Model and Operate Datacenter by Kubernetes at eBay 辛肖刚, Cloud Engineering Manager, ebay 梅岑恺, Senior Operation Manager, ebay Agenda About ebay Our fleet Kubernetes makes magic at ebay Model + Controller Controller How we model our datacenter Operation in large scale Q&A About ebay 177M Active buyers worldwide $22.7B Amount of eBay Inc. GMV $2.6B Reported revenue 62% International revenue 1.1B Kubernetes Onboard Provision Configuration Kubernetes You need onboard something from nothing! Let’s model a datacenter running Kubernetes Onboard Provision Configuration Kubernetes After you define your

PyTorch, MXNet, Chainer, and more • JupyterHub to create and manage interactive Jupyter notebooks • Model serving – serve exported models with TF Serving or Seldon • Additional components for storage, workflow Demo: Run TensorFlow Training with Containers Demo: Serving the Model with TF Serving • Options for serving • Wrap model in a web framework (eg – Flask) • Tensorflow Serving • Seldon Demo:

PaaS 层 UI (e.g. dashboard, cli) 用户 CUE schema/模板 “客户端”抽象 标准化的“服务端”抽象 – 应用模型 Open Application Model (OAM) • 通过 OAM spec 定义“以应用为中心”的原语 • 打破“谷仓”! Common Traits Function Deployment K8s Operator Manual Scaler K8s Operators Kubernetes + OAM K8s Plugin HPA Deployment scale-to-0 Function Unified Model Layer Platform Capability Pool 统一的模型层 平台统一“能力池” 模块化的交付系统 - GitOps “应用”配置 Git (as source of truth) Controller 持续交付 KubeVela “The Extensible Application Platform Based on Kubernetes and Open Application Model (OAM)” KubeVela = OAM Kubernetes Runtime + Capability Center + UI (Cli + Dashboard) KubeVela Ø

environment ○ Volume of data ○ Re-keying method ○ Number of key copies ○ Personnel turnover ○ Threat model ○ New and disruptive technologies, e.g., quantum computers Key rotation: compliance PCI DSS v3 {DEK3}KEKv3 Nov 12-Dec 12 Dec 12 - Jan 11 Jan 11 - Feb 10 KEKv1 KEKv2 KEKv3 KMS plugin: threat model and concerns ● KMS server is compromised ● KMS plugin is compromised ● Auth token for KMS - offline In external secret store Kubernetes secrets: summary ● Use encryption based on your threat model, e.g., two layers, like full-disk + application-layer ● Rotate keys regularly to limit the impact

Deployment Function 应用层 能力管理 用户体验层 Kubernetes Open Application Model（OAM） 一个用来构建云原生应用管理平台的标准规范与核心框架 OAM + OAM Platform UI Open Application Model Platform Kubernetes GitOps/持续集成 标准化定义应用组件 标准化配置应用运维能力 alibaba.com path: / service_port: 8001 # 2nd component - componentName: redis Open Application Model Platform 部署 应用配置 （Application Configuration） 面向应用维度配置运维能力与组件 apiVersion: core.oam.dev/v1alpha2

Open Tech Mini Academy @ IBM http://ibm.biz/opentech-ma Kubernetes Resource Model A common resource model can satisfy any deployment requirements § Config Maps § Daemon Sets § Deployments

contributors can get involved in the SIG. Kubernetes is in the process of moving to a new “out of tree” model, this effort spans all the touching points with the underlying infrastructure: compute, storage, have independent feature and patch release cycles, learn how SIG VMware is working to meet this new model on VMware platforms. Agenda 4 What is the VMware SIG Purpose, Projects managed, How to join

Operations import “k8s.io/kubernetes” Kubernetes Kops Kubernetes Operations Cluster Model Kubernetes Apply Kops Model Kubernetes Operations apiVersion: “kops/v1alpha2” kind: “Cluster” kubernetesVersion:

自从我们第一次提出 Google Cloud Vertex AI 以来，AI 领域已经发生了重大进展。自 2023 年 5 月以来，Google 推出了多项服务和功能来丰富这一领域。这些新增功能包括 Model Garden，一个拥有 100 多个预训练模型的 仓库；Generative AI Studio，一个旨在快速探索和原型生成 AI 模型的控制台；以及 Vertex AI Extensions，提 语言和框架 © Thoughtworks, Inc. All Rights Reserved. 38 87. AWS SAM 试验 AWS Serverless Application Model（SAM）是一款用于在 AWS 云基础设施上构建无服务器应用的开源框架。此 前入选技术雷达条目的 Serverless Framework 作为一种在各个云服务商上部署无服务器服务的流行框架，主

另起⼀个终端，输⼊： curl http://localhost:8001/api/v1/proxy/namespaces/kube-system/services/heapster/api/v1/model/namespaces/de fault/pods/cpu-demo/metrics/cpu/usage_rate 即可看到监控信息。 在本例中，尽管容器启动时，尝试使⽤2个CPU单位，但由 kubectl proxy curl http://localhost:8001/api/v1/proxy/namespaces/kube-system/services/heapster/api/v1/model/namespaces/de fault/pods/memory-demo/metrics/memory/usage 可看到如下结果： { "timestamp": "2017-06-20T18:54:00Z" router：为集群强制执⾏防⽕墙策略的路由器。这可能是由cloud provider或物理硬件管理的⽹关。 Cluster network：⼀组逻辑或物理链接，可根据 Kubernetes networking model 实现集群内的通信。集群⽹络的示 例包括诸如 flannel 的Overlay⽹络或诸如 OVS 的SDN⽹络。 Service：Kubernetes Service 使⽤Label Sele