李响， 阿里云 Kubernetes + OAM 让开发者更简单 来自应用开发者的“灵魂拷问” “ Kubernetes 让 Devops 更复杂了！” Kubernetes 对于应用开发复杂在哪里 1. 关注点不同 业务研发 2. 语义与抽象程度不同 业务运维 3. 交互与使用习惯不同 业务研发、运维 YAML 文件 图形化界面 命令行工具 IaC 配置语言 扩容策略 • Deployment Function 应用层 能力管理 用户体验层 Kubernetes Open Application Model（OAM） 一个用来构建云原生应用管理平台的标准规范与核心框架 OAM + OAM Platform UI Open Application Model Platform Kubernetes GitOps/持续集成 标准化定义应用组件 标准化配置应用运维能力 统一、标准、高可扩展的云 原生应用管理平台 Component Trait 能力注册与管理 应用 Component Deployment Function apiVersion: core.oam.dev/v1alpha2 kind: Component metadata: name: frontend annotations: description: Container workload

Model and Operate Datacenter by Kubernetes at eBay 辛肖刚, Cloud Engineering Manager, ebay 梅岑恺, Senior Operation Manager, ebay Agenda About ebay Our fleet Kubernetes makes magic at ebay Model + Controller Controller How we model our datacenter Operation in large scale Q&A About ebay 177M Active buyers worldwide $22.7B Amount of eBay Inc. GMV $2.6B Reported revenue 62% International revenue 1.1B WIRI: What it really is Kubernetes Core concept of Kubernetes - Declarative magic What is an application looks like? Replica Config LoadBalancer Rolling Update Quota Docker Image Volume RBAC Kubernetes

is organized around the concept of an application. Kubernetes is not a platform as a service (PaaS) and doesn‘t have or enforce a formal notion of an application. Instead, applications are informal and and described with metadata. The definition of what an application contains is loose.” Sited: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/ API 和业务原语 关注点不同 服务语义与抽象程度不同 PaaS 层 UI (e.g. dashboard, cli) 用户 CUE schema/模板 “客户端”抽象 标准化的“服务端”抽象 – 应用模型 Open Application Model (OAM) • 通过 OAM spec 定义“以应用为中心”的原语 • 打破“谷仓”! Common Traits Function Deployment K8s Operator

孙健波 阿⾥云 技术专家 阿⾥巴巴 Kubernetes 应⽤管 理实践中的经验与教训 孙健波 阿⾥云 技术专家 • Kubernetes 基础技术中台团队 • 开放应⽤模型（OAM）项⽬ Core Maintainer • jianbo.sjb@alibaba-inc.com • 阿⾥存量 PaaS 对接 Kubernetes 的新挑战 • 研发和运维对 Kubernetes YAML = 应用模型 OAM：以应用为中心的 K8s API 分层模型 Kubernetes K8s 团队 Trait + App Config 运维 Component 研发 K8s 原生 API ECS/ FaaS/…… • API复杂：区分使用者/关注点分离 • 能力难上手：模块化封装/统一管理 • 云资源：统一API对接 apiVersion: core.oam.dev/v1alpha1 Description of the application Component 核心workload 可访问 可复制 长久运行 Server √ √ √ Singleton Server √ × √ Worker × √ √ Singleton Worker × × √ Task × √ × Singleton Task × × × apiVersion: core.oam.dev/v1alpha1

