In the news

• kubespray port to arm64
• Multiarch Kubernetes with kubespray (Sergey Nuzhdin, @lwolf)
• Hybrid ARM64/X86-64 cluster article (Carlos Eduardo, @carlosedp)
• Panfrost drivers in Mesa
• ARM Mali 400/500 DRM Driver (Phoronix)
• Reverse tunnels with Inlets (Alex Ellis, @alexellis)
• nginx unprivileged containers for arm64 https://github.com/nginxinc/docker-nginx-unprivileged/issues/12 @nginxinc
• RHEL8 beta on arm64 on Amazon a1.* (Jon Masters, @jonmasters)
• The Full Windows 10 Experience inside your Raspberry Pi pi64.win
• A performance analysis of the first generation of HPC-optimized Arm processors (Concurrency and Computation: Practice and Experience via Primeur Magazine)
• Page cache attacks

Clusters and Kubernetes

kubespray port to arm64

Kubespray is a provisioning tool for Kubernetes that can create high availability clusters from a simple configuration file. It is being ported to arm64 systems and multi-architecture clusters. Kubespray runs on bare metal and most clouds, using Ansible as its substrate for provisioning and orchestration. It provides domain knowledge of Kubernetes clusters’ life cycle management, including self-hosted layouts, dynamic discovery services and the like.

• Github: @kubernetes-sigs/kubespray
• Github: @kubernetes-sigs/kubespray/#2551
• Github: @kubernetes-sigs/kubespray/#4171
• Github: @kubernetes-sigs/kubespray/#4176

Multiarch Kubernetes with kubespray (Sergey Nuzhdin, @lwolf)

In this Medium article, Sergey Nuzhdin (@lwolf) describes the motivation for using Kubespray to set up a multi-architecture Kubernetes cluster. He notes that support for non-amd64 platforms has improved dramatically during the last two years, with the popularity of inexpensive devices like the Raspberry Pi and its community. Some of the problems Sergey overcame in this article have already been fixed in the kubespray master.

• Medium: Sergey Nuzhdin

Hybrid ARM64/X86-64 cluster article (Carlos Eduardo, @carlosedp)

Carlos Eduardo’s efforts also produce a multi-architecture cluster with a mix of arm64 and x86 nodes. He demonstrates with an Intel LattePanda as a master node and a mix of smaller, cheaper and more power-saving single board computers running arm64 processors as nodes.

• Medium: Carlos Eduardo

Graphics

Panfrost drivers in Mesa (Phoronix)

Panfrost Gallium3D is a 3D open-source graphics driver component which currently targets the Arm Mali Midgard and Bifrost generations of graphics hardware. Midgard is the Mali T604 through T880, and Bifrost is the G31 through the current-generation G76. The Mesa 19.1 release is expected to appear as a stable release in late Q2 2019 (May 2019).

• Panfrost
• Gitlab: Panfrost public code hosting
• Phoronix: Panfrost Gallium3D Driver Merged Into Mesa 19.1 For Open-Source ARM Mali Graphics

ARM Mali 400/500 DRM Driver (Phoronix)

The OpenGL driver for the ARM Mali 400/450 targets an earlier set of hardware than the Gallium3D equipment. The current maintainer is Qiang Yu who says that the “kernel driver and user-kernel interface are quite stable for several months, so I think it’s ready to be upstreamed.”

• ARM Mali 400/500 DRM Driver Volleyed Out Again, Trying To Get Into The Mainline Kernel
• Freedesktop: Gitlab, Lima/Mesa
• dri-devel mailing list: Qiang Yu release notice

Networking

Reverse tunnels with Inlets (Alex Ellis, @alexellis)

Inlets is a new reverse tunneling system that allows containers behind a private network firewall to expose selected ports to the outside world. It combines a reverse proxy and websocket tunnels to expose your internal and development endpoints to the public Internet via an exit-node. An exit-node may be an inexpensive cloud server or any other computer with an IPv4 IP address. Inlets was designed to solve a common case where OpenFaaS needs an exposed port in order to dispatch functions to a Kubernetes or Docker Swarm cluster.

• Github: @alexellis/inlets

nginx unprivileged containers for arm64 (nginx, @nginxinc)

The docker-nginx-unprivileged container published by NGINX allows the reader to run NGINX (a proxy server) as an unprivileged user from within Docker.

• Github: @nginxinc/docker-nginx-unprivileged/#12

Operating systems

RHEL8 beta on arm64 on Amazon a1 (Jon Masters, @jonmasters)

Jon Masters of Red Hat notes that Amazon’s a1 instances can now run a beta test release of RHEL8. The a1 instance is Amazon’s arm64 virtual machine, offering up to 16 cores with the full EC2 network stack.

• Twitter: Jon Masters, @jonmasters

The Full Windows 10 Experience inside your Raspberry Pi

pi64.win is the blog and software distribution site for drivers for Windows 10 for arm64 on the Raspberry Pi. They host drivers that are not part of the commercial distribution from Microsoft, notably MCCI‘s DWCOTGHCD.SYS USB drivers, instructions for getting started, and more. They also host a Discourse server for collaboration and discussion.

• pi64.win
• Discourse: pi64.win

High Performance Computing

A performance analysis of the first generation of HPC-optimized Arm processors (Concurrency and Computation: Practice and Experience via Primeur Magazine)

The GW4 Isambard project has just published a study analyzing the performance of Europe’s first Arm based production supercomputer. The study concludes that Arm-based processors are now capable of providing levels of performance competitive with state-of-the-art offerings from the incumbent vendors, while significantly improving performance per euro. The study appeared as “A performance analysis of the first generation of HPC-optimized Arm processors” published in “Concurrency and Computation: Practice and Experience”.

• Primeur Magazine
• Concurrency and Computation: Practice and Experience

Security

Page cache attacks

Page cache attacks are a new hardware-agnostic side channel attack that targets the operating system page cache. The work was done by a team from Graz University of Technology, Boston University, NetApp, CrowdStrike, and Intel.

• arXiv:1901.01161v1 cs.CR 4 Jan 2019