introduces the concept of the versatile-scenario OS, which achieves flexible version build and service composition through a full-stack atomization decoupling and Lego-style architecture, making it can continue managing processes on the host side. The DPUDirect feature significantly reduces service offloading costs in DPU scenarios, simplifies O&M, and significantly reduces subsequent maintenance management-plane processes offloaded to the DPU and the service processes on the host. In this way, applications are unaware of offloading. Only a small amount of service code on the management plane is needed to

Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like? What HTTP HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring & alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it requests? Application monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses

Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like? What HTTP HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring & alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it requests? Application monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses

Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like? What HTTP HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring & alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it requests? Application monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses

Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like? What HTTP HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring & alerting Is any network communication failing? Why is communication failing? Is it DNS? Is it requests? Application monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses

container configura�on. Why Cilium? The development of modern datacenter applica�ons has shi�ed to a service- oriented architecture o�en referred to as microservices, wherein a large applica�on is split into to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container iden�ty (in contrast to IP address iden�fica�on in tradi�onal systems) and can requests with method GET and path /public/.* . Deny all other requests. Allow service1 to produce on Ka�a topic topic1 and service2 to consume on topic1 . Reject all other Ka�a messages. Require the HTTP

configuration. Why Cilium? The development of modern datacenter applications has shifted to a service-oriented architecture often referred to as microservices, wherein a large application is split into to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and requests with method GET and path /public/.*. Deny all other requests. Allow service1 to produce on Kafka topic topic1 and service2 to consume on topic1. Reject all other Kafka messages. Require the HTTP header

services encrypt easily ● How to send task TCP traffic to TLS forward proxy transparently for a service? Solution: ● Redirect client on connect(2) by BPF_CGROUP_INET6_CONNECT and BPF_CGROUP_SOCK_OPS state, not host ● Rules auto-cleanup on task stop is important ● Has to be integrated with service discovery, etc Solution: ● Use BPF_CGROUP_INET_{EGRESS,INGRESS} ● If use-case allows, filter on socket Filter by local/remote IP, IP prefix, port, protocol, TCP flags ● Integrated with service discovery: can filter by service name (dynamic set of IP:port endpoints) Container firewall (twfw) Network faults

cloud-native CPU scheduling algorithms for hybrid service deployments and KubeOS for containers. As an OS platform, openEuler releases an updated long-term service (LTS) version every two years. Each LTS version algorithm against out of memory (OOM) allows online services to run reliably based on their higher service priorities. • EulerFS: A new file system is designed for non-volatile dual in-line memory modules deployed and maintained in containers, allowing the OS to be managed based on Kubernetes, just as service containers. • Secure container solution: Compared with the traditional Docker+QEMU solution, the

. . . . . . . . . . . . . . . . . . . . . . . . . 87 3.7.5 Customization example to tweak sshd service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 3.8 The udev system . . . . . . . . . 110 6.2.2 Modern mail service limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 6.2.3 Historic mail service expectation . . . . . . . . . . . devices with typical usage scenarios . . . . . . . . . . . . . . . 189 10.4 List of the network service to chose with the typical usage scenario . . . . . . . . . . . . . . . . . . . . . . . . . 190 10