In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
The Tungsten Fabric project is an open source project protocol that is developed based on standard protocols and provides all the components necessary for network virtualization and network security. The components of the project include: SDN controller, virtual router, analysis engine, northbound API release, hardware integration functions, cloud orchestration software and extensive REST API.
All related links to this article pdf: https://tungstenfabric.org.cn/assets/uploads/files/tf-ceg-with-link.pdf
What is the purpose of this guide?
This guide is designed for application developers or computing infrastructure platform engineers, considering the options of Kubernetes networks, with a particular focus on Tungsten Fabric Carbide.
For applications running on Kubernetes, the Kubernetes Cluster Network feature is critical. These features include:
Network communication between Pod through services; network communication between the outside world and externally oriented services; network policy of fine-grained control of allowed network traffic.
To do this, the Kubernetes cluster must install the Container Network Interface ("CNI") plug-in. The Kubernetes documentation website lists a number of options, and we introduce Tungsten Fabric options in this document.
We will use an example 3-tier application to traverse the three main functional areas listed above and illustrate the functionality of Tungsten Fabric in each case. Tungsten Fabric provides other features that go beyond the Kubernetes baseline, which we will also cover in these places.
To follow our use case, you should deploy your own quick start copy of TF with Kubernetes ("K8s") on AWS.
precondition
This guide assumes you are familiar with how to:
Deploy the CloudFormation template to your AWS account; connect to the EC2 instance in AWS using the SSH client and SSH private key; and use the kubectl CLI tool to deploy the application to Kubernetes; using Linux CLI / terminal tools such as less and nano. An introduction to the sample application
To demonstrate how Tungsten Fabric can help us get our application running, provide access from Internet, and secure it, we will use a mock application called "yelb". It was written and maintained by a development advocate for AWS. The reason for choosing this application is that it is simple, well documented, and can be run on Kubernetes.
Check the Yelb Architecture link for more details, but at a higher level, it looks like this:
The application consists of four deployments: yelb-ui,yelb-appserver,yelb-db and yelb-cache. Each deployment has its own Kubernetes service. Yelb-ui services can also be managed through Kubernetes Ingress to provide you with L7 HTTP routing.
Get ready.
For our exercises, we need to have the following conditions:
Use Kubernetes's kubectl CLI tool to access the Kubernetes cluster where Tungsten Fabric is installed; a copy of yelb
Visit our Kubernetes cluster
If you follow the steps in the Tungsten Fabric Carbide Quick start Guide on AWS, you should be able to log in to the QuickStart sandbox control node as described in the "Accessing the Cluster" section of the guide. To find the common DNS hostname of the sandbox control node, look for the template used to deploy Kubernetes with TF Carbide in the Outputs tab of AWS CloudFormation UI:
After entering the sandbox control node, run:
Sudo-s
Kubectl get nodes
Output similar to the following should be displayed:
Get a copy of the Yelb application
After successfully connecting to the sandbox control node and verifying that kubectl is working, use the following command to get a copy of yelb and change the working directory to a working directory with a Kubernetes manifest (run as root):
Next step
At this point, you will have a functional sandboxie Kubernetes cluster with two compute nodes, as well as an application that can be used to verify functionality. The rest of this document will provide you with examples of how to deal with common network and security situations that you may encounter when developing and operating applications running on Kubernetes.
Each use case is independent and does not require you to complete any other use cases in this document.
Feel free to jump to the one you think is appropriate:
Basic application connections through Kubernetes services advanced external application connections through Kubernetes's Ingress application isolation through Kubernetes namespace coarsening application isolation application differential segments through Kubernetes network policy
(the official account of "TF Chinese Community" will release the details of four use cases one after another.)
Follow Wechat: TF Chinese Community
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 219
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.