当前位置:主页 > 资料 >

CNCF Adds Security, Service Mesh and Tracing Projects: Docke
栏目分类:资料   发布日期:2017-10-31   浏览次数:

导读:本文为去找网小编(www.7zhao.net)为您推荐的CNCF Adds Security, Service Mesh and Tracing Projects: Docker Notary, Lyft Envoy and Uber J...,希望对您有所帮助,谢谢! The has announced the addition of four new hosted pr

本文为去找网小编(www.7zhao.net)为您推荐的CNCF Adds Security, Service Mesh and Tracing Projects: Docker Notary, Lyft Envoy and Uber J...,希望对您有所帮助,谢谢!

去找(www.7zhao.net欢迎您



The has announced the addition of four new hosted projects over the past month: project is designed to provide trust over digital content like container images using strong cryptographic signatures; NYU's Tandon School of Engineering is an open source trust specification that Notary implements; service mesh is a proxy for microservice communication; and tracing project enables request/data communication flow to be observed across a distributed system, such as a microservices-based application. 去找(www.7zhao.net欢迎您

The Notary project, initially created by Docker in June 2015, is designed to provide high levels of trust over digital content using strong cryptographic signatures. For example, crytographically signing container images and associated metadata. In addition to ensuring the provenance of the software, it also provides guarantees that the content is not modified without approval of the author anywhere in the supply chain. This then allows higher level systems like with (which uses Notary) to establish clear policy on the usage of content.

www.7zhao.net

The Update Framework (TUF) is an open source that was written in 2009 by Professor Justin Cappos and developed further by members of the Professor Cappos's Secure Systems Lab at NYU's Tandon School of Engineering. This project was submitted to join the CNCF in partnership with Notary, as Notary is one of the most mature implementations of TUF. Notary/TUF provides both a client, and a pair of server applications to host signed metadata and perform limited online signing functions.

本文来自去找www.7zhao.net

内容来自www.7zhao.net

Figure 1. Notary/TUF singing and verification sequence diagram

Current examples of Notary usage includes: Docker uses Notary to implement Docker Content Trust and all of the docker trust subcommands; , a container registry SaaS, is using Notary as a flexible library for trust and verification of container images and metadata; and is using Notary to distribute its kernels and system packages. Notary is already used in production environments beyond container distribution with Cloudflare integrating it into their for container identity bootstrapping and using it to secure their autoupdater for the tool. 本文来自去找www.7zhao.net

Last month the CNCF also announced that would be the 11th hosted project. Originally to move their architecture away from a monolith, Envoy is a high-performance open source edge and service proxy that makes the network transparent to applications. Software Engineer led his team to design the technology to abstract most networking complexities from the application developer. Written in C++ for performance reasons, the Envoy out of process architecture can be used with any application, in any language or runtime; including HTTP/2 gRPC proxying, MongoDB filtering and rate limiting, and more. 内容来自www.7zhao.net

本文来自去找www.7zhao.net

Figure 2. Current Envoy usage at Lyft

Klein explained in a , that Lyft's business is almost entirely based on open source technology. copyright www.7zhao.net

Without [open source], it's unlikely that the ridesharing service we know and love would exist today. Given the large development effort that had gone into Envoy, and understanding that many other organizations face identical challenges when moving from a monolithic to microservice architecture, we wanted to give back to the larger community that had nurtured our own company growth. Therefore, we decided to proceed with open sourcing Envoy and working to build a community around it.

本文来自去找www.7zhao.net

Currently Envoy has 78 contributors from at least 10 different organizations with primary maintainers working at Lyft and Google. Klein believes that "as a technology, Envoy has the opportunity to become a primary building block of modern service architectures." This belief is fast becoming a realisation, as organisations like Verizon are using leveraging Envoy within the automated container deployment platform, the service mesh control plane project is fastgaining traction within the industry, and startup companies such as Datawire are building open source tooling like on top of Envoy. Envoy complements the existing CNCF service mesh project, , created by Buoyant. www.7zhao.net

Rounding up the recent project hosting announcements, the distributed tracing project, initially created by Uber, will be the 12th hosted project in the CNCF. Jaeger uses an compatible data model and provides instrumentation libraries in Go, Java, Node and Python. OpenTracing is an existing CNCF project, and defines a vendor-neutral open standard for distributed tracing. 欢迎访问www.7zhao.net

去找(www.7zhao.net欢迎您

Figure 3. Jaeger architecture and usage at Uber

Uber began deploying Jaeger internally in 2015. It is now integrated into thousands of microservices and recording thousands of traces every second. The tracing system is also used by companies like Base CRM, Stagemonitor, and Symantec. Additionally, companies like Red Hat are active contributors to the project. Bryan Cantrill, CNCF Technical Oversight Committee representative and project sponsor, stated in a that distributed tracing is core to providing observability within microservice-based systems:

内容来自www.7zhao.net

One of the criticisms of microservice-based architectures is that they can become distributed monoliths: complicated, interdependent systems that tend to fail (or perform poorly) at once due to unforeseen interactions. In order to attack this problem, we must have the ability to follow code flow across services. copyright www.7zhao.net

More details on Jaeger can be found in the Uber blog post " " written by Yuri Shkuro, which explains the history and reasons for the architectural choices made in Jaeger.

本文来自去找www.7zhao.net

For additional information on the CNCF, the project website contains details of the , , and . The section of the CNCF website also contains further details on the hosted projects mentioned within this news item.

去找(www.7zhao.net欢迎您

www.7zhao.net


本文原文地址:http://www.infoq.com/news/2017/10/cncf-notary-envoy-jaeger

以上为CNCF Adds Security, Service Mesh and Tracing Projects: Docker Notary, Lyft Envoy and Uber J...文章的全部内容,若您也有好的文章,欢迎与我们分享! copyright www.7zhao.net

下一篇:没有了
Copyright ©2008-2017去找网版权所有   皖ICP备12002049号-2 皖公网安备 34088102000435号   关于我们|联系我们| 免责声明|友情链接|网站地图|手机版