What is the VMware SIG Purpose, Projects managed, How to join The Roadmap Moving “Out of Tree” : vSphere cloud provider + storage (CSI) How to Get Information on an ongoing basis The VMware SIG How to related to new CRDs, plug-ins and KEPs that allow the vSphere platform to supplement and support Kubernetes How to Join 6 SIG Sponsored projects vSphere cloud provider (In-tree and Out-of-tree) • A cloud Kubernetes project of this dependency, the cloud-controller-manager was introduced. CSI provider for vSphere • Container Storage Interface (CSI) is a standard API allowing a storage provider to write just

VMware SIG Deep Dive into Kubernetes Scheduling Performance and high availability options for vSphere Steve Wong, Hui Luo VMware Cloud Native Applications Business Unit November 12, 2018 2 Open @cantbewong Software Engineer VMware First open source project was to enable GPU on Kubernetes with vSphere. Also actively contributing to kubelet, device manager, device plugin area. GitHub: @figo Steve zones, while still respecting resource access and availability concerns. When Kubernetes runs on vSphere, the hypervisor platform also supports an underlying tier of high availability and automated placement

Operating System Physical Infrastructure Platform Containers as Enabler Fast Boot Environments Rapidly Portable Ability to Move Containers Freely Lightweight Minimal Resources Needed Application Application Operating System Physical Infrastructure Containers and VMs - A Practical Comparison Containers Containers virtualize the operating system limiting the the number of application dependencies the same hardware Application Operating System Physical Infrastructure Containers VMware Hypervisor VMs Docker Containers User Cases 9 •Ready-to-go development •Self-service portal Developer

Google Cloud Taiwan 優勢 Google Infrastructure event driven functions web apps & APIs orchestrate containers infrastructure 使用多層次的架構重塑雲端佈署 應用佈建於 IaaS / PaaS 的思考方向 高 應用 模組化程度 低 低 自動化成熟度 高 VMs (GCE) (k8s version, OS image, plug-ins, components configuration) Orchestrate and manage on-prem containers just like GKE in the cloud Consistent operating model with access to GCP services across hybrid for multiple Kubernetes clusters, no matter where Single Pane of Glass across GCP & On-Prem ● vSphere 6.5 for Alpha ● Simple CLI installation ● Online and Offline installation ● Private container registry

Containerd、Kata Containers及CRI-O。 Containerd是高階容器執行階段，可管理完整的容器生命週期，提供簡易性、強健 性及可攜性。Containerd可視為業界標準的容器執行階段，也是上游Kubernetes 的預設選項。Canonical Kubernetes及Rancher均支援Containerd。 Kata Containers以安全性為重，將容器置於輕量級VM之中，在容器之間提供更深 級VM之中，在容器之間提供更深 度的隔離。Canonical Kubernetes及Red Hat Openshift均支援Kata Containers。 4 CRI-O是Red Hat專為Kubernetes設計的容器執行階段，可搭配使用任何其他開放 容器計畫(Open Container Initiative，OCI)相容的執行階段，因此具備相當高的彈 性。 容器登錄檔是另一項建構成功 Kubernetes支援Ceph、NFS、雲端儲存、NetApp、vSphere、 FlexVolume及PureStorage. • Red Hat Openshift支援Ceph/Rook、Red Hat OpenShift Data Foundation、 GlusterFS、NFS、Cinder及Flexvolume • SUSERancher支援GlusterFS、NFS、vSphere及Longhorn 12. 監控及作業管理

實施 Kubernetes 網路政策 (Implement networking policies)  對容器設置資安規則 (Configure secure context for containers)  分隔敏感的工作負載 (Segregate sensitive workloads)  掃描容器映像 (Scan container images)  開啟稽核日誌 (Enable PKS對於NIST容器安全指南有完整的實作 White Paper: CLOUD-NATIVE STACK SECURITY: How VMware Enterprise PKS Secures Containers and Kubernetes, Feb, 2019 https://assets.contentstack.io/v3/assets/blt58b49a8a0e43b5ff/blt22 維運 所需技能: Shell Script, Python, VMware API, CI/CD Tooling 所需技能: Java, .NET, SQL, Web 所需技能: vSphere/vSAN, NSX, OS, PowerCLI, Shell Script 建立平台自動化 能力與服務 將業務需求轉化成 應用程式快速上線 降低基礎架構複雜度 快速調度基礎架構

VMware SIG Deep Dive into Kubernetes Scheduling Performance and high availability options for vSphere Steve Wong, Michael Gasch KubeCon North America December 13, 2018 2 Open Source Community Relations zones, while still respecting resource access and availability concerns. When Kubernetes runs on vSphere, the hypervisor platform also supports an underlying tier of high availability and automated placement underlying vSphere topology (sites, affinity groups, NUMA, etc.). This session will explain the options to gain better performance, resource optimization and availability through tuning of vSphere, and Kubernetes

数据盘：80GB 3 台作为 k8s node CPU：2 核, 内存：16GB, 系统盘：40GB, docker 数据盘：40GB, ceph 数据盘：1TB *下面是 vSphere 上创建虚拟机的步骤： A1. 创建 k8s-master CPU：2 核, 内存：8GB，系统盘：40GB，docker 数据盘：80GB step1. 从模板上新建虚拟机 ClusterConfiguration kubernetesVersion: v1.18.2 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers controlPlaneEndpoint: "k8s-master:6443" networking: dnsDomain: cluster.local podSubnet: https://docs.projectcalico.org/v3.8/manifests/calico.yaml vi calico.yaml ...... spec: containers: - env: - name: DATASTORE_TYPE value: kubernetes - name: IP_AUTODETECTION_METHOD #DaemonSet

KubeOperator 的整体架构 KubeOperator NFS / vSAN / Ceph 等 Flannel / Calico / NSX-T 等 负载均衡 / CoreDNS 等 物理理机 / vSphere / OpenStack / FusionCompute 等 Ansible / Terraform CentOS / RHEL / EulerOS 集群规划 集群部署 集群运维 集群升级 物理理机；vSphere 平台：⽀支持⾃自动创建主机（使⽤用 Terraform）；OpenStack 平台：⽀支持⾃自动创建主机 （使⽤用 Terraform）； FusionCompute 平台：⽀支持⾃自动创建主机 （使⽤用 Terraform）； 存储⽅方案 独⽴立主机：⽀支持 NFS / Ceph RBD / Rook Ceph / Local Volume；vSphere 平台：⽀支持 平台：⽀支持 vSphere Datastore （vSAN 及 vSphere 兼容的集中存储）；OpenStack 平台：⽀支持 OpenStack Cinder （Ceph 及 Cinder 兼容的集中存储）；FusionCompute 平台：⽀支持 OceanStor； ⽹网络⽅方案 ⽀支持 CoreDNS；⽀支持 Flannel / Calico ⽹网络插件；⽀支持 ingress-nginx

template: metadata: labels: app: nginx spec: 06-理解K8s对象 21 containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 指定该POD的标签 app: mysql # POD副本拥有的标签，需要与RC的selector⼀致 spec: containers: - name: mysql image: mysql ports: - containerPort: 3306 apiVersion: v1 kind: Pod metadata: name: resource-reserver spec: containers: - name: sleep-forever image: gcr.io/google_containers/pause:0.8.0 resources: requests: cpu: 100m