SEPTEMBER 2022 GitOps for Kubernetes Essentials to Applications Hosted in Cloud-Native Ecosystems NINAD DESAI STAFF ENGINEER, INFRACLOUD CONTENTS • About GitOps for Kubernetes • Configuration Management Management in Kubernetes • GitOps for Kubernetes Essentials • Conclusion Git is the most widely used version control system, with more than 80 percent of its market share in today’s software industry running in Kubernetes. In this Refcard, we will dive into what GitOps means in the Kubernetes world, key principles, and the advantages for cloud-native ecosystems. ABOUT GITOPS FOR KUBERNETES Thanks

North-South Load Balancing of Kubernetes Services with eBPF/XDP Martynas Pumputis (Isovalent) October 28, 2020 10.0.0.1 10.0.0.2 10.0.0.3 httpd httpd “httpd” service 10.0.0.1:30000 10.0.0.2:30000 KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT -A KUBE-FORWARD -s 10.217.0.0/16 -m comment --comment "kubernetes forwarding conntrack pod source rule" --ctstate RELATED,ESTABLISHED -j ACCEPT -A KUBE-FORWARD -d 10.217.0.0/16 -m comment --comment "kubernetes forwarding conntrack pod destination rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

cross-host startup and monitoring DPU Management-plane processes libvirtd dockerd virsh client Kubernetes Server 011 openEuler OS Technical White Paper Innovation Projects eNFS Kernel SIG The operating system that can be centrally managed through Kubernetes. It enables unified management of both containers and node OS through Kubernetes, including atomic upgrades and API-based operations. Challenges In cloud-native scenarios, containers and Kubernetes are widely used. However, the management of OSs is affected. • With applications being containerized, new challenges arise for OSs. Traditional

What you have (current state) CD Why GitOps? Reliably and consistently configure multiple Kubernetes clusters and deployment 6 Capturing and tracing any change to clusters through Git history Application Delivery Model 8 Source Git Repository Config Git Repository Image Registry Kubernetes CI CD The GitOps Application Delivery Model Pull Request Push Pull Push Pull Pull Request Repository Image Registry CI The GitOps Application Delivery Model Config Git Repository Kubernetes Deploy Monitor Detect drift Take action CD Continuous Integration & Continuous Delivery

scenarios, the OS is deployed and maintained in containers, allowing the OS to be managed based on Kubernetes, just as service containers. • Secure container solution: Compared with the traditional Docker+QEMU Technical White Paper 15 Container OS Cloud native is the next step in cloud computing evolution. Kubernetes has become the foundation for most modern, cloud- native software infrastructure. Major OS vendors cloud-native cluster OSs in containers. KubeOS has the following features: • OS containerization and Kubernetes interconnection for atomized lifecycle management • Lightweight OS cropping, which reduces unnecessary

subsystems, and leverages multi-channel concurrency to improve I/O performance. • OpenStack & Kubernetes: openEuler is designed for cloud applications. It integrates the two mainstream pieces of cloud Platform Architecture IDE Auto-tuning tool A-Tune Test platform Compass-CI Toolchain OpenStack Kubernetes Kylin HA Cluster scheduling and management CPU: x86, ARM, RISC-V GPU NPU Chips Apps Virtualization simplified device model, it can start within 50 ms, control the noise floor within 4 M, and process serverless workloads. • Software and hardware collaboration: StratoVirt supports x86 and Kunpeng-V virtualization

