Copy
If you’re managing more than one Kubernetes cluster, you may want to soon start kicking the tires on this technology. View in browser »
The New Stack Update

ISSUE 278: Scalable Kubernetes

Talk Talk Talk

“Put on the customer’s hat, and understand why they are using what they are now, and what is going to be better than the approach they already have.”

___
Keith Casey, API consultant, on thinking like a system architect.
Add It Up
How confident are you that your API inventory is complete?

Shadow APIs are a problem that not everyone takes seriously. Only 11% of people surveyed for Salt Security’s State of API Security Q3 2021 are greatly concerned about the security risks of shadow, or unknown, APIs. In contrast, 42% are greatly worried about zombie APIs, which were assumed to be turned off but can be targeted for an account takeover.

The first step towards addressing shadow APIs is documenting the ones your organization has. Compared to when the study was first conducted six months ago, the percentage of respondents that are at least somewhat confident their API inventory is complete increased from 53% to 62%.

Salt Security’s customer data indicates that respondents significantly underestimate the number of existing shadow APIs. Everyone also knows that misconfigured APIs are a big and growing problem for cloud security. Every unaccounted API adds to that problem, but so do APIs that are documented incorrectly.

What's Happening

You have a teddy bear you want to love and protect. A big brother or sister takes the teddy bear and threatens to hold it for ransom until you pay up. What do you do?

The teddy bear analogy is certainly simplistic, but it also reflects the reality of the ransomware attacks that organizations increasingly face. Attackers block access to critical data in exchange for increasingly outlandish ransoms. According to a Palo Alto Networks’ Unit 42 report, the highest ransom in 2020 was $30 million, up from $15 million in 2019.

In this latest episode of The New Stack Makers podcast, we spoke with Jason Williams, product marketing manager for Prisma Cloud at Palo Alto Networks, about what organizations should do to protect themselves from ransomware attacks. Alex Williams, founder and publisher of TNS, hosted this episode.

Ransomware Is More Real Than You Think

Scalable Kubernetes

As with any useful technology, many organizations started testing Kubernetes with a project or two, but are increasingly finding themselves managing dozens or even hundreds of K8s clusters.

This week, our London correspondent Mary Branscombe posted an article about the important work to bring built-in multitenancy support to Kubernetes, by way of the Cluster API project.

Now you may be surprised that Kubernetes, the King of Data Center Scalability, doesn’t already have this capability. “Sorry? There's someone out there doing real work with #Kubernetes who only have one cluster??” wryly tweeted  Steven J. Vaughan-Nichols, our security correspondent, about the post.

“Given that everyone running Kubernetes ends up managing multiple clusters, it surprised me there wasn't already a standard way of doing it,” Branscombe later noted in a Tweet.

As Branscombe writes in the article:

Cluster API provides abstractions for things like creating a VM or deploying a pool of VMs, using the right service for each provider — whether that’s Amazon Web Services‘ AutoScaling Groups, Azure Virtual Machine Scale Sets or GCP Managed Instance Groups — using custom resource definitions.

That’s particularly important at scale, she notes. Scripting and command-line tools work for dealing with one or two clusters, but as Microsoft’s Brendan Burns told her, when you start to have to run hundreds or, even in the case of service providers, thousands of clusters, “you have to have automation,” Burns said, no doubt referring to Microsoft’s own Azure Kubernetes Service (AKS) and its ARC multicloud management services.

Red Hat and VMware are also using Cluster API as well.

Recently, the development teams have just launched an alpha four release, a major milestone with a focus on stability and reproducibility. The 1.0 beta release is expected to arrive in the first half of 2022.

If you’re managing more than one Kubernetes cluster, you may want to soon start kicking the tires on this technology.

Beyond OAuth? GNAP for Next Generation Authentication

The Grant Negotiation and Authorization Protocol, or GNAP (“g-nap”), is currently being developed in an Internet Engineering Task Force (IETF) working group. The protocol, which will be used for authorization, API access, user identifiers, and identity assertions, addresses the shortcomings of OAuth, the most widely used authorization protocol today.

Nvidia Offers Hosted Large-Scale Processing for AI

Chip manufacturer Nvidia is following through with promises to make artificial intelligence (AI) technologies more available to mainstream enterprise developers. This year the company has unveiled a number of hosted platforms designed to enable organizations to deploy and manage highly distributed AI workloads.

How Airbnb and Twitter Cut Back on Microservice Complexities

Two recently-posted talks from Airbnb and Twitter show how these web-scale companies are battling encroaching complexity in their respective microservices-based architectures. Both established robust data layers built on GraphQL, and streamlined core functionalities into a simplified set of services to make it easier for developers to build out new features at the edges.

Party On

Alex Williams hosts a recording with Bharat Bhat of Okta and Viktor Gamov from Kong.

On The Road
apply() Community Meetup // AUG. 11 // VIRTUAL @ 9AM-12PM PDT

AUG. 11 // VIRTUAL @ 9AM-12PM PDT

apply() Community Meetup

The apply() Community Meetup will be jam-packed with great content! Join us as we continue to foster great ideas, the latest trends, and new best practices for MLOps! Register now!

Click here to download the ebook: Cloud Native Observability for DevOps Teams
Now more than ever, it’s vital to know how your systems are performing. Outages can cripple e-commerce and alienate customers. Unpredicted surges in web traffic can cause havoc. Hackers can grind your business to a halt— and even hold it for ransom.

The best defense against all of these scenarios is observability—not just monitoring, but a holistic approach that includes metrics, logs, and tracing. These days, the responsibility for paying attention to all of this falls not just on operations engineers, but on the whole DevOps team.

In the ebook, you’ll learn about:
  • The role of observability in cloud native applications.
  • Why observability isn’t just metrics, tracing, and logs.
  • How observability enables DevOps.
  • Kubernetes observability challenges and how to overcome them.
  • Why developers should learn Kubernetes.
  • An overview of Kubernetes logging.
Download Ebook
Thanks to our exclusive ebook sponsor, LogDNA for making this work possible!

Copyright © 2021 The New Stack, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp