Abstract: A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved.

Abstract: A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved.

Abstract: Examples of techniques for selectively providing mTLS using alternative server names are described herein. An example system includes a processor to generate an alternative server name in response to detecting a legacy indicator. The processor is to also associate the alternative server name with an address of a pod. The processor is to further configure a proxy associated with the pod to selectively provide mutual transport layer security (mTLS) based on the alternative server name.

Abstract: An example system and method includes a processor to receive an image ID corresponding to a container image of a container to be run. The processor is to also send the image ID to a registry. The processor is also to receive an image metadata corresponding to the image ID from the registry. The processor is to store the image metadata on a local file system. The processor is to generate a container comprising an application. The processor is to execute the application using the image metadata.

Abstract: Examples of techniques for selectively providing mTLS using alternative server names are described herein. An example system includes a processor to generate an alternative server name in response to detecting a legacy indicator. The processor is to also associate the alternative server name with an address of a pod. The processor is to further configure a proxy associated with the pod to selectively provide mutual transport layer security (mTLS) based on the alternative server name.

Abstract: A system for executing one or more operating-system-level virtualization software objects (virtualization containers), comprising at least one controller hardware processor, adapted to: receive a request to connect one or more target virtualization containers, executed by at least one target hardware processor, to at least one digital storage connected to the at least one target hardware processor via at least one data communication network interface; and instruct execution of one or more management virtualization containers on the at least one target hardware processor, such that executing the one or more management virtualization containers configures the one or more target virtualization containers to direct at least one access to the at least one file system of the one or more target virtualization containers to the at least one digital storage.

Abstract: In some examples, a system for managing distributed data can include a processor to detect an update notification from a client device to update a managing server, the update notification indicating that a remote server node is unavailable. The processor can also generate a comparison value by comparing a first time stamp to a second time stamp, wherein the first time stamp corresponds to a time at which the system receives the update notification from the client device and the second time stamp corresponds to a time the remote server node transmits a set of renewal data. Furthermore, the processor can determine that the comparison value indicates the remote server node is unavailable and remove the remote server node from the managing server.

Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.

Abstract: A method and system for implementing a replica network configuration in a distributed system is provided. The system includes a memory having computer readable instructions, and one or more processors for executing the computer readable instructions. The computer readable instructions include generating a replica node that is assigned a computer readable storage medium and a processor, receiving, at the computer readable storage medium, a network configuration of the replica node from a system administrator, automatically generating, using the processor, a unique identifier (UUID) for the replica node, transmitting the UUID to a plurality of replica nodes of the distributed system arranged in the replica network configuration, and storing the UUID in the computer readable storage medium, wherein the computer readable storage medium is a persistent storage.

Abstract: A computer-implemented method, computerized apparatus and computer program product, the method comprising: receiving a proposed reconfiguration command, the proposed reconfiguration command indicating a modification of a protocol version employed by a plurality of replica-set processes to an updated protocol version; tentatively agreeing on at least one proposed command following the proposed reconfiguration command, the at least one proposed command being in accordance with the updated protocol version, wherein said tentatively agreeing is decided prior to agreeing on the reconfiguration command; and, responsive to agreeing on the reconfiguration command, committing the tentatively agreed at least one proposed command.

Abstract: In some examples, a system for managing distributed data can include a processor to detect an update notification from a client device to update a managing server, the update notification indicating that a remote server node is unavailable. The processor can also generate a comparison value by comparing a first time stamp to a second time stamp, wherein the first time stamp corresponds to a time at which the system receives the update notification from the client device and the second time stamp corresponds to a time the remote server node transmits a set of renewal data. Furthermore, the processor can determine that the comparison value indicates the remote server node is unavailable and remove the remote server node from the managing server.

Abstract: A processor-implemented method, for continuing operation of a quorum based system is provided. The method detects a loss of quorum. A plurality of speculative configurations is created, whereby each speculative configuration is isolated from other speculative configurations in the quorum based system. Each speculative configuration continues to order requests during the creation of speculative configurations. The method selects and starts one of the plurality of speculative configurations as a new operational configuration. Ordered requests continue to the new operational configuration. The original configuration of the quorum based system is restarted in response to the plurality of speculative configurations not being isolated.

Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.

Abstract: An example system and method includes a processor to receive an image ID corresponding to a container image of a container to be run. The processor is to also send the image ID to a registry. The processor is also to receive an image metadata corresponding to the image ID from the registry. The processor is to store the image metadata on a local file system. The processor is to generate a container comprising an application. The processor is to execute the application using the image metadata.

Abstract: A processor-implemented method, for continuing operation of a quorum based system is provided. The method detects a loss of quorum. A plurality of speculative configurations is created, whereby each speculative configuration is isolated from other speculative configurations in the quorum based system. Each speculative configuration continues to order requests during the creation of speculative configurations. The method selects and starts one of the plurality of speculative configurations as a new operational configuration. Ordered requests continue to the new operational configuration. The original configuration of the quorum based system is restarted in response to the plurality of speculative configurations not being isolated.

Abstract: A method and system for implementing a replica network configuration in a distributed system is provided. The system includes a memory having computer readable instructions, and one or more processors for executing the computer readable instructions. The computer readable instructions include generating a replica node that is assigned a computer readable storage medium and a processor, receiving, at the computer readable storage medium, a network configuration of the replica node from a system administrator, automatically generating, using the processor, a unique identifier (UUID) for the replica node, transmitting the UUID to a plurality of replica nodes of the distributed system arranged in the replica network configuration, and storing the UUID in the computer readable storage medium, wherein the computer readable storage medium is a persistent storage.

Abstract: A computer-implemented method, computerized apparatus and computer program product, the method comprising: receiving a proposed reconfiguration command, the proposed reconfiguration command indicating a modification of a protocol version employed by a plurality of replica-set processes to an updated protocol version; tentatively agreeing on at least one proposed command following the proposed reconfiguration command, the at least one proposed command being in accordance with the updated protocol version, wherein said tentatively agreeing is decided prior to agreeing on the reconfiguration command; and, responsive to agreeing on the reconfiguration command, committing the tentatively agreed at least one proposed command.