CNCF Project Envoy enables Arm64 CI using Azure Pipelines on AWS Graviton2
By Envoy Contributors: Kushal Koolwal (Arm), Jingzhao Ni (Arm), Matt Klein (Envoy/CNCF), Lizan Zhou (Tetrate) Software applications are being created and rewritten with a “cloud-native first” mindset, leveraging principles of containerization and its orchestration, microservices, and delivering them…
Cloud Native Computing Foundation’s new general manager on developer trends, collaboration and disappointment over Google’s surprise decision not to donate its Istio project.
Debugging your debugging tools; What to do when your service mesh goes down in production?
Service Meshes are widely used as a means to enforce policies and at the same time gain visibility into your application behavior and performance. As more organizations adopt service mesh in their architectures, they are relying more heavily…
TOC Approves SPIFFE and SPIRE to Incubation
Today, the CNCF Technical Oversight Committee (TOC) voted to accept SPIFFE and SPIRE as incubation-level hosted projects. The SPIFFE (Secure Production Identity Framework For Everyone) specification defines a standard to authenticate software services in cloud native environments through…
How to land Service Mesh – From technology selection to practice
This webinar will be delivered in Chinese. FreeWheel的广告服务平台迁移到微服务架构之后,复杂的服务调用链路为服务治理与问题排查带来了很多困难。为解决这一痛点,我们引入了Service Mesh技术,期望通过它在流量控制、可观察性等方面的能力来解决现有问题。我会从Istio与AWS App Mesh的对比讲起,让你了解到Service Mesh 的技术选型策略,并通过实践分享为你落地Service Mesh 提供参考。
印度股票经纪公司Zerodha是全球最大的散户股票投资平台,每天要处理 800 万笔交易。 “我们的使命就是方便普罗大众进行交易和投资,”首席技术官 Kailash Nadh 说。 鉴于这个行业的特点和交易规模,Zerodha基础设施需要涵盖公有云(大多数内部应用的 AWS)和多个数据中心的物理机,满足通过租赁股票交易市场线路和适配器实现资本市场互联的具体监管和技术要求。 自身的复杂性,加上严格监管的技术堆栈,最终用户应用程序和需要各种外部依赖的内部系统,公司需要云原生技术。 “我们需要一个统一、集中的监控基础设施,在各种复杂环境中运行,” Nadh 说,“Prometheus 能保证我们有效监控关键的低时延金融系统,帮我们集合并监控整个基础设施范围的指标。大量已有的导出器和自定义导出器带来的书写便利,让我们能在短时间内实现大范围覆盖。” 此外,Zerodha 已经开始将其服务从 VM 迁移到容器,并在 2020 年逐步迁移到 Kubernetes。因其所有应用程序是用 12 要素法、面向服务的基础设施开发的,所以迁移非常简单。公司有一套明确的流程,规定以其 CI/CD 流程推动生产变化,因此,基础设施团队从 GitLab 创建 CI 流水线入手。Zerodha 重点实践“基础设施即代码”,使用 Terraform、Packer 和 eksctl,在 AWS 上管理 Kubernetes 集群基础设施,并在 AWS(ECR)内部镜像仓库托管容器镜像(工件)。…
The Indian stock brokerage Zerodha handles 8 million trades a day, making it the largest retail stock investment platform in the world. “Our mission is to make trading and investing easy and accessible to the masses,” says CTO…
Happy developers: Navigators of the data age
Guest post originally published on the Rookout blog by Or Weis In the age of discovery, navigators changed the world. Their unique skills won them fame, riches, and glory, as well as the ears and support of kings…
With Kubernetes, the U.S. Department of Defense is enabling DevSecOps on F-16s and Battleships
Before DevSecOps came to the U.S. Department of Defense, software delivery could take anywhere from three to ten years for big weapons systems. “It was mostly teams using waterfall, no minimum viable product, no incremental delivery, and no…
美国国防部实现 DevSecOps 前,大型武器系统的软件交付通常需要 3 年到 10 年。 “多数团队使用 waterfall,没有最小化可行产品(MVP),没有增量交付,也没有最终用户的反馈回路,”美国空军首席软件官 Nicolas M. Chaillan 说。此外,“网络安全也大多是事后才会去考虑。” 2018 年夏天,Chaillan 加入,尝试改变这种现状。他的解决方案非常简单,却给国防部带来一场革命。他和 DoD 负责信息企业的副首席信息官 Peter Ranks 共同创建了 DoD 企业 DevSecOps 参考设计,该设计要求 DoD 系统必须使用 CNCF 许可的 Kubernetes 集群和其他开源技术。“DoD 企业 DevSecOps 参考设计规定了 DevSecOps 管道的入口。”Chaillan 说“只要团队遵守参考设计,就能拿到 DoD…