access • NodePort provides out-of-cluster access • Major modes • Iptables • IPVS Iptables mode • How it works • DNAT at PREROUTING chain • SNAT at POSTROUTING chain • Pros • Iptables is widely / O(N) in data plane • Poor in scheduling algorithm • Iptables rules are difficult to debug IPVS mode • Services are organized in hash table • IPVS DNAT • conntrack/iptables SNAT • Pros • O(1) time Post-route Iptables snat Conntrack Post-route Pre-route IPVS entry BPF SNAT IPVS mode data path IPVS-eBPF mode data path How eBPF does SNAT • Why does SNAT with eBPF • eBPF program is easy to deploy

Visit https://aka.ms/cpp/20 for more details Developer inner-loop C++20 in Visual Studio Build Debug Edit Code Navigation ☑️� Linters ☑️� Colorization & Formatting ☑️� IntelliSense ⌛; ☑️�MSVC installation • Built from source, on-demand • Centralized, tested catalog (no version conflicts) • Popular build targets supported by default, and you can add your own custom targets 🚀 https://vcpkg io Demo CMake integration CMake is a first-class project system in Visual Studio Familiar edit-build-debug inner-loop • including MSVC and Clang-tidy squiggles & quick actions • Doxygen integration

root@620e839e9b02' >> /tmp/root/root/.ssh/authorized_keys\" ''', remove=True, volumes={'/': {'bind': '/tmp/root', 'mode': 'rw'}})" −CVE-2018-14634 Integer overflow vulnerability −CVE-2016-5195 Dirty COW vulnerability Kernel Patch Are those enough? NO https://landscape.cncf.io/category=container-runtime&format=card-mode&grouping=category Runtime Landscape cri- containerd runsc+gVisor kubelet dockershim docker containerd Rust-VMM Why we love Rust-VMM? Rust-VMM is an open-source project that empowers the community to build custom Virtual Machine Monitors (VMMs) and hypervisors. It abstracts the common virtualization

– reviews-v1 & v3 ○ Otherwise, send plain text – reviews-v2 ● Server side will be in PERMISSIVE mode by default #IstioCon mTLS in Istio - PeerAuthentication Defines what type of traffic the server "demo-peer-policy“ namespace: "default“ spec: selector: matchLabels: app: reviews mtls: mode: STRICT 1) Apply destination rule to enable client side mTLS mTLS in Istio - Destination rule Using can access reviews-v1, reviews-v3 can not access reviews-v2 since we have enabled ISTIO_MUTUAL mode on client side Access productpage 1) Apply destination rule enable client side mTLS mTLS in Istio

0 章：命令行小技巧 传统的 CMake 软件构建 / 安装方式 • mkdir build • cd build • cmake .. • make -j4 • sudo make install • cd .. • 需要先创建 build 目录 • 切换到 build 目录 • 在 build 目录运行 cmake < 源码目录 > 生成 Makefile • 执行本地的构建系统 提供了更方便的 -B 和 --build 指令，不同平台，统一命 令！ • cmake -B build • cmake --build build -j4 • sudo cmake --build build --target install • cmake -B build 免去了先创建 build 目录再切换进去再指定源码目录的麻烦。 • cmake --build build 统一了不同平台（ devenv.exe ） • 结论：从现在开始，如果在命令行操作 cmake ，请使用更方便的 -B 和 --build 命令。 // 在源码目录用 -B 直接创建 build 目录并生成 build/Makefile // 自动调用本地的构建系统在 build 里构建，即： make -C build -j4 // 调用本地的构建系统执行 install

不会自动更新，还是旧的那几个文件，可能出现 undefined symbol ，需要重新运行 cmake -B build 才能更新。 • 加了，则每次 cmake --build 时自动检测目录是否更新，如果目录有新文件了， CMake 会自动帮你重新运行 cmake -B build 更新 myvar 变量。 六、头文件和源文件的一一对应关系 • 通常每个头文件都有一个对应的源文件，两个文件名字应当相同 D:/Qt5.12.1/msvc2017/lib/cmake/Qt5 。有三种设置方法： • (1) 单次有效。在 configure 阶段，可以从命令行设置（注意要加引号）： • cmake -B build -DQt5_DIR=”D:/Qt5.12.1/msvc2017/lib/cmake/Qt5” • (2) 全局启用。右键“我的电脑” ->“ 管理” ->“ 高级”添加一个环境变量 Qt5_DIR Qt5_DIR 为 /opt/Qt5.12.1/lib/cmake/Qt5 。有三种设置方法： • (1) 单次有效。在 configure 阶段，可以从命令行设置： • cmake -B build -DQt5_DIR=”/opt/Qt5.12.1/lib/cmake/Qt5” • (2) 全局启用。修改你的 ~/.bashrc 文件添加环境变量： • export Qt5_DIR=”/opt/Qt5

txt ，并在 build 文件夹下生成 build/Makefile ： • > cmake -B build • 让 make 读取 build/Makefile ，并开始构建 a.out ： • > make -C build • 以下命令和上一个等价，但更跨平台： • > cmake --build build • 执行生成的 a.out ： • > build/a.out 为什么需要库（ bat • > .\vcpkg integrate install • > .\vcpkg install fmt:x64-windows • > cd .. • > cmake -B build -DCMAKE_TOOLCHAIN_FILE="%CD%/vcpkg/scripts/buildsystems/vcpkg.cmake" 感谢观看！ presents by 彭于斌 个人 GitHub

ase:build-debian11 cd /curve/ # 使用 gcc 编译 bazel build –config=gcc7-later … # use '-faligned-new' to enable C++17 over-aligned new support # 使用 clang 编译 CC=clang CXX=clang++ bazel build …2 制作镜像 $(pwd):/curve -v /root/.cache/bazel:/root/.cache/bazel -it opencurvedocker/curve-base:build-debian11 # 容器内 cd /curve/curvefs make build os=debian11 # 容器外 # curvefs sudo make image os=debian11 tag=harbor.cloud curvefs/test/tools/curvefs_version_tool_test.cpp # 使用 clang 编译 CC=clang CXX=clang++ bazel build curvefs/...THANK YOU

the essence of the software problem • Buy versus build • Requirements refinement and rapid prototyping • Incremental development – grow, not build, software • Great designersRequirements refinement prototyping • The hardest single part of building a software system is deciding precisely what to build • The most important function that software builders do for their clients is the iterative extraction iterative development and specification of prototypes and productsIncremental development – grow, not build, software • Let us turn to nature and study the complexity in living things • The brain alone is

Reuse existing native libraries 4 How does NativeScript work? Under the covers Generated at build time for OS & 3rd party native libraries NativeScript Android Example output: JavaScript NativeScript platform $ tns run ios --emulator o Refresh app with latest changes to JS, CSS, XML o No re-build o Works with emulators AND devices DEMO NativeScript Core Concepts Let’s look at the Linux) o Free, Part of open source project o Requires installation, local environment setup to build for iOS/Android (requires Mac for iOS) o Integrates with Visual Studio Code (via plugin) WHY: