Loading…

线上峰会
12月9-10日
了解更多信息注册参加

Sched 应用程式允许你建立你的日程表,但不能代替你的活动注册。你必须注册 2021年中国 KubeCon + CloudNativeCon + Open Source Summit - 线上峰会 才能参加会议。如果你还没有注册但想加入我们,请到活动注册页面购票注册。

请注意:此日程表自动显示为中国标准时间(UTC +8)。要想看到您选择的时区,请从右侧 「Filter by Date」上方的下拉菜单中选择。日程表可能会有变动。


Virtual
December 9-10
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon + Open Source Summit China 2021 - Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in China Standard Time (UTC +8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, December 7
 

00:00 CST

Kubernetes 高端技术:如 Pi 一样易如反掌,由Canonical有限公司主办 {注册费用:免费} | Kubernetes at the Edge: Easy as Pi hosted by Canonical Ltd (Complimentary Registration Required)
您是否曾设想过能使用自己的家庭云端,但又觉过于复杂?微型云端让任何人都可以在任何地方设立云端。本视频将涉及如何将 LXD,微型 K8s 和 Charmed Operator 结合运用于 BYOC(build your own cloud,即建立你自己的云端 -- 我们使用的是树莓派(Raspberry Pi)!
 
如何注册:点此注册参加《Kubernetes 高端技术:如 Pi 一样易如反掌》
如您有关于本场活动的问题,请联系liam.zheng@canonical.com

Have you dreamt of having your own home cloud but found it too complex? Micro-clouds enable everyone to build a cloud anywhere. In this video, we cover how to combine LXD, MicroK8s, and Charmed Operators to BYOC (build your own cloud) - we're using Raspberry Pi's!
How to Register: Register here to attend Kubernetes at the Edge: Easy as Pi!
For questions regarding this event, please reach out to liam.zheng@canonical.com.

Tuesday December 7, 2021 00:00 - Wednesday December 8, 2021 23:59 CST
虚拟会议 | Virtual - Online
 
Thursday, December 9
 

09:00 CST

主题演讲: 欢迎和开幕词 | Keynote: Welcome & Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation



Speakers
avatar for Priyanka Sharma

Priyanka Sharma

Executive Director, CNCF
Priyanka is the Executive Director of the Cloud Native Computing Foundation (CNCF) which serves as the vendor-neutral home for 100+ of the fastest-growing open source projects, including Kubernetes, Prometheus, and Envoy. She is also a co-creator of the Inclusive Naming Initiative... Read More →


Thursday December 9, 2021 09:00 - 09:15 CST
Kubecon + CloudNativeCon 演讲厅

09:15 CST

主题演讲:待定 | Keynote: Jim Zemlin, Executive Director, The Linux Foundation



Speakers
avatar for Jim Zemlin

Jim Zemlin

Executive Director, The Linux Foundation
Jim Zemlin’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through... Read More →


Thursday December 9, 2021 09:15 - 09:25 CST
Kubecon + CloudNativeCon 演讲厅

09:25 CST

主题演讲:生态银行的数据云原生 | Keynote: Eco-bank's Data Cloud Native - Wei Huang, Deputy General Manager of the Information Technology Department, SPD Bank
本次演讲从三个方面展开,旨在介绍浦发银行的生态银行战略,并由此战略引发了对科技理念、科技架构、科技管理的深层次思考,围绕数字化时代最核心的数据要素建设新一代的银行核心系统架构。在这一个探索摸索的过程中,云原生技术逐渐成为了浦发银行核心系统架构的基石技术,浦发银行于 2019 成为中国首家加入云原生基金会的股份制银行,标志着中国金融科技水平与云原生生态两股潮流的完美结合,将过去狭隘的对金融科技的理解,推动到了实体金融体系嫁接数字科技赋能产业转型的新高度。
1.浦发银行生态银行及全景银行的战略
2.浦发银行基于云原生架构的技术转型
3.浦发银行寻找和孵化的云原生技术

This speech is carried out from three aspects, aiming to introduce the ecological banking strategy of SPD Bank, and this strategy has triggered in-depth thinking on technology concepts, technology structure, and technology management, and built a new generation of bank core system structure around the most core data elements in the digital age.In this process of exploration , cloud native technology has gradually become the cornerstone technology of Pudong Development Bank's core system structure technology. Pudong Development Bank became the first joint-stock bank in China to join the Cloud Native Foundation in 2019, which marks the perfect combination of the two trends of China's financial technology level and the cloud-native ecology. It has changed people's narrow understanding of financial technology in the past, which pushed this understanding to a new height where the physical financial system is grafted with digital technology to empower industrial transformation.
1. The strategy of the "Ecology and Panorama" part of Shanghai Pudong Development Bank
2. Technical transformation of SPD Bank based on cloud native architecture
3. Cloud native technology seeks and incubates by SPD Bank



Speakers
avatar for Wei Huang

Wei Huang

Deputy General Manager of the Information Technology Department, SPD Bank


Thursday December 9, 2021 09:25 - 09:40 CST
Kubecon + CloudNativeCon 演讲厅

09:40 CST

主题演讲:构建开源的分布式云原生世界 | Keynote: Build an Open Source Distributed Cloud Native World - Jian Huang, Chief Architect of Huawei Cloud Containers, Huawei Cloud
随着云原生的火热发展,云原生技术已经无处不在,逐步渗透到公有云,数据中心,边缘等多样化的客户场景。华为云也致力于打造开源开放的分布式云原生平台,并推出了UCS服务(Ubiquitous Cloud Native Service)给用户提供极致的云边端一致性云原生体验,当然你可以采用华为发起的CNCF开源项目Karmada/KubeEdge/Volcano构筑属于你的分布式云原生世界。

With the rapid development of cloud native technologies, they have become ubiquitous and gradually penetrate into diversified customer scenarios, such as public cloud, data center, and edge. HUAWEI CLOUD is also committed to building an open source, distributed cloud-native platform and launched the Ubiquitous Cloud-Native Service (UCS) to provide users with the ultimate, consistent cloud native experience. Of course, you can use Huawei-initiated open source projects in CNCF: Karmada, KubeEdge, and Volcano to build your own distributed cloud native world.


Speakers
avatar for Jian Huang

Jian Huang

Chief Architect of Containers, Huawei Cloud
现任华为云容器团队首席架构师,2008年加入华为,自2013年起负责华为容器相关业务的技术规划和架构设计工作,推出云容器引擎,Serverless容器,服务网格,分布式云原生等多款云原生服务,并参与策划推出华为多项云原生开源软件。Jian... Read More →


Thursday December 9, 2021 09:40 - 09:50 CST
Kubecon + CloudNativeCon 演讲厅

09:50 CST

主题演讲:与K8s舰队一起航行,海量节点的多集群管理 | Keynote: Sailing with K8s Armada: Multi-Cluster Management with Massive Amounts of Nodes – Yifan Shen, PaaS Cloud Platform Architect, ICBC & Kevin Wang, Lead of Cloud Native Open Source Team, Huawei
在工商银行,云原生基础设施平台支持着成千上万的业务,管理着各种异构硬件和大量资源,为这些业务提供服务。Kubernetes 很好,但考虑到可扩展性、可用性以及多区域部署、基础设施升级等因素,基于多集群的架构已经成为整个平台的关键部分。如何有效地管理这些集群的资源,使不同的业务团队能够自由、灵活地部署服务,同时保证足够高的资源利用率是需要解决的关键挑战。作为一个新的多集群编排框架,Karmada的设计是针对Kubernetes Native API,这使生活变得更加容易。在这次分享中,一帆和Kevin将详细介绍:
1. 工商银行超大规模基础设施的关键挑战。
2. 基于K8s的多集群解决方案的评估和考虑。
3. 取得的成绩,遇到的问题和解决方法。

At ICBC, the cloud native infrastructure platform supports thousands of businesses, manages various heterogeneous hardware and massive resources to provide services for these businesses. Kubernetes is great, but considering factors such as scalability, availability, and multi-regional deployment, infrastructure upgrade etc., the multi-cluster based architecture has become a key part of the whole platform. How to efficiently manage the resources of these clusters so that different business teams can deploy services freely and flexibly, while ensuring sufficiently high resource utilization is the key challenge needs to be resolved. As a new multi-cluster orchestration framework, Karmada is designed to be Kubernetes Native API oriented, which make life much easier.
In this sharing, Yifan and Kevin will go over:
1. Key challenges of hyperscale infrastructure at ICBC
2. Evaluation of K8s based multi-cluster solutions and considerations
3. Achievements, problems met and resolved

Speakers
avatar for Zefeng (Kevin) Wang

Zefeng (Kevin) Wang

Lead of Cloud Native Open Source Team, Huawei
Kevin Wang is a contributor in the CNCF community since its beginning, leader of the cloud native open source team at Huawei, and co-founder of the CNCF KubeEdge, Volcano and Karmada projects.Kevin has contributed to Kubenretes upstream for years and now spends 100% of his work and... Read More →
avatar for Yifan Shen

Yifan Shen

PaaS Cloud Platform Architect, ICBC
Yifan has been committed to the research and development of the container field for a long time. He is the core developer of the ICBC PaaS cloud platform and is currently responsible for the architecture design of the ICBC PaaS cloud platform.Yifan is a big fan of open source & cloud... Read More →


Thursday December 9, 2021 09:50 - 10:05 CST
Kubecon + CloudNativeCon 演讲厅

10:05 CST

主题演讲: 以软件为核心,助您上云 | Keynote: Software: At the Heart of Your Cloud - Grace Lian, Senior Director of Open Source Cloud Software, Intel
云原生微服务架构技术在业界广泛深入的应用,通过其带来的程序模块化开发以及业务方案之间快速组合的技术优势正在变革着当今企业业务的发展。然而这种变革也带来了应用程序在服务启动、服务发现、自动扩缩容以及微服务间通信安全性方面的复杂性。面对这些挑战,英特尔®致力于和业界的合作伙伴们一起携手合作解决这些难题,以提高云的可靠性、安全性、性能和效率。十多年来,英特尔®一直是开源云软件社区的热情合作伙伴,致力于将创新的平台优化技术带给社区和合作伙伴,来改善和提高开发人员和方案部署的体验。在本次演讲中,您将进一步了解英特尔®在云原生领域的贡献以及为您的业务带来的帮助、对开源软件生态的长期承诺,以及未来您可以一起参与的技术方向。

The extensive shift to cloud native microservice architecture has transformed businesses by enabling modular development and speedy composition of solutions. This transformation presents complexities in launching, discovering, auto-scaling, and protecting the microservices and their inter-communication. Intel, together with the ecosystem, is committed to improving cloud reliability, security, performance, and efficiency. For over a decade Intel has been a passionate partner of the open-source cloud software community to integrate innovative platform technologies with optimizations that improve the developer and deployment experience. In this talk, you will learn more about Intel's cloud native contributions at the heart of your cloud, its long-term commitment to the open software ecosystem, and upcoming technologies that you can influence.


Speakers
avatar for Grace Lian

Grace Lian

Sr. Director of Open Source Cloud Software, Intel
Grace Lian, Senior Director, Open Source Cloud Software at Intel. She leads Intel’s cloud open source strategy and development efforts in cloud infrastructure, orchestration, service mesh, container runtimes, cloud native hypervisor, workloads, and microservice benchmarking. Grace... Read More →


Thursday December 9, 2021 10:05 - 10:15 CST
Kubecon + CloudNativeCon 演讲厅

10:15 CST

主题演讲: CNCF 项目更新 | Keynote: CNCF Project Updates - Ricardo Rocha, Computing Engineer, CERN



Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer in the CERN cloud team focusing on containerized deployments, networking and more recently machine learning platforms. He has pushed for several years the internal effort to transition services and workloads to use cloud native technologies, as well... Read More →


Thursday December 9, 2021 10:15 - 10:25 CST
Kubecon + CloudNativeCon 演讲厅

10:25 CST

主题演讲:如何创建属于你自己的 CNCF 项目 | Keynote: How You Can Create a CNCF Project - Lei Zhang, Software Engineer, Alibaba Cloud & Sheng Liang, President of Engineering and Innovation, SUSE
众所周知,CNCF 托管了很多当今最流行的开源项目,比如 Kubernetes,Prometheus 和 Envoy。而作为开源软件工程师,你其实也可以随时创建或者把你自己的项目提交给 CNCF 进行托管。在本次演讲中,两位 CNCF TOC 成员(同时也是多年的开源实践者)将详细的介绍如何创建属于你自己的 CNCF 项目。具体议程包括:
- 什么是 CNCF?它的愿景是什么?它是如何让开源社区受益的?
- 作为一个开源软件的作者,我又能够从 CNCF 得到哪些帮助?
- 如果要创建一个 CNCF 托管项目,我该怎么做?如何判断我的项目跟 CNCF 的愿景是一致的?
- CNCF 项目的“孵化级”和“毕业级”的具体要求是什么?“沙箱级”又是什么意思?为什么会有“沙箱级”?
- CNCF 介意有竞争关系的项目吗?
- 将开源项目交给 CNCF 托管的具体步骤是什么?有哪些常见的坑可以避免?
- 整个流程大概需要多长时间?
除了上述的一般性讨论之外,本次演讲还会以一些最近加入的项目为例,来更好的回答上述问题和阐述整个流程。你是云原生领域开源软件的从业者吗?那一定不要错过这个演讲!

CNCF manages a collection of open source projects like Kubernetes, Prometheus, and Envoy. As open source developers, you can create and submit your own projects to CNCF. In this session, two CNCF TOC members (and open source practitioners) will explain how you can create your own CNCF projects. We will cover topics such as:
  • What is CNCF? What’s its vision? How does it benefit the open source community?
  • As an author of open source software, how can I benefit from CNCF?
  • What should I do to create a CNCF project? How to decide if my project aligns with CNCF?
  • What qualifies a project to be graduated and incubation? What is sandbox level and why does it exist?
  • Does CNCF accept competing projects?
  • What are needed steps for submitting a project, and what pitfalls should I avoid?
  • How long should I expect on the reviewing process to take?
Besides the general discussion, we will also highlight several newly joined projects as real-world examples to better understand the CNCF process. Working on open source software in cloud native area? Don’t miss this talk!

Speakers
avatar for Lei Zhang

Lei Zhang

Software Engineer, Alibaba Cloud
Lei is currently leading engineering effort of Kubernetes and next-gen application platform at Alibaba. Prior to Alibaba, Lei was an engineer at Hyper_ mainly worked on KataContainers, CRI and hard multi-tenant Kubernetes. Lei graduated from Zhejiang University.
avatar for Sheng Liang

Sheng Liang

President of Engineering and Innovation, SUSE
Sheng Liang is President of Engineering and Innovation at SUSE where he leads SUSE’s global team of engineers, and is responsible for the rapid growth of SUSE's expanding portfolio from the enterprise Linux operating system to the Rancher container management platform. Prior to... Read More →


Thursday December 9, 2021 10:25 - 10:40 CST
Kubecon + CloudNativeCon 演讲厅

10:40 CST

主题演讲: 闭幕词 | Keynote: Closing Remarks - Jasmine James, Engineering Manager, Twitter & Ricardo Rocha, Computing Engineer, CERN



Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer in the CERN cloud team focusing on containerized deployments, networking and more recently machine learning platforms. He has pushed for several years the internal effort to transition services and workloads to use cloud native technologies, as well... Read More →
avatar for Jasmine James

Jasmine James

Senior Engineering Manager-Developer Experience
Jasmine is an engineering manager leading the developer experience pillar in the engineering effectiveness organization. She has previously worked at Delta Air Lines enabling cloud native application development by providing modern tooling and capabilities utilizing various CNCF projects... Read More →


Thursday December 9, 2021 10:40 - 10:50 CST
Kubecon + CloudNativeCon 演讲厅

10:45 CST

Virtual Project Office Hours: Antrea
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Antrea Project Office Hours here: https://zoom.us/webinar/register/WN_I3C29PNMRWKp94iVyvhNCw


>> Full list of Project Office Hours


Thursday December 9, 2021 10:45 - 11:30 CST
Project Office Hours

10:45 CST

Virtual Project Office Hours: KubeDL
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for KubeDL Project Office Hours here: https://zoom.us/webinar/register/WN_NcXP9uO6T4ikFmyMhZE4YQ


>> Full list of Project Office Hours


Thursday December 9, 2021 10:45 - 11:30 CST
Project Office Hours

10:50 CST

10:50 CST

解决方案展示 | Solutions Showcase
在解决方案展示区参观我们的赞助商,尝试最新的演示,观看现场演示,在现场办公时间与专家交谈,查看工作机会,并获得一些小礼品。

为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、常规人口统计问题(即,工作职能、行业),以及关于您互动的赞助内容或资源的详细信息。选择与虚拟展位互动或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts during live office hours, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), when accessing sponsored sessions in the sponsor theater, accessing virtual swag provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.




Thursday December 9, 2021 10:50 - 16:00 CST
Kubecon + CloudNativeCon 演讲厅

11:00 CST

From Allies to Partners: A Foundational Toolkit for Inclusive Leadership
The reality is humans make mistakes, especially when it comes to diversity, equity, and inclusion. We all, at some point, didn't say what was politically correct and might have offended a friend, a family member, or co-worker.

The good news is that while we can't avoid these mistakes and challenging conversations. We can all build our foundational toolkit for inclusive leadership, so we can at least do a bit better the next time around. The simplest acts go a long way to make someone feel seen, heard, and valued. Join us in a practical and interactive session that will take you from being an ally to an actual partner in the journey for a more equitable and just society!


Speakers
YV

Yulkendy Valdez

Co-Founder & CEO, Forefront
Yulkendy Valdez is a master educator and expert in developing experiential programs focused on diversity and inclusion. She is a Forbes 30 Under 30 Social Entrepreneur and TEDx Speaker. She has received numerous fellowships from the Harvard Kennedy School, Opportunity Nation, Young... Read More →
JP

Josuel Plasencia

Co-Founder & COO, Forefront
Josuel Plasencia is the Co-Founder and COO of Forefront. Recently, he was selected to the Forbes 30 Under 30 list for the year 2020. Josuel has corporate experience in finance, business strategy, and international development with Accenture, Goldman Sachs, EY, KPMG, BNY Mellon, and... Read More →


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:00 CST
Kubecon + CloudNativeCon 演讲厅

11:00 CST

赞助商会议: 亚马逊云科技的Kubernetes之旅| Sponsored Session: AWS with Kubernetes
为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、微信账号、工作职能、行业、以及关于你相互交流的赞助内容或资源的细节。选择与虚拟展位相互交流或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

这 是 一个 点播 视频 的 会议 , 将 在 活动 期间 提供。

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit these third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), accessing sponsored sessions in the Sponsor Theater, accessing giveaways provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, WeChat ID, Job Function, Industry, and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or sponsored content you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.


在本次主题演讲中,亚马逊云科技 Kubernetes服务总经理Bob Wise将介绍Amazon Elastic Kubernetes Services (EKS)的设计初衷,以及一路走来的不断改进和延伸,也会分享亚马逊云科技内部使用EKS的最佳实践。作为CNCF的董事会成员,Bob还会分享我们对Kubernetes未来发展的预见。自2018年EKS诞生以来,我们努力为以K8S相关的各种开源软件项目做出贡献,从Amazon EKS Distro, Amazon EKS Anywhere,到最近发布的Karpenter,我们将持续的为我们的客户提供支持。在这次会议上,Bob将针对这些新发布做更详尽的分享。快来加入我们吧!

In this session, Bob Wise, the General Manager, Kubernetes at AWS will reveal the history of Amazon Elastic Kubernetes Services (EKS) and share how it evolves within AWS. As a board member of CNCF, Bob will also be sharing how we believe Kubernetes will evolve in the future. Since EKS launched in 2018, we have contributed to a broad variety of open source software projects, from Amazon EKS Distro, Amazon EKS Anywhere, to the most recent announcement, Karpenter, and will continue to do so as we seek to help our customers. At this session, Bob will be also covering more information of those contributions. Come and join us!

Speakers
BW

Bob Wise

亚马逊云科技 Kubernetes服务总经理 | General Manager, Kubernetes, AWS


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:45 CST
赞助商舞台| Sponsor Theater

11:00 CST

赞助商会议: 使用阿里云服务网格ASM和Intel Multi-Buffer技术实现更快的应用服务间| Sponsored Session: Using Alibaba Cloud Service Mesh (ASM) and Intel Multi-Buffer technology to achieve faster encrypted communication between application services
为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、微信账号、工作职能、行业、以及关于你相互交流的赞助内容或资源的细节。选择与虚拟展位相互交流或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

这 是 一个 点播 视频 的 会议 , 将 在 活动 期间 提供。

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit these third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), accessing sponsored sessions in the Sponsor Theater, accessing giveaways provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, WeChat ID, Job Function, Industry, and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or sponsored content you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.

服务网格作为一个云原生应用通信的基础设施层,已经成为用户应用服务内透明通信的首选通用架构模式。通过每个服务实例的Sidecar代理可以控制服务间的流量管理、通信、安全和监控。微服务和零信任安全可以让您的系统比使用单体应用程序时更安全。要实现零信任,可以使用双向 TLS 为服务发出的每个请求提供加密。 本主题中将探讨如何使用阿里云服务网格ASM和Intel Multi-Buffer技术来实现两全其美, 即在服务网格部署中具有更快的服务通信响应时间的加密隧道, 确保应用程序基础设施服务之间快速、可靠和安全的通信。

As an infrastructure layer for cloud-native application communication, service mesh has become the preferred general architecture pattern for transparent communication within application services. The Sidecar proxy can control traffic management, communication, security and monitoring between services. Microservices and zero-trust security can make your system more secure than when using monolithic applications. To implement zero-trust, you can use a mTLS to provide the encryption for each request. But the encrypted tunnel implemented with mTLS increases the latency time. In this topic, we will discuss how to use Alibaba Cloud Service Mesh (ASM) and Intel Multi-Buffer technology to achieve the best of both worlds, that is, an encrypted tunnel with faster service communication response time, and ensuring that application services are connected with faster, reliable and secure communication.

Speakers
LX

王夕宁 | Xi Ning Wang

阿里云服务网格ASM负责人, Alibaba Cloud
XW

胡伟 | Wei Hu

英特尔软件和先进技术事业部, Intel SATG


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:45 CST
赞助商舞台| Sponsor Theater

11:00 CST

赞助商会议: 如何使用OCM clusteradm引导多集群| Sponsored Session: Bootstrap Your Cluster with OCM's clusteradm
为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、微信账号、工作职能、行业、以及关于你相互交流的赞助内容或资源的细节。选择与虚拟展位相互交流或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

这 是 一个 点播 视频 的 会议 , 将 在 活动 期间 提供。

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit these third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), accessing sponsored sessions in the Sponsor Theater, accessing giveaways provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, WeChat ID, Job Function, Industry, and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or sponsored content you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.

Open Cluster Management (OCM,开放集群管理) 是一个由开源社区驱动的混合云多集群管理平台。通过OCM clusteradm工具的演示,引导多集群环境,使用可用的OCM API将Kubernetes资源从多集群中的中枢集群部署到所需的被托管集群。

Open Cluster Management (OCM) is a community-driven project focused on multicluster and multicloud scenarios for Kubernetes apps. In this video, Xiangjing Li and Mike Ng show a demo of OCM clusteradm tool to bootstrapping a multicluster environment and then use the available OCM APIs to deploy Kubernetes resources from the multicluster control plane hub cluster to a desired managed cluster.

Speakers
MN

Mike Ng

红帽工程师、开放集群管理(OCM)维护者、活跃的Kubernetes相关系统生态维护者 | Software Engineer, Red Hat Software, Open Cluster Management maintainer and active Kubernetes related ecosystem contributor., Red Hat
X

李向京 | Xiangjing Li

红帽高级集群管理“Lifecycle Squad”负责人 | Red Hat Advanced Cluster Management "Lifecycle Squad" Lead, Red Hat


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:45 CST
赞助商舞台| Sponsor Theater

11:00 CST

赞助商会议: 应对微服务架构挑战,性能评测及调优| Sponsored Session: Pinpoint and Address Bottlenecks in Microservices
为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、微信账号、工作职能、行业、以及关于你相互交流的赞助内容或资源的细节。选择与虚拟展位相互交流或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

这 是 一个 点播 视频 的 会议 , 将 在 活动 期间 提供。

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit these third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), accessing sponsored sessions in the Sponsor Theater, accessing giveaways provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, WeChat ID, Job Function, Industry, and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or sponsored content you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.

微服务近年来已经成为云原生应用的主导设计模式,带来便利性的同时,它也给性能调优带来了新的挑战。在这个演讲中,我们将介绍我们在微服务调优中使用的方法,从集群级别、系统级别到单个服务级别,并针对发现的不同问题指出优化方向。最后,我们还将介绍如何更好的利用硬件新特性来解决云上的性能挑战。


As Microservice becomes the dominant design pattern for cloud-native applications, it brings new challenges for the performance tuning. In this session, we'll introduce our methodologies for identifying microservice bottlenecks, from cluster leve, system level to single service level, and point out the optimization directions for different issues. We'll also explain how the new hardware features can help resolve performance challenges on Cloud.


Speakers
Y

杜永丰| Yongfeng Du

系统软件部云架构师 | Cloud Architect, 英特尔 | Intel Corporation


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:45 CST
赞助商舞台| Sponsor Theater

11:00 CST

赞助商会议: 打破传统:Kubernetes软件包管理的未来 | Sponsored Session: ​Breaking Tradition: The Future of Package Management with Kubernetes
为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、微信账号、工作职能、行业、以及关于你相互交流的赞助内容或资源的细节。选择与虚拟展位相互交流或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

这 是 一个 点播 视频 的 会议 , 将 在 活动 期间 提供。

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit these third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), accessing sponsored sessions in the Sponsor Theater, accessing giveaways provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, WeChat ID, Job Function, Industry, and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or sponsored content you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.


等等,您在Kubernetes上运行打包的应用程序,但您还在从命令行更新它们?这似乎不对,不是吗? 今天,我们可以取代传统的“命令式”包管理方法,使用 Kubernetes 来确保打包的应用程序以我们需要的方式自动更新。想要使用一个软件包的最新版本,但总是自动地为另一个软件包选择补丁版本吗?想要利用 GitOps 来管理应用程序更新吗?是的,您可以使用轻量级、易于使用的 Kubernetes 工具。而这仅仅是开始,加入我们一起看看 Carvel 项目团队如何重新构想 Kubernetes 的包管理,为您带来一种现代的、“声明式”的方式对打包的应用程序及其依赖进行端到端的自动化生命周期管理。

Wait – you’re running packaged applications on Kubernetes, but you’re updating them from the command line? That just doesn’t seem right, does it? ​ ​Today we can move beyond traditional ‘imperative’ package management approaches and instead use Kubernetes to ensure that packaged applications are automatically updated in the way that we need. Want to use the latest version of one package, but pick up only patch releases for another, all the time, automatically? Want to take advantage of GitOps to govern application updates? You can, with lightweight, easy-to-use Kubernetes tooling. And that’s just the beginning. Join us to see how the Carvel project team is re-imagining package management for Kubernetes to bring you a modern, declarative way to automate end-to-end lifecycle management of packaged applications and their dependencies.

Speakers
avatar for 肖异峰 | Yifeng Xiao

肖异峰 | Yifeng Xiao

主任工程师 | Staff Engineer, VMware


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:45 CST
赞助商舞台| Sponsor Theater

11:00 CST

赞助商会议: 简化AI应用在异构边缘云基础设施上的部署 | Sponsored Session: Facilitating deployment of AI applications on heterogenoues edge-cloud infrastructure
为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、微信账号、工作职能、行业、以及关于你相互交流的赞助内容或资源的细节。选择与虚拟展位相互交流或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

这 是 一个 点播 视频 的 会议 , 将 在 活动 期间 提供。

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit these third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), accessing sponsored sessions in the Sponsor Theater, accessing giveaways provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, WeChat ID, Job Function, Industry, and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or sponsored content you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.

本议程通过一个基于Kubernetes构建的demo来展示项目是如何促进和支持在异构边缘云基础设施上部署AI应用的。该demo利用KubeEdge实现边缘云通信和服务发现。我们解决方案的核心是Sedna,一个在KubeEdge SIG AI中孵化的边缘云协同AI项目。
我们将展示如何增强和扩展Sedna以解决对象搜索和重新识别(ReID)这一类用例。此外,我们还展示了我们解决方案的灵活性和适应性,其目标是提供一个分布式、与基础架构无关的平台,AI从业者可以在其中随意部署AI工作负载。

This session shows a demo to facilitate and support deployment of AI applications on heterogenoues edge-cloud infrastructure. It is built on top of Kubernetes which is the leading microservices managament

solution. Additionally, it leverages KubeEdge to support edge-cloud communication and service discovery. At the core of our solution, there is Sedna: an edge-cloud synergy AI project incubated in KubeEdge SIG AI.

In this work, we show how our approach enhances and extend Sedna to solve one class of use-cases: object search and re-identification (ReID). Additionally, we showcase the flexibility and adaptability of our solution which aims

at offering a distributed, infrastructure-agnostic platform where AI practioners can deploy any AI workload.


Speakers
VC

Vittorio Cozzolino

华为高级软件工程师 | Senior Software Engineer, Huawei Cloud


Thursday December 9, 2021 11:00 - Friday December 10, 2021 15:45 CST
赞助商舞台| Sponsor Theater

11:20 CST

CPU Burst:摆脱不必要的节流,同时实现高 CPU 利用率和高应用程序性能 | CPU Burst: Getting Rid of Unnecessary Throttling, Achieving High CPU Utilization and Application Performance at the Same Time - Huaixin Chang & Tianchen Ding, Alibaba
长期以来,CPU 节流一直是一个令人头疼的问题。即使当 pods 的 CPU 利用率远低于其 CPU 限制时,仍然存在许多长尾情况。因此,开发人员很难选择合适的硬限制。到目前为止,对于这一问题的答案始终是增加 CPU 硬限制或关闭 CPU 硬限制。然而,这一方法带来了一些新问题,如潜在的 难应付的性能影响、低 CPU 利用率和高 TCO(总拥有成本)。最近,融入到 Linux 5.14 中的 CPU Burst 的特性,成为了彻底解决不必要的 CPU 节流问题的一个新选择。注意到 CPU 节流是由 100 毫秒级的突发 CPU 使用引起的后,CPU Burst 的特性可允许平均 CPU 利用率低于 CPU 限制情况下可能的突发使用。应用 CPU Burst 后,用户可以同时获得高 CPU 利用率和高应用程序性能。在本会话中,我们将介绍执行 CPU 限制的内核机制,CPU Burst 更改的内容及其影响,以及如何评估此种更改。在本会话结束时,您可确切地了解到是否在您的 pods 上使用 CPU Burst。

CPU throttling has been a headache for a long time. Even when pods' CPU utilization is far below its CPU limit, many long-tail cases still exist. Thus it is difficult for developers to choose the appropriate hard-limits. Till now, the answer has been increasing CPU hard-limits or turning it off. However, it brings new issues such as potential nasty performance implications, low CPU utilization and High TCO (Total Cost of Ownership). Recently, the CPU Burst feature merged into Linux 5.14 has become a new option to solve unnecessary CPU throttling completely. Noticing that CPU throttling is caused by bursty CPU usage at 100-millisecond level, the CPU Burst feature allow possible burst usage when the average CPU utilization is below CPU limits. After applying CPU Burst, users might achieve high CPU utilization and application performance at the same time. In this session, we will introduce the kernel mechanism to enforce CPU limits, what CPU Burst changes and its impacts, and finally how to evaluate this change. By the end of this session, you will know exactly whether to use CPU Burst or not on your pods.

Speakers
avatar for Huaixin Chang

Huaixin Chang

Linux SE, Alibaba Cloud
He works at Alibaba as a Software Engineer for Alibaba Cloud. He has extensive experience with improving performance for cloud users, and focus on Linux scheduler mainly. Recently he has focused on scheduler issues in Faas environments.
avatar for Tianchen Ding

Tianchen Ding

Linux Platform Software Engineer, Alibaba
Tianchen Ding works at Alibaba as a software engineer for Alibaba Cloud. He is now working on Linux scheduler.



Thursday December 9, 2021 11:20 - 11:55 CST
Open Source Summit 演讲厅

11:20 CST

超越 CUDA:GPU 与 Vulkan Kompute(AMD、高通、NVIDIA 和 Friends)加速了在跨供应商图形卡上的计算 | Beyond CUDA: GPU Accelerated Computing on Cross-Vendor Graphics Cards with Vulkan Kompute (AMD, Qualcomm, NVIDIA & Friends - Alejandro Saucedo, Seldon Technologies
众多先进的数据处理范式非常适合 GPU 计算提供的并行体系结构,而 Vulkan 和 Kompute 等开源项目所取得的激动人心的进展则使开发人员能够在跨供应商移动和桌面 GPU(包括 AMD、高通、NVIDIA 和 Friends)中利用通用 GPU 计算能力。在本演讲中,我们将从概念和实践方面深入探讨跨供应商 GPU 计算生态系统,以及如何采用这些工具来促进您现有的应用程序。在本演讲中,我们将学习从头开始编写一个简单的几乎能在任何 GPU 上运行的 GPU 加速机器学习算法。我们会对使跨供应商 GPU 加速应用程序成为可能的项目进行概述。我们会向您展示如何利用仅有几行 Python 代码的 Kompute 框架开始使用 GPU 的全部功能,同时也会提供关于如何通过较低级别的 C++ 接口引入优化的直觉知识。

Many advanced data processing paradigms fit incredibly well to the parallel-architecture that GPU computing offers, and exciting advancements in the open source projects such as Vulkan and Kompute are enabling developers to take advantage of general purpose GPU computing capabilities in cross-vendor mobile and desktop GPUs including AMD, Qualcomm, NVIDIA & friends. In this talk we will provide a conceptual and practical insight into the cross-vendor GPU compute ecosystem as well as how to adopt these tools to accelerate your existing applications. In this talk we will learn to write a simple GPU accelerated machine learning algorithm from scratch which will be able to run on virtually any GPU. We will give an overview on the projects that are making it possible to accelerate applications across cross-vendor GPUs. We'll show how you can get started with the full power of your GPU using the Kompute framework with only a handful of lines of Python code, as well as providing an intuition around how optimizations can be introduced through the lower level C++ interface.

Speakers
avatar for Alejandro Saucedo

Alejandro Saucedo

Engineering Director, Seldon Technologies
Alejandro Saucedo is the Director of Machine Learning Engineering at Seldon Technologies, where he leads teams of machine learning engineers focused on the scalability and extensibility of machine learning deployment and monitoring products with over 5 million installations. Alejandro... Read More →


Thursday December 9, 2021 11:20 - 11:55 CST
Open Source Summit 演讲厅

11:20 CST

代理开放政策深潜 | Open Policy Agent Deep Dive - Anders Eknert, Styra
组织依靠 Wiki 和部落知识来记录和执行管理其系统行为的重要规则,但今天,许多组织追求“策略即代码”,以更好地控制和可视化其系统。与在文档中编写策略或依靠手动检查不同,组织利用策略引擎在其所有系统中编写和实施规则。开放策略代理 (OPA) 是一个由云原生计算基金会托管的开源通用策略引擎。开放策略代理的核心是一种领域无关的声明性语言,它将策略作为代码来体现。开放策略代理帮助您以代码的形式实现策略,以便您可以将最佳实践(如单元测试、试运行和代码审阅)应用到策略中。加入 Anders,了解如何将策略作为代码应用于微服务和 Kubernetes,包括核心语言特性,如搜索、组合和复杂的面向文档的数据查询。

Organizations have relied on wikis and tribal knowledge to document and enforce important rules that govern how their systems behave, but today, many organizations pursue "policy as code" for greater control and visibility over their systems. Instead of writing policies in documents or relying on manual checks, organizations leverage policy engines to codify and enforce rules across all of their systems. The Open Policy Agent (OPA) is an open source general-purpose policy engine hosted by the Cloud Native Computing Foundation. At OPA’s core is a domain-agnostic declarative language that embodies policy as code. OPA helps you implement policy as code so that you can apply best practices like unit testing, dry runs, and code review to your policies. Join Anders for a deep dive session that shows how to apply policy as code across microservices and Kubernetes, covering core language features like search, composition, and querying of complex document-oriented data.

Speakers
avatar for Anders Eknert

Anders Eknert

Developer Advocate, Styra
Developer advocate at Styra. Interested in all things around identity and access control. Maintainer of two kids.



Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

Apiserver 生成器:通过聚合 Apiserver 扩展 Kubernetes 系统 | Apiserver Builder: Extending Kubernetes via Aggregated Apiserver - Min Kim, Ant Group
目前有两种可插拔的方式来扩展集群的自定义 Kubernetes 应用程序接口:自定义资源定义(也被称为 CRD)和 Apiserver 聚合(也被称为 AA)。经过多年的发展,自定义资源定义 (CRD) 现在在几个版本的 GA 阶段处于稳定工作状态,但另一方面,我们可能会发现自定义资源定义由于可扩展性有限,并不总是最佳选择——例如,我们将不得不引入多个网络钩子 apiservers,以便在新的资源类型上建立准入/转换。或者,为了保持良好的兼容性,在多个版本之间切换可能在技术上很困难。因此,如果我们希望以编码复杂度为代价实现软件开发工具包框架级的扩展,我们可以将 Apiserver 聚合作为自定义资源定义的替代方案。我作为这个特定的官方 SIG 子项目的维护者已经 3 年多了,我将通过一个名为 apiserver-builder 的强大命令行工具,与观众分享构建您自己的聚合 apiserver 的实用方法。

Currently there're two pluggable ways of extending custom Kubernetes API for your cluster: Custom Resource Definition (also known as CRD) and Apiserver Aggregation (also known as AA). After years' of evolving, CRD is now stably working in GA phase in steady state for several releases but on the other hand we may find that CRD is not always the best option due to its limitted extensibility --- e.g. we will have to introduce multiples webhook apiservers in order to build up admission/conversion over the new resource types. Or it can be technically tough to rolling between multiple versions for with compatibility well-preserved. So we may consider AA as an alternative of CRD if we want sdk-framework-level extensibility at the cost of coding complexity. Being the maintainer of this particular official SIG subproject for over 3 years, I will be sharing audience the practical way of building your own aggregated apiserver by leveraging a powerful command-line tooling named apiserver-builder.

Speakers
avatar for Min Kim

Min Kim

Software Engineer, AliCloud
@yue9944882, 2019 EU, 2019 NA, 2020 NA KubeCon Speaker, Kubernetes maintainer and sub-project owners.



Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

用 Kubernetes 系统加速机器人应用开发 | Accelerating Robot Application Development with Kubernetes - Chunxu Hu, Jingfeng Micro Control Technology & Ju Zhen, Huawei
在现实世界中开发机器人应用程序具有挑战性。开发人员必须处理各种各样的传感器和硬件,每个传感器和硬件都有独特的软件开发工具包 (SDK)、数据格式,并在不同的软件环境中运行,这使得机器人系统很脆弱,随时可能出现故障。那是机器人操作系统出现之前的黑暗时代。机器人操作系统统一了编程接口和通信机制,为机器人应用开发人员带来了曙光。而我们相信云原生会使这种曙光更光明。通过容器和 Kubernetes 系统,开发人员可以启动大量资源并行进行机器人仿真,并有效地管理机器人应用程序的整个生命周期。在本次演讲中,演讲者将介绍“云原生之前”的机器人开发情况,以及云原生如何让机器人开发人员的生活更轻松。内容包括:——将机器人应用程序移植到容器中——用 Kubernetes 系统在云端进行多个机器人模拟——在真正的机器人上部署和管理应用程序 -——机器人编队操作,远程操作

Developing a robot application in the real world is challenging. Developers have to handle heterogeneous sensors and hardware, each with unique SDK, data format and runs in different software environments, making robot system fragile, ready to fail. That is the dark age before ROS. ROS unifies the programming interface and communication mechanism and brings the first light to robot application developers. While we believe cloud native will make the light brighter. With containers and Kubernetes, developers can launch massive resources to do robot simulation in parallel and efficiently manage the whole life cycle of robot application. In this talk, speakers will introduce the "pre cloud native" robot development situation and how cloud native makes robot developers' life easier. The content includes: - Porting robot application to containers - Multiple robot simulations on the cloud with Kubernetes - Deploying and managing the application on a real robot - Robot Fleet Ops, Tele Ops

Speakers
avatar for Ju Zhen

Ju Zhen

Senior software engineer, Huawei
Zhen Ju works at the Open Source Competence Center of Huawei, and focuses on DevOps, Cloud Native technologies. He is one of the early explorers of container, and translated the first book of docker: The Docker Book. Zhen is now exploring applying cloud native technologies to robot... Read More →
CH

Chunxu Hu

Founder and CTO, Jingfeng Micro control technology


Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

企业和 Harbor:互相帮助的良好伙伴关系 | Enterprise and Harbor: A Good Partnership in Helping Each Other - Ye Liu & Ludwig Isaac Lim, HP
Ye Liu 和 Ludwig Lim(惠普公司)- Harbor 是一种安全、非常稳定和成熟的开源镜像注册表。惠普研发 IT 部门在部署 Harbor 时,将 Harbor 作为惠普公司的一个 docker 镜像注册表来运行;Ye 和 Ludwig 与 Harbor 团队和社区合作,使 Harbor 应用于惠普的工作。他们想谈一谈企业和 Harbor 如何进行合作,从而互惠互利。本次讨论分为两个小节,1) 企业如何帮助 Harbor 发展;2) 回馈:将 Harbor 调整为企业级的内部 Docker 注册表 -Ye 和 Ludwig 想分享他们在 Harbor 发展工作中的经验,并通过分享他们所学到的使 Harbor 适应企业生态系统的知识来回馈 Harbor 社区。

Ye Liu and Ludwig Lim (HP Inc.) – Harbor is a secure, very stable and mature open-source image registry. HP R&D IT runs Harbor as an docker image registry for HP Inc. In deploying Harbor; Ye and Ludwig work with the Harbor Team and community in making Harbor work for HP. They would like to talk about how an enterprise and Harbor can partner together and benefit each . This talk is divided into two sections 1) How an enterprise can help in Harbor development 2) Giving Back : Tuning Harbor into Enterprise Grade Internal Docker Registry – Ye and Ludwig would like to share their experience in their Harbor journey and give back to the Harbor community by sharing what they learned to make Harbor fit into an enterprise ecosystem.

Speakers
YL

Ye Liu

IT Developer Manager, HP Inc.



Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

CNCF TAG 网络和服务网格工作组 | CNCF TAG Network and Service Mesh Working Group - Lee Calcote, Layer5; Ed Warnicke, Cisco; Ken Owens, Fiserv
随着基于微服务的分布式系统的日益盛行,确实如此:网络作为一门学科,在云原生部署的高效运行中从未如此关键。包括负载均衡、可观察性、认证、授权、策略、速率限制、QoS、网状网络、传统基础设施桥接等在内的网络基元现在正得到整个行业的大量开发和投资,并且是CNCF TAG网络和服务网状工作组的重点关注对象。聆听我们的简介并深入了解工作组内正在管理的服务网状项目。 With the increased prevalence of microservice-based distributed systems, it’s true: networking as a discipline has never been more critical in the efficient operation of cloud native deployments. Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, QoS, mesh networks, legacy infrastructure bridging, and so on are now receiving substantial development and investment throughout the industry and are the subject of focus of the CNCF TAG Network and Service Mesh Working Group.

Join us for an introduction and deep-dive into the service mesh projects being stewarded within the working group.

Speakers
avatar for Ed Warnicke

Ed Warnicke

Cisco Systems, Distinguished Engineer
Ed Warnicke is a Distinguished Engineer at Cisco Systems. He has been working for nearly two decades in many areas of networking and Open Source. Ed is currently a co-founder of and active contributor to the GitBOM and Network Service Mesh projects. Ed has a masters in Physics (String... Read More →
KO

Ken Owens

Vice President Cyber Cloud Security Engineering, Fiserv
Ken Owens is Vice President, Digital Native Architecture at MasterCard. Previous to that, Ken was Chief Technology Officer, Cisco DevNet at Cisco Systems. Ken was responsible for creating and communicating technical/scientific vision and strategy for Cloud Platforms & Services business... Read More →
avatar for Lee Calcote

Lee Calcote

Founder and CEO, Layer5
Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As Founder and CEO of Layer5, he is at the forefront of the cloud native movement. Open source, advanced and emerging technologies have been a consistent focus... Read More →



Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

Kubernetes 数据保护工作组的介绍和深入研究 | Kubernetes Data Protection WG Intro & Deep Dive - Xiangqian Yu, Google
数据保护工作组致力于促进 Kubernetes 的数据保护支持。该工作组一直致力于确定缺失的功能,并在多个 SIG 之间进行协调,设计能在 Kubernetes 中实现数据保护的功能。在此次讨论中,该工作组的联席主席将讨论 Kubernetes 中数据保护的当前情况及其未来的发展方向。他们还将讨论各利益相关方(包括备份和存储供应商、应用开发者和最终用户等)如何能加入这个工作组并为之做出贡献。有关本工作组的详细信息,请参阅:https://github.com/Kubernetes/community/tree/master/wg-data-protection.

Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including backup and storage vendors, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.

Speakers
XY

Xiangqian Yu

Software Engineer, Google


Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

支持零信任服务网络的零信任网络整体解决方案 | Zero Trust Network Turnkey Solution to Support Zero Trust Service Mesh - Hongjun Ni & Pan Zhang, Intel
随着越来越多的员工在远程工作,大多数数据/用户/设备/应用程序都在传统企业范围之外移动。成功的数字转型需要零信任安全模型。本演示将介绍一种具有高性能和可扩展性的零信任网络整体解决方案。此解决方案包含 VPP 上的安全网关和 DPDK 上的负载平衡器,支持零信任安全模型。可用于 K8s 入口/出口网关和边缘云网关,支持零信任云服务网格。本主题将涵盖以下要点:1) 介绍零信任网络整体解决方案的总体架构。2) 在 VPP 和 WireGuard 上实现零信任安全网关。3) 在 DPDK 和 WireGuard 上实现零信任云网关。4) 使用 IPsec MB 库和 AVX512 加速基于 VPP 的 WireGuard 协议。5) 实现基于 DPDK 的 WireGuard 协议,具有高性能和可扩展性。6) 利用 SGX 构建用于机密管理的 T 形三通。

With more employees are working remotely, most data/users/devices/apps are moving outside traditional enterprise perimeter. A successful digital transformation demands a zero trust security model. This presentation will introduce a Zero Trust Network Turnkey Solution with High Performance and Scalability. This solution contains Security Gateway on VPP and Load Balancer on DPDK with Zero Trust security model support. It can be used in K8s Ingress/Egress Gateway and Edge Cloud Gateway, and supports Zero Trust Service Mesh for Cloud. This topic will cover below key points: 1) Introduces overall architecture of a Zero Trust Network Turnkey Solution. 2) Implements a Zero Trust Security Gateway on VPP and WireGuard. 3) Implements a Zero Trust Cloud Gateway on DPDK and WireGuard. 4) Accelerates VPP-based WireGuard protocol with IPsec-MB library and AVX512. 5) Implements DPDK-based WireGuard protocol with high performance and scalability. 6) Leverages SGX to build a TEE for secrets management.

Speakers
avatar for Hongjun Ni

Hongjun Ni

Technical Leader, Intel
Hongjun Ni has been focusing on Cloud Networking and Network Security. He is FD.io VPP Maintainer, UDPI Project Lead, Sweetcomb Project Lead and NSH_SFC Project Lead. He has fifteen years' rich experience on Cloud Networking, Network Security, SmartNIC and Wireless. He has given 20... Read More →



Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

如何有效管理数以万计的 etcd 集群? | How to Efficiently Manage Tens of Thousands of etcd Clusters? - Cong Tang & Chaofan Wang, Tencent
在管理 k8s 群集的过程中,您可能会遇到许多 etcd 管理和稳定性问题。例如,如何通过可视化平台管理大量 etcd 集群?如何自动发现 etcd 集群的潜在危害,及时报警,甚至实现自愈?如何顺利地将 k8s etcd 迁移到无停机时间的高性能 etcd 群集?腾讯是一家大型互联网公司和云服务提供商。腾讯 Kubernetes 引擎拥有丰富的大规模 k8s 集群管理经验,在腾讯云上管理数万个 k8s 集群。腾讯 Kubernetes 引擎已经实现了开源的可视化 etcd 管理平台 kstone,提供 etcd 集群注册和管理、检查、优化建议、备份、迁移、数据可视化等。基于 kstone 项目,腾讯 Kubernetes 引擎有效地管理了数万个 etcd 集群,这大大降低了运营和维护成本。

In the process of managing a k8s cluster, you may have encountered many etcd management and stability problems. For example, how to manage a large number of etcd clusters through a visualization platform? How to automatically discover potential hazards of etcd clusters, issue alarms in time and even realize self-healing? How to smoothly migrate the k8s etcd to a high-performance etcd cluster with zero downtime? Tencent is a large-scale Internet company and cloud service provider. TKE(Tencent Kubernetes Engine) has rich experience in large-scale k8s cluster management and manages tens of thousands of k8s clusters on Tencent Cloud. TKE has implemented an open source visual etcd management platform kstone, Provide etcd cluster registration and management, inspection, optimization suggestions, backup, migration, data visualization etc. Based on the kstone project, TKE efficiently managed tens of thousands of etcd clusters, which significantly reduced operation and maintenance costs.

Speakers
avatar for Chaofan Wang

Chaofan Wang

Senior Engineer, Tencent
Chaofan Wang is a Senior Engineer on TKE team at Tencent Cloud. He works on large-scale Kubernetes and etcd cluster management, and is responsible for the TKE etcd platform.
avatar for Cong Tang

Cong Tang

Senior Software Engineer, Tencent
Cong Tang is a technical expert of the Tencent Cloud TKE team. He is an active etcd contributor and the founder of the open source project (https://github.com/tkestack/kstone). He is responsible for the stability and cost optimization of Tencent Cloud's large k8s cluster and etcd... Read More →



Thursday December 9, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

InnerSource 和 DevOps:灵魂伴侣 | InnerSource & DevOps: They Are Soul Mates - Jerry Tan, OpenAtom Foundation
InnerSource 是利用开源软件开发的最佳实践,并在组织内部建立类似开源的文化。DevOps 是一套将软件开发 (Dev) 和信息技术操作 (Ops) 结合起来的实践。其旨在缩短系统开发生命周期,确保持续交付高软件质量。之所以说这两者是灵魂伴侣,是因为他们有着相同的目标,即提高效率,并且他们遵循着相同的核心价值观,即开放/透明/协作。此外,它们互相帮助,DevOps 可以帮助 InnerSource,InnerSource 也可以帮助 DevOps。我将在演讲中详细讨论这两者间的关系。

InnerSource is the use of Open Source Software development best practices and the establishment of an open source like culture within an organization. DevOps is a set of practices that combines software development(Dev) and IT operations(Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. They are soul mates because they have the same objective ---to improve efficiency,and they follow the same core values --0pen/Transparent/Collaboration。 And they help each other, DevOps can help InnerSource, and InnerSource can help DevOps also. I will discuss their relationships in my talk in detail.

Speakers
avatar for Jerry Tan

Jerry Tan

Vice Chairman of TOC, OpenAtom



Thursday December 9, 2021 11:20 - 11:55 CST
Open Source Summit 演讲厅

11:45 CST

Virtual Project Office Hours: Kyverno
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Kyverno Project Office Hours here: https://zoom.us/webinar/register/WN_KIYUa1PBSQu_0KWPPxaTKw


>> Full list of Project Office Hours


Thursday December 9, 2021 11:45 - 12:30 CST
Project Office Hours

11:45 CST

Virtual Project Office Hours: WasmEdge Runtime
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for WasmEdge Runtime Project Office Hours here: https://zoom.us/webinar/register/WN_Pa6aUlstQgObxuALp8rn1g


>> Full list of Project Office Hours


Thursday December 9, 2021 11:45 - 12:30 CST
Project Office Hours

12:10 CST

深入剖析分析工具:CPU 分析工具如何判定您应用程序的性能 | Deep Dive Into Profilers: How CPU Profilers Measure Your Application's Performance - Shuang Chen, PingCAP
Linux perf 等 CPU 分析工具会显示不同功能消耗的 CPU 时间,其被广泛应用于性能优化。在本演讲中,Shuang Chen 会首先介绍 CPU 分析工具(即 Linux perf、Golang 的 pprof 和 Rust 的 pprof-rs)在应用程序中的常见用法。基于 CPU 分析工具的设计,Shuang 会提出实施一个应用程序任务 CPU 分析工具。与应用程序分析相比,任务分析会展示不同请求 CPU 的消耗情况,这有助于衡量多租户服务的资源消耗情况。

CPU Profilers such as Linux perf show the CPU time consumed by different functions, which is widely used for performance optimization. In this talk, Shuang Chen starts with the introduction of the common usages of CPU profilers (namely, Linux perf, Golang’s pprof and Rust’s pprof-rs) in applications. Based on the design of CPU profilers, Shuang will propose the implementation of an application task CPU profiler. Compared with application profiling, task profiling reveals CPU consumption on different requests, which can be helpful for measuring resource consumption for multi-tenant services.

Speakers
avatar for Shuang Chen

Shuang Chen

PingCAP



Thursday December 9, 2021 12:10 - 12:45 CST
Open Source Summit 演讲厅

12:10 CST

Redteam 观点:K8s 集群管理员的安全实践 | Redteam Views: Security Practice of K8s Cluster Administrator - Zebin Zhou, Tencent
现实世界中的恶意攻击者如何攻击 K8s 群集?如何防止容器逃逸?如何防止黑客绕过普通旧数据安全策略?如何防止黑客侧向移动?本次演讲将回答上述问题。开发人员和集群管理员可以学习如何构建一个安全的、多租户的、大规模的 Kubernetes 集群,并根据本讲座保护集群中的容器和数据。在过去的几年中,这位演讲者在 Blackhat、Hack In the Box、CIS 和 WHT 等会议上分享了黑客如何攻击 Kubernetes 和 Service Mesh 等基础设施。“研究攻击技术”的目的是为了防御,本课题将分享腾讯在多租户 Kubernetes 集群安全建设方面的经验和思路,并使用 read-world 攻击案例展示安全风险并提出解决方案。

How do real-world malicious attackers attack the K8s cluster? How to prevent container-escape? How to prevent hackers from bypassing Pod Security Policy? How to prevent hackers from lateral movement? This talk will answer the questions above. Developers and cluster administrators can learn how to build a secure, multi-tenant, large-scale Kubernetes cluster, and protect the containers and data in the cluster based on this talk. In the past few years, the speaker have shared how hackers attacked infrastructure such as Kubernetes and Service Mesh at conferences such as Blackhat, Hack In The Box, CIS, and WHT and so on. The purpose of "researching attack techniques" is for defend, this topic will share Tencent's experience and thoughts on security construction in multi-tenant Kubernetes clusters, and use read-world attack cases to show security risks and propose solutions.

Speakers
avatar for Zebin Zhou

Zebin Zhou

https://github.com/neargle/, Tencent Cloud
# NEARGLE - 📒 https://github.com/neargle/  - 📮nearg1e.com@gmail.com1. Security Researcher @Tencent Security Platform Department, Thanks to Tencent Kubernetes Engine Team.2. Published several security research topics about container, Kubernetes and services mesh:    * Kubernetes... Read More →


Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

扩展 OpenYurt 用于视频分析工作负载的端到端部署 | Extending OpenYurt for End-to-End Deployment of Video Analytics Workloads - Shao Qiang & Linda Yu, Intel
OpenYurt 是一个云边缘解决方案,适合在视频分析、云游戏等边缘环境中部署具有低延迟和大数据特性的工作负载。要以端到端和高度可扩展的方式部署工作负载,应将一些关键组件扩展到 OpenYurt,它们是:1) 入口操作符:用于将请求分派到目标工作负载 2) 应用程序负载平衡器 (ALB) 操作符:用于将请求分派到正确的普通旧数据 (POD) 3) 端到端部署操作符:为了便于用户在本演示文稿中轻松部署用例,Linda 和 Shaoqiang 将描述添加到 OpenYurt 组件的详细信息,包括将 ingress-nginx controller 扩展到 OpenYurt Nodepool(OpenYurt 的边缘),从头开始为 Nodepool 实现应用程序负载平衡器,以及端到端部署操作符,通过提供简单的应用程序接口 (API) 方便部署。视频分析用例被用作示例工作负载。

OpenYurt is a Cloud Edge solution appropriate to deploy workloads with properties of low latency and big data in edge environments such as Video Analytics, Cloud Gaming, etc. To deploy the workloads in an end-to-end and highly scalable manner, some critical components should be augmented to OpenYurt, which are: 1) Ingress Operator: for dispatching requests to the targeted workloads 2) Application Load Balancer (ALB) Operator: for dispatching requests to the right PODs 3) End-to-End deployment Operator: for user to easily deploy use cases In this presentation Linda and Shaoqiang would describe the details of the components added to OpenYurt, which include extending ingress-nginx controller to OpenYurt Nodepool (OpenYurt's edge), implementing from scratch an Application Load Balancer for Nodepool, and End-to-End deployment operator to facilitate deployment by providing an easy API. A Video Analytics use case is employed as an example workload.

Speakers
avatar for Shao Qiang

Shao Qiang

Intel
Shaoqiang Chen is a software engineer of Intel. His technical interests include Kubernetes, AI and heterogenous computation. He is working on Video Analytics workloads and their easy and scalable deployment in edge environments such as OpenYurt.



Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

以一致的经验构建和管理多集群应用 | Build and Manage Multi-cluster Application with Consistent Experience - Yong Feng & Jianbo Sun, Alibaba
与在多集群环境中部署和管理应用程序相比,当前在本地环境中开发应用程序的用户体验存在巨大差距。将经过良好测试的应用程序移到多集群环境时,需要付出大量的努力。在本节课中,我们将演示如何将 KubeVela 和 OCM(开放集群管理)结合起来解决阿里云中的问题。用户只需根据 KubeVela 应用程序规范定义一个应用程序另一种标记语言 (YAML),其余的将由 KubeVela 和开放集群管理处理。KubeVela 将准备一个部署工作流,包括在需要时创建 Kubernetes 集群。开放集群管理将帮助注册集群并在集群之间分配资源。因此,在本地开发和多集群生产部署之间部署和管理应用程序的用户体验是一致的。我们将讨论这些用例、挑战以及相关的工作和经验。

The current user experience when developing an application in a local environment has a huge gap compared with deploying and managing the application in a multi-cluster environment. Quite a lot of effort is required when moving a well tested application to a multi-cluster environment. In this session, we will demonstrate how we combine KubeVela and OCM (Open Cluster Management) together to resolve the problems in Alibaba Cloud. Users simply define an application YAML according to KubeVela application specification, and all the rest will be handled by KubeVela and OCM. KubeVela will prepare a deploy workflow that includes creating a Kubernetes cluster if required. OCM will help register the cluster and distribute the resources among clusters. As a result, the user experience of deploying and managing the application between local development and multiple cluster production deployment are consistent. We will discuss those use cases, challenges, and related work and experiences.

Speakers
avatar for Jianbo Sun

Jianbo Sun

Senior Engineer, Alibaba Cloud
Jianbo Sun is a Senior Engineer at Alibaba Cloud. He mainly focus on how cloud native applications could be built and managed easily. He is one of the core maintainers of both the OAM spec and KubeVela project. He is also very experienced on application delivery system and responsible... Read More →
avatar for Yong Feng

Yong Feng

Senior Staff Engineer, Alibaba Cloud
More than 15 years R&D experience on HPC, BigData and Cloud. Currently focus on technologies around container platform in private and hybrid cloud. Responsible for R&D of several products and open source projects related with container platform in Alibaba Cloud



Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

基于 Kubernetes 的全场景工作负载混部 | A full-scenario colocation of workloads based on Kubernetes - Dongdong Chen & Lingpeng Chen, Tencent
对不同的工作负载(在线服务和离线作业)及时交错使用资源,使混部成为可能,可以有效提高资源利用率,降低成本。该讲座介绍了如何通过资源预测、资源隔离、干扰检测、离线逐出等方式,在不中断在线服务 SLO 的情况下最大限度地提高资源利用率。此外,即使用户无法提供在线服务的延迟度量,我们也可以通过 eBPF 收集内核级度量来检测干扰。所有这些技术都是建立在原生 Kubernetes 上的。托管支持多种场景,包括容器化和非容器化在线服务,以及 Kubernetes 和 Hadoop 生态系统中的离线作业。在腾讯,它已经部署了超过 40,000 台机器,拥有 2,000,000 多个核心,包括广告和 Ceph 存储等服务,利用率平均提高 15%,成本节约数亿美元。

The staggered resource usage for different workloads (i.e., online services and offline jobs) in time make the colocation possible, which can effectively improve resource utilization and reduce cost. The talk introduces how to maximize resource utilization without disrupting online services' SLO, by the way of resource prediction, resource isolation, interference detection, offline eviction, etc. What is more, even if users cannot provide online services' latency metrics, we can detect interference by collecting kernel-level metrics through eBPF. All these techniques are built on the native Kubernetes. The colocation supports multiple scenarios, including containerized and non-containerized online services, as well as offline jobs in the Kubernetes and Hadoop ecosystem. In Tencent, it has been deployed over 40,000+ machines with 2000,000+ cores, including services such as advertising and Ceph storage, with an average 15% increase in utilization and hundreds of millions in cost savings.

