OpenShift Pipelines Tutorial using Tekton

In this video, Daniel Helfand goes through the OpenShift Pipelines tutorial using OpenShift Pipelines version 0.4. The video shows users how to install OpenShift Pipelines via an operator, how to create Kubernetes custom resources based on Tekton, how to use the Tekton CLI, and discusses high-level concepts of Tekton. The result of this video is showing how […]
The post OpenShift Pipelines Tutorial using Tekton appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift

Build Kubernetes Operators from Helm Charts in 5 steps

Helm is a popular package manager for Kubernetes applications which helps packaging all resources an application needs as a Helm Chart which can then be shared and installed on Kubernetes clusters. Helm Charts are very useful for addressing the complexities of installation and simple upgrades of particularly stateless applications like web apps. However when it […]
The post Build Kubernetes Operators from Helm Charts in 5 steps appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift

Accessing virtual machines behind Azure Firewall with Azure Bastion

Azure Virtual Network enables a flexible foundation for building advanced networking architectures. Managing heterogeneous environments with various types of filtering components, such as Azure Firewall or your favorite network virtual appliance (NVA), requires a little bit of planning.

Azure Bastion, which is currently in preview, is a fully managed platform as a service (PaaS) that provides secure and seamless remote desktop protocol (RDP) and secure shell (SSH) access to your virtual machines (VMs) directly through the Azure portal. Azure Bastion is provisioned directly in your virtual network, supporting all VMs attached without any exposure through public IP addresses.

When you deploy Azure Firewall, or any NVA, you invariably force tunnel all traffic from your subnets. Applying a 0.0.0.0/0 user-defined route can lead to asymmetric routing for ingress and egress traffic to your workloads in your virtual network.

While not trivial, you often find yourself creating and managing a growing set of network rules, including DS NAT, forwarding, and so on, for all your applications to resolve this. Although this can impact all your applications, RDP and SSH are the most common examples. In this scenario, the ingress traffic from the Internet may come directly to your virtual machine within your virtual network, but egress traffic will end up going to the NVA. Since most NVAs are stateful, it ends up dropping this traffic as it did not initially receive it.

Azure Bastion, allows for simplified set up of RDP/SSH to your workloads within virtual networks containing stateful NVAs or Azure Firewall with force tunneling enabled. In this blog, we will look at how to make that work seamlessly.

For a reference on how to deploy Azure Bastion (preview) in your virtual network, please see the documentation “Create an Azure Bastion host (Preview).”
To learn how to implement Azure Firewall in your virtual network, refer to the documentation “Deploy and configure Azure Firewall using the Azure portal.”

Having deployed both Azure Bastion and Azure Firewall in your virtual network, let us look at how you can configure Azure Bastion to work in this scenario.

Configuring Azure Bastion

When deploying Azure Firewall, or a virtual appliance, you may end up associating your RouteTable, which was created while deploying Azure Firewall, to all subnets in your virtual network. You may even be including the AzureBastionSubnet subnet as well. 

This applies a user-defined route to the AzureBastionSubnet subnet which directs all Azure Bastion traffic to Azure Firewall, thereby blocking traffic required for Azure Bastion. To avoid this, configuring Azure Bastion is very easy, but do not associate the RouteTable to AzureBastionSubnet subnet.

As you would have noticed above, myRouteTable is not associated with the AzureBastionSubnet, but with other subnets like Workload-SN.

The AzureBastionSubnet subnet is secure platform managed subnet, and no other Azure Resource can deploy in this subnet except Azure Bastion. All connections to Azure Bastion are enforced through the Azure Active Directory token-based authentication with 2FA, and all traffic is encrypted/over HTTPS. 

Azure Bastion is internally hardened and allows traffic only through port 443, saving you the task of applying additional network security groups (NSGs) or user-defined routes to the subnet.

