rights reserved. Amazon Confidential Amazon EKS 服务路线图摘要 已发布 - Amazon EKS control plane logs - Support for public IP space in VPC - Amazon EKS: Deep Learning Benchmarking Utility - New Amazon EKS Mumbai - CNI v1.5.0 - New Regions: Hong Kong 即将发布 - Service linked role for Amazon EKS - EKS Support for K8s version 1.13 + ECR AWS PrivateLink - EKS-optimized AMI metadata SSM parameter - IAM for environment (container- optimized distribution) • multi-tenancy requirements • gotchas: Linux packages/CVEs, leaks, GDPR (in Europe) • runtime/standards (OCI) • immutability of images • all containers

#或者使用google的源： # cat >> /etc/yum.repos.d/k8s-google.repo <packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 EOF # yum install kubelet #或者使用google的源： # cat >> /etc/yum.repos.d/k8s-google.repo <packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 EOF # yum install kubelet

B~D： B. 升级&配置 centos7 Step1. 升级 linux 内核 uname –r wget https://cbs.centos.org/kojifiles/packages/kernel/4.9.220/37.el7/x86_64/kernel-4.9.220-37.el7.x86_64.rpm rpm -ivh kernel-4.9.220-37.el7.x86_64

Spark on Kubernetes Kubernetes extends beyond container orchestration, it has been expanded to support for data-intensive and stateful apps. Benefit: l Autoscaling in Cloud l Consolidate online service goal is to bring native support for Spark to use Kubernetes as a cluster manager like YARN, or Mesos. l Spark 2.3 added native support for Kubernetes. l Spark 2.4 added support for client mode, R, python python etc. l Spark 3.0 will add support for dynamic resource allocation, external shuffle service, Kerberos etc. How it works Spark on Kubernetes Spark-operator Gaps for spark Ø Dynamic Resource

conntrack/iptables SNAT • Pros • O(1) time complexity in control/data plane • Stably runs for two decades • Support rich scheduling algorithm • Cons • Performance cost caused by conntrack • Some bugs How to • No loop support in eBPF verifier (Linux 4.14) • #param unroll • Size limitation of BPF program <= 4096 • Move SNAT allocate port loop into IPVS kernel module • Bounded loop support in Linux 5.3 • https://github.com/Tencent/TencentOS-kernel/ • More components will be open source later • Support more Linux distributions • Build IPVS kernel modules in Ubuntu, Centos • IPVS-eBPF next generation

is not a shared VPC # (There is more than one availability zone for this cluster) # # Also add support for us-east-1 # --------------------------------------------------------------- {{ if not SharedVPC is not a shared VPC # (There is more than one availability zone for this cluster) # # Also add support for us-east-1 # --------------------------------------------------------------- {{ if not SharedVPC is not a shared VPC # (There is more than one availability zone for this cluster) # # Also add support for us-east-1 # --------------------------------------------------------------- {{ if not SharedVPC

KMS • API server & kms-plugin • Cron job backup for KEKs (from KMS) • Static key configuration support in kms-plugin • One click decryption • Key force update • Liveness probe • Monitoring • Integration Version-based key synchronization • Adaption • apiserver KMS provider endpoint to support https endpoint • KMS plugin to support https [1] https://github.com/AliyunContainerService/sgx-device-plugin Secure Interface Demo • The purpose of this demo is to • Demonstrate TEE Transparency w/ Occlum’s Golang support • Showcase the confidentiality guaranteed by TEE Demo Demo Summary & Plan Summary & Next Steps

since 2016 KubeCon update ● Exec into pod ● Global search ● Login mechanism ● Settings page ● Support for Cron Jobs ● Redesigned resource creation ● ...and much much more. github.com/kubernetes/dashboard/releases running Kubernetes in GCP and on-prem ● Custom Resource Definitions support ● Service topology view ● Mobile device support ● Cost estimates ● CI/CD pipelines ● ...and more! Additional feature

SIG VMware serves to bring together members of the VMware and Kubernetes community to maintain, support and provide guidance for running Kubernetes on VMware platforms. SIG VMware provides a forum for discussion related to new CRDs, plug-ins and KEPs that allow the vSphere platform to supplement and support Kubernetes How to Join 6 SIG Sponsored projects vSphere cloud provider (In-tree and Out-of-tree) across platforms • hosts portable apps in a standard way What it does The external cloud provider support has been added as Alpha in version 1.6, it is currently in Beta (as of version 1.13) and will graduate

management. • Support big data and AI jobs. • Optimize the isolation of resources, and improve resource utilization using hybrid deployment of online and offline services. • Support Service Mesh. Features: Ø Manual/Auto Batch Gray Release Ø Multi-Batch Rollback Ø Multi-Batch InPlaceUpdate Ø Support HPA, CronHPA, VWA (Vertical Workload Autoscaler) Ø Keep share memory during Pod upgrade Ø Scaled