Product2 Used Quota 25 Product2 Used Quota 10 Product2 Used Quota 15 Quota allocation module Cluster 1 allocates 50 quota Cluster 2 allocates 20 quota Cluster 3 allocates 30 quota Allocate quota of Product1 Product2 Quota Online Pod Offline Pod Cannot exceed Offline Quota DynamicQuota System Architechture Diagram QA

Does SNAT nic nic Y N • How IPVS talks with eBPF program? • eBPF map id is passed to IPVS module • Ip_vs_new_conn() inserts eBPF map • Key: (protocol, cip:cport , rsip:rsport) • Value: (protocol unroll • Size limitation of BPF program <= 4096 • Move SNAT allocate port loop into IPVS kernel module • Bounded loop support in Linux 5.3 • Size limitation of BPF program is one million after Linux

cgroupdriver=systemd" ] } # mkdir -p /etc/systemd/system/docker.service.d # docker info ★docker会修改防火墙规则，导致pod网络不通 # vi /usr/lib/systemd/system/docker.service #在[Service]下的ExecStart=/usr/bin/dockerd 置文件并编辑 # vi /etc/kubeadm-init.yaml apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef �l: 24h0m0s usages: 置文件并编辑 # vi /etc/kubeadm-init.yaml apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef �l: 24h0m0s usages:

failure reason Unhealth node is healed or removed. Reason classification: Source Feature Example System Failure caused by cluster itself RuntimeError, ImageFailed, Unscheduled, KubeletDelay... End Users Users Failure caused by end users ContainerCrashLoopBackOff, FailedPostStartHook, Unhealthy… Trace system Increase of SLO Data Collect Audit log Event The unhealthy node Monitoring Isolation Recover Weekly Report SLO： Indicate the cluster is healthy or there is something unexpected happened. Trace system： Collect and analyze logs in cluster. So we can known what happened about the cluster. Increase

Dashboard 执⾏： kubectl proxy 02-安装单机版Kubernetes 8 访问： http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview? namespace=default 参考： https://kubernetes addons（插件） Addon是实现集群功能的Pod和Service。Pod可由Deployment、ReplicationController等进⾏管理。Namespace的插件 对象则是在 kube-system 这个namespace中被创建的。 Addon manager创建并维护addon的资源。详⻅这⾥： here 。 DNS 虽然其他Addon不是严格要求的，但所有Kubernetes集群都应该有 STATUS AGE default Active 1d kube-system Active 1d Kubernetes初始有两个Namespace： default ：对于没有其他Namespace的对象的默认Namespace kube-system ：由Kubernetes系统所创建的对象的Namespace 为请求设置Namespace

Farabi KubeCon + CloudNativeCon China 2018 Hello! Giri Kuncoro System Engineer Go-Jek Indonesia @girikuncoro Iqbal Farabi System Engineer Go-Jek Indonesia @iqbal_farabi We’re from Jakarta, Indonesia International Expansion Projects • High availability DBs lead to fewer outage Higher Uptime • System resources like CPU, memory, etc. are more effectively utilized in container world than in VMs. https://github.com/gojektech/charts/tree/master/incubator/stolon Credits Vijay Dhama – Go-Jek System Team Prashant Mittal – Go-Jek Lambda Team Irfan Shah – Go-Jek Atlas Team Sumit Gupta – Go-Jek

Scalable Kubernetes Applications • Scalable Infrastructure for Applications Application Operating System Physical Infrastructure Platform Containers as Enabler Fast Boot Environments Rapidly Portable Needed Application Operating System Physical Infrastructure Containers and VMs - A Practical Comparison Containers Containers virtualize the operating system limiting the the number of application applications on the same OS Allows you to run multiple OS on the same hardware Application Operating System Physical Infrastructure Containers VMware Hypervisor VMs Docker Containers User Cases 9

Huawei CloudBU Principal Engineer 王雷博 Principal Software Engineer • Huawei(Now) - Cloud Native batch system (Volcano) development • IBM spectrum computing - Cluster resource and workload scheduling platform reservation p Binpack p Task topology p Zone aware scheduling p … Volcano: A Kubernetes native batch system Gaps for spark Architecture Gaps for spark Architecture 1. Kubectl creates a JobEx object in Spark Job2 Executor Executor Executor Executor l How spark on Kubernetes works l Volcano batch system l Use delay pod creation feature to deal with high concurrent job submission l Use queue proportion/namespace

history in MySQL • Logging in central logging service - ElasticSearch • Metric data in monitoring system - prometheus • Alertmanager to invoke various alert and related actions docker registry Kubernetes secret Query artifact data DevOps Operator Manage the Job CI/CD Examples - Human/Manual Task system email config using secret activeDeadlineSeconds environment variable approver list Job • send notification • Encapsulate API / SDK of third party tools to docker image • Pass events from other system to build task, user can do what they want based on the payload CI/CD Examples - Gitlab/Harbor/Jira

Disadvantages • Inconsistency • Non-failure-aware • Complicated architecture Work order deployment system can not meet the requirements of resource management. Operator Observe Action Analyze • Observe: actual config • Action: manage resource to desired config Operator: Advantages • Declarative system • Manage resource to final state continually • kube-apiserver oriented programming • CustomResourceDefinition