North-South Load Balancing of Kubernetes Services with eBPF/XDP Martynas Pumputis (Isovalent) October 28, 2020 10.0.0.1 10.0.0.2 10.0.0.3 httpd httpd “httpd” service 10.0.0.1:30000 10.0.0.2:30000 KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT -A KUBE-FORWARD -s 10.217.0.0/16 -m comment --comment "kubernetes forwarding conntrack pod source rule" --ctstate RELATED,ESTABLISHED -j ACCEPT -A KUBE-FORWARD -d 10.217.0.0/16 -m comment --comment "kubernetes forwarding conntrack pod destination rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

cross-host startup and monitoring DPU Management-plane processes libvirtd dockerd virsh client Kubernetes Server 011 openEuler OS Technical White Paper Innovation Projects eNFS Kernel SIG The of software libraries and tools to optimize and complete the hardware topology export and task scheduling of the Kunpeng platform based on Linux. Challenges The number of server cores is on the rise topology establishment, and topology information export in the Linux kernel, as well as the kernel scheduling algorithm, WayCa Scheduler enables applications to fully utilize components such as the CPUs

server and cloud computing features, and incorporates key technologies including cloud-native CPU scheduling algorithms for hybrid service deployments and KubeOS for containers. As an OS platform, openEuler Kernel innovations: • Enhanced cloud-native scheduling: openEuler suits hybrid deployments of online and offline cloud services. Its innovative CPU scheduling algorithm ensures real-time CPU preemption scenarios, the OS is deployed and maintained in containers, allowing the OS to be managed based on Kubernetes, just as service containers. • Secure container solution: Compared with the traditional Docker+QEMU

Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging Building Container Images Developer images Official

Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging Building Container Images Developer images Official

Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Training Enterprise support Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble Local Development in Vagrant Box Making Changes Add/update a golang dependency Add/update a new Kubernetes version Optional: Docker and IPv6 Debugging Building Container Images Developer images Official

diversified architectures. Kernel innovations: • Linux kernel 5.10: In-depth optimizations for scheduling, I/O, and memory management • Tiered memory expansion etMem: unified management of various memory improve I/O performance. • OpenStack & Kubernetes: openEuler is designed for cloud applications. It integrates the two mainstream pieces of cloud scheduling and management software to build a solid Architecture IDE Auto-tuning tool A-Tune Test platform Compass-CI Toolchain OpenStack Kubernetes Kylin HA Cluster scheduling and management CPU: x86, ARM, RISC-V GPU NPU Chips Apps Virtualization Containers

Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Kubernetes Integration Multi-Cluster (Cluster Mesh) Getting Help FAQ Slack GitHub Security Bugs Operations Layer 3 Examples Layer 4 Examples Layer 7 Examples Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy Endpoint Lifecycle Troubleshooting Monitoring & Metrics Cilium Metrics Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: Command Reference cilium-agent cilium cilium-health cilium-operator cilium-operator-aws

scalability to your datacentre, public or private. Whether you want to deploy an OpenStack cloud, a Kubernetes cluster or a 50,000-node render farm, Ubuntu Server delivers the best value scale-out performance as config changes and our own SQL data to instantiate our database. (The other YAML file is for Kubernetes-based deployments.) $ mv -iv ~/my-color-database.sql ./examples/ renamed '/home/ubuntu/my-color-database needing to implement all of this directly on top of docker-container, you can next investigate Kubernetes-style cluster management software such as microk8s. Ubuntu features a comprehensive package management

the Cilium architecture and how these components integrate with exis�ng architectures, such as Kubernetes. Installa�on : Details instruc�ons for installing, configuring, and troubleshoo�ng Cilium in different Datapath Scale Kubernetes Integra�on Ge�ng Help FAQ Slack GitHub Security Bugs Integra�ons Kubernetes Introduc�on Concepts Requirements Configura�on Network Policy Endpoint CRD Kubernetes Compa�bility Troubleshoo�ng Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshoo�ng Monitoring & Metrics Exported Metrics Cilium as a Kubernetes pod Cilium as a host-agent on a node Troubleshoo�ng