Model and Operate Datacenter by Kubernetes at eBay 辛肖刚, Cloud Engineering Manager, ebay 梅岑恺, Senior Operation Manager, ebay Agenda About ebay Our fleet Kubernetes makes magic at ebay Model + Controller Controller How we model our datacenter Operation in large scale Q&A About ebay 177M Active buyers worldwide $22.7B Amount of eBay Inc. GMV $2.6B Reported revenue 62% International revenue 1.1B Kubernetes Onboard Provision Configuration Kubernetes You need onboard something from nothing! Let’s model a datacenter running Kubernetes Onboard Provision Configuration Kubernetes After you define your

内并不会破坏与现有客户端的兼容性。⼀般来说，新的API资源和新的 资源字段通常可被频繁添加。消除资源或字段将需遵循 API deprecation policy 。 API change document 详细介绍了兼容更改以及如何更改API的内容。 OpenAPI与Swagger定义 完整的API详情使⽤ Swagger v1.2 和 OpenAPI 记录。Kubernetes apis 标志）。 在想要 预留资源的每个kubelet上执⾏此操作。 API对象 Node是Kubernetes REST API中的顶级资源。有关API对象的更多详细信息，可详⻅：Node API object 。 原⽂ https://kubernetes.io/docs/concepts/architecture/nodes/ 13-Node 40 从Pod说起 Pod是Kuberne 仅指同⼀Node上kubelet重启容器时所使⽤的策略。 失败的容器由kubelet重 启，以五分钟上限的指数退避延迟（10秒，20秒，40秒...），并在成功执⾏⼗分钟后重置。 如 Pods document 中所 述，⼀旦绑定到⼀个Node，Pod将永远不会重新绑定到另⼀个Node。 Pod的寿命 ⼀般来说，Pod不会消失，直到有⼈销毁它们——可能是⼈⼯或Controller去销毁Pod。

go to • K8s official document http://kubernetes.io • Open Tech Mini Academy @ IBM http://ibm.biz/opentech-ma Kubernetes Resource Model A common resource model can satisfy any deployment – Redis – Zookeeper – Nginx StatefulSet/DaemonSet • StatefulSet is the workload API object used to manage stateful applications. Manages the deployment and scaling of a set of pods, and

copies ○ Personnel turnover ○ Threat model ○ New and disruptive technologies, e.g., quantum computers Key rotation: compliance PCI DSS v3.2.1 3.5 Document and implement procedures to protect keys keys used to secure stored cardholder data against disclosure and misuse. 3.6 Fully document and implement all key-management processes and procedures for cryptographic keys used for encryption of cardholder {DEK3}KEKv3 Nov 12-Dec 12 Dec 12 - Jan 11 Jan 11 - Feb 10 KEKv1 KEKv2 KEKv3 KMS plugin: threat model and concerns ● KMS server is compromised ● KMS plugin is compromised ● Auth token for KMS - offline

因素。 Canonical Kubernetes利用Juju協助企業導覽多雲佈建、安裝及設定的複雜度。 Juju Charmed Operators(以下簡稱「Charm」)利用模型導向作業(Model- Driven Operations)的概念，協助部署及管理Kubernetes，涵蓋各種不同的雲端供 應商及執行個體。Juju模型可讓低階儲存、運算、網路及軟體元件合理作為單一實 體，並於適當 other trademarks are the properties of their respective owners. Any information referred to in this document may change without notice and Canonical will not be held responsible for any such changes. Canonical

PyTorch, MXNet, Chainer, and more • JupyterHub to create and manage interactive Jupyter notebooks • Model serving – serve exported models with TF Serving or Seldon • Additional components for storage, workflow Demo: Run TensorFlow Training with Containers Demo: Serving the Model with TF Serving • Options for serving • Wrap model in a web framework (eg – Flask) • Tensorflow Serving • Seldon Demo:

PaaS 层 UI (e.g. dashboard, cli) 用户 CUE schema/模板 “客户端”抽象 标准化的“服务端”抽象 – 应用模型 Open Application Model (OAM) • 通过 OAM spec 定义“以应用为中心”的原语 • 打破“谷仓”! Common Traits Function Deployment K8s Operator Manual Scaler K8s Operators Kubernetes + OAM K8s Plugin HPA Deployment scale-to-0 Function Unified Model Layer Platform Capability Pool 统一的模型层 平台统一“能力池” 模块化的交付系统 - GitOps “应用”配置 Git (as source of truth) Controller 持续交付 KubeVela “The Extensible Application Platform Based on Kubernetes and Open Application Model (OAM)” KubeVela = OAM Kubernetes Runtime + Capability Center + UI (Cli + Dashboard) KubeVela Ø

Deployment Function 应用层 能力管理 用户体验层 Kubernetes Open Application Model（OAM） 一个用来构建云原生应用管理平台的标准规范与核心框架 OAM + OAM Platform UI Open Application Model Platform Kubernetes GitOps/持续集成 标准化定义应用组件 标准化配置应用运维能力 alibaba.com path: / service_port: 8001 # 2nd component - componentName: redis Open Application Model Platform 部署 应用配置 （Application Configuration） 面向应用维度配置运维能力与组件 apiVersion: core.oam.dev/v1alpha2

contributors can get involved in the SIG. Kubernetes is in the process of moving to a new “out of tree” model, this effort spans all the touching points with the underlying infrastructure: compute, storage, have independent feature and patch release cycles, learn how SIG VMware is working to meet this new model on VMware platforms. Agenda 4 What is the VMware SIG Purpose, Projects managed, How to join

Operations import “k8s.io/kubernetes” Kubernetes Kops Kubernetes Operations Cluster Model Kubernetes Apply Kops Model Kubernetes Operations apiVersion: “kops/v1alpha2” kind: “Cluster” kubernetesVersion: