Go Programming Pattern in Kubernetes Philosophy Harry Zhang @resouer Contents • What I will talk? • Kubernetes basic in 1 min • For Kubernetes developers: • The Golang programming patterns of popular open source projects in this world • Written by, and heavily depends on Golang Again: Why Go? • All about community • A sad story: • https://github.com/google/lmctfy • Now think about a of all Asta Xie instances $ kubectl get astaxie NAME KIND astaxie1 AstaXie.v1.cr.client-go.k8s.io My AstaXie Object & Controller etcd kube-apiserver types register AstaXie Controller

#IstioCon Is Your Virtual Machine Really Ready-to-go with Istio? Kailun Qin, Intel Haoyuan Ge #IstioCon Quick Summary (from Google Cloud Next ’19 [1]) VM works on Istio! [1] Istio Service Mesh Proxy to Proxy kernel bypass w/ HW acceleration #IstioCon Quick Summary, Today Istio is ready-to-go for VM native. And should/will be ready for MORE! #IstioCon Thank you! Github: @kailun-qin @harryge00

#IstioCon Istio-redirector: the way to go to manage thousands of HTTP redirections Etienne Fontaine (@etifontaine) #IstioCon Istio-redirector 301-redirection from /bus/routes/bruxelles/lille

Operator Pattern：用 Go 扩展 K8s 的最佳实践 吴学强 ApeCloud KubeBlocks Maintainer & 研发总监 目 录 认识我们 00 什么是 Operator 01 Operator 基础模型 02 Operator 最佳实践 03 我们是谁 云猿生（ApeCloud）是一家提供数据库内核与管理平台的基 础软件开发商. KubeBlocks 熟悉如何生成二级资源（Managed Resource） 6. 熟悉如何写 UT 7. 熟悉如何制作 Helm Chart 课后思考题： 1. 如何不启动 WebHook？ 2. API 只要用 Go 写就可以了吗，需要修改对应的 YAML 文件吗？ 3. Setup 阶段，用 Watch 函数取代 Owns 并实现同样的目的。 4. Reconcile 函数为什么不区分 Create、Update

Go在Docker分布式环境中 的应用 孙宏亮@DaoCloud allen.sun@daocloud.io 个人介绍 • 孙宏亮 • DaoCloud技术合伙人，高级工程师 • 热爱golang&docker • 《Docker源码分析》作者 • docker、swarm等项目committer Agenda • Docker生态&Golang • DaoCloud&Golang •

石墨文档GO在K8S上微服务的实践 彭友顺 石墨文档 基础设施负责人 目 录 1 架构演进 01 2 微服务的生命周期 02 3 如何管理好微服务 03 架构演进 第一部分 架构演进 单体应用时期 垂直应用时期 微服务时期 快速、简单 耦合强 隔离、稳定 复制多 隔离、稳定 复用高 架构演进 组件增多 架构复杂 维护困难 架构演进 传统模式 K8S模式 format、lint、breaking 检查。 CI build 阶段 • 会基于 pb 的注释自动产生文档，并推送至内部的微服务管理系统接口平台中 • 会生成 Go/PHP/Node/Java 桩代码和错误码，推送到指定的仓库 开发阶段 • go get 客户端、服务端的gRPC和错误码的代码 配置 对接 Debug • 配置驱动 • 配置补齐 • 配置工具 • Proto的管理 • 配置补齐 • 配置工具 • Proto的管理 • 错误码管理 • 调试gRPC • 调试信息 • 错误定位 Generate • protoc -I {error proto file} --go-errors_out={output directory} • 实现我们自定义的error类型，方便断言。 • 根据注解的code信息，在错误码中生成对应的grpc status code •

https://github.com/dapr/dapr Language Go Repository https://github.com/dapr/components-contrib Language Go Repository https://github.com/dapr/kit Language Go 4 Dapr security audit 2023 Threat model FromFlags(): https://github.com/dapr/dapr/blob/ddd11bcc07ddf61bf5edd835a4b621a3ef1d395a/cmd/daprd/main.go#L4 8 func main() { // set GOMAXPROCS _, _ = maxprocs.Set() rt, err := runtime.FromFlags(os.Args[1:]) DaprRuntime: https://github.com/dapr/dapr/blob/d5f9625cf94e3b032759d7ef35a5256287c183cd/pkg/runtime/cli.go#L445 return NewDaprRuntime(runtimeConfig, globalConfig, accessControlList, resiliencyProvider), nil

AWS Lambda supports languages like NodeJS, Java, Python, C# and Go. If you are novice to any of these technologies, we suggest you to go through tutorials related to these before proceeding with this .......... 88 8. AWS LAMBDA — FUNCTION IN GO ......................................................................................... 90 Installing Go ............................................ AWS Lambda Function using GO .............................................................................................................. 94 Lambda function handler with Go.........................

trap/fuzz_t est.go#L26 2 FuzzRunTemplate istio.io/istio/pkg/kube/inje ct https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/pkg/kube/inject/fuzz _test.go#L23 3 FuzzReadCACert on/fuzz_test.go#L22 4 FuzzIstioCASign istio.io/istio/security/pkg/ pki/ca https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/security/pkg/pki/ca/f uzz_test.go#L24 5 FuzzValidateCSR https://github.com/istio/istio/blob/6 5478ea81272c0ceaab568974aff7 00aef907312/security/pkg/pki/ra/fu zz_test.go#L23 9 Istio Security Audit, 2023 6 FuzzBuildSecurityCaller istio.io/istio/security/pkg/ server/ca

Default Production Profile Not Sufficiently Hardened 003 Medium Weak Hash Used for Integrity 009 Medium Go Trace Profiling Enabled By Default 013 Medium Permissive Kubernetes RBAC within a Namespace 015 Medium Istio Location The ValidateVirtualService function defined in istio/pkg/config/validation/valid ation.go Impact An attacker that is able to create an Istio VirtualService within a Kubernetes cluster can Recommendation Within the Webhook.admitPilot() method in istio/pkg/webhooks/validation/server/ server.go, modify the call to Schema.ValidateProto() — and the definition of the method itself — to forward the