Speakers
avatar for Dongdong Chen

Dongdong Chen

Senior Software Engineer, Tencent
2 years in IBM, focus on KVM virtualizationNow in Tencent, focus on resource management



Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

优雅的节点关闭 -Kubernetes 开发初学者之旅 | Graceful Node Shutdown – A Beginner’s Journey of Kubernetes Development - Shiming Zhang, DaoCloud
现如今,Kubernetes 在企业中的运用越来越普遍,其各种不完善之处也在逐步得到改善,优雅的节点关闭就是其中之一。Kubernetes 1.19 版开始为优雅的节点关闭提供支持。社区已经做了很多努力来确保实现这一功能。一个长期赞赏 Kubernetes 的初学者,从熟悉社区开发环境开始并参与其中,一步步熟悉 Kubernetes,然后参与开发了一个小功能——基于 Pod 优先级的优雅的节点关闭,本次分享的内容如下:为什么我们需要优雅的节点关闭?参与了基于 Pod 优先级的优雅的节点关闭的开发;逐渐了解 Kubernetes 社区的发展与合作。

At present, the use of Kubernetes in enterprises is becoming more and more popular, and its various imperfections have also been improved little by little, and graceful node shutdown is one of them. Kubernetes 1.19 version started to provide support for graceful node shutdown. The community has made many efforts to ensure this feature. A beginner who has been admiring Kubernetes for a long time starts with familiarity with the community development environment and participates in it, familiarizes with Kubernetes step by step, and then participates in the development of a small feature-graceful node shutdown based on Pod priority The content of this sharing is as follows: Why do we need graceful node shutdown Participated in the development of graceful node shutdown based on Pod priority Gradually understand Kubernetes community development and collaboration

Speakers
SZ

Shiming Zhang

Software Engineer, DaoCloud


Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

介绍和深入了解 TAG 应用程序交付 | Introduction and Deep - Dive into TAG App Delivery - Hongchao Deng, Alibaba & Thomas Schuetz, Dynatrace
TAG 应用程序交付专注于简化 Kubernetes 上的应用程序交付,以及改善开发者的体验。此次讨论将展示围绕运营商、混沌工程、应用交付方法和演示应用的最新发展情况。无论您是刚开始了解云原生应用交付,还是想要了解最新进展,此次讨论将基于应用交付领域的 CNCF 项目反馈,为您提供正在进行的活动信息、最新发展情况和所选定的发展趋势信息。

TAG App Delivery focuses on simplifying application delivery on Kubernetes as well as improving developer experience. This session will showcase recent development around operators, chaos engineering, application delivery methods and demo applications. Whether you are just getting started with cloud-native application delivery or getting up to speed on the latest, this session will provide you with ongoing activities, recent developments and selected trends based on feedback from CNCF projects in the app delivery space.

Speakers
avatar for Thomas Schuetz

Thomas Schuetz

Principal Engineer, Dynatrace
Thomas is a Principal Engineer at Dynatrace and Tech Lead at the CNCF TAG APP Delivery with a very extensive interest in container technologies. He has been designing, building, and operating IT-infrastructures for about two decades and currently focuses on infrastructure automation... Read More →



Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

大限将至! 定义Kubernetes的技术债务将在2022年最终得到偿还! | The End is Near! The Technical Debt of Defining Kubernetes Will Finally Be Paid in 2022! - Hippie Hacker, ii
认证的Kubernetes一致性计划使组织有信心,他们的工作负载将从一个Kubernetes安装到下一个Kubernetes的互操作。
在2017 / 1.9,我们没有一个正式的定义,近90%的Kubernetes不知是什么。CNCF将重点放在提高Kubernetes API的一致性测试覆盖率上,这样你的工作负载就可以在所有的云中运行。
这一努力使我们从1.15的20%的端点一致性测试到1.23的80%以上。
我们将回顾Kubernetes社区的所有专职成员的努力工作,从早期的开创性工作,到最后的原点。终点已近! The Certified Kubernetes Conformance Program enables organizations to have confidence that their workloads will interoperate from one installation of Kubernetes to the next.
In 2017 / 1.9, we didn’t have a formal definition for nearly 90% of what Kubernetes is. The CNCF turned the spotlight on improving the conformance test coverage of the Kubernetes API, so your workloads would run in all-the-clouds.
This effort has brought us from ~20% of endpoints conformance tested in 1.15 to over ~80% by 1.23.
We will look back at all the hard work by the dedicated members of the Kubernetes community, from the early pioneering work, to this final home stretch. The End is Near!

Speakers
avatar for Hippie Hacker

Hippie Hacker

Chief Executive, ii
Hippie Hacker's unique approach to storytelling includes practical application of technology with a focus on humanity as a whole. He has a lifelong interest in the creation of vehicles of viral generosity that everyone can ride.His travels starting in an avocado green Volkswagen took... Read More →


Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

揭开企业级 Argo CD 的构成秘密 | Unveil the Secret Ingredients for Argo CD in the Enterprise-Scale - Hong Wang & Yuan Tang, Akuity Inc.
与电影《功夫熊猫》中的面汤毫无秘密配方不同的是,大量优质研究已注入企业级 Argo CD 产品之中。您知道 Argo CD 可支持数以千计的应用程序吗?您是否曾经尝试过连接数以百计的 Kubernetes 集群?单个应用中存在上千个对象的情况如何?我们将深入研究 Argo CD 产品,向您提供解答和最佳实践。此外,我们还会分享和讨论一些与其他 Argo 产品有着良好协同的案例。

Unlike the fact that there is no secret ingredient in Kung Fu Panda’s noodle soup, a good amount of effort has been baked into the enterprise-scale Argo CD product. Do you know Argo CD can support thousands of applications? Have you tried to connect hundreds of Kubernetes clusters? What about the case with thousands of objects in a single application? We will deep dive into the Argo CD product, bring answers and best practices to you. In addition, several great synergy examples with other Argo products will be shared and discussed.

Speakers
avatar for Yuan Tang

Yuan Tang

Founding Engineer, Akuity
Yuan is a founding engineer at Akuity. Previously, he was a senior software engineer at Alibaba Group, building AI infrastructure and AutoML platform. He's a co-chair of Kubeflow, maintainer of TensorFlow and Argo, PMC member of XGBoost and Apache MXNet, as well as author of numerous... Read More →
avatar for Hong Wang

Hong Wang

Co-Founder and CEO, Akuity
Hong Wang is a founding member of the Argo Project. Prior to founding Akuity, Hong was the Argo team manager at Intuit and built the control plane used to manage hundreds of Kubernetes clusters and thousands of namespaces. Hong has extensive experience in distributed system projects... Read More →



Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

在阿里巴巴我们是怎样先于用户发现和定位K8s集群问题的 | How We Discover and Locate k8s Cluster Problems Before Users at Alibaba - Peng Nanguang, Alibaba
快速发现和定位问题的能力是快速恢复系统的基石,只有做到先快速发现和定位问题,才能谈如何解决问题,尽量减少用户损失。那么如何在复杂的大规模场景中,做到真正的先于用户发现和定位问题呢? 我会将我们在管理大型K8S集群过程中快速发现和定位问题的一些经验和实践带给大家——我们是如何通过自研通用链路探测+定向巡检工具KubeProbe应对我们遇到的大规模集群的稳定性挑战的。
链路探测:模拟广义用户行为,探测链路和系统是否异常
定向检测:检查集群异常指标,发现未来存在或可能存在的风险点
系统增强:发现问题提速增效,根因分析
发现问题之后:后置检查和自愈,Chat-Ops

The ability to quickly find and locate problems is the cornerstone of the fast recovery system. Only by quickly discovering and locating problems first can we talk about how to solve problems and minimize user losses. So how can we find and locate problems before users in complex large-scale scenarios? I will bring some of our experience and practice in quickly discovering and locating problems in the process of managing large-scale K8S clusters-how we solved what we encountered by creating a universal link detection + directional inspection tool KubeProbe To the stability challenge of large-scale clusters. Link detection: Simulate generalized user behavior and detect whether the link and process are abnormal Directional inspection: Check the abnormal indicators of the cluster and find the existing or possible risk points in the future System enhancements: the efficiency and speed of problem discovery, root cause analysis after problem discovery, and Chat-Ops

Speakers
avatar for Nanguang Peng

Nanguang Peng

Software Engineer, Alibaba Cloud
Nanguang Peng is a platform development engineer from Alibaba Cloud, currently focusing on large-scale kubernetes cluster management and stability construction



Thursday December 9, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

面向 Gitee 项目的开源软件项目健康指标 | OSS Project Health Metrics for Gitee Projects - Yehui Wang, Huawei & Georg Link, Bitergia
本演讲涉及衡量开源项目的健康性和可持续性。GrimoireLab 是一个开源工具,已经存在了很多年,但是到目前为止还不支持 Gitee。对于不断发展的中国开源社区来说,Gitee 是一个很受欢迎的平台。以一种真正开源的方式,国际贡献者为 GrimoireLab 工具添加了 Gitee 支持。我们将分享此种改进可以给开源项目带来何种见解。我们将展示 Gitee 平台上的人如何通过 GrimoireLab 获得相关指标和见解来帮助了解他们项目的健康和可持续性。为圆满结束本演讲,我们将分享衡量开源项目健康状况的最佳实践。CHAOSS 项目已经确立了最佳实践并提供了相关建议,可以帮助项目维护人员、开源项目主管或社区经理通过指标理解他们的开源项目。

This talk is about measuring the health and sustainability of open source projects. GrimoireLab is an open source tool for this and has been around for many years but up to now was not supporting Gitee. Gitee is a popular platform for the growing China open source community. In a true open source way, international contributors added Gitee support to the GrimoireLab tools. We will share what kind of insights this improvement can give to open source projects. We will show how anyone on the Gitee platform can now get metrics and insights with GrimoireLab to help understand their projects’ health and sustainability. To round off the presentation, we will share best practices for measuring open source project health. The CHAOSS project has established best practices and recommendations that can help project maintainers, open source program officers, or community managers to get started understanding their open source projects through metrics.

Speakers
avatar for Georg Link

Georg Link

Director of Sales, Bitergia
Georg Link is an Open Source Strategist. Georgs mission is to make open source more professional in its use of community metrics and analytics. Georg co-founded the Linux Foundation CHAOSS Project to advance analytics and metrics for open source project health. Georg is an active... Read More →


Thursday December 9, 2021 12:10 - 12:45 CST
Open Source Summit 演讲厅

12:45 CST

12:45 CST

Virtual Project Office Hours: containerd
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for contained Project Office Hours here: https://zoom.us/webinar/register/WN_brhmbquaSR6Hrz3TeUncqA


>> Full list of Project Office Hours


Thursday December 9, 2021 12:45 - 13:30 CST
Project Office Hours

12:45 CST

Project Office Hours: OpenEBS
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Meshery Project Office Hours here: https://zoom.us/webinar/register/WN_gaAtYA-CQlOjhP1mzzmkgA


>> Full list of Project Office Hours


Thursday December 9, 2021 12:45 - 13:45 CST
Project Office Hours

13:15 CST

EROFS,我们目前在为容器做什么? | EROFS, What Are We Doing Now For Containers? - Xiang Gao & Xuyang Ge, Alibaba Cloud
EROFS 文件系统是一个 Linux 只读文件系统,目的是在保证端到端性能的前提下节省额外的存储空间,这一文件系统从 Linux 4.19 开始得到了正式升级。此前,该文件系统主要用于嵌入式设备,但是,我们发现对于容器用例也有迫切的只读高性能文件系统需求。本主题将详细介绍我们正在为此种新场景开发的新特性。

EROFS filesystem is a Linux read-only file system in order to save extra storage space with guaranteed end-to-end performance, which was formally upstreamed since Linux 4.19. Previously it was mainly used for embedded devices, however, we found serious read-only high-performance filesystem requirement for container use cases as well. This topic will give a detailed introduction on what new features we're working for such new scenario.

Speakers
avatar for Xuyang Ge

Xuyang Ge

Senior Software Engineer, Alibaba Cloud
Xuyang Ge is a Senior Software Engineer with the Alibaba Cloud Linux kernel team, focusing on device virtualization, container image acceleration service.He‘s recently working on security sandbox for IO device simulation, file system performance optimization, and container image... Read More →
avatar for Xiang Gao

Xiang Gao

Senior Software Engineer, Alibaba Cloud
Xiang Gao is a Senior Software Engineer with the Alibaba Cloud Linux kernel team, focusing on Linux local filesystems (e.g., erofs, xfs, f2fs, etc.) for several years, one of kernel EROFS maintainer.He's recently working on EROFS container use cases (also called RAFS v6. RAFS is the... Read More →



Thursday December 9, 2021 13:15 - 13:50 CST
Open Source Summit 演讲厅

13:15 CST

Milvus 2.0:一个云原生向量数据库 | Milvus 2.0: A Vector Database With Cloud-Native Architecture - Xiaomeng Yi, Zilliz
矢量数据,即嵌入数据,是各种人工智能应用程序中常见的关键数据类型。矢量数据库出现的原因在于人工智能驱动的应用程序对非结构化数据分析的需求不断增长。Milvus 是一个开源的矢量数据库,也是一个 LF 人工智能和数据修匀项目,自其开源以来已获得了巨大的发展势头。在不到两年的时间里,Milvus 已在全世界获得了 1000 多个企业用户。在开发 Milvus 1.0 之后,我们总结了在服务于各种人工智能应用程序方面获得的经验教训。因此,我们设计了一个新的架构,并将其应用到 Milvus 2.0 中。该新架构实现了读写和计算存储的解耦,具有灵活、易于扩展和云原生的设计。在本演讲中,我们将展示指导开发 Milvus 2.0 的主要设计考虑因素。然后我们会介绍 Milvus 2.0 的系统架构和主要组成部分。最后,我们会讨论我们遇到的挑战。

Vector data, i.e., embedding data, is a common and critical data type in various AI applications. Vector databases were emerging due to the ever-growing demand for unstructured data analytics in AI-powered applications. Milvus, an open-source vector database and an LF AI & DATA graduation project, has gained huge momentum ever since its open-source. It has gained more than 1000 enterprise users worldwide in less than two years. After developing Milvus 1.0, we summarized the experiences and lessons learned from serving various AI applications. Accordingly, we designed a new architecture and applied it to Milvus 2.0. The new architecture achieves read-write and compute-storage decoupling with a flexible, easy-to-scale, and cloud-native design. In this talk, we will show the principal design considerations that guide the development of Milvus 2.0. Then we will introduce its system architecture and major components. Lastly, we will discuss the challenges we encountered.

Speakers
avatar for Xiaomeng Yi

Xiaomeng Yi

Senior Researcher, Zilliz
Xiaomeng Yi, senior researcher and research team leader of Zilliz. He received his Ph.D. degree in computer architecture from Huazhong University of Science and Technology. His research interests include management of high-dimension data, large-scale information retrieval, and resource... Read More →



Thursday December 9, 2021 13:15 - 13:50 CST
Open Source Summit 演讲厅

13:15 CST

Kubernetes 与基于角色的访问控制 (RBAC) 和 KubeFed 的多集群和隔离 | Kubernetes Multi-Cluster and Multi-Tenancy With RBAC and KubeFed - Hongming Wan, QingCloud
软隔离是一种没有严格隔离不同用户、工作负载或应用程序的隔离形式。就 Kubernetes 而言,软隔离通常由 RBAC 和命名空间隔离。当集群管理员跨多个 Kubernetes 集群实现隔离时,会遇到许多挑战,如身份验证和授权、资源配额、网络策略、安全策略等。在本次演讲中,KubeSphere 维护人员将分享他们在设计隔离体系结构方面的经验和最佳实践。如何跨多个集群管理用户和身份验证。如何管理不同集群租户的资源配额。资源隔离机制以及如何跨多个集群授权资源。

Soft multi-tenancy is a form of multi-tenancy that does not have strict isolation of the different users, workloads, or applications. In terms of Kubernetes, soft multi-tenancy is usually isolated by RBAC and namespaces. There are many challenges when cluster administrators implementing multi-tenancy across multiple Kubernetes clusters, such as authentication and authorization, resource quota, network policy, security policy, etc. In this talk, KubeSphere maintainers will share their experience and best practice in designing the multi-tenancy architecture. How to manage users and authentication across multiple clusters. How to manage resource quotas for tenants in different clusters. The resource isolation mechanism and how to authorize resources across multiple clusters.

Speakers
avatar for Hongming Wan

Hongming Wan

Senior Software Engineer, QingCloud Technologies
Hongming is the core contributor of KubeSphere, he leads the KubeSphere Multi-tenancy and Security team. He focuses on open source and cloud-native security areas.



Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

使用 Kubernetes 和 Temporal 构建容错分布式应用程序 | Build fault tolerant, distributed apps with Kubernetes and Temporal - Tihomir Surdilovic, Temporal Technologies Inc.
为了满足不断增长的客户需求,公司必须在多个平台、基础设施、架构和编程语言上多样化其技术解决方案。采用分布式多语言体系结构使我们能够使用最合适的工具和技术为业务问题提供解决方案。它还允许公司从更广泛的潜在候选人中获得技术人才。在本课程中,我们将介绍一种开源的 Kubernetes 原生容错微服务编排平台 Temporal。我们将演示 Temporal 如何让您专注于业务需求 impl,而不考虑您的技术空间,同时解决诸如持久性、通信、错误传播、事务管理和跨 Kubernetes 上运行的多个微服务的可伸缩性等难题。该演示包括四个用 PHP、Go、NodeJS 和 Java 编写的微服务。

To keep up with the increasing customer demands, companies must diversify their tech solutions across multiple platforms, infrastructures, architectures, and programming languages. Adopting distributed polyglot architectures enables us to provide solutions to business problems using the the most appropriate tools and technologies. It also allows companies to acquire technical talent from a much wider pool of possible candidates. In this session we will introduce Temporal, an open-source, Kubernetes-native and fault-tolerant microservices orchestration platform. We will demonstrate how Temporal allows you to focus on business requirements impl, regardless of your tech space, while offloading hard problems such as persistence, communication, error propagation, transaction management, and scalability across multiple microservices running on the Kubernetes. The demo includes four microservices written in PHP, Go, NodeJS and Java.

Speakers
avatar for Tihomir Surdilovic

Tihomir Surdilovic

Developer Advocate, Temporal Technologies
Bio: Tihomir Surdilovic is a Developer Advocate at Temporal Technologies. He is also a maintainer and project lead of the CNCF Serverless Workflow project.Ongoing projects:Temporal: https://temporal.io/CNCF Serverless Workflow: https://serverlessworkflow.io/Previous talks:DevConf.US... Read More →



Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

一个关于管理具有 15k 节点和各种工作负载的 Kubernetes 集群的故事 | A story of managing kubernetes cluster with 15k nodes and various workloads - Bo Tang & Chongkang Tan, Ant Group
当新的业务需求到来时,您是否好奇 Kubernetes 集群是否能够满足性能需求?最近,我们的 Kubernetes 集群已经进化,以满足大规模混合长时间运行的工作负载和离线大数据/机器学习训练工作的需求。这使得我们的 Kubernetes 集群能够达到 15k 个节点,成为社区中最大的集群之一。在本次演讲中,我们将介绍管理超大规模 Kubernetes 集群的方法,以满足业务需求。通过实际流量分析、仿真和性能测试,确定了性能瓶颈。在此基础上,优化 Kubernetes apiserver 性能,减少列表/创建/更新/删除响应时间,以满足 SLO 要求。我们将分享一些我们在 apiserver 端和客户端所做的改进,例如不同的运营商。我们还将介绍 etcd 性能的一些方面。

Are you curious about whether your kubernetes cluster can meet the performance needs when new business requirements arrive? Recently, our kubernetes cluster has be evolved to meet the needs of with large-scale coming mixed long running workloads and offline bigdata/ML training jobs. This has allowed our kubernetes cluster to reach 15k nodes, making it one of the largest clusters in the community. In this talk, we will be presenting methods for managing extremely large-scale kubernetes cluster to cater the needs of business. The bottlenecks of performance are identified by real traffic analysis, simulation and performance testing. Based on that, we optimize kubernetes apiserver performance and reducing list/create/update/delete response time to meet the SLO. We’ll share some improvements we've made to apiserver side as well as the clients side, e.g. different operators. Also we'll cover some aspects of etcd performance.



Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

Envoy 网格加速从 iptables 到完全 BPF | Envoy Mesh Acceleration: From Iptables to Fully BPF - Xiyao Zhang & Xu Liu, Tencent
eBPF sockmap 已经成为一种为服务网格加速 Envoy 和容器之间本地进程通信的理想方法。然而,这一方法依赖于 iptables 来实现透明的流量劫持。这已经成为了系统性能的主要瓶颈。本次讨论将从针对当前解决方案、来自社区的 Cilium 以及我们去年在 KubeCon China 中引入的轻量级方法开始进行详细调查。我们将解释 iptables 重定向如何影响入站和出站流量上的 sockmap 匹配结果。然后我们将展示我们的第一个类决方案,此类方案根本不使用 iptables。此类解决方案:1. 通过挂钩绑定调用,使用 eBPF 定向入站流量到 envoy。2. 使用 eBPF 执行透明出站流量重定向。3. 为 Daemonset 部署和维护提供集成的控制面,并通过注释和配置地图进行完全控制。

eBPF sockmap has been a desirable approach to accelerate local process communication between Envoy and container for Service Mesh. This approach, however, relies on iptables for transparent traffic hijacking. This has become a major bottleneck of the system performance. This talk will start with a detailed survey on the current solutions, Cilium from the community and the lightweight approach we introduced in KubeCon China last year. We will explain how the iptables redirections influence the sockmap match results on both inbound and outbound traffic. We will then present our first-of-the-kind solution, that does not use iptables at all. The solution: 1.Uses eBPF to direct inbound traffic to envoy, by hooking bind calls. 2.Uses eBPF to implement transparent outbound traffic redirection. 3.Provides an integrated control plane, for Daemonset deployment and maintenance, and full control by annotation and configmap.

Speakers
XZ

Xiyao Zhang

Tencent Cloud
avatar for Xu Liu

Xu Liu

Software Engineer, Tencent



Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

利用 KServe(KFServing) 加速联邦学习的模型部署 | Accelerate Federated Learning Model Deployment with KServe (KFServing) - Fangchi Wang & Jiahao Chen, VMware
联邦学习 (FL) 是近年来发展最快的机器学习 (ML) 技术,它解决了数据孤岛问题,同时加强了隐私和安全性。与传统的机器学习相比,联邦学习通常部署在不同的站点/边缘,这意味着联邦学习推理服务需要一个高效且灵活的平台,以适应不同的框架和硬件。Kubeflow 的 KFServing 组件为本地推理提供了简单、高效、可插拔和全生命周期的解决方案,完全符合联邦学习的需要。KubeFATE 是 Linux 基金会的一个开源项目,在 Kubernetes 上提供 FL 的云原生管理,并与 Kubeflow 兼容。讲座介绍了使用 KFServing 为 KubeFATE 的联邦学习模型提供服务的实践,包括:1.简要介绍 Kubeflow、KFServing 和推断服务工作流程 2.联邦学习基础,不同的联邦学习算法类型和用例 3.演示如何从水平训练的联邦学习模型创建服务

Federated Learning (FL) is the fastest-growing machine learning (ML) technology recently, as it solves the data silo problem while strengthening privacy and security. Comparing to traditional ML, FL is commonly deployed in diverse sites/edges, meaning FL inference services require a platform being highly-efficient and also flexible for different frameworks and hardware. The KFServing component of Kubeflow provides simple, efficient, pluggable and full lifecycle solution for local inference, perfectly fitting FL's needs. KubeFATE is an open source project of Linux Foundation, offering cloud native management of FL on Kubernetes and compatible with Kubeflow. The talk introduces the practice to use KFServing for serving FL models with KubeFATE, including: 1. Brief introduction to Kubeflow, KFServing and InferenceService workflow 2. Federated Learning basics, different FL algorithm types and use cases 3. Demonstration of creating a serving service from a horizontally-trained FL model

Speakers
avatar for Jiahao Chen

Jiahao Chen

Software Engineer, Tencent
Jiahao Chen, software engineer at Tencent, specializes in container, network and distributed technology research, and is also actively involved in the construction of open source communities. During his tenure at Tencent, he led or participated in the completion of the construction... Read More →
avatar for Fangchi Wang

Fangchi Wang

Senior Software Engineer, VMware
Fangchi Wang works in VMware CTO Office as a senior software engineer. He is specialized in various infrastructure areas including virtualization, cloud computing and cloud native stacks. At VMware, he has worked on many core virtualization products including VMware vSphere, Workstation... Read More →



Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

如何参与云原生计算基金会 (CNCF) 开源项目并成为维护者 | How to Participate in CNCF Open Source Projects and Become a Maintainer - Guo Xudong, GitLab
如何参与开源项目?如果我不知道如何编写代码,我能参与开源项目吗?如何从一个普通的贡献者一步一步地成为维护者?这次演讲可能会帮助你找到答案。

How does one participate in open source projects? Can I participate in open source projects if I don’t know how to write code? How can I become a maintainer from an ordinary contributor step by step? This talk may help you find the answer.

Speakers
avatar for Xudong Guo

Xudong Guo

Cloud Native Architect, JiHu GitLab
郭旭东 极狐(GitLab)云原生架构师,阿里云 MVP,云原生社区管委会成员&上海站站长。热爱开源,专注于 DevOps 和云原生技术的实践和分享,目前是 CNCF SandBox 项目 KubeVela / ChaosBlade 的 Maintainer。



Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

Crossplane:将基础设施和服务组成定制平台应用程序接口 | Crossplane: Compose Infrastructure and Services Into Custom Platform APIs - Viktor Farcic & Aaron Eaton & Muvaffak Onuş, Upbound
在此次讨论中,我们将介绍 Crossplane 项目,描述整体愿景,并深入探讨一些具体的架构和实践范例。Crossplane 最近被批准为 CNCF 的孵化项目,生产应用者的社区也在持续发展。我们将学习如何使用 Crossplane 的通用控制面来配置和管理您的所有基础设施,以及如何建立您自己的定制平台和抽象,为您的开发人员提供自助服务。我们还将了解更多关于该项目和社区的部分最新进展,以及即将发布的项目进展规划。Crossplane 是一种社区驱动型项目,因此与项目维护人员进行合作、分享您的观点以及运用案例来影响规划方向的机会非常多!

In this session, we will introduce the Crossplane project and describe the overall vision as well as deep dive into some specific architecture and practical examples. Crossplane has recently been approved as a CNCF incubating project and the community of production adopters continues to grow. We will learn about how to provision and manage all of your infrastructure using Crossplane's universal control plane and how to build your own custom platform and abstractions that enable self-service for your developers. We'll also learn more about some of the recent advancements in the project and community, as well as the upcoming roadmap for where the project continues to progress. Crossplane is a community driven project, so there will be plenty of opportunities to collaborate with the project maintainers and share your perspective and use cases to influence the roadmap direction!

Speakers
avatar for Muvaffak Onus

Muvaffak Onus

Staff Software Engineer, Upbound
Muvaffak has been developing Kubernetes controllers for the last couple of years, in which he focused on application controllers of SAP Data Intelligence for a year and CNCF Crossplane project for the last three years. He has worked on the generic reconciler that powers every service... Read More →
avatar for Viktor Farcic

Viktor Farcic

Developer Advocate, Upbound
Viktor is helping the CNCF Crossplane project’s community grow as a Developer Advocate at Upbound, where he educates and connects with the community to help them adopt and deploy a universal control plane. He also runs the popular DevOps Toolkit channel on YouTube where he teaches... Read More →


Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

WasmEdge 简介,云原生 WebAssembly 运行时 | Introduction to WasmEdge, A Cloud-native WebAssembly Runtime - Michael Yuan, WasmEdge
WebAssembly 最初是作为网络浏览器的高性能应用运行时创建的,现在被广泛用于浏览器之外的应用,包括云原生、边缘计算、SaaS 和区块链应用。对于应用开发者来说,WebAssembly 提供了一个高性能、轻量级、多语言、可移植和安全的运行时沙箱,可以嵌入到几乎任何应用中,以运行来自第三方的 "无服务器 "功能。在这次演讲中,Michael Yuan 将对 WasmEdge Runtime 项目进行技术介绍。Michael 将介绍的具体内容包括:WebAssembly 为什么和如何用于云原生和边缘计算项目,WasmEdge 与其他 WebAssembly 运行时有什么区别,以及如何编写 WasmEdge 应用程序来扩展自己的软件产品。

Initially created as a high-performance application runtime for web browsers, WebAssembly is now used in a wide range of applications outside of the browser, including cloud-native, edge computing, SaaS, and blockchain apps. For application developers, WebAssembly provides a high-performance, lightweight, polyglot, portable, and secure runtime sandbox that can be embedded into almost any application to run “serverless” functions from 3rd parties. In this talk, Michael Yuan will give a technical introduction to the WasmEdge Runtime project. Specific topics Michael will cover include why and how WebAssembly is used in cloud-native and edge computing projects, how is WasmEdge differentiated from other WebAssembly runtimes, and how to write WasmEdge applications to extend your own software products.

Speakers
avatar for Michael Yuan

Michael Yuan

Maintainer, WasmEdge
Dr. Michael Yuan is a maintainer of the WasmEdge project and a co-founder of Second State. He is the author of 5 books on software engineering published by Addison-Wesley, Prentice-Hall, and O'Reilly. Michael is a long-time open-source developer and contributor. He had previously... Read More →


Thursday December 9, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

小组讨论:如何吸引开发人员加入您的社区 | Panel Discussion: How to Attract Developers to Join Your Community - Jie Liu, Huawei & Charlotte Hu & Guo Liu, Huawei; Sheng Wu, Tetrate; Zili Chen
从不同的角度,尝试分享关于如何吸引开源开发人员加入社区的经验和观点。如何吸引开发人员留下来并成为社区的一部分?社区运营的 KPI 是什么(或者 KPI 是否应该存在)?

From different aspacts, try to share the experience and opinion of How to attract open source developer to come to a community? How to attract them stay and become part of community? What is the KPI for community operation ( or even whether KPIs should exists or not)

Speakers
avatar for GUO LIU

GUO LIU

主任工程师, 华为
avatar for Jie Liu

Jie Liu

Open Source Strategist, Huawei
avatar for Xiaoman Hu

Xiaoman Hu

Community Operation Director, Huawei
Operation director of MindSpore in Huawei. Member of the Chinese Institute of Electronics experts, member of the Outreach Committee of the LF&AI Foundation, leader of the TinyMS open source project. Founder of MSG•Women in Tech. Served as a senior algorithm engineer of Autohome... Read More →
avatar for Sheng Wu

Sheng Wu

Tetrate
avatar for Zili Chen

Zili Chen

Community Evangelist


Thursday December 9, 2021 13:15 - 13:50 CST
Open Source Summit 演讲厅

13:45 CST

Virtual Project Office Hours: Harbor
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Harbor Project Office Hours here: https://zoom.us/webinar/register/WN_UeOXlhD0R8SAeSrSCqhP3Q


>> Full list of Project Office Hours


Thursday December 9, 2021 13:45 - 14:30 CST
Project Office Hours

13:45 CST

Project Office Hours: Kube-OVN
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Kube-OVN Project Office Hours here: https://zoom.us/webinar/register/WN_suHkQSVVT3qx6AZZATP1RA


>> Full list of Project Office Hours


Thursday December 9, 2021 13:45 - 14:45 CST
Project Office Hours

14:05 CST

gRPC 遇见 RDMA | gRPC Meets RDMA - Wenbo Zhang, PingCAP
RoCE 被认为是最有效的低时延以太网解决方案,而 gRPC 被认为是一个广泛使用的高性能开源框架。在本演讲中,Wenbo Zhang 将分享 RDMA 技术和编程,以及如何定制 gRPC 端点层来实现使用 RoCE 协议的通信。

RoCE is considered the most efficient low latency Ethernet solution, and gRPC is a widely used open-source framework with high performance. In this talk, Wenbo Zhang will share the RDMA technology and programming, as well as how to customize the gRPC endpoint layer to achieve communication using the RoCE protocol.

Speakers
avatar for Wenbo Zhang

Wenbo Zhang

R&D, PingCAP
Wenbo Zhang is a PingCAP Development Engineer, focusing on performance analysis and diagnosis of Linux kernel. He talked about BPF for chaos and tracing in Kubernetes at Cloud Native + Open Source Summit China 2020.



Thursday December 9, 2021 14:05 - 14:40 CST
Open Source Summit 演讲厅

14:05 CST

超越基础架构/服务提供:Crossplane 本质与采用 | Beyond Infra/Service Provision: The Crossplane Essentials and Adoption - Guang Ya Liu & Ying Mo, IBM
作为 Kubernetes 的开源附加组件,Crossplane 允许人们组装来自多个供应商的基础架构,人们可将其作为一个高级别的抽象概念来利用,而无需编写代码。在过去的几年时间里,Crossplane 迅速发展成为一个非常活跃的社区。人们经常讨论的 Crossplane 最常见的用例是在公共云上提供基础架构和服务。但如你了解了 Crossplane 的本质,你会发现它可以做得更多。在本会话中,发言者将首先通过深入探讨 Crossplane 内部的一些关键因素,分享一些关于 Crossplane 本质的想法,然后会通过现场演示探索一些有趣的使用场景,并根据实际案例研究,详细介绍如何使用 Crossplane,例如功能编排、特定领域的可组合特性、带 Crossplane 的 GitOps 等。这些分享均来自发言者的亲身经验,以及通过与社区紧密合作就 Crossplane 采用得到的持续观察。

Crossplane as an open source Kubernetes add-on allows people to assemble infrastructure from multiple vendors and exposes as a higher level abstraction to consume without writing code. It has evolved rapidly with a very active community during the last couple of years. The most common use case of Crossplane that people often discuss is to provision infrastructure and services on public clouds. However, if you learn the essentials of Crossplane, you will see it can do more. In this session, the speakers will firstly share some thoughts on the nature of Crossplane by deep diving some key factors reflected inside Crossplane, then explore a few interesting usage scenarios with live demo zoomed in on how it can be used based on real case study, e.g. capabilities orchestration, domain-specific composable traits, GitOps with Crossplane, etc. These sharing all come from the speakers' first hand experience and continuous observation on Crossplane adoption by working closely with the community.

Speakers
avatar for Guangya Liu

Guangya Liu

Senior Technical Staff Member, IBM
Guang Ya Liu is a Senior Software Architect in IBM CDL and now focusing on cloud computing, data center operating system and container technology, he is also a Member of IBM Academy of Technology. Starting from 2013, Guang Ya act as an OpenStack Active Contributor and contribute to... Read More →
avatar for Ying Mo

Ying Mo

Senior Software Engineer, IBM
Ying Mo is a Senior Software Engineer at IBM, working on IBM Cloud Pak for Watson AIOps, focusing on multi-cloud management and monitoring using Kubernetes and container technology. He is always enthusiastic about bringing innovative idea into product by leveraging open source technologies... Read More →



Thursday December 9, 2021 14:05 - 14:40 CST
Open Source Summit 演讲厅

14:05 CST

用 KubeEdge 管理不稳定网络上的大规模边缘集群 | Managing Large-Scale Edge Cluster Over Unstable Network with KubeEdge - Fei Xu, Huawei
众所周知,Kubernetes 已经成为协调运行在数据中心中的容器化工作负载的事实上的标准,并依赖于数据中心的稳定网络。但在边缘计算场景中,我们将在数据中心运行主节点,在各个分散区域运行边缘节点。此时,K8s 主节点和边缘节点之间没有稳定的网络连接,节点甚至可能长时间处于离线状态。此外,由于边缘节点的数量大于数据中心服务器的数量,如何管理这些大规模的边缘节点是一个巨大的挑战。在这一节中,我们将分享如何使用 KubeEdge 来管理不稳定网络下的大规模边缘集群。它支持向大规模边缘节点发送控制事件,有助于我们在大规模边缘集群的不稳定网络环境下实现可靠的边缘应用管理。

It is well known that Kubernetes has become the de facto standard for orchestrating containerized workloads running in the data center, and rely on the stable network of the data center. But in edge computing scenarios, we will run the master in the data center, and the edge nodes in various decentralized areas. At this time, there is no stable network connection between K8s master and edge nodes, and the nodes may even be offline for a long time. Moreover, the number of edge nodes is larger than that of data center servers, so how to manage these large-scale edge nodes is a huge challenge. In this session, we will share how to use KubeEdge to manage large scale edge cluster under unstable network. It supports to send control events to large scale edge nodes and will help us achieve the reliable edge applications management over unstable network in large scale edge cluster.

Speakers
avatar for Fei Xu

Fei Xu

Huawei


Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

从以应用程序为中心的抽象将应用程序运送到多集群环境 | Ship Apps to Multi-cluster Environments from an App-centric Abstraction - Zhengyi Lai, QingCloud
许多应用程序定义和框架都来自云原生计算基金会领域,Helm 和 Operator 是 Kubernetes 生态系统中打包和管理应用程序的最流行方式。根据云原生计算基金会 2020 年的调查,以多集群和多云为代表的企业架构已成为现代基础设施的新趋势。如何利用以应用为中心的概念来提供自助服务,跨多个 Kubernetes 集群和云交付/部署应用程序?KubeSphere 团队正在构建一个统一的控制面,使用户能够以一致的工作流交付应用程序和云功能。在本次演讲中,KubeSphere 维护人员将讨论:使用 CRD 简化 Helm Chart 和 Operator 部署,如何跨多个云传播原生应用程序,如何跨多个云管理 Operator 及其 CRD,如何在优雅的界面中扩展操作符

Many application definitions and frameworks are emerging from the CNCF landscape, Helm and Operator are the most popular ways to package and manage applications in the Kubernetes ecosystem. From the CNCF Survey 2020, the enterprise architecture represented by multi-cluster and multi-cloud has been a new trend in modern infrastructure. How to leverage the app-centric concepts to provide self-service to deliver/deploy applications across multiple Kubernetes clusters and clouds? KubeSphere Team is building a unified control plane to enable users to deliver applications and cloud functions with a consistent workflow. In this talk, KubeSphere maintainers will talk about: Uncomplicating the Helm Chart and Operator deployment using CRD How to propagate a cloud-native application across multiple clouds How to manage Operator and its CRD across multiple clouds How to extend your operator in an elegant interface

Speakers
avatar for Zhengyi Lai

Zhengyi Lai

KubeSphere Dev Lead, QingCloud Technologies
Zhengyi Lai is the maintainer of the KubeSphere(https://github.com/kubesphere) and has contributed to helm, virtual-kubelet, grpc-gateway, etc. Zhengyi is also maintaining the application store, network, and pluggable architecture in KubeSphere. His main work focuses on networking... Read More →



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

如何使用开源工具构建您的网络安全工具包 | How to Build Your Cybersecurity Toolkits with Open Source Tools - Yu Chen, Aqua Security
开源是云原生的自然属性。在当前市场中,有一些商业工具可为云原生的全生命周期提供保护。然而,对于刚刚进入云原生环境的初创企业的用户来说,开源工具在这个阶段将是一个非常好的选择,可以保护他们的云原生环境。在本会话中,Yu Chen 将与我们分享如何使用生态系统中现有的开源工具为云原生环境创建安全工具集。

Open source is the natural attribute of Cloud Native. In current market, there are some commercial tools that can provide protection for the cloud native full lifecycle . However, for users of startups who have just entered the cloud native environment, open source tools will be a very good option for them in this stage to protect their cloud native environment. In this session, Yu Chen will share with us how to use the existing open source tools in the eco-system to create a security toolset for the cloud native environment.

