Hi all! I am a part of the architecture team at Avito.ru, one of the world’s top classifieds (read more about Avito here). In this post I want to share our experience in implementing kubernetes at scale. Kubernetes is a powerful orchestration tool that helps us manage dozens of microservices, support robust and fast deploy. It’s really cool that we don’t have to manage resources manually, think about service discovery and so on.

An emerging use case for containerized platforms has been the ability to deploy applications in what is termed as an air-gapped deployment. This deployment pattern is particularly pronounced around edge computing (more on that later in the blog series) – though there exist significant differences between edge clusters and air-gapped deployments. Air-gapped applications are those that run isolated from datacenter or internet connectivity.

Calico provides users flexibility by detecting and choosing the right tool for the right job. One of our core values at Tigera is Our customer is the hero of our story. We consider the OpenSource users of Project Calico our customers and we intently listen to their needs to continuously deliver new capabilities and enhanced performance.

In the previous post, we took a look at the building blocks of Service Mesh Istio, got familiar with the system, and went through the questions that new Istio users often ask. In this post, we will look at how to organize the collection of tracing information over the network.

In this article, we’ll explore Calico’s denial-of-service (DoS) mitigation features, including XDP-optimisation support introduced in Calico v3.7.

In an ideal scenario, security would be baked into the development process from the very beginning. Security teams would primarily exist to verify that best practices have been followed at every step in the process. In practice, security is an enormous challenge for most organizations. This challenge is compounded by the increasingly complex and fast-paced nature of modern service-oriented architectures, such as Kubernetes.

Container orchestration and cloud-native computing has gained lots of traction the recent years. The adoption has increased to such level that even enterprises in finance, banking and the public sector are interested. Compared to other businesses they differ by having extensive requirements on information security and IT security. One important aspect is how containers could be used in production environments while maintaining system separation between applications.

Digital transformation across industries is driving the need for IT to enable cloud-native applications. This has led enterprises to adopt Kubernetes as the most effective way to support cloud-native, container-based architectures, and to modernize their applications and IT infrastructure. Organizations of all sizes are looking to take advantage of Kubernetes – for both greenfield applications and for re-architecting and modernizing legacy applications.

What is Istio? Istio is a service mesh technology adding an abstraction layer to the network. It intercepts all or part of the traffic in a k8s cluster and executes a set of operations on it. Which operations are supported? For example, setting up smart routing or implementing a circuit breaker approach, setting up “canary deployment”. Moreover, Istio makes possible imposing a limit on external interactions and controlling all routes between the cluster and an external network.

One of the chief complexities in running large scale containerized applications is the need for continuous systems/application monitoring. Containers are very different from traditional VMs and the 3 tier applications that run on them. Monitoring that needs to ensure that SLAs promised to the business are being met as well as an ability to forecast usage trends while identifying problem areas such as bugs, capacity challenges, slowing performance, and any potential downtime.