等组件。 创新架构，全栈优化，打造全场景协同的 One OS，充分释放多样性算力。 IDE 自调优工具 A-Tune 测试平台 Compass-CI 工具链 OpenStack Kubernetes 麒麟HA 集群调度 和管理 CPU: X86、Arm、RISC-V GPU NPU 芯片 APPS 虚拟化 容器 QEMU Docker libvirt 虚拟化/ 容器 StratoVirt 支持本地卷管理，isula-build 新增镜像拉取、推送等功能。 • StratoVirt& 虚拟化：支持内存弹性、大页、增强 IO 子系统、通过多通道并发提升 IO 性能。 • OpenStack&Kubernetes：向云而生，集成两大主流云计算调度和管理软件，构筑云化基座 。 • HA 高可用集群方案：麒麟软件贡献的 HA 高可用集群方案，故障秒级切换。 繁荣社区生态： • 更多桌面环境支持：UKUI、DDE 主要优势如下： • 强安全性：基于 Rust 实现语言级安全，模型设计上最小化攻击面， 实现多租户物理隔离。 • 轻量低噪：采用极简设备模型时，启动时间小于 50ms，内存底噪小于 4M，支持 Serverless 负载。 • 软硬协同：StratoVirt 支持 x86 的 VT，支持鲲鹏的 Kunpeng-V。 • 极速伸缩：毫秒级设备扩缩能力，为轻量化负载提供灵活的资源伸缩能力。 新增功能

CPU 的快速抢占，确定性的调度运行，同时控制离线任务干扰。 优化 OOM 时内存回收调度算法，在发生 OOM 时，优先对低优先级的进程组进行内存回收，保障在线业务的正常运行。 针对 Kubernetes 集群下的混合部署，openEuler 用户仅需给业务打上在线或离线的标签，系统即能自动感知业务的 创建，并根据业务的优先级配置，实现资源的隔离和抢占。 功能描述 1. 进程属性设置：支持通过 • 软硬协同：支持 x86 的 VT，支持鲲鹏的 Kunpeng-V。 • 极速伸缩：毫秒级设备扩缩能力，为轻量化负载提供灵活的资源伸缩能力。 • 多场景支持：实现一套架构支持 serverless、安全容器、标准虚拟机等多种应用场景。 容器引擎 iSulad： • 轻量引擎：C/C++ 编程语言重构轻量容器底座，适应边、云多样场景。 • 混合调度：通过 containerd-shim-kata-v2

云+社区技术沙龙 Serverless Ops 孔令飞 腾讯云架构师 个人简介 2013 Red Hat： 虚拟化技术 Xen、KVM 的测试 2015 联想云： KVM 研发 2016 加入腾讯：容器平台 (docker + k8s) & 微服务的架构和研发 2019 腾讯云 Serverless 产品架构师 核心诉求 Application Application Architecture Prometheus Serverless Tencent Serverless System Resource Mysql Ceph Docker KVM 业务运维 平台运维 系统运维 Serverless 介绍 什么是 Serverless、Serverless 提供的运维能力 Serverless 业务运维能力 & 系统运维能力 Serverless 和 虚拟机 2 种形态下运维能力对比 种形态下运维能力对比 Serverless vs. IaaS 运维能力对比 Serverless 和 虚拟机 2 种形态下运维能力对比 Serverless 运维案例 腾讯相册微信小程序运维案例 目录 Serverless 介绍 2014 2016 2017 AWS lambda Azure Function GCP Cloud Function IBM Open Wisk

StratoVirt 类型轻量级虚拟机沙箱技术创建安全容器沙箱。 • 支持 StratoVirt 类型安全容器进行资源精准限制管理。 功能描述 openEuler iSulad 边缘 / 物联网场景 Serverless 应用场景 政企数据敏感场景 Kuasar 统一容器运行时 Sandbox API WASM Sandbox 容器轻量 开销极小 Quark Sandbox 冷热启动 极致加速 互联网 中间件 基因 金融 政企 交通 制造 Sandbox Plugin 特性增强 42 openEuler 23.09 技术白皮书 单机多租户共享场景 • 以容器形态对外提供 Serverless 服务，需要容器规格小，单机密度高，启动速度快。 • 在一台物理机上会部署多个不同租户的容器，需要容器之间有强隔离的安全保证。 • 用户通常会应用在弹性扩缩容的场景，需要容器启动和销毁的速度快。