Speakers

Thursday December 9, 2021 14:05 - 14:40 CST
Open Source Summit 演讲厅

14:05 CST

如何在零停机的情况下迁移 Kubernetes 集群 | How To Migrate Kubernetes Cluster With Zero Downtime - Jing Gu & Yaoyao Xie, Alibaba
跨多个版本升级 Kuberentes 的风险更大。许多客户选择使用集群迁移(即创建一个新的高版本集群,然后将应用程序从低版本集群迁移到高版本集群)而不是升级集群。然而,如何在零停机的情况下迁移集群已经成为一个重大挑战。这项建议提出了解决问题的办法。

Upgrading Kuberentes across multiple versions is more risky. Many customers choose to use cluster migration (that is, create a new high-version cluster, and then migrate the applications from the low-version cluster to the high-version cluster) instead of upgrading the cluster. However, how to migrate cluster with zero downtime has become a major challenge. This proposal propose a way to solve the problem.

Speakers
JG

Jing Gu

Engineer, Alibaba
Jing Gu is an engineer on Kubernetes Service team at Alibaba Cloud and is a member of Kubernetes. She primarily works on Kubernetes AIOps and cloud controller manager for Alibaba Cloud.



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

在线视频架构将服务韧性从Spring Cloud 熔断器升级到服务网格 | Online Video upgrades resilience from SC Circuit Breaker to Service Mesh - Xu Shiyu, RR Video & Zhang Chaomeng, Huawei
作为中国领先的在线视频共享平台,人人视频业务的快速发展给其 IT 基础设施带来了巨大挑战。日益增长的复杂性、容量和韧性要求给当前基于 Spring Cloud 熔断器的微服务带来了新的问题。在本次演讲中,超盟和世宇将重点介绍大规模生产环境中的服务网格韧性实践,包括不健康实例的透明自动隔离、故障自动恢复和自我修复、连接池管理、重试、限流、超时和分布式跟踪等。通过分析熔断器模式和比较 Spring Cloud 熔断器和服务网格在各自生产实践中不同的实现方式,结果表明优化不只是改善了系统的可靠性和可用性,还使得开发和操作工作更简单便捷。

As one leading Online Video sharing platform in China, RR's rapid business development introduce great challenge on its IT infrastructure. The increasing complexity, capacity and resilience requirement brings new problems to current Spring Cloud circuit breaker based micro services. In this presentation, Chaomeng and Shiyu will focus on service mesh resilience practice in large scale production environment, including transparent auto-isolation of the unhealthy instance, auto-recovery and self-healing, connection pool management, retry, fine gained rate limit and distributed tracing, latency metrics. By analyzing circuit breaker pattern and comparing the different implementation of Spring Cloud circuit breaker and service mesh in their production practice, they show that the optimization not only improves system reliability and availability but also makes dev and ops works simpler and easier.

Speakers
XS

Xu Shiyu

RRTV|technical supervisor & architect
Xu Shiyu,a technical supervisor and architect of RR video.with 7 years of experience in java R & D. He has been responsible for the cloud native technology transformation of the microservice architecture for large distributed systems. Research areas: middleware, infrastructure, cloud... Read More →
ZC

Zhang Chaomeng

Architect of HUAWEI CLOUD, Huawei
Zhang Chaomeng is the chief architect of HUAWEI CLOUD Application Service Mesh(ASM). Experienced in service mesh, Kubernetes, micro service, cloud service catalog, big data, APM and DevOps related developing work. He is Istio community member, author of book “Cloud Native Service... Read More →



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

Bagua:Kubernetes 上的轻量级分布式学习 | Bagua: Lightweight Distributed Learning on Kubernetes - Xiangru Lian & Xianghong Li, Kuaishou
Bagua 是快手科技和苏黎世理工 (ETH Zürich) 共同开发的一个项目,在 Kubernetes 上支持高性能分布式深度学习,而无需特殊的网络设备和严格的调度。得益于 Bagua 创新的通信算法和与 Kubernetes 的集成,用户可以在 Kubernetes 集群上通过普通以太网连接水平扩展培训,并提供出色的加速保证。Bagua 的有效性在各种场景和模型中得到了验证,包括 ImageNet 上的 ResNet、Bert Large,以及在快手的大规模工业应用,如:具有数十个 TB 参数的推荐模型训练,超过 10 亿张图像/视频的视频/图像理解,具有 TB 级别数据集的 ASR 等。在端到端性能方面,在 Kubernetes 生产集群中,Bagua 在不同任务范围内的端到端训练时间显著超过 PyTorch-DDP、Horovod 和 BytePS(高达 1.95 倍)。

Bagua is a project developed by Kuaishou Technology and ETH Zürich to support high performance distributed deep learning on Kubernetes without requiring special network devices and restrictive scheduling. Benefiting from Bagua's innovative communication algorithms and integration with Kubernetes, users can scale the training horizontally with excellent speedup guarantee, on a Kubernetes cluster with just ordinary ethernet connection. Bagua's effectiveness has been validated in various scenarios and models, including ResNet on ImageNet, Bert Large, and huge scale industrial applications at Kuaishou such as ● recommendation model training with dozens of TB parameters, ● video/image understanding with >1 billion images/videos, ● ASR with TB level datasets, etc. As for end to end performance, in a production Kubernetes cluster, Bagua can outperform PyTorch-DDP, Horovod and BytePS in the end-to-end training time by a significant margin (up to 1.95×) across a diverse range of tasks.

Speakers
avatar for Xiangru Lian

Xiangru Lian

Senior Staff Research Scientist, Kuaishou Technology
avatar for Xianghong LI

Xianghong LI

Senior Architect, Kuaishou Technology
Xianghong Li currently serves as a senior architect at Kuaishou Technology, focusing on cloud-native machine learning platform based on Kubernetes, and large scale AI system performance acceleration solutions, in order to help algorithm engineers deploy production ready machine learning... Read More →



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

Kubernetes SIG Node:介绍与深入研究 | Kubernetes SIG Node: Intro and Deep Dive - Paco, DaoCloud
作为 sig-node 的新手,我想介绍一下 sig-node,因为我已经深度参与了最近的 Kubernetes 版本发布,尤其是一直在致力于与 SIG-node 相关的工作。作为 sig-node 漏洞清理工作(漏洞分类方)的亚太区负责人,我还分享了我的经验。这一活动很有帮助。我们为新贡献者配备了一位导师,我们也可以在 slack/zoom 中讨论一些问题,几乎所有 sig-node 问题都在此活动中都得到了至少一项更新。1. sig-node 介绍 2. #SIG-Node-Bug-Scrub 活动 3.SIG-node 1.22 发行说明 4. 策略:1.23-1.24 KEP

As a newbie of sig-node, I would like to introduce sig-node since I have been deeply involved in recent Kubernetes releases and especially working on SIG-node-related things. I also share my experience as APAC captain of sig-node bug scrub(triage party). This activity is helpful. There would be a mentor for new contributors and also we can discuss issues on the slack/zoom, almost all issues of sig-node got at least an update on this activity. 1. sig-node introduction 2. #SIG-Node-Bug-Scrub Activity 3. SIG-node 1.22 release note 4. roadmap: 1.23-1.24 KEP

Speakers
avatar for Paco

Paco

OpenSource Team Leader, DaoCloud
Paco is currently the leader of the open-source team.Paco is sig-node & kubeadm reviewer and actively working in sig-cli/sig-testing.He has worked in the infrastructure team of DaoCloud Enterprise Platform(the Kubernetes-based platform) since 2016 and currently, focuses on coredns... Read More →



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

Rook:介绍和 Ceph 平台深探 | Rook: Intro and Ceph Deep Dive - Travis Nielsen, Red Hat & Satoru Takeuchi, Cybozu, Inc.
Rook 项目将被介绍给所有层次和经验的参与者。Rook 是 Kubernetes 的开源云原生存储运营商,为不同的存储解决方案提供平台、框架和支持,以与 Kubernetes 进行原生整合。Rook 将存储软件转变为自我管理和自我修复的存储服务。将对 Ceph 存储提供商进行深入研究,展示 Rook 如何为您的生产数据提供稳定的存储块、共享文件系统和对象存储。我们将介绍 V1.8 版本发布的最新功能,进一步说明 Rook 是如何为生产环境使自身持续增强的。Rook 于 2020 年 10 月被云原生计算基金会接纳为毕业项目。

The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with Kubernetes. Rook turns storage software into self-managing and self-healing storage services. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.8 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

Speakers
avatar for Travis Nielsen

Travis Nielsen

Senior Principal Software Engineer, Red Hat
Travis Nielsen is a Senior Principal Software Engineer at Red Hat where he works on “the future of storage” as part of the Ceph distributed storage system team. Travis is one of the original founders of the Rook project. Prior to Rook, Travis was the storage platform tech lead... Read More →
avatar for Satoru Takeuchi

Satoru Takeuchi

Software Developer, Cybozu, Inc
Satoru is a software developer of an on-premise Kubernetes cluster and Rook/Ceph cluster at Cybozu. He is a maintainer of Rook/Ceph. He made a presentation named "Capacity-aware Dynamic Volume Provisioning For LVM Local Storage" at KubeCon Europe 2020 and also made some Rook maintainer... Read More →



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

基于Volcano的离在线业务混部技术探索 | Exploration About Mixing Technology of Online Services and Offline Jobs Based on Volcano - Leibo Wang & Lei Wu, Huawei
为了保证服务SLA,集群需要大量冗余资源,这将导致集群资源利用率低下,资源浪费严重。为了提高资源利用率,Volcano将在线服务和离线批处理作业混合在同一集群上。kubelet使调度器感知到已分配资源和实际已有资源量的差距。Volcano还提供了资源超卖能力,可将已分配给低优先级作业的空闲资源加以复用。在操作系统维度,Volcano还通过cgroup提供任务隔离,以确保关键的在线服务QoS。

To ensure service SLA, a large number of redundant resources are required which resulting in low resource utilization and serious resource waste. To improve resource utilization, Volcano mix online service and batch jobs on the same cluster. And kubelet makes the scheduler aware of the gap between resource allocation and utilization. Volcano also provides resource oversubscription which is reserved but unused resource to low priority batch jobs. On the OS level, it also provides task isolation by CGroups to ensure critical online services QoS.

Speakers
avatar for Leibo Wang

Leibo Wang

Principal Engineer, Huawei
avatar for Lei Wu

Lei Wu

Software Engineer, Huawei
Software Engineer from Huawei Cloud Native Team. @volcano-sh maintainer. Focus on high performance scheduling, resource management.etc


Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

镜像分发系统 Dragonfly 的新进展 | The New Evolution of Image Distribution System Dragonfly - Wenbo Qi, Ant Group & Zheyi Zhang, Shanghai Jiao Tong University
本次演讲主要介绍 Dragonfly 的应用内容,以及当前发展进程,然后介绍社区的现状;接下来介绍 1.X 版本中所遇到的一些问题和技术瓶颈,包括架构问题、P2P 协议问题、高可用性和安全问题。考虑到这些问题,我们决定开展 Dragonfly 2.0 项目,通过新架构和模块设计,彻底解决 1.X 版本中的缺陷问题。以此同时,该项目还支持与 Nydus 整合的镜像按需读取。深入研究部分将包括 Dragonfly 2.0 的技术方案和演示。

This speech will mainly introduce what dragonfly does and its current development process, and then introduce the current situation of the community; Next, we will introduce some problems and technical bottlenecks encountered in version 1. X, including architecture problems, P2P protocol problems, high availability and security problems. In view of these problems, we decided to launch Dragonfly 2.0 project to completely solve the defects of version 1. X through new architecture and module design, At the same time, it supports image on-demand reading through integration with Nydus. The deep dive part will cover the technical scheme and demo of dragonfly 2.0.

Speakers
avatar for Wenbo Qi

Wenbo Qi

Software Engineer, Ant Group
Wenbo Qi is a software engineer at Ant Group working on dragonfly. He is a maintainer of the Dragonfly. He is putting lots of energy and enthusiasm into open source domain and believes that fear springs from ignorance.



Thursday December 9, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:45 CST

Virtual Project Office Hours: KubeVela
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for KubeVela Project Office Hours here: https://zoom.us/webinar/register/WN_sLovKlheRCG2c5VcreQ-pA


>> Full list of Project Office Hours


Thursday December 9, 2021 14:45 - 15:30 CST
Project Office Hours

14:45 CST

Virtual Project Office Hours: Strimzi
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Strimzi Project Office Hours here: https://zoom.us/webinar/register/WN_9zbf9dJqRNiaHWvEB8bZ6g


>> Full list of Project Office Hours


Thursday December 9, 2021 14:45 - 15:30 CST
Project Office Hours

14:45 CST

虚拟展位浏览 | Virtual Booth Crawl
加入我们的解决方案展示区,观看现场演示、互动会议,以及由我们的赞助商提供的专家办公时间。探索参展商的展位,了解更多关于最新的技术,浏览特别优惠和招聘信息,以及更多资讯。

为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、常规人口统计问题(即,工作职能、行业),以及关于您互动的赞助内容或资源的详细信息。选择与虚拟展位互动或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

Join us in the Solutions Showcase for live demos, interactive sessions, and expert office hours presented by our sponsors. Explore exhibitor booths to learn more about the latest technologies, browse special offers and job posts, and much more.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), when accessing sponsored sessions in the sponsor theater, accessing virtual swag provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.




Thursday December 9, 2021 14:45 - 15:45 CST
Kubecon + CloudNativeCon 演讲厅

15:45 CST

Virtual Project Office Hours: k8gb
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for k8gb Project Office Hours here: https://zoom.us/webinar/register/WN_zPf-c4pySS2nIbl-w1SafQ


>> Full list of Project Office Hours


Thursday December 9, 2021 15:45 - 16:30 CST
Project Office Hours

15:45 CST

Virtual Project Office Hours: Longhorn
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Longhorn Project Office Hours here: https://zoom.us/webinar/register/WN_rPORVhfVQ8WHHkKhT4iOQQ


>> Full list of Project Office Hours


Thursday December 9, 2021 15:45 - 16:30 CST
Project Office Hours
 
Friday, December 10
 

08:00 CST

与 Priyanka 和 Chris 的咖啡会谈 |Coffee Talk with Priyanka + Chris
加入由 CNCF 执行董事 Priyanka Sharma 、首席技术总监 Chris Aniszcyzk 和特别嘉宾的对话和活动回顾! 请随意启用您的音频和视频 —— 一起建立联系和共享一个欢乐有趣的会议。咖啡会谈将有翻译提供。

如何注册:无须注册!人数许可下,咖啡会谈开放给所有有兴趣的社区会员。

Zoom 连接:https://zoom.us/j/99114227443

Join CNCF Executive Director Priyanka Sharma and CTO Chris Aniszcyzk to start your day with some socializing, event recaps, and special guests! Come prepared with your audio and video on – we’re here to have fun and make connections!

An interpreter will be available.

How to Register: No need! Coffee Talk is open to all in the community that are interested, space permitting.

Join Zoom: https://zoom.us/j/99114227443


Speakers
avatar for Chris Aniszczyk

Chris Aniszczyk

CTO, CNCF, Linux Foundation
Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →
avatar for Priyanka Sharma

Priyanka Sharma

Executive Director, CNCF
Priyanka is the Executive Director of the Cloud Native Computing Foundation (CNCF) which serves as the vendor-neutral home for 100+ of the fastest-growing open source projects, including Kubernetes, Prometheus, and Envoy. She is also a co-creator of the Inclusive Naming Initiative... Read More →


Friday December 10, 2021 08:00 - 08:45 CST
Kubecon + CloudNativeCon 演讲厅

09:00 CST

主题演讲: Kubernetes 项目更新 | Keynote: Kubernetes Project Updates - Jasmine James, Engineering Manager, Twitter



Speakers
avatar for Jasmine James

Jasmine James

Senior Engineering Manager-Developer Experience
Jasmine is an engineering manager leading the developer experience pillar in the engineering effectiveness organization. She has previously worked at Delta Air Lines enabling cloud native application development by providing modern tooling and capabilities utilizing various CNCF projects... Read More →


Friday December 10, 2021 09:00 - 09:15 CST
Kubecon + CloudNativeCon 演讲厅

09:15 CST

主题演讲:待定 | Keynote: Reverse Engineering Cloud Native: Building the NextGen Identity of Practitioners - Katie Gamanji, Ecosystem Technical Advocate, Cloud Native Computing Foundation
Kubernetes has become the default container orchestrator framework, setting the standards for application deployment in a distributed environment. In the past years, numerous tools have been developed to extend Kubernetes capabilities and enhance its features. Simultaneously, the expansion of the technology landscape prompted the growth of the adopter base and the number of scenarios where cloud native can be applied. The organic adoption and development of new tools, created the ecosystem and community as we know it today.

This keynote will feature the 3 core principles that define the next generation's identity of cloud native practitioners using a reverse engineering approach. It will present the interoperability of tools, inclusivity at the community and adopters level, and a culture of change and education that drives the ubiquity of the cloud native.

Speakers
avatar for Katie Gamanji

Katie Gamanji

Senior Kubernetes Field Engineer, Apple
Katie is a cloud native leader, practitioner, and contributor, currently in a Senior Kubernetes Field Engineer role at Apple and a TOC for CNCF (Cloud Native Computing Foundation).  As a cloud platform engineer, Katie has built the infrastructure for Conde Nast and American Express... Read More →


Friday December 10, 2021 09:15 - 09:25 CST
Kubecon + CloudNativeCon 演讲厅

09:15 CST

主题演讲:在500,000+服务器的背后:用云原生管理大型数据中心 | Keynote: Behind the 500,000+ Servers: How to Manage Giant IDCs with Cloud Native - Hua Yong, Cloud Native Director, 21vianet
随着云计算和云原生技术的发展,越来越多的服务、更大的集群规模和更复杂的应用使数据中心变得越来越大。TPOS、PUE和服务器密度给管理层面带来了巨大的挑战。利用云原生技术和生态建立IDC大数据/AI管理系统是本次演讲的主题。Smarthaven 利用云原生、大数据和AI技术,是IDC开源管理项目的重要组成部分。我们希望分享:
* 如何收集和管理数据,特别是背景音频信息。数据在边缘侧处理,节省60%的带宽,速度提高10倍。(Kubeedge/Kubernetes)
* 如何用大数据/物联网管理1M+传感器和每天10TB+(Flink和Kubeedge)
* 如何用AI进行边缘检测故障报警推理和预测。节省2%以上的能源。(Kubeflow)
* 如何在5秒内收集、传输和分发AI模型。(Nats)

With the evolution of cloud-computing and cloud-native technologies, more and more services, larger cluster sizes, and more complex applications make data center bigger and bigger. TPOS, PUE and server density pose great challenges to the management level. Using cloud native technology and ecology to establish IDC Bigdata/AI management system is this speech theme. The "Smarthaven" is an important part of IDC's open source management projects, using cloud native, big data, and AI technology. We want to share:
* How to collect and manage data, especially background audio information. The data is processed on the edge side.Saving 60% bandwidth and speed up 10 times. (Kubeedge/Kubernetes)
* How to manage 1M+ sensors and 10TB+/day with Bigdata/IoT (Flink and Kubeedge)
* How to perform edge detection fault alarm reasoning and prediction with AI. Saving 2%+ energy. (Kubeflow)
* How to collect, transmit and distribute AI models in 5 seconds. (Nats)

Speakers
avatar for Hua Yong

Hua Yong

Cloud Native Director, 21vianet
Software developer, system architecture and project manager. Has led and contributed open-source projects, embedded systems and mobile solutions for in-depth study, solution and implementation. Focus and familiar with Cloud Native and DevOps domain.


Friday December 10, 2021 09:15 - 09:30 CST
Kubecon + CloudNativeCon 演讲厅

09:25 CST

主题演讲:突破地心引力!与KubeEdge一起迈向太空的云原生 | Keynote: Break Through Gravity! Cloud Native Towards Space With KubeEdge - Qi Zhang, Chief Architect of Distributed Cloud Native Platform (UCS) and Intelligent Edge Platform (IEF), Huawei Cloud & Shangguang Wang, Professo
当今已处于星际航海时代,卫星制造的通用化,智能化,软件化趋势逐渐加快,卫星互联网已经成为全球热点。本次演讲将会介绍卫星计算的现状以及遇到的问题,并在此基础上介绍如何通过KubeEdge的云原生边缘计算能力将卫星作为边缘节点进行管理,并将AI工作负载延伸至太空中,通过边缘协同的AI赋能空间探索,并进行高精度地面科研工作,例如农田面积统计等。

在此演讲中,观众可以了解卫星计算的现状,特点和技术挑战。为什么KubeEdge作为云原生的边缘计算项目适用于对卫星的管理中。以及是如何通过KubeEdge Sedna来进行边缘协同的AI运算,满足在卫星上在对设备功率有极高要求的条件下进行实时计算的要求。

Nowadays, in the age of interstellar navigation, the trend of generalization, intelligence and software of satellite manufacturing is accelerating gradually, and the satellite Internet has become a hot spot in the world. In this talk, Qi and Shangguang will introduce the current state of satellite computing and the problems encountered. They will then introduce how to manage satellites as edge nodes and extend AI workloads into space with KubeEdge's cloud-native edge computing capabilities. More specifically how AI-enabled edge collaboration enables space exploration and high-precision ground-based scientific research, such as farmland area statistics.

