CNCF to Host the SPIFFE Project

  • Today, theCloud Native Computing Foundation acceptedSPIFFE into the CNCFSandbox, a home for early stage and evolving cloud native projects.

    Also known as the Secure Production Identity Framework For Everyone, the SPIFFE project is an open-source identity framework designed expressly to support distributed systems deployed into environments that may be deeply heterogeneous, spanning on-premise and public cloud providers, and that may also be elastically scaled and dynamically scheduled through technologies like Kubernetes.

    :undefined:“:undefined:The SPIFFE community believes that aligning on a common, flexible representation of workload identity, and prescribing best practices for identity issuance and management are critical for widespread adoption of cloud-native architectures,:undefined:”:undefined: said Sunil James, CEO ofScytale, a venture-backed company that serves as SPIFFE:undefined:’:undefined:s primary maintainer. :undefined:“:undefined:Modeled after similar production systems at Google, Netflix, Twitter, and more, SPIFFE delivers this platform capability for the rest of us. Joining the CNCF furthers this foundational technology, helps us build a diverse community, and delivers to the broader cloud-native community an increasingly ubiquitous identity framework that will be well-integrated with CNCF projects like Kubernetes and more.:undefined:”:undefined:

    Accompanying SPIFFE is SPIRE (aka the :undefined:“:undefined:SPIFFE Runtime Environment:undefined:”:undefined:), which is an open-source SPIFFE implementation that enables organizations to provision, deploy, and manage SPIFFE identities throughout their heterogeneous production infrastructure. Coupled with CNCF projects likeEnvoy andgRPC, SPIRE forms a powerful solution for connecting, authenticating, and securing workloads in distributed environments.

    TOC sponsors of the project include Brian Grant, Sam Lambert, and Ken Owens.

    :undefined:“:undefined:SPIFFE provides one of the most important missing capabilities needed to enable cloud-native ecosystems,:undefined:”:undefined: said Brian Grant, a principal engineer at Google and member of the CNCF:undefined:’:undefined:sTechnical Oversight Committee (TOC). :undefined:“:undefined:The internal Google system that inspired SPIFFE is :undefined:‘:undefined:dial tone:undefined:’:undefined: for Google:undefined:’:undefined:s software and operations engineers; it is ubiquitous and omnipresent. SPIFFE enables development and operations teams to easily and consistently authenticate and authorize microservices, and control (and audit) infrastructure access without needing to individually provision, manage, and rotate credentials per application and service.:undefined:”:undefined:

    Sandbox replaces the Inception level :undefined:—:undefined: for further clarification around project maturity levels in CNCF, please visit our outlinedGraduation Criteria.

    The postCNCF to Host the SPIFFE Project appeared first onThe Linux Foundation.


  • Make ISO from DVD

    In this case I had an OS install disk which was required to be on a virtual node with no optical drive, so I needed to transfer an image to the server to create a VM

    Find out which device the DVD is:



    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 465.8G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 464.8G 0 part ├─centos-root 253:0 0 50G 0 lvm / ├─centos-swap 253:1 0 11.8G 0 lvm [SWAP] └─centos-home 253:2 0 403G 0 lvm /home sdb 8:16 1 14.5G 0 disk /mnt sr0 11:0 1 4.1G 0 rom /run/media/rick/CCSA_X64FRE_EN-US_DV5

    Therefore /dev/sr0 is the location , or disk to be made into an ISO

    I prefer simplicity, and sometimes deal with the fallout after the fact, however Ive repeated this countless times with success.

    dd if=/dev/sr0 of=win10.iso

    Where if=Input file and of=output file

    I chill out and do something else while the image is being copied/created, and the final output:

    8555456+0 records in 8555456+0 records out 4380393472 bytes (4.4 GB) copied, 331.937 s, 13.2 MB/s


    read more
  • Recreate postrgresql database template encode to ASCII

    UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';

    Now we can drop it:

    DROP DATABASE template1;

    Create database from template0, with a new default encoding:

    CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE'; UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1'; \c template1 VACUUM FREEZE;

    read more