Configured Parameters Deployment Scopes Configured Traits Component 1 - Application Scopes - Parameters Component Component B Component C Component D 1 Where developers declare the operational characteristics deliver in infrastructure neutral terms. Component Component A Health Scope X Network Scope Y Network Scope X Component B Component C Component D Component A ApplicationScope A way to loosely single, deployable unit and specifies cross-component info, such as health scopes. Application Component B Component C Component D Component A Component Trait traits manual-scaler ingress For

leading open source orchestrator HELM chart OAM app Kubernetes resources Helm CLI kubectl Component Component Application rudr Kubernetes Cluster OAM Application YAML Open Application Model Application Application Scopes Parameters - Application Scopes - Parameters Component Workload Type Parameters Component Component B Component C Component D Where developers declare the operational characteristics characteristics of the code they deliver in infrastructure neutral terms. Component Component A Application Scope ApplicationScope A way to loosely couple components into groups with common characteristics

impact Dapr in a critical or high severity manner, and affects only a small group of Dapr users in a component that is not enabled by default. The vulnerability had the potential to crash a Dapr sidecar with the flow of untrusted data through a Dapr deployment, and then adding a fuzzer for the affected component. We added a total of five fuzzers to Daprs OSS-Fuzz integration. These will continue to run continuously application that compromises neither the user application nor the Dapr sidecar nor a particular Dapr component but does trigger a vulnerability in a remote service. The request could also trigger a vulnerability

Breakdown Access Controls 7 Configuration 5 Cryptography 1 Data Exposure 3 Data Validation 2 Component Breakdown Istio 10 Istio Sidecar 3 Istioctl 2 Pilot 3 Key Critical High Medium Low Informational High Impact: High, Exploitability: Medium Identifier NCC-GOIST2005-004 Category Data Exposure Component Istio Location Istio Control Plane: • controlPlaneSecurityEnabled istioctl configuration option High Impact: High, Exploitability: Medium Identifier NCC-GOIST2005-016 Category Configuration Component Istio Location https://istio.io/latest/docs/ Impact WIthout clear documentation, administrators

a. 编辑 openshift-monitoring 项目中的 cluster-monitoring-config ConfigMap 对象： b. 将您的配置以键值对 <component_name>: <component_configuration> 的形式添加 到 data/config.yaml 下： $ oc apply -f user-workload-monitoring-config openshift-monitoring OpenShift Container Platform 4.10 监 监控 控 14 1 相应地替换 <component> 和 component>。 以下示例 ConfigMap 对象为 Prometheus 配置持久性卷声明（PVC）。这与只监控 OpenShift Container Platform config ConfigMap 对象： b. 将您的配置以键值对 <component_name>: <component_configuration> 的形式添加 到 data/config.yaml 下： 相应地替换 <component> 和 component>。 以下示例 ConfigMap 对象为 Prometheus 配置数据保留周期和最低容器资源请求。这与

io/myusername/myimage dockerfile: uri: ./Dockerfile 1 buildContext: ${PROJECTS_ROOT} 2 name: component-built-from-dockerfile $ odo catalog list components NAME DESCRIPTION with Python 3.7 DefaultDevfileRegistry [...] $ odo catalog describe component $ odo catalog describe component nodejs * Registry: DefaultDevfileRegistry 1 Starter Projects: 2 --- name: nodejs-starter devfile 和组件。要使用初 学者项目，在 odo create 命令中添加 --starter 标志。 要获取组件类型的可用启动程序项目列表，请运行 odo catalog describe component 命令。例如，若要 获取 nodejs 组件类型的所有可用入门项目，请运行以下命令： 然后，在 odo create 命令中使用 --starter 标志指定所需的项目： 这将下载与所选组件类型对应的示例模板，在本例中为

Problem: – Creating API tests is effort intensive – Creating + maintainting E2E, service tests, component tests adds up very quickly • What happens if you do not address the problem? – Thorough test coverage creating API tests • Can also be sped up by just navigating the application UI – Create E2E tests, component tests and service tests from the same data • Key product benefits (#releases, #rollbacks, MTTR Questions 2 Structure | CONFIDENTIAL 3 API-driven applications exploding Service Testing Component Testing E2E API Tests Engineering effort grows superlinearly as #APIs grow Customer services

API server which provides all CRUD operations on cluster through a API. • proxy is another component which is running on every node in Kubernetes cluster and provides a simple network and load balancer complete Guestbook application: • Service definitions for: o FrontEnd component : o Redis Master o Redis Slave component • Deployment definitions for: o Front End o Redis Master o Redis Slave UI which takes user inputs and persists to Redis. There can be more than one node for frontend component load balanced by a load balancer • Redis Master: The master node of Redis used to write data

4 5 3 . . . 1 3, 4 2 1, 4 5 3 . . . ??? Vasiliki Kalavri | Boston University 2020 15 A component is a subgraph in which every vertex is reachable from all other vertices in the subgraph. Connected State: the graph and a component ID per vertex • initially equal to vertex ID • Iterative step: For each vertex • choose the min of neighbors’ component IDs and own component ID as the new ID • • if the component ID changed since the last iteration, notify neighbors 16 ??? Vasiliki Kalavri | Boston University 2020 1 4 3 2 5 i=0 Batch Connected Components 17 6 7 8 ??? Vasiliki Kalavri

团队 Trait + App Config 运维 Component 研发 K8s 原生 API ECS/ FaaS/…… • API复杂：区分使用者/关注点分离 • 能力难上手：模块化封装/统一管理 • 云资源：统一API对接 apiVersion: core.oam.dev/v1alpha1 kind: Component metadata: name: nginx annotations: annotations: version: v1.0.0 description: > Sample component schematic that describes the administrative interface for our nginx deployment. spec: workloadType: Server osType: linux containers: - name: required: false 2. A list of overwritable parameters (schemas) 1.Description of the application Component 核心workload 可访问 可复制 长久运行 Server √ √ √ Singleton Server √ × √ Worker × √ √ Singleton Worker ×