In this talk, the audience will learn about the current state, characteristics, and technical challenges of satellite computing. The question “Why is KubeEdge suitable for satellite management as a cloud-native edge computing project?” will also be answered. We will also cover how to use KubeEdge Sedna to perform edge-coordinated AI computing, meeting the requirements for real-time computing on satellites in conditions that have high requirements on device power.



Speakers
avatar for Qi Zhang

Qi Zhang

Chief Architect of Distributed Cloud Native Platform (UCS) and Intelligent Edge Platform (IEF), Huawei Cloud
华为云分布式云原生平台(UCS)和智能边缘平台(IEF)首席架构师。CNCF KubeEdge项目联合发起人,Apache ServiceComb项目创始人。在华为云先后主导容器管理调度引擎、华为云微服务引擎CSE、智能边缘平台IEF、分布式云原生(UCS)等产品的架构设计和研发。Qi... Read More →
avatar for Shangguang Wang

Shangguang Wang

Professor of Posts and Telecommunications, Beijing University
北京邮电大学教授、博导、网络与交换技术国家重点实验室副主任、国家优秀青年科学基金获得者、国家重点研发计划项目首席科学家、天算星座首席科学家、IEEE服务计算技术委员会(TCSVC)主席、IEEE云计算技术委员会(TCCLD)副主席Professor... Read More →


Friday December 10, 2021 09:25 - 09:35 CST
Kubecon + CloudNativeCon 演讲厅

09:50 CST

主题演讲: 云未来,新可能 | Keynote: The Future of Cloud, New Possibilities - Li Yi (Mark), Director of Engineering for Container Service, Alibaba Cloud
后疫情时代,数字技术全面融入了我们的日常生活,发挥着不可或缺的作用。绿色发展,产业升级已经成为经济增长的新势能。云原生技术是支撑企业数字化转型的原动力,也在成为业务创新的引擎。

In the post-epidemic era, digital technology is fully integrated into our daily lives and plays an indispensable role. Green development and industrial upgrading have become a new potential for economic growth. Cloud native technology is the driving force behind the digital transformation of enterprises, and it is also becoming the engine of business innovation.



Speakers
avatar for Li Yi (Mark)

Li Yi (Mark)

Director of Engineering for Container Service, Alibaba Cloud
易立是阿里云资深技术专家,自2015年起负责阿里云容器服务研发,也积极推进云原生相关开源项目和社区合作。曾在IBM中国开发中心工作14年,担任资深技术专员,负责了一系列云计算和中间件产品研发。他现在是CNCF理事会的代表之一.Li... Read More →


Friday December 10, 2021 09:50 - 10:00 CST
Kubecon + CloudNativeCon 演讲厅

10:10 CST

主题演讲:证券数字化的云原生演进 | Keynote: Cloud Native Evolution of Securities Digitization - Wang Ling, Co-Head of Information Technology Department, General Manager of Digital Operation Department, Huatai Securities
本次演讲围绕业务上云、网格管理、容器安全、信创转型等方面,介绍华泰证券的企业上云演进过程。数字化转型是证券行业适应新业务变革和创新需求,实现高质量发展的必由之路。
华泰证券通过安全、可靠、稳定、高效的云服务,实现对已有IT资源的充分利用,提高信息系统的效率和性能,加强经营决策的实时性,实现降本增效。
同时运用先进的数字化手段,构建合规与风控核心能力,通过架构开放、敏捷自助、管理一体等变革与创新,实现了从IT技术、思想理念、业务模式、组织架构和工程文化等全方位的转型,将证券业务的创新发展推上新的高度。

This speech will focus on the collaboration suite of business, grid management, container security, information technology application, innovation industry transformation, etc., to introduce the evolution process of Huatai Securities' enterprise collaboration suite migration. Digital transformation is the only way for the securities industry to adapt to new business changes and innovation needs and achieve high-quality development.

Through safe, reliable, stable and efficient cloud services, Huatai Securities realizes the full use of existing IT resources, improves the efficiency and performance of information systems, strengthens the real-time operation of business decision-making, and achieves cost reduction and efficiency increase.

At the same time, it uses advanced digital methods to build the compliance and risk control core ability. Through changes and innovations such as open structure, agile self-help, and integrated management, it has achieved a full range of IT technology, ideas, business models, organizational structures, and engineering culture, etc. The transformation of the securities business has pushed the innovation and development of the securities business to a new level.





Speakers
avatar for Wang Ling

Wang Ling

Co-Head of Information Technology Department, General Manager of Digital Operation Department, Huatai Securities


Friday December 10, 2021 10:10 - 10:25 CST
Kubecon + CloudNativeCon 演讲厅

10:25 CST

主题演讲:安全和加固 Kubernetes 控制平面 | Keynote: Secure and Hardening Kubernetes Control Plane - Dingping Yuan & Yike Wang, Software Engineers, VMware
你的云计算凭证是否曾通过 CSI、CPI 等方式泄露过?你的控制面节点是否曾经被集群中的 Pod 攻击过?大多数Kubernetes引擎采用的安全解决方案是:
  • 不在控制面节点安装 kubelet,并将所有 Kubernetes 核心组件作为进程而不是Pod运行
  • 供应商对账户/身份的许可控制解决方案。

然而,这些方法带来了额外的缺点:
  • 控制面问题的故障排除变得很困难
  • 上游交付物在部署时被修改
  • 控制面组件失去了 HA 能力。演讲者一直致力于将集群api提供商嵌套项目整合到他们的 Kubernetes 引擎中。参加本次会议可以了解到:- 在管理集群中部署和管理控制平面的新方案,这个方案如何保证你的集群安全 - 以原生方式部署控制平面后有什么额外的好处 - 可能有什么挑战以及如何解决。

参加本次会议可以了解到:
  • 在管理集群中部署和管理控制平面的新方案,这个方案如何保证你的集群安全
  • 以本地方式部署控制平面后有什么额外的好处?
  • 可能有什么挑战以及如何解决


Have your cloud credentials ever leaked through CSI, CPI and etc.? Have your control plane nodes ever been attacked from in cluster Pods? Security solutions adopted by majority Kubernetes engines are:
• Not install kubelet in control plane nodes and run all Kubernetes core components as processes instead of Pods
• Permission control solutions for accounts/identities by providers.

However, those approaches introduce extra downsides:
• Troubleshooting control plane issue becomes difficult
• Upstream deliverables are modified for deployment
• Control plane components lose the HA ability The speakers have been working on integrating the cluster api provider nested project into their Kubernetes engine.

Join this session to learn about:
• The new solution to deploy and manage control planes in a management cluster, how does this solution secure your clusters
• What’s the extra benefits after deploying control plane in a native way
• What challenges there might be and how to resolve it

Speakers
avatar for Yike Wang

Yike Wang

Software Engineer, VMware
She is a software engineer from VMware, currently focuses on K8s networking related technologies. She once worked on VMware NSX,  NCP and now VMware Tanzu Kubernetes Grid networking solutions.
avatar for Dingping Yuan

Dingping Yuan

Software Engineer, VMware
He is a software Engineer from VMware, currently focuses on K8s networking related technologies. Once as a guest speaker at Computing Conference 2019 hosted by Alibaba. 


Friday December 10, 2021 10:25 - 10:40 CST
Kubecon + CloudNativeCon 演讲厅

10:40 CST

主题演讲: 闭幕词 | Keynote: Closing Remarks - Jasmine James, Engineering Manager, Twitter & Ricardo Rocha, Computing Engineer, CERN



Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer in the CERN cloud team focusing on containerized deployments, networking and more recently machine learning platforms. He has pushed for several years the internal effort to transition services and workloads to use cloud native technologies, as well... Read More →
avatar for Jasmine James

Jasmine James

Senior Engineering Manager-Developer Experience
Jasmine is an engineering manager leading the developer experience pillar in the engineering effectiveness organization. She has previously worked at Delta Air Lines enabling cloud native application development by providing modern tooling and capabilities utilizing various CNCF projects... Read More →


Friday December 10, 2021 10:40 - 10:50 CST
Kubecon + CloudNativeCon 演讲厅

10:45 CST

Project Office Hours: K3s
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for K3s Project Office Hours here: https://zoom.us/webinar/register/WN_usxZc9d2TkSz5Eif47xbBg


>> Full list of Project Office Hours


Friday December 10, 2021 10:45 - 11:30 CST
Project Office Hours

10:45 CST

Project Office Hours: Meshery
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Meshery Project Office Hours here: https://zoom.us/webinar/register/WN_d-l4VU35QnmoeAzObDIODA


>> Full list of Project Office Hours


Friday December 10, 2021 10:45 - 11:30 CST
Project Office Hours

10:50 CST

10:50 CST

解决方案展示 | Solutions Showcase
在解决方案展示区参观我们的赞助商,尝试最新的演示,观看现场演示,在现场办公时间与专家交谈,查看工作机会,并获得一些小礼品。

为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、常规人口统计问题(即,工作职能、行业),以及关于您互动的赞助内容或资源的详细信息。选择与虚拟展位互动或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts during live office hours, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), when accessing sponsored sessions in the sponsor theater, accessing virtual swag provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.




Friday December 10, 2021 10:50 - 16:00 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

基于 Tekton 构建大规模云原生 CI/CD 系统 | Build a Large Scale Cloud Native CI/CD System Based on Tekton - Jinming Yue & Deyuan Deng, ByteDance
随着基于 Kubernetes 的生态系统的广泛采用,社区和企业对微服务架构有着越来越大的兴趣。伴随着这一趋势,需要云原生的 CI/CD 系统来支持微服务应用的快速迭代开发周期。Tekton 是基于 Kubernetes 的开源云原生 CI/CD 项目;但是,其主要设计用于单集群环境,不能解决跨不同区域在多个集群上同时运行多个线路的挑战。在本次讨论中,我们将介绍一种构建于 Tekton 之上的大规模云原生 CI/CD 系统,用于解决上述问题。该系统为字节跳动数以千计的应用程序交付提供动力。我们将分享设计该系统时的实际经验和需要注意的陷阱,以及我们如何解决多区域部署带来的性能和安全问题。

The community and enterprises have seen increasing interests in microservice architecture with the wide adoption of Kubernetes based ecosystem. Along with the trend, a cloud native CI/CD system is required to support the rapid iterative development cycle of microservice applications. Tekton is an open source cloud native CI/CD project based on Kubernetes; however, it is mostly designed for a single cluster environment, and can not address the challenges of running multiple pipelines simultaneously on several clusters across different regions. In this talk, we will introduce a large scale cloud native CI/CD system built on top of Tekton that solves the aforementioned challenges. The system powers thousands of application deliveries at ByteDance. We'll share the practical experience and pitfalls when designing the system, and how we address the performance and security issues that come along with multi-region deployment.

Speakers
DD

Deyuan Deng

Bytedance
Deyuan is currently a technical manager at ByteDance, where he works on cloud native platform and solutions. Before joining ByteDance, Deyuan was co-founder of Caicloud, a startup that promotes Kubernetes and Kubernetes based AI platform in Chinese community and enterprises. Before... Read More →
avatar for Jinming Yue

Jinming Yue

Bytedance
Jinming Yue is a technical lead at Bytedance. His area of interests includes DevOps, Kubernetes, Cloud Native and Service Mesh. Jinming has about 8 years experience in Cloud Computing. Prior to Bytedance, he was a technical director at Caicloud, responsible for architecture design... Read More →


Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

提高 FUSE 文件系统的性能和可靠性 | Improve FUSE Filesystem Performance and Reliability - Tao Peng, Ant Group
FUSE(用户空间文件系统)因其实现简单和易于部署而被广泛采用。然而,由于其用户——内核空间的分离设计,其在用户和内核空间之间引入了额外的数据副本。FUSE 用户空间守护进程也更容易出现故障。本演讲将介绍 Linux 内核社区正在讨论的一些最新改进措施。通过这些改进措施,FUSE 文件系统可在向应用程序发送本地数据时绕过用户空间守护进程。这极大地提高了 FUSE 文件系统的性能,使其可与原生内核文件系统相媲美。此外还引入了通用文件描述符存储,可助力 FUSE 用户空间守护进程实现热升级和紧急故障转移,从而大大提高 FUSE 文件系统的可靠性。

FUSE (Filesystem in UserSpacE) is widely adopted for its implementation simplicity and ease of deployment. However, due to its user-kernel space separation design, it introduces extra data copy between user and kernel spaces. The FUSE userspace daemon is more prone to failures too. The talk will present some latest improvements being discussed in the Linux kernel community. With these improvements, FUSE filesystems can bypass the userspace daemon when sending local data to applications. It hugely improves FUSE filesystem performance, making it comparable with native kernel filesystems. A generic file descriptor storage is also introduced to help FUSE userspace daemons to implement hot-upgrade and panic-failover, and thus greatly improves FUSE filesystem reliability.

Speakers
avatar for Tao Peng

Tao Peng

Staff Engineer, Ant Group
Tao is a software developer at Ant Group working on kata containers and related technologies. He is a member of Kata Containers project architecture committee, and a maintainer of the Dragonfly image service Nydus project. His interests include all kinds of file systems and virtualization... Read More →



Friday December 10, 2021 11:20 - 11:55 CST
Open Source Summit 演讲厅

11:20 CST

Chaos Mesh 2.0:让混沌工程更为简单 | Chaos Mesh 2.0: Make Chaos Engineering Easy - Cwen Yin, PingCAP
混沌工程是一种通过模拟例外或破坏性条件来测试生产软件系统稳健性的方法。然而,对于许多人来说,从学习混沌工程到在自己的系统上着手实践的转变是令人怯步的。在本会话中,Cwen Yin 将分享 Chaos Mesh,一个开源的云原生混沌工程平台,在使混沌工程更为简单的目标下是如何实施和发展的。他还将介绍 Chaos Mesh 2.0 GA 版本的特性,如何使用它来快速地做第一个混沌实验,以及如何将混沌实验集成到自己的系统中。

Chaos Engineering is a way to test a production software system's robustness by simulating unusual or disruptive conditions. For many, however, the transition from learning Chaos Engineering to practicing it on their own systems is daunting. In this session, Cwen Yin will share how Chaos Mesh, an open source cloud native Chaos Engineering platform has been implemented and evolved with the goal to make Chaos Engineering easier. He will also cover the features in Chaos Mesh 2.0 GA version, how to do your first chaos experiments quickly with it, and how to integrate chaos experiments into your own system.

Speakers
avatar for Cwen Yin

Cwen Yin

Tech Lead, PingCAP



Friday December 10, 2021 11:20 - 11:55 CST
Open Source Summit 演讲厅

11:20 CST

更新的 “Hitchhiker "指南对 Kubernetes 的评估依赖性 | The Hitchhiker's Guide to Evaluating Dependency Updates to Kubernetes - Arsh Sharma, VMware
本次演讲将讨论在 Kubernetes 这样的大型项目中跟踪依赖关系的重要性,以及“depstat”,这是一个为跟踪 Kubernetes 代码库的依赖关系更新而创建的工具。Kubernetes 存储库每天都会收到许多 pull 请求,其中许多请求会带来依赖关系的变更。大多数时候,维护人员必须手动发现这些更改,确定它们对整个依赖谱的影响,然后 ping 此 pull 请求作者以采取行动。为了避免这种情况并帮助更好地跟踪依赖项更新,创建了 depstat。Depstat 是一个上游项目,用于分析 go 模块支持的项目的依赖关系。它目前作为 Kubernetes 代码库中 prow 作业的一部分运行,并提供四个关键的依赖关系相关指标。“depstat”还提供了通过创建图形直观分析依赖关系的能力。

This talk will be about the importance of tracking dependencies in a large project like Kubernetes and about "depstat" which is a tool created to track dependency updates to the Kubernetes codebase. The Kubernetes repository receives many pull requests each day many of which bring dependency changes with them. Most of the time, the maintainers manually have to spot these changes, determine their effects on the overall dependency tree, and then ping the pull request authors to take action. To avoid this and help better track the dependency updates, depstat was created. depstat is an upstream project which analyzes dependencies for go modules enabled projects. It currently runs as part of a prow job in the Kubernetes code repository and provides four crucial dependency-related metrics. "depstat" also provides the ability to analyze dependencies visually by creating a graph.

Speakers
avatar for Arsh Sharma

Arsh Sharma

Developer Experience Engineer, Okteto
Arsh is a Developer Experience Engineer at Okteto. He has contributed to multiple areas in the upstream Kubernetes project, including Testing, Architecture, Docs, and Release. Over the past couple of months, he has contributed to Prow improving the experience around deploying it... Read More →


Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

在 Kubernetes 边缘集群上运行 wasm 应用 | Run wasm applications on kubernetes edge cluster - Dingping Yuan & Tiejun Chen, VMware
Wasm 正变得越来越受欢迎,尽管它并没有被视为容器的替代品,但社区确实看到了它的潜力。在 Kubernetes 集群上运行 wasm 应用程序的试验有很多,但很少有团队能够在边缘集群上运行它们。我们一直在基于 krustlet 项目开发边缘产品,并在作为 krustlet 后端提供商支持边缘集群方面取得了一些有趣的进展。在本次会议中,我们将与您分享:•为什么我们需要由 k8s 在边缘上支持的 wasm 应 用程序•用 k8s 构建 wasm 到边缘的差异和挑战•用 krustlet 构建 wasm 到边缘的方法 * 体系结构 * 支持边缘的 krustlet 后端 * 针对边缘的优化 * 使用 k3s 开源边缘项目集成•演示

Wasm is becoming increasingly popular, though it’s not seen as a replacement of containers, but the community do see its potential. There are many trials to run wasm applications on kubernetes clusters, but few teams have ever been able to run them on edge clusters yet. We have been working on an edge product based on the krustlet project, and made some interesting progress to support edge clusters as a krustlet backend provider. In the session, we’ll share with you about: • Why we need wasm applications powered by k8s on the edge • The differences and challenges of building wasm with k8s to the edge • The approach of building wasm with krustlet to the edge * Architecture * An edge supported krustlet backend * Optimizations towards edge * Open source edge projects integration with k3s • Demo

Speakers
avatar for Tiejun Chen

Tiejun Chen

Technical Leader & Architect, VMware
Tiejun Chen is one technical leader and Architect from ATG, Advanced Technology Group, VMware OCTO. Before joined VMware, he ever worked at Wind River System Linux and Intel OTC - Opensource Technology Center. He ever made many presentations at kubecon China 2021, LC3 China 2017... Read More →
avatar for Dingping Yuan

Dingping Yuan

Software Engineer, VMware
He is a software Engineer from VMware, currently focuses on K8s networking related technologies. Once as a guest speaker at Computing Conference 2019 hosted by Alibaba. 



Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

走进 OSPO:是统筹人还是扰乱者? | Approaching OSPO: Steward or Damper? - Jie Liu, Huawei
随着开源在中国的日益盛行,对 OSPO 的要求也随之出现,但也存在着诸多的不确定性和挑战:例如,OSPO 的含义是什么?在一家公司里,OSPO 应该做些什么?OSPO 和开源操作/开发团队的区分是什么……作为华为 OSPO 的核心团队成员和中国开源文化的积极推动者,Jie Liu 将向大家展示 OSPO 的日常工作及她对 OSPO 的理解,同时也会分享她的实践经验和教训。

The requirements for OSPOs appared while open source become more and more popular in China, howerve, there are so many uncertainties and challenge: such as what is the meaning of OSPO? what should OSPO do in one company? what is the division of OSPO and open source operation/develperment teams... As one key team member of Huawei's OSPO and an active promoter of open source culture in China, Jie Liu will show a corner of OSPOs daily work and her understanding of OSPO, while sharing the practics expereiences and lessons.

