obligatory Keycloak mention Keycloak is awesome because it provides almost everything an organization of almost any size might ever need when it comes to topics like OpenID, SSO, federation or authorization services.
But Keycloak is a monolith, it doesn’t do things the cloud native way1.
Updated on 10th of April 2021: The decision to move Apache Mesos to Attic, has been reversed.
An end of an era. What’s the better way to summarize that the maintainers of Apache Mesos are now voting on moving the project to Apache Attic.
If you are using golang, there’s a pretty high chance you have used the os.Expand(s string, mapping func(string) string) function in your code already. Or maybe it’s derivative, os.ExpandEnv(s string).
The former takes an input string and expands the shell variable-like occurrences with actual shell variable values.
Well, sort of. But bear with me.
background A couple of days ago, Confluent announced a ZooKeeper free Kafka 2.8 RC0 available for testing. A fantastic effort, great achievement by all the contributors who made it happen.
In the typical Hacker News fashion, a post about Kafka always triggers an inevitable “Puslar vs Kafka” discussion.
Long time coming but the KIP-5001 has finally landed. It’s official, Apache Kafka does not require ZooKeeper anymore. The KRaft, the Kafka Raft implementation, is not recommended for production yet. Full announcement from Confluent is here2.
Regardless, this is a fantastic milestone and a kudos to all the contributors for making this happen as the simplification in the operations will be significant.
the problem Currently, when a rootfs is built, the guest is started with an SSH server and the bootstrap process executes via an SSH connection. I don’t like this and want to replace the SSH method with an MMDS based solution. MMDS is already present in the firebuild run command.
what is Firecracker Firecracker is a virtualization technology for creating and managing secure, multi-tenant services suited for container-like and serverless scenarios. Firecracker workloads run in virtual machines, not containers. Unlike containers, they benefit from extra isolation properties provided by the hardware virtualization. Similar to containers, Firecracker VMs—microVMs—are lightweight and fast to boot.
This article describes the prerequisites to the Introducing firebuild.
install Firecracker and Jailer on the host Firecracker works only on Linux. You can use this program to install and link the binaries on your system.
install and configure golang 1.16+ The tc-redirect-tap CNI plugin (mentioned below) requires golang to build, as does firebuild.
Dockerfiles are awesome There is so much software out there packaged as Docker images. Operating systems, SQL and NoSQL databases, reverse proxies, compilers, everything. Safe to say, most of that software available as Docker containers is built from the common file format - the Dockerfile.
A Firecracker release comes with two binaries - the firecracker and the jailer programs. The jailer brings even more isolation options to Firecracker by creating and securing a unique execution environment for each VMM.
what can it do check the uniqueness and validity of the VMM id, maximum length of 64 characters, alphanumeric only assign NUMA node check the existence of the exec_file run the VMM as a specific user / group assign cgroups assign the VMM into a dedicated network namespace a VMM can be damonized what does it do This part comes from the jailer documentation1.