Kubernetes: Use it, Contribute to it, and Enjoy it! Xiangpeng Zhao, Software Engineer, ZTE Corporation Github: @xiangpengzhao Agenda 1. The community 2. How to contribute 3. Versioning 4. The easy easy way to use it 5. Demo 6. Q & A The community Orgs/Repos SIGs/WGs Communication Resources Ecosystem Orgs/Repos Kubernetes Kubernetes SIGs Kubernetes Incubator Orgs kubernetes- retired verview/ More: Agenda 1. The community 2. How to contribute 3. Versioning 4. The easy way to use it 5. Demo 6. Q & A Where to all repos docs bug report code code review PR workflow git

Architecture of Apache OpenWhisk Deploy Apache OpenWhisk on Kubernetes • The architecture diagram of OpenWhisk components on Kubernetes, e.g. • https://github.com/apache/incubator-openwhisk-deploy-kube Secrets: like DB access credentials • Ingress Component Launch Sequence • In Kubernetes, we can use the following mechanisms to handle the component launch sequence: – Init Container: a pre-handling costainer starts – Probe: readiness probe and liveness probe Component Deployment Topology • Use affinity to make deployment topology policies for different component. E.g. controller node and

of business is one of the essential functions on the cloud, but the HPA Controller of native K8S use only one goroutine to handle the scaling of all businesses in the cluster, and personalization configuration Pod Product2 Pod Product2 Pod Product1 Pod Product1 Pod Product1 Pod Other products cannot use the resources of product2 How to deal with some products occupying quota but not using it Cluster Quota Online Pod Offline Pod Cannot exceed Offline Quota DynamicQuota System Architechture Diagram QA

applications at build or run time Why protect secrets? ● Attractive target ○ Controls access or use of sensitive resources ● Common attack vector ○ Checked into Github ○ Accessible by users who shouldn’t least privilege Auditing Verify the use of individual secrets Encryption Always encrypt before writing to disk Rotation Change a secret regularly in case of compromise Isolation Separate where managed Encryption at different layers (or turtles) disks file system etcd Recommendation: Use two-layers of encryption, e.g., full-disk & application-layer … then tries to decrypt it https://xkcd

battlefield. Booz Allen is transforming military opera- tions in complex and remote locations with the use of groundbreaking technologies, to enable decision-making at the point of data collection. Fast Allen Hamilton KubeEdge and K3s seemed the most natural starting point, given the device-centric use case. After assessing other leading Kuber- netes distributions, it was clear that many stayed focused SmartEdge on the evolution of the device landscape. According to the team, Booz Allen’s clients can use a range of devices as the software knows how to talk to an array of sensors. If users want to lift

2016, we now have Terraform modules, Chef cookbook, and Ansible playbook for most of infrastructure use cases within Go-Jek group environment. We went from 3 VMs in 2015 to 10,000+ VMs today Our Journey by developing a deployment tool called Project X. The goal is to create a tool that is easy to use and scheduler agnostic. Technical Issues • Trying to make a scheduler-agnostic deployment tool is geographies. Cookie Cutter Model • Scaling based on business growth is very easy. Scalable • In the case of traffic spike, for instance, we can spin up new containers much more quickly than setting up

Secret I need confidential data HPA I need auto-scaling My Awesome Object I have my own special case Demo • I want to have a Asta Xie object into k8s API • I want a controller to handle add/update/delete part … • Kubernetes is also about design pattern in container world • decoupling containers • re-use images • well-designed architecture for your container workloads • “How can I build distributed conversion, API doc, encoding/decoding etc 5.gRPC based interface (e.g. CRI) 2.How we can do better to use Kubernetes? 1.Programming Patterns in Kubernetes 1.this is the main difference of Kubernetes with

caSet对象：使⽤Deployment替代，并在spec部分中定义应⽤程序。 示例 apiVersion: apps/v1beta2 # for versions before 1.6.0 use extensions/v1beta1 kind: ReplicaSet metadata: name: frontend labels: app: guestbook tier: frontend spec: # this replicas value is default # modify it according to your case replicas: 3 selector: # 下⾯的是equality-based selector requirement matchLabels: （扩展Deployment，以便更多的负载） Pause the Deployment （暂停Deployment），从⽽将多个补丁应⽤于其PodTemplateSpec，然后恢复它，开始新 的升级。 Use the status of the Deployment （使⽤Deployment的状态）作为升级卡住的指示器。 清理您不再需要的 Clean up older ReplicaSets （清理旧的ReplicaSet）

Daily Report Tips on increasing SLO Case 1: Image Download Image lazyload technology provides the ability to run a container without downloading image. Case 2: Retry Pod should be recreate when the excluded. Case 3: Critical Deamonset Node should be tainted when critical Daemonset is unhealthy. Case 4: Plugin registry Registration of plugin such as CSI plugin should be checked. Case 5: Capacity

流⽔线⾃动进⾏编译打 包 ü 流⽔线⾃动⽣成镜像 ü 流⽔线⾃动部署更新服 务 ü 事务管理⼯具跟踪状态 ü 跟踪团队开发进度 ü 测试case管理⼯具规范管 理 ü ⾃动化测试管理⼯具对测 试case进⾏图形化编排降 低⾃动化测试编写难度 测试case编写 ⾃动化测试编排 发版提测场景 版本Signoff ü 交付内容标准化规范化 ü 交付内容版本可追踪 ü 交付内容关联需求 ü ü 交付内容关联开发任务 ü 交付内容管理变更范围 ü 使⽤⾃动化测试⼯具快速 校验交付质量，加速测试 效率 ü 按照编写好的测试case进 ⾏⼿⼯测试 ü 版本发布⾯板，跟踪版 本发布进度 创建发版⼯单 测试环境部署 测试 ü 平台容器化快速部署 ü 保证测试环境和开发环境 ⼀致 上线运维场景 上线完成 ü 交付内容标准化规范化 ü 交付内容版本可追踪 ü 交付内容关联需求