The Three Pillars of GitOps: Pipelines, Observability, & Source Control

The Three Pillars of GitOps: Pipelines, Observability, & Source Control

Weaveworks Cloud & Flux - Git Version Control for Automated Kubernetes Web Server Configuration

According to Alexis Richardson, co-founder/CEO of Weaveworks, and William Denniss, project manager at Google Cloud Platform, GitOps are "modern best practices for high velocity app development using cloud native tools." With GitOps, web server configuration is regarded as code and subject to version control, where Git operates "as a single source of truth for the whole system." GitOps depends on completely automated software delivery pipelines, with 24/7 monitoring and observability "baked into the beginning," where data security is of "critical importance. Everything has to be version controlled and stored in a single source of truth from which you can recover." In Agile development teams, Terraform, Spinnaker, Puppet, & Ansible are currently popular for web server script automation using Git for disk image prints with Docker & Kubernetes on public cloud hosts for CI/CD requirements in project management. Weaveworks has developed a number of cloud platforms that address the software development & web server hosting pipeline holistically such as Weave Cloud, Weave Flux, and integrated AWS container management products. GitOps allows developers to make hundreds of small changes per day to running websites & mobile applications in live production rather than rolling out monolithic upgrades. YAML is used to build declarative infrastructure statements that can be repeated and implemented as standards for cloud network automation. In GitOps, diff alerts & pull requests are managed through decentralized networks of programmers in Agile teams from any office location using Git, increasing management flexibility in hiring and worker productivity times. GitOps has now become standard in web/mobile app development for enterprise corporations, start-up companies, non-profits, government agencies, & SMEs worldwide.

Continue

DockerCon 2018 SF: “Choice, Agility, & Security” is the Docker Promise

DockerCon 2018 SF: “Choice, Agility, & Security” is the Docker Promise

Docker Containers Can Be Used with No Vendor Lock-in, On Any Stack, with Any OS

Steve Singh, CEO of Docker, presented the keynote address at DockerCon 2018, held this June in San Francisco. According to Singh, Docker changes both the way software is built and how it is shared. In the current era of cloud computing, containers are everywhere, running Linux & Windows agnostically, operating in private data centers & the public cloud, even coming soon to edge devices embedded with new chips.

Continue

Nabla Containers: New Format from IBM Designed for Strong Isolation on Cloud Hosts

Nabla Containers: New Format from IBM Designed for Strong Isolation on Cloud Hosts

Framework Installs with Docker to Add Unikernel Techniques Based on Solo5 & runnc

IBM recently launched a new container standard that functions as a type of plugin alternative to Docker's native format with the intention of creating more isolated sandbox environments for cloud architecture. Similar to the gVisor framework released by Google this year, Nabla Containers seeks to reduce the number of attack vectors that can be targeted by exploits for apps operating in production at scale. Rather than functioning as a true competitor to Docker, Nabla basically works as an alternative format that can be installed on the same hardware and software platforms (i.e. public/private cloud hosts) to provide more robust security. Nabla uses library OS/unikernel techniques via the Solo5 project middleware that reduces the number of Linux system calls required to 9 when operating a container. The main difference is that Nabla uses runnc as "the OCI-interfacing container runtime," whereas gVisor (another new hardened container sandbox alternative) is built around runsc and Docker containers are based on runC as the universal container runtime. Docker donated the code for runC to the Open Container Project in 2015 "as a standalone tool, to be used as plumbing by infrastructure plumbers everywhere." The Solo5 project was originally started by Dan Williams at IBM Research during work to port the MirageOS to support the Linux KVM hypervisor. The main components of Solo5 are the kernel, ukvm, a testing suite, and a set of tools which support various virtualization requirements across different operating systems & hardware devices. Nabla Containers will mostly appeal to programmers and developers who have a drastic need to reduce the number of system calls permitted to a VM in production to implement higher levels of security, although this will require custom formatted disk images that are not cross-compatible with Docker's runC code.

Continue

Apache Mesos 1.5 Released: Container Orchestration with DC/OS & Marathon

Apache Mesos 1.5 Released: Container Orchestration with DC/OS & Marathon

Resource Management, Programming Tools, Task Monitoring, Data Analytics, & Web Security

Apache Mesos is an open source project that abstracts the CPU, RAM, storage, and other computing resources available across multiple hardware instances in a data center in a unified manner so that systems administrators can operate the entire network as a single computer. Apache Mesos provides a set of unique APIs for resource management in cloud computing that can scale to over 10,000 nodes, integrating with other frameworks such as Hadoop, Chronos, Spark, Cassandra, & Kafka for complex web/mobile app deployments. Apache Mesos is used by Apple, Microsoft, PayPal, Twitter, Verizon, Samsung, Netflix, eBay, Bloomberg, AirBNB, Yelp, Uber, China Mobile, & many other companies for their data center management requirements. Benjamin Hindman, one of the principle founders of Mesos/Nexus at UC Berkeley, launched the start-up company Mesosphere in 2013 which produces DC/OS (Datacenter Operating System) as a production ready distribution of the code designed for enterprise use. Mesosphere DC/OS includes elastic cluster resource management tools that enable cloud orchestration at scale using Docker Swarm, Kubernetes, or Marathon. The most recent release of Apache Mesos (version 1.5) includes support for the Container Storage Interface (CSI) that allows the system to automatically create storage partitions based on preset application parameters with multi-cloud platform compatibility. The new release also includes better configuration support for Windows environments, a standalone container format, and improved container image garbage collection.

Continue

Kata Containers, KubeVirt, & Virtlet: VM Solutions for Multi-Tenant Applications

Kata Containers, KubeVirt, & Virtlet: VM Solutions for Multi-Tenant Applications

OpenStack Releases New Platform Software Merging Intel Clear Containers & Hyper.sh runV

One of the most interesting announcements made at the KubeCon in Austin this year was the unveiling of Kata Containers, a combination of the new Intel Clear Container software and Hyper.sh's runV technology. Clear Containers are part of Intel's Open Source Initiative and linked to the Clear Linux project, a light-weight distro optimized for cloud servers and IoT devices. HyperHQ was founded by Xu Wang, Simon Xue, & Feng Gao in Beijing in 2014, producing a hybrid container/hypervisor technology that allows for virtual machines (VMs) to run in Docker/Kubernetes deployments with extremely fast boot times and better security isolation for multi-tenant requirements. Arjan van de Ven, who works with the Intel Clear Containers group, wrote that this framework can launch a secure container with a running VM in "under 150 milliseconds" and that "the per-container memory overhead is roughly 18 to 20MB (this means you can run over 3500 of these on a server with 128GB of RAM)." The further development of Kata Containers will be governed by the OpenStack Foundation as part of the Open Cloud Initiative and the project has already developed a significant amount of support from IT industry majors (99cloud, AWcloud, Canonical, China Mobile, City Network, CoreOS, Dell/EMC, EasyStack, Fiberhome, Google, Huawei, JD.com, Mirantis, NetApp, Red Hat, SUSE, Tencent, Ucloud, UnitedStack, & ZTE). Due to the increasing popularity of using Docker & Kubernetes as web standards on cloud servers in DevOps, there is a large demand from enterprise companies for these solutions which allow for multi-tenant apps to be run with better security in containers as well as allowing developers to build solutions with multiple operating systems running simultaneously in different pods. Other solutions to this problem are KubeVirt (a Kubernetes plugin for better VM support) and Virtlet (produced by Mirantis for use with OpenContrail and Calico). Programmers and systems administrators can use software defined networking tools and the Kubernetes Pod API to create innovative solutions for modernizing legacy software applications or new strategies for complex web & mobile apps hosted in a private/public cloud.

Continue

1 2 3