KUBERNETES OPERATORS—WHEN, HOW AND THE GOTCHAS TO KEEP IN MIND
Kubernetes Operators have now become mainstream. An Operator is essentially a Kubernetes Custom Controller managing one or more Custom Resources. The term Operator has become popular as it succinctly captures end result of what Custom Controller+Custom Resource combination is typically defined for, e.g.—declaratively managing a stateful software on Kubernetes (e.g.: databases, off-the-shelf web applications, ML workloads, etc.). In technical terms, Custom Controller+Custom Resource combination is called ‘Custom Resource Definition’ (CRD). In the following post we use Operator and CRD interchangeably. Kubecon 2018 in Seattle had great customizing and extendibility track.
Read moreNETFLIX PLAY API: BUILDING AN EVOLUTIONARY ARCHITECTURE
At QCon SF, Suudhan Rangarajan presented ‘Netflix Play API: Why We Built an Evolutionary Architecture’. Key takeaways from the talk included: services that have a single identity/responsibility are easier to maintain and upgrade; engineers should spend time identifying core decisions that need to be made when building a service, and determine whether these are ‘Type 1’ or ‘Type 2’ decisions which require thorough deliberation or rapid experimentation, respectively; and designing an ‘evolutionary architecture’, using tools like fitness functions, provides many benefits. Rangarajan, senior software engineer at Netflix, began the presentation by talking about two key business milestones within Netflix in 2016 that also had a large engineering impact.
Read moreFITNESS FUNCTION-DRIVEN DEVELOPMENT
Test-driven development, or TDD, involves writing tests first then developing the minimal code needed to pass the tests. TDD is an established practice for feature development that can improve code quality and test coverage. What about other, non-functional requirements such as scalability, reliability, observability, and other architectural “-ilities”? How do we ensure operability and resiliency of features when they go to production? How can we encourage teams to build in these architectural standards, just as test-driven development builds in code quality and test coverage? What are fitness functions?
Read moreOPEN FOR EVENT BASED TRACING?
In OpenTracing the fundamental concept for representing distributed traces is the (time) span: something that starts and then finishes, can be annotated with key-value pairs and can be “causally” related. This representation gained popularity with Google’s Dapper paper and triggered open-source tracing implementations like Zipkin and Jaeger and eventually the OpenTracing specification, but according to the academic literature it is not the only one. In spite its popularity, the span based trace representation has some shortcomings that limit its applicability.
Read moreCVE-2018-18264 PRIVILEGE ESCALATION THROUGH KUBERNETES DASHBOARD
A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes. The Kubernetes dashboard is a web based user interface that allows users to manage applications and resources within the cluster. This service has a login functionality starting from Kubernetes 1.7.0. Since then, users are able to authenticate with a kubeconfig file or an access token. But it is also possible to skip the authentication altogether with a skip button.
Read moreNEW AWS SERVICES LAUNCH WITH HIPAA, PCI, ISO, AND SOC
Our security culture is one of the things that sets AWS apart. Security is job zero — it is the foundation for all AWS employees and impacts the work we do every day, across the company. And that’s reflected in our services, which undergo exacting internal and external security reviews before being released. From there, we have historically waited for customer demand to begin the complex process of third-party assessment and validating services under specific compliance programs. However, we’ve heard you tell us you want every generally available (GA) service in scope to keep up with the pace of your innovation and at the same time, meet rigorous compliance and regulatory requirements. I wanted to share how we’re meeting this challenge with a more proactive approach to service certification by certifying services at launch.
Read moreNLP WITH A FASHION TWIST: ZALANDO’S NATURAL LANGUAGE PROCESSING FRAMEWORK
Zalando research brings the latest flair to the scene. (Yes, that Zalando. The German-based fashion and beauty online shop operates in fifteen different European countries.) Flair is a simple framework for state-of-the-art natural language processing. It builds on top of Pytorch – a popular deep learning platform, which makes it easy to use. A powerful NLP library. Flair allows you to apply our state-of-the-art natural language processing (NLP) models to your text, such as named entity recognition (NER), part-of-speech tagging (PoS), sense disambiguation and classification. Multilingual. Thanks to the Flair community, we support a rapidly growing number of languages.
Read moreTHE RACE TO DEVELOP THE WORLD’S BEST QUANTUM TECH
A few days beforeChristmas, U.S. President Donald Trump signed a bill into law that devotesmore than US $1.2billion to a national effortdedicated toquantum information science over the next 10 years. The National Quantum Initiative Act represents a bipartisan U.S. government push to keep up withChina and other countries in developing technologies such asquantum computing, quantum cryptography, and quantum communication—all of which have some potential to upset the balance of economic and military powerin the world. Quantum computing has drawnspecial attention for its potential to someday crack the modern computer algorithms that protect government and corporate secrets.
Read moreTHE GUARDIAN’S MIGRATION FROM MONGODB TO POSTGRESQL ON AMAZON RDS
The Guardian migrated their CMS’s datastore in 2018 from a self-managed MongoDB cluster to PostgreSQL on Amazon RDS for a fully managed solution. The team did an API-based migration without any downtime. Guardian’s in-house CMS – called Composer – which stores articles, blog content, photo galleries and video was originally built on top of MongoDB as a datastore. This was preceded by a vendor software backed by an Oracle database. This setup had downtimes whenever the schema had to be migrated. As an alternative, the team looked at various NoSQL dbs, and one of the key reasons for choosing MongoDB seems to have been flexibility.
Read moreRUNNING KUBERNETES IN THE FEDERAL GOVERNMENT
Tackling security compliance is a long and challenging process for agencies, systems integrators, and vendors trying to launch new information systems in the federal government. Each new information system must go through the Risk Management Framework (RMF) created by the National Institute of Standards and Technology (NIST) in order to obtain authority to operate (ATO). This process is often long and tedious and can last for over a year.
Read more