Updating

Updating

Harbor is an enterprise open source mirror warehouse that can store, sign and scan the content of cloud native products. Harbor project is the first CNCF open source project in China, especially welcomed by Chinese users. According to recent statistics, 47% of users in China use Harbor in production systems. After Harbor graduated from CNCF in June 2020, many remarkable functions have been added, such as mirror agent, online garbage collection, enhancement of robot account, P2P prewarming, performance data collection interface, IPv6 support, etc. Recently, Harbor Operator 1.0 has been released, which greatly improves the usability of Harbor on Kubernetes platform. The main purpose of this speech is to introduce the new functions that Harbor users are most concerned about and the future development direction.

As the only incubated edge computing project under CNCF, KubeEdge has been widely used in Internet, industry, energy, parks, transportation and other industries.
 As the only incubated edge computing project under CNCF, KubeEdge has been widely used in Internet, industry, energy, parks, transportation and other industries.
 This sharing will introduce how KubeEdge can realize cloud-edge collaboration in a low-quality network environment, and realize stable support and management of massive edge nodes and devices.

Alibaba's open source chaos engineering project ChaosBlade has entered CNCF Sandbox, become the first chaos engineering platform project to support the whole lifecycle of cloud native, aiming to help enterprises solve the problem of high availability in the process of cloud native through chaos engineering. This sharing focuses on the positioning of ChaosBlade, introduces the development history and future planning of the project, and shares the commercialization exploration based on this project.

SODA Foundation mission is to foster an ecosystem of open source data management and storage software for data autonomy. In this talk, we will introduce the Open Data Framework project and how it simplifies Kubernetes data and storage management. We will also share how you can contribute to SODA, as well as how your project can join the SODA ecosystem

As we all know, distributed system is very complex, faults are everywhere. So, how to survive in this complex world of distributed systems, especially today, when cloud native architecture can be seen everywhere, has been an actual challenge. And now a good answer is chaos engineering. This speech mainly talks about the technical details of Chaos Mesh, a chaos engineering platform under the cloud native architecture, and various designs and tradeoffs in chaos engineering platform building. It shows the mutual promotion between cloud native architecture and chaos engineering, achieving the effect of 1 + 1 > 2.

Cloud native technology has brought a series of benefits to enterprises, such as cloud infrastructure, Internet core technology, application data and intelligence. With the practice and promotion of cloud native technology, more and more cloud-based enterprises enjoy the dividends brought by cloud native technology. But under the cloud native architecture, Microservices, containers and cloud native components have spawned many new security problems, whole traditional security means cannot be involved. Traditional security protection, endpoints, networks and boundaries are relatively clear at all levels. However, in the cloud environment, these boundaries become very blurred. More importantly, traditional security tools are not cloud native and cannot match the demands of cloud native for flexibility, lightweight, high efficiency, scalability nor cannot be started and stopped at any time. As a result, the efficiency of security protection cannot keep up with the speed of application iteration, and security defense cannot start and stop at any time with the dynamic expansion of services. Therefore, the key requirements of cloud native environment for security construction in management and deployment have changed:
 -Cloud native security needs to cover the depth and breadth of cloud native environment horizontally and vertically from multiple dimensions such as infrastructure layer security, application layer security and data layer security; -Security must be lightweight, continuous and embedded in all aspects of deployment tools to ensure "inspection and control points"; -Security needs to be adapted to the configuration complexity brought by cloud applications, and needs to be automated like applications.

Updating

Cloud native application workloads are well known from Kubernetes native workloads (Deployment, StatefulSet), but on the other hand, we also see that from small and medium-sized start-ups to large Internet companies, the more large-scale application scenarios are, the more these native workloads cannot meet complex business deployment demands. Therefore, many companies have developed their own custom workload suitable for their own scenarios, but among them, only AliCloud’s open-sourced OpenKruise has become a CNCF Sandbox Project, which is truly mature in many aspects such as generalization, comprehensiveness and stability. In this sharing, we will start with Kubernetes native workloads to introduce the responsibilities and implementation basis of cloud native application workload, and then analyze the real demands for application workload in ultra-large-scale business scenarios, how OpenKruise meets these demands, and the development trends under the subsequent open source ecosystem.

Cloud native has become a general trend, but for enterprise customers, for the sake of data sovereignty and security privacy, enterprise customers will consider using multi-cloud hybrid environments to conduct business. However, the differences in infrastructure capabilities and security architectures of different cloud environments will lead to a serious separation of enterprise IT architecture and operation system, increasing the complexity of multi-cloud hybrid implementation and increasing operation costs. This sharing will introduce the development process, typical stages and representative technologies of cloud native multi-cloud & multi-cluster technology, and share how Karmada, the next generation open source multi-cloud container orchestration engine for cloud native, supports seamless migration of applications from single cluster to multi-cluster through native API.

Knative Eventing is a standardized event platform on open source Kubernetes, which provides a set of mechanisms to manage cloud computing event publishing and subscription, and provides event-based service triggers for Serverless platforms. Knative Eventing provides composable primitives to implement binding between event producers and event consumers. This sharing first introduces the overall architecture and underlaying implementation of the Knative Eventing system; Secondly, the event transmission mechanism in Eventing system is introduced. Finally, the application practice of Eventing system in mobile cloud function calculation is introduced.

Service Grid is the hottest technology in the cloud native era after Docker and Kubernetes. It has a great tendency to replace the traditional microservice framework and reconstruct the microservice development mode. Istio is currently the most advanced technology and is also the service grid technology most adopted by Chinese developers. Istio mainly provides rich service governance, security and observability in a non-intrusive way. Service governance and observability may be discussed more in various early technical conferences. This speech mainly focuses on how Istio can help developers build zero-trust network security. The contents mainly cover: automatic encryption of inter-service communication, issuance of certificates, automatic rotation, and authentication related functions.

Volcano is the first container batch computing project based on Kubernetes under CNCF. It provides a set of perfect working mechanisms to solve the scheduling and resource management of high-performance computing services such as AI, Big Data, scientific computing and rendering in cloud native environment. This speech mainly shares Volcano's technological evolution roadmap and typical use cases.

Vipshop’s AI platform supports a complete set of processes and systems of algorithm models from development, training to launch. Its core work includes large-scale distributed model training and model inference optimization. It supports various machine learning and deep learning scenarios such as recommendation, search, advertisement, image and NLP in business to achieve the overall goal of algorithm-driven company performance. This sharing will introduce how Vipshop’s AI platform that relies on Volcano can solve scheduling problems in the training process of TensorFlow model based on K8S: including Gang Scheduling, resource queue management and other practices, and has achieved a good goal of improving resource utilization rate on the whole. In addition, it will also share that Vipshop will use VPA (Vertical Pod Autoscaler) on K8S to dynamically control the use of container resources, that is, to ensure the availability of physical machines and realize the improvement of the overall resource utilization rate under the condition of CPU resources oversold.

GitOps is based on declarative systems (such as Kubernetes) and GitHub (or SCM tools such as GitLab) as a single trusted source, which largely solves the deployment of cloud native applications. However, how to handle the storage of sensitive information on GitHub, how to handle the connection of CI/CD, and how to embed other security contents into GitOps are a series of problems to promote GitOps. This speech will share tekton + kustize + sops + ArgoCD to find a practical path for GitSecOps.

The founder of Docker once said on Twitter that if WebAssembly and WASI were born in 2008, there would be no need to create Docker. WebAssembly is the future of Cloud Computing. It has been three years since this tweet, with the introduction of WASI and the emergence of more and more WASM Runtimes, WebAssembly has made remarkable progress in the development of cloud native field. In this lecture, we will profile several examples of WebAssembly runtime computing at the edge to answer whether WebAssembly can replace Docker in some specific scenarios.

K8S has become a de facto standard and is widely used in production environments. However, due to the problems of underlying technologies and usage methods, enterprises are facing some difficulties in using K8S in the production environment. This speech will base on the experience in the production environment to share you the K8S security dilemma and countermeasures.

eBPF has been regarded as a revolutionary technology of Linux in recent years, which has gradually attracted people's attention and application, and has brought many new possibilities to cloud native scenarios. This sharing will introduce the practice of eBPF in the process of MEGVII PaaS platform construction.