Search results for: kubernetes


Announcing Linkerd 2.14: Improved enterprise multi-cluster, Gateway API conformance, and more!

Posted on September 18, 2023 | William Morgan

Guest post originally published on Linkerd’s blog by William Morgan (Photo by drmakete lab on Unsplash) Over the past 18 months, the adoption of Linkerd has skyrocketed in enterprise environments, with companies like Adidas, Microsoft, Plaid, and DB Schenker deploying Linkerd to bring security,…


What is Flux CD?

Posted on September 15, 2023

Guest post originally published on Weaveworks’ blog Overview Developed by Weaveworks in 2016, Flux CD is a GitOps continuous delivery tool used to streamline and automate application deployments. It started as a small, internal project; now it’s a CNCF-graduated…


Trip.com Group

Posted on September 13, 2023

切换到Cilium以实现可扩展的云原生网络 Trip.com集团有限公司是一家跨国旅游服务集团,为来自全球200个国家、使用40多种语言的客户提供服务。他们的业务由庞大的IT基础设施支持,部署了Kubernetes集群,包括本地部署和AWS、阿里巴巴云等云环境。平台团队有100多人,负责管理从Kubernetes到支持10,000名工程师的CI/CD等一切。 平台团队内的网络团队有9人,其中3人正在负责Cilium。这个团队管理着超过20,000个节点的部署,包括本地物理节点和阿里巴巴云和AWS上的spot实例,总共支持超过350,000个pod。 最初,Trip.com的基础设施在很大程度上依赖于基于OpenStack Neutron的内部开发的CNI。然而,随着他们的Kubernetes集群的扩大,他们遇到了一些挑战,因为他们的解决方案是针对虚拟机而不是容器和云原生的动态世界构建的。性能和稳定構成了他們遇到的問題,集中式IPAM和更改網絡設備配置的限制影響了可擴展性。他們現有的網絡設計無法支持業務的快速增長,並且核心網絡設備條目的數量接近硬件限制。在面臨這些困境的激勵下,他們開始尋找一個適合的云原生解決方案。 Trip.com評估了幾個潛在的選項,包括流行的Kubernetes網絡解決方案和他們自己內部開發的CNI。他們的標準很明確:他們需要一個能夠克服目前硬件限制、解決集中式IPAM的性能瓶頸、提高集群可擴展性、適應未來與Kubernetes整合的云原生解決方案,提供安全的網絡策略,能夠在混合雲環境中運行,並提供卓越的數據平面性能。 在評估之後,Cilium成為了理想的選擇。它的節點本地網絡模型和使用eBPF而不是iptables的方式與Trip.com的可擴展性要求完美契合。此外,Cilium的云原生和功能豐富特性正是Trip.com所追求的。Cilium背後活躍而充滿活力的社區進一步鞏固了他們的決定。 “我們嘗試過Flannel和Calico,並擴展我們自己的解決方案以支持Kubernetes,但發現Cilium以用eBPF取代iptables並刪除kube-proxy的方式創造了一個更高效和可擴展的解決方案。有了Cilium,我們擁有非常快速的IPAM,即使在集群中有數千個節點,它也能輕松擴展。” Jaff Cheng,高级软件开发人员,Trip.com Cilium的好处不仅限于网络 在选择Cilium之后,Trip.com开始将现有的网络基础架构转移到Cilium上。他们的部署策略非常全面:在私有云中,他们利用Cilium的直接路由结合Bird BGP进行路由广告,而在公有云中,他们使用相应的IPAM插件从VPC子网分配IP地址。这使得他们无论集群在何处运行,都能获得相同的网络体验。 Cilium还为他们提供了在各个云平台上一致的安全体验。安全策略通过Kubernetes联邦进行同步,并使用Cilium的主机防火墙功能在Pod和主机上执行策略。网络访问/审计事件由Hubble收集,并通过自管理的ELK堆栈显示。Hubble还用于捕获网络流事件,如TCP连接请求,并用于了解他们应用程序在某个时间点发生了什么。 “eBPF为Cilium带来了很多可能性,使其能够在其之上构建强大的功能。” Jaff Cheng,高级软件开发人员,Trip.com 通过Cilium建立统一的网络和安全解决方案 对于Trip.com的平台团队来说,转向Cilium是一个巨大的成功。它解决了他们的网络可扩展性挑战,降低了运营成本,增强了稳定性。这次转变使他们能够在整个基础设施上集中网络功能,并为未来的增长做好准备。除了网络功能之外,Cilium还使Trip.com能够观察和保护他们的应用程序。随着他们展望未来,Trip.com计划进一步利用Cilium的功能来深入了解和优化性能,确保满足旅行行业不断变化的需求。 “Cilium非常稳定。我们在生产环境中运行了将近5年,数据平面没有发生任何重大事故,这对我们的应用程序非常重要。 当你没有问题时,你就注意不到它。我们相信Cilium不仅在大规模生产环境中准备就绪,而且在性能、功能和社区方面也是最佳选择之一。” Jaff Cheng,高级软件开发人员,Trip.com 要深入了解他们对Cilium的使用技术细节,请查看以下博客: Trip.com: First Step towards Cloud Native Networking Trip.com: Stepping into Cloud Native…


Trip.com Group

Posted on September 13, 2023

Switching To Cilium For Scalable and Cloud Native Networking Trip.com Group Limited, a multinational travel service conglomerate, serves customers in over 40 languages and 200 countries. Their operations are supported by a vast IT infrastructure, with…


Cloud Native Live: K8s all the things!

Posted on September 13, 2023

If you’re only using Kubernetes to orchestrate containers, you’re missing out on a world of functionality.The extensibility of the Kubernetes API means you can use K8s to manage not just containers but clusters, nested ‘virtual’ clusters,…


Kyverno completes fuzzing security audit

Posted on September 12, 2023 | Adam Korczynski

Project post originally published on the Kyverno blog by Adam Korczynski Presenting the results from the fuzzing security audit Kyverno, a CNCF policy engine for Kubernetes, is happy to announce the completion of its fuzzing security…


36 CNCF term 2 LFX mentees have successfully completed the program!

Posted on September 12, 2023

Congratulations to the 36 interns who have graduated from the LFX Program after working with CNCF projects over June, July, and August!     Mentees had the opportunity to work on many different projects across our Graduated, Incubating,…


Introduction: what is container runtime security?

Posted on September 8, 2023 | Rob Newsome

Member post by Rob Newsome, Head of Product Management at stack.io Container runtime security represents the proactive measures and controls used to protect a containerized application during its runtime phase. In the contemporary world of DevOps,…


Discovering chaos: my LFX mentorship journey with LitmusChaos

Posted on September 8, 2023

Mentorship post originally published on dev.to by Nagesh Bansal, LitmusChaos Contributor Diving into Kubernetes as a newcomer can be quite overwhelming. Have you ever thought about contributing to CNCF projects? If so, you’ve probably had a…


Added flexibility and better performance are driving new use cases for WebAssembly

Posted on September 6, 2023

While WebAssembly (Wasm) is still primarily used to develop web applications, its use is expanding far beyond its original use case as part of the open web platform, according to the State of WebAssembly 2023 report…