团队 Trait + App Config 运维 Component 研发 K8s 原生 API ECS/ FaaS/…… • API复杂：区分使用者/关注点分离 • 能力难上手：模块化封装/统一管理 • 云资源：统一API对接 apiVersion: core.oam.dev/v1alpha1 kind: Component metadata: name: nginx annotations: annotations: version: v1.0.0 description: > Sample component schematic that describes the administrative interface for our nginx deployment. spec: workloadType: Server osType: linux containers: - name: required: false 2. A list of overwritable parameters (schemas) 1.Description of the application Component 核心workload 可访问 可复制 长久运行 Server √ √ √ Singleton Server √ × √ Worker × √ √ Singleton Worker ×

能力插件 业务运维 业务研发 平台工程师 统一、标准、高可扩展的云 原生应用管理平台 Component Trait 能力注册与管理 应用 Component Deployment Function apiVersion: core.oam.dev/v1alpha2 kind: Component metadata: name: frontend annotations: description: frontend-c8bb659c5 1 2d15h $ kubectl get components NAME WORKLOAD frontend deployment.apps.k8s.io Component：应用中的一个组成部分，例如容器、 Function或者云服务等 应用组件 运维能力 扩容策略 发布策略 分批策略 访问控制 流量配置 Deployment Function dev/v1alpha2 kind: ApplicationConfiguration metadata: name: helloworld spec: components: # 1st component - componentName: frontend traits: - trait: apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler

Secrets: like DB access credentials • Ingress Component Launch Sequence • In Kubernetes, we can use the following mechanisms to handle the component launch sequence: – Init Container: a pre-handling Probe: readiness probe and liveness probe Component Deployment Topology • Use affinity to make deployment topology policies for different component. E.g. controller node and DB node may not be

Objects Component Description Pods A grouping of one or more containers as an atomic unit Namespaces A way to organize items in a cluster Labels, Annotations & Selectors Tags for component grouping Controllers T1 NSX Edge Cluster Architecture NSX-T • NSX Container Plugin: NCP is a software component provided by VMware in form of a container image, runs in K8s as a Pod • Kubernetes Adapter: NCP

the cluster 2 What end users did in the cluster How to locate failure 1 Which component is going wrong 2 Which component that leads delivery of the pod to failure Is the cluster healthy 1 Are all software

d requirement选择器： "selector": { "component" : "redis", } 或： selector: component: redis 此选择器（分别以 json 或 yaml 格式）等价于 component=redis 或 component in (redis) 。 ⽀持set-based requirement的资源 Deployment 、 Replica Set 以及 Daemon Set ）也⽀持 set-based requirement。 selector: matchLabels: component: redis matchExpressions: 09-Label和Selector 28 - {key: tier, operator: In, values: [cache]}

fullname" . }} labels: {{- include "influxdb.labels" . | nindent 4 }} app.kubernetes.io/component: backup spec: type: ClusterIP ports: - port: 9999 targetPort: 9999 protocol: }}-headless labels: {{- include "influxdb.labels" . | nindent 4 }} app.kubernetes.io/component: backup spec: type: ClusterIP sessionAffinity: None clusterIP: None ports:

delete Node at any time • Upgrade Master & Node Components reliably • Canary Rollout • Master & Node Component Versions Management Motivation: Work Order Deployment Worker Order • Upgrade Nodes Versions

Ø KubeVela core - OAM Kubernetes Runtime to provide application level building blocks such as Component and Application etc. - Built-in workload and trait controllers to implement core capabilities

Security Test (IAST) 動態應用安全測試 (黑箱測試): Dynamic Application Security Test (DAST) 軟體元件分析: Software Component Analysis (SCA) 測試 提交 部署 生產 持續整合 持續交付與部署 預提交 提交 監控 滲透測試 紅隊測試 互動應用安全測試