等突破性工程实践历史的软件咨询公司，我们对于使用 AI 辅助软件开发特别感兴趣。因此， 本期技术雷达讨论了许多代码辅助工具，如 GitHub Copilot、Tabnine 和 Codeium。我们兴奋于 open-source LLMs for coding 在工具领域可能带来的变革，并且我们看到了在编码之外的辅助领域中工具和能力的爆炸式增 长，如用户故事编写辅助、用户研究、电梯演讲和其他基于语言的任务。同时，我们希望开发人员能够负责任 GitHub 合并队列 71. Google Bard 72. Google Cloud 工作站 73. Gradio 74. KWOK 75. Llama 2 76. Maestro 77. Open-source LLMs for coding 78. OpenCost 79. OpenRewrite 80. OrbStack 81. Pixie 82. Tabnine 暂缓 — 采纳 83 虑这些工具，作为自己的脚本、本 地工具和基础设施即代码（infrastructure as code，IaC）的独特集合替代方案。我们还注意到，与开放应用模 型（OAM）及其参考编排器 KubeVela 有相似之处，尽管 OAM 声称更加面向应用程序而不是工作负载为中心。 21. 自托管式大语言模型 评估 大语言模型（LLMs）通常需要大量的 GPU 基础设施才能运行，但目前有强烈的推动力使它们可以在更简单的

maintenance system. 模块化、可扩展的架构设计 Sufficient expansion capability to meet the needs of diverse application operations.阿里巴巴的 k8s 集群规模 • 数十个集群 • 数十万的节点 • 单集群规模 10,000 节点 • • 数万个应用 • 超百万的容器 Online Service Scheduler云原生应用管理演进路线云原生应用管理的特征 • 标准化 • 开放 • 一次定义，随处运行 https://openappmodel.io 联合推出 开放云原生应用模型OAM 的应用定义与架构模型Thank you ! fansong.cfs@alibaba-inc.com menghai.wmh@alibaba-inc.com 关注“阿里巴巴云原生”公众号 回复

official document http://kubernetes.io • Open Tech Mini Academy @ IBM http://ibm.biz/opentech-ma Kubernetes Resource Model A common resource model can satisfy any deployment requirements § and-paste madness. • Help you define, install, and upgrade even the most complex Kubernetes application. • Official community： https://helm.sh/ Core concepts in Helm Helm installs charts into serverless, open source cloud platform that executes functions in response to events at any scale. Apache OpenWhisk offers: • Apache Software Foundation (ASF) • True, community-driven open source (Apache

，促进组合应⽤程序和保留”⼀个应⽤程序的每个容器“模型 Mounting storage systems Distributing secrets Checking application health Replicating application instances Using Horizontal Pod Autoscaling Naming and discovering Balancing ashboard:/proxy/#!/overview? namespace=default 参考： https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ 02-安装单机版Kubernetes 9 使⽤Kubespray部署⽣产可⽤的Kubernetes集群 （1.11.2） 前提：科学上⽹，或⾃⾏将gcr kubectl rolling-update 不同，它们是声明式、服 务器端的，并且具有其他特性。有关使⽤Deployment运⾏⽆状态应⽤的更多信息，请阅读 Run a Stateless Application Using a Deployment 。 15-Replica Set 52 Bare Pod（裸Pod） 与⽤户直接创建Pod的情况不同，ReplicaSet会替换由于任何原因

turtles) disks file system etcd Recommendation: Use two-layers of encryption, e.g., full-disk & application-layer … then tries to decrypt it https://xkcd.com/538/, https://xkcd.com/license.html Key rotation environment ○ Volume of data ○ Re-keying method ○ Number of key copies ○ Personnel turnover ○ Threat model ○ New and disruptive technologies, e.g., quantum computers Key rotation: compliance PCI DSS v3 {DEK3}KEKv3 Nov 12-Dec 12 Dec 12 - Jan 11 Jan 11 - Feb 10 KEKv1 KEKv2 KEKv3 KMS plugin: threat model and concerns ● KMS server is compromised ● KMS plugin is compromised ● Auth token for KMS - offline

structure Why Containers, Kubernetes & Helm? • Container • Contains everything needed to run your application • Build once run anywhere • Starts in seconds: Great for scalability • Images are stored in PyTorch, MXNet, Chainer, and more • JupyterHub to create and manage interactive Jupyter notebooks • Model serving – serve exported models with TF Serving or Seldon • Additional components for storage, workflow Demo: Run TensorFlow Training with Containers Demo: Serving the Model with TF Serving • Options for serving • Wrap model in a web framework (eg – Flask) • Tensorflow Serving • Seldon Demo: