Handle Edge Cloud Network with KubeBus# Handle Edge Cloud Network with KubeBus Yulin Sun, yulin.sun@huawei.com Seattle Cloud Lab, Huawei R&D USA, Bellevue WA ## Agenda • Edge sample user scenarios • Edge network characteristics • Related [Image](/uploads/documents/0/1/1/e/011e7729ea9b3552e0d5b44619014a60/p3_3.jpg) Edge Area Private Network ## Campus surveillance Campus Surveillance System • Model training • AI execution • AI algorithm/model management • ... Private Network ## Edge network characteristics  ## • Edge Nodes running at private network • Connect to Cloud0 码力 | 10 页 | 1.17 MB | 1 年前3- Handle Edge Cloud Network with KubeBus# Handle Edge Cloud Network with KubeBus Yulin Sun, yulin.sun@huawei.com Seattle Cloud Lab, Huawei R&D USA, Bellevue WA ## Agenda • Edge sample user scenarios • Edge network characteristics • Related [Image](/uploads/documents/0/1/1/e/011e7729ea9b3552e0d5b44619014a60/p3_3.jpg) Edge Area Private Network ## Campus surveillance Campus Surveillance System • Model training • AI execution • AI algorithm/model management • ... Private Network ## Edge network characteristics  ## • Edge Nodes running at private network • Connect to Cloud0 码力 | 10 页 | 1.17 MB | 1 年前3
- Identity Aware Threat
Detection and Network
Monitoring by using eBPFDetection and Network Monitoring by using eBPF Natalia Reka Ivanko, Isovalent eBPF Summit ## I ntroduction ● Wide variety of eBPF use cases (logging, CPU over overhead) • Today: ☐ Network Monitoring [Image](/uploads/documents/c/7/4/d/c74d82edc22d50cbdea681f7475bb901/p2_1.jpg) ## Problem ● Traditional network-layer tools are based on IPs and ports ● K8s workloads are containerized IPs are dynamically changing0 码力 | 7 页 | 1.35 MB | 1 年前3
- Rancher Hardening Guide v2.3.5Kernel Runtime Parameters 3 Configure etcd user and group 4 Ensure that all Namespaces have Network Policies defined 5 Reference Hardened RKE cluster.yml configuration 6 Reference Hardened RKE Namespaces have Network Policies defined Running different applications on the same Kubernetes cluster creates a risk of one compromised application attacking a neighboring application. Network segmentation A network policy is a specification of how selections of pods are allowed to communicate with each other and other network endpoints. Network Policies are namespace scoped. When a network policy is introduced0 码力 | 21 页 | 191.56 KB | 2 年前3
- Rancher Hardening Guide v2.4Kernel Runtime Parameters 4 Configure etcd user and group 4 Ensure that all Namespaces have Network Policies defined 5 Reference Hardened RKE cluster.yml configuration 7 Reference Hardened RKE private IP to be provided when registering the custom nodes. • When setting the default_pod_security_policy_template_id: to restricted Rancher creates RoleBindings and ClusterRoleBindings on the default service Namespaces have Network Policies defined Running different applications on the same Kubernetes cluster creates a risk of one compromised application attacking a neighboring application. Network segmentation0 码力 | 22 页 | 197.27 KB | 2 年前3
- Rancher Kubernetes Cryptographic Library
FIPS 140-2 Non-Proprietary Security PolicyRANCHER $ ^{®} $ # Rancher Kubernetes Cryptographic Library FIPS 140-2 Non-Proprietary Security Policy Document Version 1.1 January 4, 2021 Prepared for:  ## app ## ↓ Istio RBAC Kubernetes Network Policy ## naiscar ## Lessons learned ## What's next? ## @nais_io @linemoseng @j_hrv0 码力 | 42 页 | 3.45 MB | 1 年前3
Cilium v1.11 Documentationinstalling, configuring, and troubleshooting Cilium in different deployment modes. Network Policy : Detailed walkthrough of the policy language structure and the supported formats. Monitoring & Metrics : Instructions Guides Installation Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability check (Required) Upgrading Cilium Version Specific Notes Advanced Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Deny Policies0 码力 | 1373 页 | 19.37 MB | 1 年前3- Moving large scale consumer
e-commerce Infrastructure to
Meshmesh discovery and routing • Expose gateway services via Istio Gateway • Towards RESTRICTED network policy - On-board services to Authentication and Authorization as applicable ## Thank you! Rajath0 码力 | 14 页 | 1.76 MB | 1 年前3
- Spanny 2: Rise of std::mdspanp[i]; } class Extents, class LayoutPolicy, class AccessorPolicy > class mdspan; ## layout policy ## layout policy maps multidimensional index to a storage location layout(N, M, Q, R, ...) → offset ## standard dimensionality reduction ...but what if our data doesn’t live on the stack or heap? ## accessor policy ## accessor policy retrieves values from storage locations template
struct default_accessor access(data_handle_type p, size_t i) const noexcept { return p[i]; } }; ## accessor policy: element_type retrieves values from storage locations matches templatestruct 0 码力 | 117 页 | 2.02 MB | 1 年前3
共 1000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 100
相关搜索词
Edge networkKubeBusMulti-tenant managementEdge computingProtocol stackeBPFKubernetes网络安全Cilium网络策略决策RancherCIS BenchmarkPod Security PolicyNetwork PolicyFIPS 140-2Rancher Kubernetes Cryptographic LibraryAESTriple-DESECDSARSAIstioIstio RBACnaiscarHubble ObservabilityBPF/XDPlarge scale consumer e-commerce InfrastructureMeshIstio GatewayNamespace isolationNetwork policystd::mdspanlayoutaccessorasynchronouspolicy