da Agency

When girls are the SHERO of the story

Editor’s note: We’re celebrating Women’s History Month by talking with Cloud Googlers about identity and how it influences their work in technology. Cloud Googler Komal Singh’s path has taken her from India to Waterloo, Canada, where she’s an engineering program manager working on serverless products. Her 20% project at Google resulted in the publication of her first children’s STEM book, Ara the Star Engineer, which follows a young girl who uses coding to tackle big dreams and meets real-life women trailblazers. Her recent TED Talk, “Recoding Stories at Scale,” talks about exploring technology and AI in creative ways to represent minorities and girls in books in ways that inspire them.Here, she shares her path to working in technologyWho inspired you to go into engineering?I grew up in India in the 1980s, and always loved sci-fi, physics, and math. I didn’t know female engineers, but I knew women who were doctors, and we had a female prime minister in India—so I assumed women could be prime ministers, but not engineers. My dad had a huge influence on me. He always encouraged me to be more hands-on, and showed me how to do things like change a lightbulb or fix the car engine. During dinner conversations, he created problems for me to think about, like how many rotations the fan was doing per minute.In high school, I was amongst the few girls taking computer science courses. We usually worked together, and when we got a program to run, teachers thought it was a fluke, or that we were copying others’ work. There was extra pressure to prove that we had gotten it right ethically. When you’re part of a small percentage like that, it’s harder to be heard, and it’s easy to start doubting your abilities.I also loved watching Dana Scully on the X Files TV show. There’s actually a “Scully Effect” phenomenon that’s been researched, which found that more than 70% of women who watched that show went on to STEM fields. I wish I had also had someone to look up to who wasn’t white, with blond hair. I think I would be a more fearless leader now. I’m grateful now that I have role models here at work, senior women who I look up to. I want my daughter to see herself represented in ways that I didn’t. When my daughter was four, she told me that engineers are boys. As a woman of color and first-generation immigrant, I wanted to do something for her so she would know that wasn’t true. So I started a 20% project [a Google option for employees to explore topics of interest] to write a children’s book.Why use books as a way to change perceptions?The pipeline for getting girls into engineering and other STEM fields starts when they are about six. There are many initiatives being started, like Girls Who Code, Canada Learning Code, and Black Girls Code, but we need more funding for efforts like this. It can be hard to scale these programs, but books can operate at scale. Books are so pervasive, and can really influence kids as an everyday object. For kids, seeing people who look like them in books is really important.Less than 5% of kids’ books feature people of color in lead roles. I wanted to put technology to good use, so I started a 20% project to create a series of books that feature more girls and women of color. In parallel, this project is working on making storytelling more inclusive, and we’re using AI to experiment with making traditional characters more racially diverse, so a reader could see Goldilocks as a black or Asian girl, or as a non-binary character, for example.The book has been published in 10 other countries, and my daughter has traveled with me to some of these book launches. When a journalist in China asked her what she wanted to be when she grew up, she replied “an author and an engineer.” I love the fan mail that I get about the book. Girls around the world want to be problem solvers. I also hope my TED Talk on recoding stories will inspire more people to take action to make kids’ literature more equitable.What advice do you give to those newer to the workforce?Persistence pays off! I tried three times to work at Google over five years across different locations and job roles. The third time worked for me. Stay the course. Don’t be tempted to give up. And remember to be a wholesome person, whatever that means for you. For me, it’s being a good mom, having a meaningful career, and not giving up on my own hobbies and time for myself. It can be tough, but remember that your career isn’t a linear path. It will take turns along the way. This 20% project, for me, has opened up truly valuable opportunities that I didn’t foresee.
Quelle: Google Cloud Platform

da Agency

Fully Automated Management of Egress IPs with the egressip-ipam-operator

Introduction
Egress IPs is an OpenShift feature that allows for the assignment of an IP to a namespace (the egress IP) so that all outbound traffic from that namespace appears as if it is originating from that IP address (technically it is NATed with the specified IP).
This feature is useful within many enterprise environments as it allows for the establishment of firewall rules between namespaces and other services outside of the OpenShift cluster. The egress IP becomes the network identity of the namespace and all the applications running in it. Without egress IP, traffic from different namespaces would be indistinguishable because by default outbound traffic is NATed with the IP of the nodes, which are normally shared among projects. 

To clarify the concept, we can see in this diagram above containing two namespaces (A and B), each running two pods (A1, A2, B1, B2). A is a namespace whose applications can connect to a database in the company’s network. B is not authorized to do so. The A namespace is configured with an egress IP so all the pods outbound connections egress with that IP. A firewall is configured to allow connections from that IP to an enterprise database. The B namespace is not configured with an egress IP so its pods egress via using the node’s IP. Those IPs are not allowed by the firewall to connect to the database.
However, to enable this feature requires some manual steps to be properly configured. Also, when running on cloud providers, additional configuration is needed.
Reasoning about this question with a customer we realized that there was an opportunity to automate the entire process with an operator.
 
The egressip-ipam-operator 
The purpose of the egressip-ipam-operator is to manage the assignment of egressIPs (IPAM) to namespaces and to ensure that the necessary configuration in OpenShift and the underlying infrastructure is consistent.
IPs can be assigned to namespaces via an annotation or the egressip-ipam-operator can select one from a preconfigured CIDR range.
For a bare metal deployment, the configuration would be similar to the example below:
 
apiVersion: redhatcop.redhat.io/v1alpha1
kind: EgressIPAM
metadata:
name: egressipam-baremetal
spec:
cidrAssignments:
  – labelValue: “true”
    CIDR: 192.169.0.0/24
topologyLabel: egressGateway
nodeSelector:
  matchLabels:
    node-role.kubernetes.io/worker: “”
This configuration states that nodes selected by the nodeSelector should be divided in groups based on the topology label and each group will receive egressIPs from the specified CIDR.
In this example, we have only one group which in most cases will be enough for a bare metal configuration. Having multiple groups can occur when nodes are dislocated in multiple subnets, where different CIDRs are needed to make the addresses routable. This is exactly what happens with multi AZs deployments in cloud providers (see more about this below).
Users can opt in to having their namespaces receive egress IPs by adding the following annotation to the namespace: 
egressip-ipam-operator.redhat-cop.io/egressipam=<egressIPAM>. 
So, in the case of the example from above the annotation would take the form: 
egressip-ipam-operator.redhat-cop.io/egressipam=egressipam-baremetal.
When this occurs, the namespace is assigned an egress IP per cidrAssignment.
In the case of bare metal, a node is selected by OpenShift to carry that egress IP.
It is also possible for the user to specify which egress IPs a namespace should have. In this case, a second annotation is needed with the following format: 
egressip-ipam-operator.redhat-cop.io/egressips=IP1,IP2…
The annotation value is a comma separated array of IPs. There must be exactly one IP per cidrAssignment .
AWS Support
The egress-ipam-operator can also work with Amazon Web Services (AWS). In this case, the operator has additional tasks to perform because it needs to configure the EC2 VM instances to carry the additional IPs. This is due to the fact that like in most cloud providers, the cloud provider needs to control the IPs that are assigned to VMs.
For the AWS use case,the EgressIPAM configuration appears as follows:
apiVersion: redhatcop.redhat.io/v1alpha1
kind: EgressIPAM
metadata:
 name: egressipam-aws
spec:
 cidrAssignments:
   – labelValue: “eu-central-1a”
     CIDR: 10.0.128.0/20
   – labelValue: “eu-central-1b”
     CIDR: 10.0.144.0/20
   – labelValue: “eu-central-1c”
     CIDR: 10.0.160.0/20
 topologyLabel: topology.kubernetes.io/zone
 nodeSelector:
   matchLabels:
     node-role.kubernetes.io/worker: “”
Here, we can see multiple cidrAssignments, one per availability zone, in which the cluster is installed. Also, notice that the topologyLabel must be specified as topology.kubernetes.io/zone to identify the availability zone. The CIDRs must be the same as the CIDRs used for the node subnet.
When a project with the opt-in node is created, the following actions occur:

One IP per cidrAssignent is assigned to the namespace
One VM per zone is selected to carry the corresponding IP.
The OpenShift nodes corresponding to the AWS VMs are configured to carry that IP.

Installation
For detailed instructions on how to install the egress-ipam-operator, see the github repository.
Conclusion
Everytime there is an automation opportunity around and about OpenShift, we should consider capturing the automation as an operator and, possibly, also consider open sourcing the resulting operator. In this case, we automated the operations around egress IPs. 
Keep in mind that this operator is not officially supported by Red Hat and it is currently managed by the container Community of Practice (CoP) at Red Hat, which will provide best effort support. Feedback and contributions (for example, supporting additional cloud providers) are welcome.
 
The post Fully Automated Management of Egress IPs with the egressip-ipam-operator appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift