Technology Short Take 143
Published on 6 Aug 2021 · Filed in Information · 752 words (estimated 4 minutes to read)Welcome to Technology Short Take #143! I have what I think is an interesting list of links to share with you this time around. Since taking my new job at Kong, I’ve been spending more time with Envoy, so you’ll see some Envoy-related content showing up in this Technology Short Take. I hope this collection of links has something useful for you!
Networking
- Here’s a quick look at using Envoy as a load balancer in Kubernetes.
- Back in April of this year, Patrick Ogenstad announced Netrasp, a Go package for writing network automation tooling in Go.
- Eric Sloof shows readers how to use the “Applied To” feature in NSX-T to potentially improve resource utilization.
- Michael Kashin explains how he built a DIY (Do It Yourself) SD-WAN using Envoy and Wireguard.
Servers/Hardware
- Travis Downs explores a recent Intel microcode update that may have negatively impacted performance.
Security
- I saw this blog post about Curiefense, an open source Envoy extension to add WAF (web application firewall) functionality to Envoy.
- This post on using SPIFFE/SPIRE, Kubernetes, and Envoy together shows how to implement mutual TLS (mTLS) for a simple application. As a learning resource, I thought this post was helpful. However, I wouldn’t recommend trying to cobble together something like this for a production environment. If you need mTLS in production, use a service mesh that supports this sort of functionality.
Cloud Computing/Cloud Management
- Jeremy Cowan shows how to use Cluster API to provision an AWS EKS cluster.
- Hart Hoover drew my attention to this post regarding API removals in the upcoming Kubernetes 1.22 release.
- I really enjoy these AWS open source news and updates posts. The only way Ricardo could make it better would be by providing an RSS/Atom feed for the posts!
- John Arundel is excited about CUE.
- Having recently needed to dig into Open Policy Agent (OPA), I took renewed interest in this slightly older article by Chip Zoller that compares OPA/Gatekeeper with Kyverno. Chip does a good job of calling out the advantages and disadvantages of each solution. If I had one criticism, it would be Chip’s use of “programming language” instead of DSL for Rego—but that’s truly nitpicking what otherwise is a very useful article for folks trying to determine which policy engine they should consider and evaluate.
- Via Alex Mitelman’s Systems Design Weekly 015, I was pointed to this AWS article on multi-site active-active architectures. This is a thorny topic full of design considerations, and this AWS article discusses a few of them. It’s a good starting point for thinking about operating your own active-active architecture.
Operating Systems/Applications
- This post on decoding JWTs from the command-line has a killer
jq
“incantation” (that’s a perfect word for this command). Or, one could just use something like this. - It turns out that upgrading macOS on an M1-based Mac is perhaps a bit more complicated than it might seem. See here for more details.
git undo
? I can get onboard with that. More information is available here.- Nick Janetakis has a video that explains why you should put braces around your variables when shell scripting.
- Justin Chadell introduces support for heredocs inside Dockerfiles. I can see this being enormously useful, at the cost of some (potential) added complexity. (Although, if we’re fair, the lack of such support resulted in some complex workarounds on its own.)
- Greg Ferro shares a useful CLI tip for increasing mouse tracking speed on macOS.
Storage
- Chris Evans evaluates the “HCI market segment” following some recent industry moves. While the entire article is good, I particularly enjoyed this comment from Chris regarding “disaggregated HCI” (a term that is a pet peeve of mine): “…effectively breaking the model that HCI was initially meant to represent.”
- Greg Schulz talks a bit about the role of TCP Offload Engines (TOEs) in NVMe over Fabrics.
Virtualization
- William Lam takes a look at running ESXi on the NUC 11 Extreme, aka “Beast Canyon.” (Don’t you just love product code names?)
- Frank Denneman reminds users that CPU pinning is not an exclusive right to a CPU core.
- Via William’s post on
configstorecli
, I also saw this post by Duncan Epping on renaming a virtual switch on vSphere 7.0U2 and higher.
Career/Soft Skills
- Nick Korte applies the idea of “cheat days” to your career.
And with that, I’ll wrap this up. As always, I love to hear from readers, so feel free to engage with me on Twitter or find me on any one of a number of different Slack communities. Have a great weekend!