https protocol: TCP 26-Service 118 port: 443 targetPort: 9377 Choosing your own IP address（选择⾃⼰的IP地址） Service 创建时，可指定⾃⼰的Cluster IP。可通过 spec.clusterIP 字段设置Cluster IP。 例如，如果您想替换⼀条现 有DN 10 Shortcomings（缺点） 使⽤VIP的userspace proxy可在中⼩规模的情况下⼯作，但⽆法扩容到有数千个Service的⾮常⼤的集群。有关详细信 息，请参阅 the original design proposal for portals（⻔户⽹站的原始设计⽅案） 。 使⽤userspace proxy会隐藏访问 Service 的数据包的源IP。这使得某些防⽕墙⽆法实现。iptables kubectl create -f 创建它，即可看到： $ kubectl get ing NAME RULE BACKEND ADDRESS test-ingress - testsvc:80 107.178.254.228 其中， 107.178.254.228 是由Ingress

PREROUTING • No de-fragment is done during PREROUTING IPVS bypass conntrack (con.) • Egress • Original way • Nf local-out -> ip_output nf post-route -> ip_finish_output • The new way • Call ip_finish_output error Future work • Open source • The modification to IPVS is already open source • https://github.com/Tencent/TencentOS-kernel/ • More components will be open source later • Support more Linux

firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.99.1.0/24" accept' # firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.244.0.0/16" accept' # firewall-cmd --run�me-to-permanent （以下是非HA模式的master初始化，如果要部署高可用集群，则参考第4章） kubeadm init --kubernetes- version=v1.19.4 \ --apiserver-adver�se- address=10.99.1.51 \ # api server地址 --pod-network-cidr=10.244.0.0/16 \ # pod容器网段 --service-cidr=10.7.0 （以下是非HA模式的master初始化，如果要部署高可用集群，则参考第4章） kubeadm init --kubernetes- version=v1.28.2 \ --apiserver-adver�se- address=10.99.1.51 \ # api server地址 --pod-network-cidr=10.244.0.0/16 \ # pod容器网段 --service-cidr=10.7.0

kubeadm.yaml Step4: 配置环境变量 vi /root/.bashrc export KUBECONFIG=/etc/kubernetes/admin.conf source /root/.bashrc Step5: 安装网络插件 calico wget https://docs.projectcalico.org/v3.8/manifests/calico address: ":80" websecure: address: ":443" emqxconsole: address: ":18083" emqx: address: ":1883" influxdb: address: ":9999" openservice: address: ":8888" beehive: address: ":8181" smarthome: address: ":88" nbiot-udp: address: ":9092/udp" providers:

hort of organizations working in association with the U.S. Department of Defense to drive open source innovation into strategic de- fense initiatives. The company is delivering technology solutions Lee and Ben Reif, leaders within Booz Allen’s digital solutions busi- ness, the focus has been to address this challenge with the development of Smart- Edge, a decentralized approach that goes beyond data possible at scale with an extensible platform utilizing open architecture prin- ciples and open source technologies.” At-a-Glance As a premier digital integrator for the U.S. Department of Defense

prevented TEE-based KMS Plugin [1] • Address performance & latency concerns • Reduce / minimize remote KMS interactions w/o compromising security • Address security threats • etcd compromise • Host TEE-based KMS Provider • Address security threats • Host (KMS provider) compromise Ø leak DEKs Ø leak Secrets • Fraudsters calling DEK decryption interfaces TEE-based Kubectl • Address security threats • secrets • Sending to / receiving from malicious software entity (logic) TEE-based Kubelet • Address security threats • Node (kubelet) compromise • leak secrets on consumption TEE-based Secrets Protection

etc.) 0 n-1 … ordinal Service (Kube-proxy, CLB, etc.) 0 n-1 … StatefulSetPlus ordinal 2/2 Original Pod Updating Pod Updated Pod OK StatefulSetPlus StatefulSetPlus Batch Gray Release Key Features:

you can search Helm chart repositories. Apache OpenWhisk Source event Trigger Rule Action Result A serverless, open source cloud platform that executes functions in response to events Software Foundation (ASF) • True, community-driven open source (Apache 2 License) • Proven on IBM Cloud • Exact, same code in open source Architecture of Apache OpenWhisk Deploy Apache OpenWhisk

等突破性工程实践历史的软件咨询公司，我们对于使用 AI 辅助软件开发特别感兴趣。因此， 本期技术雷达讨论了许多代码辅助工具，如 GitHub Copilot、Tabnine 和 Codeium。我们兴奋于 open-source LLMs for coding 在工具领域可能带来的变革，并且我们看到了在编码之外的辅助领域中工具和能力的爆炸式增 长，如用户故事编写辅助、用户研究、电梯演讲和其他基于语言的任务。同时，我们希望开发人员能够负责任 GitHub 合并队列 71. Google Bard 72. Google Cloud 工作站 73. Gradio 74. KWOK 75. Llama 2 76. Maestro 77. Open-source LLMs for coding 78. OpenCost 79. OpenRewrite 80. OrbStack 81. Pixie 82. Tabnine 暂缓 — 采纳 83. Playwright GitHub 合并队列 71. Google Bard 72. Google Cloud 工作站 73. Gradio 74. KWOK 75. Llama 2 76. Maestro 77. Open-source LLMs for coding 78. OpenCost 79. OpenRewrite 80. OrbStack 81. Pixie 82. Tabnine 暂缓 — 1 21 29

Humble) • Applying Agile practices to operations • Infrastructure as code • Ops teams embracing source control (git) • Automated testing • Repeatable/consistent • CI/CD • This has worked well for App Comparing Production accuracy vs expected accuracy when possible • Rolling-updates • … Resources • Source code for this talk: https://github.com/ritazh/kubecon-ml • Kubeflow labs for AKS: https://github