spec: volumes: - name: host-time hostPath: path: "/etc/localtime" volumeMounts: - name: host-time mountPath: "/etc/localtime" volumes: - name: host-time hostPath: path: "/etc/localtime" volumeMounts: //注意有多个！ - name: host-time mountPath: "/etc/localtime" volumes: - name: host-time hostPath: path: "/etc/localtime" volumeMounts: //注意有 5 处 - name: host-time mountPath: "/etc/localtime"

innova- tive edge computing solution, SmartEdge, addresses the increasing need to gather data in real time and perform analysis at the point of collection, supplying imme- diate insight which results in faster as battlefields. The an- alytics enabled and performed by Smart- Edge allow battalions to make real-time, data-driven decisions which dramatically improve operational outcomes and in- crease the probability battlefield, “At the tactical edge, time is a weapon. With edge computing and pro- cessing at the point of data collection, we will give warfighters access to real-time, data-driven insights so they can

configurations, API keys, and other small bits of information needed by applications at build or run time Why protect secrets? ● Attractive target ○ Controls access or use of sensitive resources ● Common compromised ○ Time available for attempts to penetrate physical, procedural, and logical access ○ Time available for computationally intensive cryptanalytic attacks ● A cryptoperiod is the time during which for keys that have reached the end of their cryptoperiod (for example, after a defined period of time has passed and/or after a certain amount of cipher-text has been produced by a given key) https://www

which can represent user experience. SLO is the object that try to meets all SLIs in a period of time. SLA = SLO + Punishment. SLA/SLO/SLI What we concern about Large k8s Cluster What happened about unhealthy nodes may not be delivered in time, success rate would decrease consequently. 4. Centralized Components Availability A ratio value indicates the time in which the cluster is available. It is master components. The success standard and reason classification The success standard: Pod Feature Time limit Success condition Pod RestartPolicy=Always 1min (example value) the status of {.Status.Conditions

mode • Services are organized in hash table • IPVS DNAT • conntrack/iptables SNAT • Pros • O(1) time complexity in control/data plane • Stably runs for two decades • Support rich scheduling algorithm differ • Performance of a cluster in different time slot may differ • Due to CPU oversold • Suggestion: • Run the test against the same cluster during near time • Make CPU the bottleneck • 1 CPU handles

Quotas Prioritization Isolation 18 Kubernetes built-in resource management Enforcement Run time enforcement at worker node level CPU “Compressible” = violation results in throttling Memory “Uncompressible” “Uncompressible” = violation triggers “death penalty” of Pod hosting container Scheduling time enforcement ResourceQuota admission controller will refuse to schedule a Pod that would violate limit After (Master) (Master) (Workers) (Worker) Thank You Questions? 22 remaining slides not presented to meet time constraints - included in published deck for reference 23 Configuring VM affinity rules Quorum dictates

Quotas Prioritization Isolation 18 Kubernetes built-in resource management Enforcement Run time enforcement at worker node level CPU “Compressible” = violation results in throttling Memory “Uncompressible” “Uncompressible” = violation triggers “death penalty” of Pod hosting container Scheduling time enforcement ResourceQuota admission controller will refuse to schedule a Pod that would violate limit After (Master) (Master) (Workers) (Worker) Thank You Questions? 22 remaining slides not presented to meet time constraints - included in published deck for reference 23 Open Issues (WIP) vSphere Cloud Provider

build layer 1 layer 2 layer 3 total time push layer 4 github.com/GoogleContainerTools/jib Containerizing with Jib layer 1 layer 2 layer 3 build push total time layer 4 github.com/GoogleContainerTools/jib com/GoogleContainerTools/jib Containerizing with Jib (cached) layer 1 layer 2 layer 3 cached total time layer 4 cached cached github.com/GoogleContainerTools/jib Jib vs Docker github.com/GoogleContainerTools/jib

signing up during commercial break. Show-time !! First row winner Second row winner Final winner Tease before commercial break End of last show Time 1 week - 1 hour 8 min 15 min 15 min 20min

spark, flink Latency Sensitive Insensitive Priority high low Traffic pattern Peak at day time Peak at night time Fault tolerance should not fail Fail and retry Complementary ! ���� ��������� ��������