Kubernetes CAPI Provider for Apache CloudStack by Amazon Web Services and ShapeBlue

The Kubernetes Cluster API (CAPI) provider for Apache CloudStack allows Kubernetes users to build and manage resources on Apache CloudStack. The provider is available under the Apache 2 open-source license and has been donated to the Cloud Native Computing Foundation (CNCF) and was developed by Amazon Web Services (AWS) and ShapeBlue. CAPI is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. Started by the Kubernetes Special Interest Group (SIG) Cluster Lifecycle, the CAPI project uses Kubernetes-style APIs and patterns to automate cluster lifecycle management for platform operators. CAPI relies […]

CloudStack Integrations: StorPool Storage – High-performance Primary Storage Platform

  Cloud builders worldwide – Managed Services Providers, Hosting Services Providers, Cloud Services Providers, Enterprises, and SaaS Vendors – are always seeking ways to optimize the architecture and cost of their public and private cloud deployments. With Apache CloudStack and StorPool Storage, they can deploy a highly automated cloud that delivers the application performance and reliability their users need while easily addressing changes in user requirements over the long term. The new Solution Brief developed by the Apache CloudStack Community and StorPool aids cloud and storage architects, consultants, administrators, and field practitioners in the design and deployment of reliable, easy-to-manage, […]

VMware abstraction with Apache CloudStack

VMware Abstraction Using Apache CloudStack

The hypervisor market is in a state of flux. For over a decade, VMware has entrenched itself as the gold-standard virtualisation platform for enterprises. However, their relentless march for revenue, expected to deepen by announcements earlier this year, has led many users to reconsider their long-term strategy. In the service provider space, the weight of this decision is amplified by the need to maintain margins for public cloud services. Over the past decade, alternative virtualisation platforms (such as KVM and XCP-ng) have started to demonstrate that they are serious contenders for enterprise use. At ShapeBlue, we have seen a slow […]

Manage Network Permission l CloudStack Feature Deep Dive

Introduction In Apache CloudStack, users are organized into a logical structure of Accounts and Domains. In previous versions of Apache CloudStack each Account had its own resources which could not be shared with other accounts (eg. when a software application from one Account needs to access an application in another account under the same Domain). For this to work, users had to configure their networks with firewall rules, port forwarding, load balancing or private gateways. This method causes considerable network overhead as all packets have to go through 2 different Virtual Routers (VRs) to reach their destination. With Apache CloudStack […]

Self-service Shared Networks l CloudStack Feature Deep Dive

Introduction In Apache CloudStack it is possible to deploy three types of Guest Networks: Isolated, VPC and Shared Networks. Previously in Apache CloudStack, Domain Admins and Regular Users could deploy only Isolated and VPC Networks. Shared Networks could only be deployed by Root Admins (as they require the selection of a VLAN) which adds considerable overhead and reduces the agility of the cloud offering. From the platform operator’s perspective, Shared Networks might not be made available to the Users at all due to the extra burden. From CloudStack 4.17 onwards, Domain Admin and Regular Users are now able to deploy […]

System VM and Virtual Router Zero Downtime Upgrade l CloudStack Feature First Look

Introduction Apache CloudStack has always been easier to upgrade than many of its competitors, but a common pain point is that when a new release of Apache CloudStack is deployed, the operations team must organize maintenance windows to allow the redeployment of every customer’s VR. Depending on the number of existing networks, planning and execution can be time-consuming, especially in cases of mission-critical customer services, often requiring scheduling of the VR upgrade on a case-by-case basis. Also, to a much lesser extent, when upgrading system VMs, secondary storage-related and proxy console services have some downtime. With this new feature, the […]

IPv6 Support for Isolated and VPC Networks l CloudStack Feature First Look

The IPv6 protocol is a much-needed next step in the world of the Internet and networking in general. With the depletion of publicly routable IPv4 addresses, most providers will need to switch to IPv6, which not only provides a much bigger address space but also offers many other advantages over IPv4, such as improved security, efficient routing, better QoS, etc. For a long time, Apache CloudStack has offered IPv6 support solely for Shared Networks. This will change with Apache CloudStack 4.17.0 LTS, which will add IPv6 support for isolated networks and VPCs making it possible for users to deploy dual […]

Flexible Service Offerings l CloudStack Feature First Look

Introduction Apache CloudStack Service Offerings are sets of capabilities that a CloudStack admin makes available to users, defining Instance, Volume and Network specifications to be consumed by users when creating their resources. Previously, when users deployed a new Instance, the Root Volume definition was included in the Compute Offering, including disk size, IOPS and storage tags. This behaviour is a limitation when users try to change the Instance Root Volume characteristics, as it is a part of the Compute Offering, used alongside the Instance. To address this behaviour, Root Volume specifications have been decoupled from the Compute Offerings. This new […]

ShapeBlue Security Advisory for CVE-2022-35741: XXE vulnerability in SAML 2.0 Service Provider Plugin for CloudStack

18 July 2022 13:30 UTC Versions Affected Any version of Apache CloudStack >= 4.5 (including currently supported versions: 4.16.0, 4.16.1, 4.17) Scope Any Apache CloudStack (affected versions) environments that have the SAML plugin enabled. Summary Apache CloudStack enables authentication through SAML 2.0 by providing a SAML 2.0 Service Provider Plugin. This plugin is disabled by default and is enabled by configuring the global setting saml2.enabled to true. Having this setting set to true in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack […]

Structured System Events l CloudStack Feature First Look

The events notification framework is a key component of Apache CloudStack, facilitating traceability of operations, and enabling cloud operators to automate tasks which may otherwise require admin intervention at regular intervals. Though quite useful, events in CloudStack had a major inconsistency regarding information of the resource (ie. Instances, Templates, Volumes, Networks, Accounts, etc.). To identify the resource in question, one had to refer to the Event description which may contain resource UUID or internal database ID. This made tracking resource operations difficult and also made automation difficult as the administrator would have to parse event description strings (which are not […]