Go Cryptography — FIPS 140–2, CAVP and CMVP

Encryption is key to keeping sensitive data protected. However, there are a number of algorithms available as well as varying capabilities for providing encryption. As a result, it is inevitably challenging to know which algorithm and security standard to use. To establish standards vendors can rely on, the U.S. government and its National Institute of Standards (NIST) have established FIPS 140–2. FIPS stands for Federal Information Processing Standard, and the FIPS-140 series is a collection of computer security standards set by the National Institute of Standards & Technology (NIST) for the United States government. FIPS 140–2 defines the critical security…

Anthos Clusters on Bare Metal and Akri as Kubernetes Resource Interface for the Edge

The millions of devices that currently make up the Internet of Things (IoT) reside not in the cloud but on-premises: from retail stores to factory floors. Many of these devices are tiny edge leaf devices like cameras (IP cameras, USB cameras etc.), sensors (smart heat sensors on equipment etc.). It has become increasingly difficult and impractical for developers to write bespoke solutions to detect and use each of the devices and the core DevOps/deployment teams to manage the applications and clusters which host these applications that are positioned in far edge sites (close to end-users).

Most of these devices, however…

Managed Control-Plane and Node-Pools — Serverless option for GKE

Autopilot is a new mode of operation for creating and managing Kubernetes clusters in Google Kubernetes Engine (GKE). In this mode, GKE configures and manages the underlying infrastructure, including nodes and node pools enabling users to only focus on the target workloads and pay per pod resource requests (CPU, memory, and ephemeral storage). In addition to GKE’s SLA on hosts and the control plane, Autopilot also includes an SLA on Pods.

With this new addition, users can now create GKE cluster in either ‘Standard’ mode where users can customize their configurations based on the requirements, GKE manages the control plane…

Extending Cloud-Native Capabilities to Edge — Cloud-Edge Tunnel, Edge Autonomy, Application Fleet Management

Enterprises need a robust management layer to effectively manage edge processes that provide dynamic orchestration and automation. However, the entire edge architecture consists of different hardware and software resources. The edge eco-system contains heterogeneous hardware scattered across multiple regions and positioned based on the requirement. According to the leading global research and advisory organizations, edge architectures have a hierarchical structure.

Virtual Application Networks — Connecting Distributed Applications Across Clouds, Clusters and Networks

Modern software development is moving away from client/server toward more flexible architectures with services located everywhere. There are various reasons for deploying or replicating an application in multiple locations: geographically distributed applications for enhanced performance and availability, maintain compliance, connected vehicles, local breakouts in 5G, remote edge sites, etc. This requirement makes application-oriented multi-cloud and multi-cluster connectivity an inevitable trend of cloud computing.

VPN technologies like OpenVPN, Strongswan, Wireguard etc. are widely used to create secure site-to-site connectivity between sites, although VPN is conformant in facilitating connectivity between remote-sites there are caveats and and complexities involved. Some key caveats: VPNs…

Kubernetes distribution that powers Elastic Kubernetes Service (EKS) globally

Amazon at the re:Invent 2020 virtual event made strategic announcements related to container services, the announcement include EKS-A (EKS Anywhere), EKS-C (EKS Console), ECS-A (ECS Anywhere) and EKS-D (EKS Distro). While EKS-A, EKS-C, ECS-A are expected to be available in 2021, AWS open sourced EKS-D — Kubernetes distribution that powers its Elastic Kubernetes Service (EKS).

A Kubernetes distribution is Kubernetes with a chosen configuration and a chosen set of addons. There are multiple Kubernetes distributions like Rancher Kubernetes, VMware Tanzu Kubernetes Grid, Charmed Kubernetes from Canonical, Red Hat OpenShift etc. available upstream. …

Geo-Aware Multi Cluster Ingress — Ingress for Anthos

Ingress for Anthos is a Google cloud-hosted multi-cluster ingress controller for Anthos GKE clusters. Ingress for Anthos supports deploying shared load balancing resources across clusters and across regions enabling users to use a same load balancer with an anycast IP for applications running in a multi-cluster and multi-region topology.

In simpler terms this allows users to place multiple GKE clusters located in different regions under one LoadBalancer. It’s a controller for the external HTTP(S) load balancer to provide ingress for traffic coming from the internet across one or more clusters by programming the external HTTP(S) load balancer using network endpoint…

OSM — SMI Compliant Open Source Service Mesh

Microsoft’s Open Service Mesh is an SMI-compliant, lightweight service mesh being run as an open source project. Backed by service-mesh partners including HashiCorp, Solo.io, and Buoyant, Microsoft introduced the Service Mesh Interface last year with the goal of helping end users and software vendors work with the myriad choices presented by service mesh technology by providing a set of specification standards. OSM can be considered as a reference implementation of SMI, one that builds on existing service mesh components and concepts.

Open Service Mesh data plane is architecturally based on the Envoy proxy and implements the go-control-plane xDS v3 API

Modernize applications with Migrate for Anthos

Migration involves lifting and shifting virtual machines/legacy applications running on physical servers into public cloud platforms which offer many benefits, including enhanced agility, significantly reduced overhead compared to a data center, and a standard usage and management environment. The first step of modernizing an application is to break an application into a set of container images that include everything needed to run a portion of the application: code, runtime, system tools, system libraries, and settings. …

Declarative, Kubernetes-style APIs to Cluster Creation, Configuration, and Management

The Cluster API (CAPI) is a Kubernetes project that brings declarative, Kubernetes-style APIs to cluster creation. CAPI does this by using Custom Resource Definitions to extend the API exposed by the Kubernetes API Server, allowing users to create new resources such as Clusters (representing a Kubernetes cluster) and Machines (representing the machines that make up the Nodes that form the cluster). A Controller for each resource is then responsible for reacting to changes to these resources to bring up the cluster. …

Gokul Chandra

Software Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store