Technology Short Take 115

 Published on 21 Jun 2019 ·  Filed in Information ·  1104 words (estimated 6 minutes to read)

Welcome to Technology Short Take #115! I’m back from my much-needed vacation in Bali, and getting settled back into work and my daily routine (which, for the last few weeks, was mostly swimming in the pool and sitting on the beach). Here’s a fresh new collection of links and articles from the around the web to propel myself back into blogging. I hope you find something useful here!

Networking

• Mohamad Alhussein shares information on how to add a floating static route to an NSX edge via the NSX REST API.
• Mircea Ulinic shows readers how to use salt-sproxy to take a different approach to network automation using Salt. Normally this would require the use of Proxy Minions, but Ulinic’s post on salt-sproxy shows how this can be done without any Proxy Minions.
• Michael Kashin has published a couple of posts on a project of his called NaaS (Network-as-a-Service). Part 1 is here, and part 2 is here. These two articles are interesting (to me) because they combine both network automation and Kubernetes. Nifty! I’m looking forward to seeing how NaaS evolves.
• David Holder walks through removing unused load balancer IP allocations in NSX-T when used with PKS. Although I believe David’s post focuses on Enterprise PKS, it may also apply to NSX-T when integrating with “generic” Kubernetes as well. (I haven’t tested it.)

Servers/Hardware

Nothing this time around, sorry!

Security

• Software company Agile Bits recently announced support for U2F-compatible hardware security keys in their 1Password product. Currently, the support is limited to the web interface of 1Password and only in specific browsers, but it would not be unreasonable to see the support expand in the future.
• Vivek Gite shows to how use oathtool to generate time-based one-time passwords for use with 2FA systems (in the article Google is the example service being secured, but instructions are provided near the end for working with other online services as well).
• Although this article is titled “How to use OpenSSL,” it’s really more of an educational article on hashes, digital signatures, and digital certificates, with some openssl commands thrown in along the way. It’s a misleading title, but the content differs from the title in a good way.

Cloud Computing/Cloud Management

• My teammate Duffie Cooley has a post on how to use KinD (Kubernetes-in-Docker) to test a PR for Kubernetes. Cool stuff.
• David Holder walks readers through the steps for bootstrapping Prometheus, Grafana, and AlertManager in Enterprise PKS (Kubernetes) clusters. He’s using some Enterprise PKS-specific stuff, so keep in mind it won’t apply to more “generic” Kubernetes environments.
• The folks at Pulumi recently added support for Terraform remote state; check out this blog post on using Terraform remote state with Pulumi.
• Nick Korte walks readers through creating a Wavefront proxy in AWS.
• Kief Morris, the author behind the O’Reilly Infrastructure as Code book (see my review here) has launched a website that provides infrastructure patterns (re-usable frameworks for creating infrastructure).
• Joshua Sheppard spins a cautionary tale about adopting Kubernetes. As Sheppard mentions in his article, the project did suffer from some scope creep, and it sounds like maybe tools like kubeadm (which can help address some of the certificate management concerns breached in the article) weren’t used. All in all, this article should remind readers that any large software project—whether it be implementing Kubernetes or migrating applications to the public cloud—needs good planning and good oversight, and won’t be as easy as the blogs make it seem to be.
• Kayan Azimov has a write-up on using terraform and kubeadm to stand up a highly-available Kubernetes cluster on AWS. I liked Azimov’s use of AWS SSM to store PKI artifacts; that’s a handy trick I’ll have to try myself. I didn’t like that Azimov used cfssl to generate the PKI artifacts instead of just using kubeadm, or that he ran etcd as a systemd unit instead of as a static pod. Still, it’s a nice walk-through that can most certainly be used as a learning exmaple.
• My teammate Jim Weber has a nice post on the TokenReview API in Kubernetes.

Operating Systems/Applications

• Ajay Chenampara shows how to add a custom credentials that stores SSH private keys into Ansible Tower. The use git, in this instance, is cloning a private Git repository via an Ansible playbook.
• Systango has this high-level overview of serverless application architecture along with some pros/cons, use cases, etc.
• Marko Lukša shares a nifty Bash trick to repeat a command until it works.
• Bryan Culver of Network to Code has a 101-level primer on Ansible Vault.
• Based on this article, it looks like the primary benefit of using Universal Base Images is that you can base it on RHEL without having to be a Red Hat customer. Is there something else I’m missing?

Storage

• Cormac Hogan has recently published three good articles on storage in Kubernetes (the articles are all part of a larger “Kubernetes Storage on vSphere” series). The first article covers StatefulSets with a focus on PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs). The second article covers failure scenarios with a focus on node failure/removal, and the third article discusses ReadWriteMany PVs using NFS. Good stuff!
• Eli Finkelshteyn explains why data moats are not just about the data (they also about creating a data-driven culture).

Virtualization

• Wil van Antwerpen talks about how to create a macOS Catalina VM using VMware Fusion.
• Myles Gray shows how to use cloud-init for VM templating on vSphere. I haven’t had the chance to fully dig into this yet, but I’m a big fan of cloud-init and have long lamented that it didn’t work on vSphere (or didn’t seem to, anyway).
• Simon Long is launching a podcast called The VCDX Podcast, focused on providing information pertinent to folks pursuing the VCDX certification.

Career/Soft Skills

• This doesn’t really fit anywhere else, but it’s such a good article on network effect that I felt like it would be useful. Ali Yahya’s article on robot hiveminds and network effects does a great job, I think, of explaining network effect and defensibility through a real-world example.
• Although this article is focused on teaching a kid to build a game in Python using Pygame Zero, I think some of the takeaways listed near the end could be applicable to anyone learning a complex new skill.

I have plenty more material I could include, but I’ll stop here so as to not overwhelm the readers (this is a lot of material to digest!). If you have any questions about any of these links, or comments about this or other articles on my site, you’re always welcome to interact with me via Twitter. Have a great weekend, all!

Metadata and Navigation

 Networking  Hardware  Security  Storage  Virtualization  NSX  Kubernetes  Terraform  Pulumi  Fusion  macOS  vSphere  Automation  Encryption  Docker  Terraform  Pulumi  SSH  Ansible
Previous Post: Blogging Break
Next Post: Technology Short Take 116

Be social and share this post!