With this, the RDP/SSH requests will land on Azure Bastion. Configured using the example above, the default route (0.0.0.0/0) does not apply to AzureBastionSubnet as it's not associated with this subnet. Based on the incoming RDP/SSH requests, Azure Bastion connects to your virtual machines in other subnets, like Workload-SN, which do have a default route associated. The return traffic from your virtual machine will go directly to Azure Bastion, instead of going to the NVA, in your virtual network as the return traffic is directed to a specific private IP in your virtual network. The specific private IP address in your virtual network makes it a more specific route and hence, takes precedence over the force-tunnel route to the NVA, making your RDP/SSH traffic work seamlessly with Azure Bastion when a NVA or Azure Firewall is deployed in your virtual network.

We are grateful and appreciate the engagement and excitement of customers and community and are looking forward to your feedback in further improving the service and making it generally available soon.
Quelle: Azure

Azure publishes guidance for secure cloud adoption by governments

Governments around the world are in the process of a digital transformation, actively investigating solutions and selecting architectures that will help them transition many of their workloads to the cloud. There are many drivers behind the digital transformation, including the need to engage citizens, empower employees, transform government services, and optimize government operations. Governments across the world are also looking to improve their cybersecurity posture to secure their assets and counter the evolving threat landscape.

To help governments worldwide get answers to common cloud security related questions, Microsoft published a white paper, titled Azure for Secure Worldwide Public Sector Cloud Adoption. This paper addresses common security and isolation concerns pertinent to worldwide public sector customers. It also explores technologies available in Azure to help safeguard unclassified, confidential, and sensitive workloads in the public multi-tenant cloud in combination with Azure Stack and Azure Data Box Edge deployed on-premises and at the edge for fully disconnected scenarios involving highly sensitive data. The paper addresses common customer concerns, including:

Data residency and data sovereignty
Government access to customer data, including CLOUD Act related questions
Data encryption, including customer control of encryption keys
Access to customer data by Microsoft personnel
Threat detection and prevention
Private and hybrid cloud options
Cloud compliance and certifications
Conceptual architecture for classified workloads

For governments and the public sector industry worldwide, Microsoft provides Azure – a public multi-tenant cloud services platform that government agencies can use to deploy a variety of solutions. A multi-tenant cloud platform implies that multiple customer applications and data are stored on the same physical hardware. Azure uses logical isolation to segregate each customer's applications and data from those of others. This approach provides the scale and economic benefits of multi-tenant cloud services while rigorously helping prevent customers from accessing one another's data or applications.

A hyperscale public cloud provides resiliency in times of natural disaster or other disturbances. The cloud provides capacity for failover redundancy and empowers sovereign nations with flexibility regarding global resiliency planning. A hyperscale public cloud also offers a feature-rich environment incorporating the latest cloud innovations such as artificial intelligence, machine learning, Internet of Things (IoT) services, intelligent edge, and more. This rich feature set helps government customers increase efficiency and unlock insights into their operations and performance.

Using Azure’s public cloud capabilities, customers benefit from rapid feature growth, resiliency, and the cost-effective operation of the hyperscale cloud while still obtaining the levels of isolation, security, and confidence required to handle workloads across a broad spectrum of data classifications, including unclassified and classified data. Leveraging Azure isolation technologies, as well as intelligent edge capabilities (such as Azure Stack and Azure Data Box Edge), customers can process confidential and sensitive data in secure isolated infrastructure within Azure’s multi-tenant regions or highly sensitive data at the edge under the customer’s full operational control.

