能力插件 业务运维 业务研发 平台工程师 统一、标准、高可扩展的云 原生应用管理平台 Component Trait 能力注册与管理 应用 Component Deployment Function apiVersion: core.oam.dev/v1alpha2 kind: Component metadata: name: frontend annotations: description: frontend-c8bb659c5 1 2d15h $ kubectl get components NAME WORKLOAD frontend deployment.apps.k8s.io Component：应用中的一个组成部分，例如容器、 Function或者云服务等 应用组件 运维能力 扩容策略 发布策略 分批策略 访问控制 流量配置 Deployment Function dev/v1alpha2 kind: ApplicationConfiguration metadata: name: helloworld spec: components: # 1st component - componentName: frontend traits: - trait: apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler

production- grade container orchestration platform § Declarative management of objects using configuration files. § More introductions, go to • K8s official document http://kubernetes.io • Open deployment configuration • Secrets: like DB access credentials • Ingress Component Launch Sequence • In Kubernetes, we can use the following mechanisms to handle the component launch sequence: Probe: readiness probe and liveness probe Component Deployment Topology • Use affinity to make deployment topology policies for different component. E.g. controller node and DB node may not be

d requirement选择器： "selector": { "component" : "redis", } 或： selector: component: redis 此选择器（分别以 json 或 yaml 格式）等价于 component=redis 或 component in (redis) 。 ⽀持set-based requirement的资源 Deployment 、 Replica Set 以及 Daemon Set ）也⽀持 set-based requirement。 selector: matchLabels: component: redis matchExpressions: 09-Label和Selector 28 - {key: tier, operator: In, values: [cache]} "annotations": { "key1" : "value1", "key2" : "value2" } 类似以下信息可记录到Annotation中： 由declarative configuration layer管理的字段。将这些字段附加为Annotation，可将它们与客户端或服务器设置的默 认值、⾃动⽣成的字段或以及auto-sizing或auto-scaling的系统所设置的字段区分开。

Services (w/API) • Node = Container Host w/agent called “Kubelet” • Application Deployment File = Configuration File of desired state • Container Image = Runs in a Pod (~1:1) • Replicas = QTY of Pods that Objects Component Description Pods A grouping of one or more containers as an atomic unit Namespaces A way to organize items in a cluster Labels, Annotations & Selectors Tags for component grouping Controllers T1 NSX Edge Cluster Architecture NSX-T • NSX Container Plugin: NCP is a software component provided by VMware in form of a container image, runs in K8s as a Pod • Kubernetes Adapter: NCP

团队 Trait + App Config 运维 Component 研发 K8s 原生 API ECS/ FaaS/…… • API复杂：区分使用者/关注点分离 • 能力难上手：模块化封装/统一管理 • 云资源：统一API对接 apiVersion: core.oam.dev/v1alpha1 kind: Component metadata: name: nginx annotations: annotations: version: v1.0.0 description: > Sample component schematic that describes the administrative interface for our nginx deployment. spec: workloadType: Server osType: linux containers: - name: required: false 2. A list of overwritable parameters (schemas) 1.Description of the application Component 核心workload 可访问 可复制 长久运行 Server √ √ √ Singleton Server √ × √ Worker × √ √ Singleton Worker ×

应用的工作负载和运维能力的抽象程度越高，用户体验越好 抽象程度 学习曲线 高 低 低 高 Deployment Pod Service Node … PodTemplate Configuration Revision Route $ heroku apps $ heroku domains $ heroku releases $ heroku pipeline $ rio run 缺乏交互、复用、可移植能 力。不同重复造轮子只是适 配不同 API 如何基于 K8s ，构建出一个既用户友好，又高可扩展，还 统一、标准化的应用管理平台？ 简单的“客户端”抽象： DCL (Data Configuration Language) 对 K8s 资源进行抽象实际上就是在操纵 YAML 数据，通过 DCL 来完成相比于 CRD + controller 更简单 CUE • 功能强大：专注于操纵数据，而不是写 Ø KubeVela core - OAM Kubernetes Runtime to provide application level building blocks such as Component and Application etc. - Built-in workload and trait controllers to implement core capabilities

原因理由 如何查核 1. 控制平面元件 (Control Plane Components) 2. etcd 狀態資料庫 3. 控制平面設置 (Control Plane Configuration) 4. 工作節點 (Worker Node) 5. 政策 (Policies) ©2019 VMware, Inc. 10 Use Cases: Security Architecture Security Test (IAST) 動態應用安全測試 (黑箱測試): Dynamic Application Security Test (DAST) 軟體元件分析: Software Component Analysis (SCA) 測試 提交 部署 生產 持續整合 持續交付與部署 預提交 提交 監控 滲透測試 紅隊測試 互動應用安全測試

the cluster 2 What end users did in the cluster How to locate failure 1 Which component is going wrong 2 Which component that leads delivery of the pod to failure Is the cluster healthy 1 Are all software

fullname" . }} labels: {{- include "influxdb.labels" . | nindent 4 }} app.kubernetes.io/component: backup spec: type: ClusterIP ports: - port: 9999 targetPort: 9999 protocol: }}-headless labels: {{- include "influxdb.labels" . | nindent 4 }} app.kubernetes.io/component: backup spec: type: ClusterIP sessionAffinity: None clusterIP: None ports: