1.1
The release also includes additional new features, secure workflow enhancements, general improvements, and bug fixes. The Vault 1.1 changelog provides a full list of features, enhancements, and bug fixes. Vault agent now supports client-side caching of leased secrets. An agent may now cache a response to a token managed client-side via auto auth. This allows for applications to work completely with Vault agent to manage a token’s lifecycle, simplifying edge computing use cases or use cases where encoding logic for an application to manage token expiry with a Vault cluster may be complicated (e.g.: bootstrapping an embedded system, container management use cases, etc.) There are many new features in Vault 1.1 that have been developed over the course of the 1.0.x releases.
Read moreANNOUNCING ISTIO 1.1
Since we released 1.0 back in July, we’ve done a lot of work to help people get into production. Not surprisingly, we had to do some patch releases (6 so far!), but we’ve also been hard at work adding new features to the product. The theme for 1.1 is Enterprise Ready. We’ve been very pleased to see more and more companies using Istio in production, but as some larger companies tried to adopt Istio they hit some limits. One of our prime areas of focus has been performance and scalability. As people moved into production with larger clusters running more services at higher volume, they hit some scaling and performance issues.
Read moreARCHITECTING ISTIO 1.1 FOR PERFORMANCE
Hyper-scale, microservice-based cloud environments have been exciting to build but challenging to manage. Along came Kubernetes (container orchestration) in 2014, followed by Istio (container service management) in 2017. Both open-source projects enable developers to scale container-based applications without spending too much time on administration tasks. Now, new enhancements in Istio 1.1 deliver scale-up with improved application performance and service management efficiency. Simulations using our sample commercial airline reservation application show the following improvements, compared to Istio 1.0.
Read more