To get answers to common cloud security related questions, government customers worldwide should review Azure for Secure Worldwide Public Sector Cloud Adoption. To learn more about how Microsoft helps customers meet their own compliance obligations across regulated industries and markets worldwide, review “Microsoft Azure compliance offerings.
Quelle: Azure

Cloud innovation in pig weighing helps farmers improve safety and profitability

For many people, the mention of a “hearty breakfast” or “flavorful meal” conjures up the quiet sizzle, smoky flavor and savory aroma of bacon. Pork enthusiasts can count on their beloved bacon to deliver a consistent quality and experience — and that’s no accident. Pig farmers and processors know all too well that a pig’s weight and fat percentage are critical for pig production. If the animal weighs too much, it requires additional costly processing, and if the animal is too small, it fetches a lower market price. So, farmers are paid less if a pig’s weight is out of the acceptable range, which varies by country. Hitting this just right is one of the biggest challenges of pig production and dictates a farmer’s profitability.
In the four months or so that a farmer prepares a pig for production, he or she is typically only able to weigh a pig a few times. This gives little opportunity to adjust the animal’s diet and hit the target weight range by the pre-set production date. To estimate a pig’s weight, the farmer has three options: take the pig out of its pen and force it onto a scale, climb into the pig’s pen and measure the pig from head to tail and around the girth, or conduct a visual inspection. These manual processes are likely to yield inaccurate results, can be highly stressful for the pigs, and can be extremely difficult, time-consuming and dangerous for farmers. Imagine trying to corral or get in the pen with an approximately 110 kilogram (240 pound) scared animal. Truthfully, pig weighing is a bit of a guessing game, but these manual processes are how farmers around the world have done it for decades. Until now.
Transforming from manual to digital animal production
At Smart Agritech Solution of Sweden, we develop digital solutions for innovative animal production. Our startup is the brainchild of Per Eke-Göransson, an inventor and former pig farmer. He says, “Manual weighing is a painful task for both humans and animals. After having weighed pigs for years, manually in the summer heat, I started to think that there must be an easier way. The solution hit me after long and hard thinking, and I realized exactly how to do it.”
In the 1980s, Per had the idea to use photographs to create optical measurements to calculate a pig’s weight. However, his idea was ahead of its time: cameras were too expensive and technology was too immature. Per got a patent and invested in a 15-year-old algorithm that the Swedish Agricultural Institute of Farming had developed. Finally, photography and machine-learning technology have caught up, and Per partnered with a butcher and a technician to turn his idea into reality.
We contacted the IBM Garage because we had this genius concept, but we needed a system, cloud services, developers, quality assurance and so on. Plus, as a small startup, we wanted to boost the credibility of our solution with backing from a huge IT company. We knew no one would question IBM.
Addressing farmer challenges through cloud innovation
At the IBM Garage in Copenhagen, we participated in an IBM Design Thinking Workshop and a cloud innovation architecture workshop for Pig Scale, our digital pig-weighing solution. We greatly appreciated how well organized the process was and how much we involved the user’s perspective.
For our first minimum viable product (MVP), we decided to create assets that would have the biggest impact at EuroTier, the world’s largest farming conference, in Hannover, Germany. The deliverables included a clickable prototype to demonstrate how the front-end solution works, a conference booth design explaining the solution and its value for the farmer, and a video illustrating a pigsty and how we use machine learning and visual recognition to capture and analyze a pig’s weight.
With the IBM Garage, we built our MVP on IBM Cloud with IBM Watson Machine Learning. Every day, with no stress to the pigs or danger to the farmer, the solution will capture accurate 2-D photographs of pigs in their pens; determine their weight, growth rate and readiness for production; and alert the farmer about any growth anomalies. This allows the farmer to quickly adjust a pig’s diet to get the pig’s weight into the most profitable range.
The Pig Scale concept was extremely well received at EuroTier. In fact, more than 125 farmers, competitors and system integrators from around the world requested to buy our product or even purchase our company. We had never seen anything like it.
With such positive feedback on the first MVP, we quickly secured funding to build the second MVP — Pig Scale’s back-end system. We are currently working with the IBM Garage and the IBM Watson iLab team on the second iteration. Stay tuned because Pig Scale is going to be something to squeal about.
To schedule a complimentary four-hour IBM Garage consultation, click here.
The post Cloud innovation in pig weighing helps farmers improve safety and profitability appeared first on Cloud computing news.
Quelle: Thoughts on Cloud