Ops 複雜性 12 • A single pane of glass platform • 運營團隊需要能夠通過一個統一的儀 表板在一個地方可視化整個系統。 • Complete separation of concerns • 應用程序開發人員應該能夠盡可能地 自助服務，依靠一小群平台工程師來 管理底層操作系統。 • Centralized policy controls • 運營團隊需要一種集中控制集群和工

Ingress Business Logic A Business Logic A Business Logic A Business Logic A Business Logic A Business Logic B Business Logic A Business Logic A Business Logic C Business Logic A Business Logic A SubService SubService Business Logic A Business Logic A DB Server Business Logic A Business Logic A File Server Business Logic A Business Logic A Cache 需要多少 Services, Deployments, StatefulSets DaemonSets, CronJobs?

clients’ memory Ø leak users’ secrets • Sending to / receiving from malicious software entity (logic) TEE-based Kubelet • Address security threats • Node (kubelet) compromise • leak secrets on consumption One binary: TEE Transparency • Motivation • Leverage the same code base, thus the same • APIs, logic, iteration plan for developers • Experience for users/operators • TEE as an option, en/disable based

Auto-generated API in Kubernetes API server • Customized resource controller to implement your business logic of managed resource • Natural Kubernetes experience for operating your own resource with Kubernetes

2018 应用部署演化： Going native with cloud Virtual Machine/Bare Metal Increasing focus on business logic Decreasing concern (and control) on infrastructure implementation Container Orchestration

driven, not edge driven edge level Image: https://speakerdeck.com/thockin/edge-vs-level-triggered-logic Controller • The heart of Kubernetes orchestrator • drives the cluster state based on the changes

individual adapters can be added for different CaaS and PaaS systems • NSX Infra layer: Implements the logic that creates topologies, attaches logical ports, etc. based on triggers from the Adapter layer