Speakers
avatar for Jie Liu

Jie Liu

Open Source Strategist, Huawei


Friday December 10, 2021 11:20 - 11:55 CST
Open Source Summit 演讲厅

11:20 CST

解决服务网格应用者的困境 | Solving the Service Mesh Adopter’s Dilemma - Anita Ihuman, Layer5
我该使用哪种服务网格,如何开始?有哪些不同的服务网格,它们的对比情况如何?了解不同服务网格的功能性,并直观地操作网格配置。本次闪电式演讲介绍了一种开源多服务网格管理平面,Meshery,其提供(五种并且未来还会持续增长)不同的服务网格,还介绍了其示例应用程序,并对服务网格部署的性能进行基准测试。Meshery 促使对 Istio 的各种配置场景进行基准测试,比较网格内外以及不同网格之间的服务(应用程序)的性能。其根据部署最佳实践检查网格和服务配置。部分服务网格项目使用 Meshery 作为每个版本的性能基准工具。

Which service mesh should I use and how do I get started? What are the different service meshes, and how do they contrast? Learn about the functionality of different service meshes and visually manipulate mesh configuration. This lightning talk introduces Meshery, an open source, multi-service mesh management plane that provisions (five and counting) different service meshes, their sample applications and benchmarks the performance of service mesh deployments. Meshery facilitates benchmarking various configuration scenarios of Istio, comparison of performance of services (applications) on and off the mesh and across different meshes. It vets mesh and services configuration against deployment best practices. Some of the service mesh projects use Meshery as their performance benchmark tool for each release.

Speakers
avatar for Anita Ihuman

Anita Ihuman

Technical Writer, API7.ai
Anita is a Developer advocate and technical writer, who is passionate about sharing knowledge through technical writing and public speaking. An Open-source advocate, with a keen interest in growing and scaling Open Source communities with high proficiency in onboarding people to new... Read More →



Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

深入研究: 基于 CRI-RM 的中央处理器和非统一内存访问架构亲和性实现人工智能任务加速 | Deep Dive: CRI- RM Based CPU and NUMA Affinity to Achieve AI Task Acceleration - Dekui Wang, Inspur & Jerry Wang, Intel
我们与英特尔合作,在 k8s 中使用 CRI-RM 进行节点内资源分配,以加速人工智能培训,其中 CRI-RM 组件是一个用于节点内资源分配的开源项目。对于一些开发者来说,他们尝试基于中央处理器运行人工智能任务。目前,k8s 中的中央处理器和非统一内存访问架构特性只适用于有 qos 保证的普通旧数据,这可能有一些限制:1.中央处理器和拓扑管理器代码集成在 Kubelet 组件中,这对于自定义开发并不容易。2.对于某些人工智能场景,开发人员不想限制普通旧数据的内存,他们不能使用 k8s 的功能。我们提出了一种基于中央处理器的人工智能任务加速方案,可以将人工智能任务的性能提高 50% 以上。通过集成 CRI-RM 组件,我们可以充分利用主机的拓扑信息。这可能有以下优点:1.CRI-RM 可定制开发,并可用于较低版本的 k8s 2. 中央处理器绑定和非统一内存访问架构亲和性对于没有内存限制的普通旧数据也很有效。

We work with Intel to use CRI-RM for in-node resource allocation in k8s to accelerate AI training, where the CRI-RM component is an open source project for resource allocation within node. For some developers, they try to run AI tasks based on CPU. At present, the CPU and NUMA feature in k8s will only work for pods with guaranteed qos, this may have some limitations: 1. CPU and topology manager codes are integrated in Kubelet component, which is not easy for customize development. 2. For some AI scenarios, developers don’t want to limit pod’s memory, they can't use the feature of k8s. We propose a CPU-based AI task acceleration scheme, which can improve the performance of AI tasks by more than 50%. By integrating CRI-RM component, we can make full use of the topology information of the host. This may have these advantages: 1.CRI-RM can be customized for development, and can be used in lower version k8s 2.CPU binding and NUMA affinity can also be effective for pod without memory limit.

Speakers
avatar for Dekui Wang

Dekui Wang

software architect, inspur
毕业于西安电子科技大学,熟悉云计算、AI平台等相关技术,目前主要专注于容器、AI技术以及两者相结合的技术研究。
avatar for Jerry Wang

Jerry Wang

架构师, Intel
毕业于西安电子科技大学,熟悉云计算,UEFI技术,现在英特尔DCAI CESG ESS 部门担任解决方案架构师。曾负责英特尔精选开源云解决方案,KVM优化,高性能计算上云等项目。



Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

BFE:企业级七层负载均衡开源软件 | BFE: Modern Layer 7 Load Balancer for Enterprise Application - Miles Zhang, Baidu & Sijie Yang, Tencent
这里将对CNCF沙盒项目BFE做一个介绍。BFE是使用Go语言编写的现代七层负载均衡软件。在百度内部,BFE每天转发超过1万亿请求。在百度以外,BFE也被招商银行、cctv.comwww.so.com等组织使用。首先将对负载均衡技术的发展趋势做一个讨论。然后将介绍BFE如何设计以如何满足企业级应用场景的需求。由于使用了Go语言,BFE可以提供高可靠性,并且易于增加新功能。BFE的转发表可以支持大规模的转发规则,同时可以支持复杂的条件表达式。BFE可用于在多个Kubernetes集群间调度流量。BFE内置很多内部的指标用于反映实时的状态。

This session will provide an intro to BFE, a CNCF Sandbox project. BFE is a modern layer 7 load balancer written in Go language. BFE forwards more than 1 trillion http requests inside Baidu every day. In addition to Baidu, BFE has been applied by some organizations, e.g., China Merchants Bank, cctv.com, www.so.com. We will make a discussion on the trend of load balance technology. We will introduce how BFE is designed to meet the requirement of enterprise application. Built with Go language, BFE can provide high stability and it is very easy to add new features. The forwarding table inside BFE can support large number of rules while also supporting very complex condition expression. BFE can be applied to schedule traffic between multiple Kubernetes clusters. BFE supports many internal metrics to reflect the real time status.

Speakers
avatar for Miles Zhang

Miles Zhang

Architect, Baidu
Miles Zhang is a network architect from Baidu. He has led a team to build layer 7 load balancer with Go language since 2014, named as BFE. BFE became an open source project in 2019, and it was donated to CNCF as a sandbox project in 2020. He holds a Ph.D in Computer Science from Tsinghua... Read More →
avatar for Sijie Yang

Sijie Yang

Senior Engineer, Tencent



Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

KubeEdge 简介:Kubernetes 原生边缘计算框架 | Introduction to KubeEdge: Kubernetes Native Edge Computing Framework - Fei Xu, Huawei & Ce Zheng, DaoCloud
KubeEdge 是一种开源的边缘计算框架,其将 Kubernetes 的能力从中心云扩展到边缘。自从进入孵化阶段以来,KubeEdge 在用户采用、社区发展、跨社区合作方面取得了很大进展。在本次讨论中,我们将回顾 KubeEdge 的动机、架构;然后完成对新功能、用户采用、SIG 更新和新子项目的最新更新。之后我们将介绍该项目的发展方向、更新的项目规划以及新的贡献者如何参与其中的问题。届时将有公开的问答环节供参与者提问。

KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since moved to incubation level, KubeEdge made big progress on user adoption, community development, cross-community collaborations. In this talk, we will review KubeEdge motivation, architecture; then go through latest updates on new features, user adoptions, SIG updates and new subprojects. After that we will introduce where the project is heading to, updated project roadmap and how new contributors to get involved. There will be an open Q&A for attendees to ask questions.

Speakers
avatar for Fei Xu

Fei Xu

Huawei
avatar for Ce Zheng

Ce Zheng

DaoCloud


Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

面向 Vitess 的持续业绩基准测试 | Continuous Performance Benchmarking for Vitess - Alkin Tezuysal & Florent Poinsard & Manan Gupta, Planetscale Inc.
Vitess 是围绕 MySQL 构建的可扩展分布式数据库系统。时下,业绩是一个相当重要的市场因素,我们得快速又准确的处理一切事宜。随着京东、Slack 和 GitHub 等大型用户的加入,Vitess 必须确保为其用户提供完美的性能。为满足这一需求,我们为 Vitess 创建了一个基准测试监控工具,即 AreWeFastYet。在本次演讲中,我们将首先介绍 Vitess,然后将讨论我们如何跟踪 Vitess 的性能,最后将概述我们创建的基准测试工具。

Vitess is a scalable distributed database system built around MySQL. Nowadays, performance is a considerable market factor, and things have to go fast and right. With large scale adopters such as JD.com, Slack and GitHub, Vitess has to ensure it’s delivering flawless performance to its users. In order to meet this need, we created AreWeFastYet, a benchmarking monitoring tool for Vitess. In this talk, we will first introduce Vitess and then discuss how we track the performance of Vitess and an overview of the benchmarking tools we created.

Speakers
avatar for ALKIN TEZUYSAL

ALKIN TEZUYSAL

EVP - Global Services, ChistaData
* Open source database evangelist* Global database operations expert* Storyteller* Inspiring technical and strategic leader* Creative team builder* Speaker, mentor, and coach* Born to sail, forced to work
avatar for Florent Poinsard

Florent Poinsard

Software Engineer, PlanetScale
avatar for Manan Gupta

Manan Gupta

Software Engineer, Planetscale
At PlanetScale I work on building scalable distributed database systems. Seeking faster, simpler solutions stimulates me. Working with a high energy team even remotely keeps me vibrant. Learning and executing codes in paired or independent format is a novel experience. I have recently... Read More →


Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:20 CST

最佳实践:Kubernetes 集群中 DNS 故障的可观测性与根因诊断 | Best Practice: DNS Failure Observability and Diagnosis in Kubernetes - Yuning Xie, Alibaba
在阿里云数万个 Kubernetes 集群中,DNS 域名解析故障是最常见的问题之一。 DNS 解析故障的现象也千奇百怪,有些是间歇性的,有些是持续性的,有些影响了所有类型的域名查询,有些只影响了小部分。其根因也不尽相同,大部分是容器网络问题,有时候是配置错误。
Yuning Xie 将介绍在 Kubernetes 中 DNS 解析故障的可观测性与根因诊断,本主题将包括以下内容:
1. 介绍 Kubernetes 中常见的 DNS 解析故障场景
2. 介绍 CoreDNS 内置的可观测性插件,例如 log/errors/trace/dump/metrics
3. 如何通过 dnstap 协议诊断 CoreDNS 异常,以替代 tcpdump 等传统高开销的方法
4. 如何基于 BPF 完成客户端侧 DNS 异常的根因诊断

Among tens of thousands of Alibaba Cloud's Kubernetes clusters, DNS lookup failure is one of the most common types of failures. Some failures happen intermittently, some continuously, some break all kinds of DNS lookups, some only influence a very small amount of them. Their root cause varies. Container network failure accounts for most DNS failures, while misconfiguration also contributes a large portion.
In this topic, Yuning will introduce methods for observing and diagnosing DNS lookup failures in Kubernetes, especially the painful intermittent and unpredictable ones, and cover:
1. Common scenarios where DNS lookup errors occur
2. CoreDNS's built-in observabilities, with plugins like log/errors/trace/dump/metrics
3. A novel approach to monitor and diagnose CoreDNS's lookup failure by adopting DNSTAP protocol and a context-based analyzer, to replace the highly-cost tcpdump
4. An eBPF-based approach to monitor DNS failures at the client-side, without interfering with DNS servers

Speakers
avatar for Yuning Xie

Yuning Xie

Software Engineer, Alibaba
Yuning Xie is a software engineer on Container Service for Kubernetes(ACK) team at Alibaba Cloud. He has devoted most of his time to container networks, and all sorts of observabilities around them.



Friday December 10, 2021 11:20 - 11:55 CST
Kubecon + CloudNativeCon 演讲厅

11:45 CST

Project Office Hours: Service Mesh Performance
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Service Mesh Performance Project Office Hours here: https://zoom.us/webinar/register/WN_Cpr7R1nQS6mxejufWs1cZA


>> Full list of Project Office Hours


Friday December 10, 2021 11:45 - 12:30 CST
Project Office Hours

11:45 CST

Virtual Project Office Hours: Cloud Events
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for CloudEvents Project Office Hours here: https://zoom.us/webinar/register/WN_n3jB35dUQyq7vILHVGCoiw


>> Full list of Project Office Hours


Friday December 10, 2021 11:45 - 12:30 CST
Project Office Hours

12:10 CST

去哪儿网规模下 Kubernetes 多集群和 Canary 的部署 | Kubernetes Multi-cluster and Canary Deployment at the Scale of Qunar - Sheng Zou & Jenny Chen, Qunar
去哪儿网是中国领先的在线旅游平台,成立于 2005 年 5 月,总部位于北京。去哪儿网基础设施团队在 2020 年底开始研究和应用 k8s,其计划在 2021 年底前将在生产中将所有应用程序迁移到 Kubernetes 中。随着云原生时代的到来,学习和拥抱云原生不可避免,因为其可以使业务运营更加敏捷。容器化是将应用转移到 Kubernetes 之前的第一步。如何将数以千计的应用程序高效、顺畅地从基于内核的虚拟机 (KVM) 迁移到容器已成为去哪儿网基础设施团队面临的一个巨大挑战。在此次讨论中,去哪儿网基础设施团队将讨论:- 如何将 CI/CD 模式从 KVM 发展到云原生时代——如何运用多集群和基于批量的 Canary 部署帮助应用程序、sdk 顺利进行升级——从 CI/CD 演化路径中吸取的教训。

Qunar is the leading online travel platform in China, founded in May 2005 and headquartered in Beijing. Qunar infrastructure team started researching and applying k8s in late 2020, Qunar planned to migrate all applications to Kubernetes in production by the end of 2021. As the clould-native era is coming, learning and embracing cloud native is inevitable as it can make business more agile. Containerization is the first step before shifting the applications to Kubernetes. How to make thousands of applications migrate from KVM to container efficiently and smoothly has been a huge challenge for the Qunar infrastructure team. In this talk, the Qunar infrastructure team will talk about: - How to evolve CI/CD model from KVM to cloud native era - How to help auto-upgrade application、sdk smoothly with Multi-Cluster, Batch-Based canary deployment - Lessons learned from the CI/CD evolution path

Speakers
avatar for Jenny Chen

Jenny Chen

DevOps Product Manager, Qunar
avatar for Sheng Zou

Sheng Zou

基础平台 devops 技术专家, Qunar
DevOps engineer in Qunar, focus on DeOps and Cloud native



Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

C++ 工作流:基于任务的并行计算和异步网络引擎 | C++ Workflow: Task-based Parallel Computing and Asynchronous Networking Engine - Yingxin Li, Tencent
工作流是于 2019 年开源的。其不仅是面向 C++ 程序的 PaaS 级解决方案,而且还是一个整合了并行计算和异步通信的任务型模式。在 Sogou,C++ 工作流支持几乎所有的后台 C++ 在线服务,包括所有的搜索服务、云输入法、在线广告等。其每天会处理数百亿个以上的请求。不仅包括通信、计算、文件输入输出、计时器、计数器等异步资源,而且还包括创新引入的允许开发人员组装异步任务以实现复杂业务逻辑的任务流概念。其伴随多种通用协议和跨平台,支持多个操作系统,并且具备服务管理和负载平衡。其为一个整合了并行计算和异步通信的编程范型。去年,Yingxin Li 和她的同事们把焦点集中在了开源社区,这是一项巨大的挑战,也是一个值得分享的经验。因此,在本文中,Yingxin 将分享异步引擎中的任务型概念,也会介绍开源后对项目的影响。

Workflow is open sourced in 2019. It is not only a PaaS level solution for C++ programs, but also a task-base mode integrating parallel computing and asynchronous communication. In Sogou, it supports almost all back-end C++ online services, including all search services, cloud input methods, online advertisements, etc. It handles more than tens of billions of requests every day. Not only includes asynchronous resources such as communication, calculation, file IO, timers, counters, etc., but also the innovatively introduced task flow concept allows developers to assemble asynchronous tasks to implement complex business logic. It comes with a variety of common protocols, cross-platform, supports multiple operating systems, and comes with service management and load balancing. It is a programming paradigm that integrates parallel computing and asynchronous communication. Last year, Yingxin Li and her colleages focus on the open source community, which is a great challenge and also a worth sharing experience. So in this presentation, Yingxin will share the task-base concept in asynchronous engine and also present the influence to the project after open source.

Speakers


Friday December 10, 2021 12:10 - 12:45 CST
Open Source Summit 演讲厅

12:10 CST

使用 Nitro Enclaves 在 Linux 上实现更为安全和机密的计算 | More Secure and Confidential Computing on Linux with Nitro Enclaves - Yubo Wang, Amazon
AWS Nitro Enclaves 的支持已融入到 Linux 内核中,其提供了一个单独的、加固的、高度受限的环境来托管安全关键型应用程序。Enclaves 是独立的虚拟机,经过加固且受到高度约束。其不具备永久存储、交互访问,也不具备外部网络。用户无法通过 SSH 进入 enclave,且父实例的进程、应用程序或用户(根用户或管理员用户)也无法访问 enclave 内的数据和应用程序。Nitro Enclaves 是一项 EC2 功能,允许您从 EC2 实例中创建独立的执行环境,并帮助开发人员减少其最敏感的数据处理应用程序的攻击面积。

AWS Nitro Enclaves, whose support has been integrated into Linux kernel, offers an isolated, hardened, and highly constrained environment to host security-critical applications. Enclaves are separate virtual machines, hardened, and highly constrained. They have no persistent storage, no interactive access, and no external networking. Users cannot SSH into an enclave, and the data and applications inside the enclave cannot be accessed by the processes, applications, or users (root or admin) of the parent instance. Nitro Enclaves are an EC2 capability that allows you to create isolated execution environments within EC2 instances, and helps developers reduce the attack surface area for their most sensitive data processing applications.

Speakers

Friday December 10, 2021 12:10 - 12:45 CST
Open Source Summit 演讲厅

12:10 CST

中国移动 5G 边缘计算开源实践与思考 | China Mobile 5G Edge Computing Open Source Practice and thinking - Yanjun Chen, China Mobile
本文将介绍中国移动在 CNCF 等开源项目基础上构建边缘计算生态系统相关的实践和思考。同时,本演讲还将分享中国移动最好的 5G MEC 应用案例之一,即 5G 边缘计算 + 区块链的实施。就详细内容而言,本演讲将分享中国移动的 5G 边缘计算产品如何与 CNCF 项目等开源项目相结合的最新实践。还将介绍的另一关键内容是网络运营商在边缘计算开源方面的工作经验及 LF 社区的未来思考。另外,本演讲还将展示一个边缘计算用例,即 5G 边缘计算 + 区块链,以更好地赋能 5G 垂直行业。

This presentation introduces China Mobile's practice and thinking of building edge computing ecosystem based on open source projects such as CNCF projects. In the meanwhile, the speech would like to share one of the best 5G MEC use case in China Mobile which is the implementation of 5G edge computing + blockchain. For details, this speech will share the latest practice about how China Mobile's 5G edge computing products combined with open source projects such as CNCF projects. Another key content is introduce network operator work experiences of edge computing open source and future thinking in the LF community. In addition, the presentation shows a edge computing use case, which is 5G edge computing + blockchain, to empower the 5G vertical industry better.

Speakers
avatar for Yanjun Chen

Yanjun Chen

Senior Researcher, China Mobile
Yanjun Chen is a senior researcher in China Mobile Research Institute. The technical focus is the telco's service portfolio on edge computing, including 5G network services and edge computing platform services. She is responsible for open source community activities on edge computing... Read More →


Friday December 10, 2021 12:10 - 12:45 CST
Open Source Summit 演讲厅

12:10 CST

利用智能运维 (AIOps) 对云基础设施进行智能分析 | Intelligent Analysis on Cloud Infrastructure With AIOps - Ethan Gao, Intel & Pang Liye, Inspur
对云本地基础设施和工作负载进行监视和观测的遥测技术是云服务的必要基础,而收集到的遥测数据大多是时间序列公式。由于海量历史/实时遥测数据的高维度和高容量,以及大规模云基础设施和分布式微服务需要通过传统方法处理,因此其效率通常较低。本课程将回顾管理/操作云基础设施和微服务的传统方式的现状和挑战,并将人工智能与转换和机器学习算法相比较,在这些遥测数据上引入人工智能,以实现云基础设施/工作负载管理和操作的更多智能,如异常检测,资源预测、故障检测、根本原因分析等。具体来说,使用 Chronos 为智能运维接入云基础设施/服务铺平道路。

Telemetry with monitoring and observability to cloud native infrastructure and workloads is the essential foundation for cloud services, and those telemetry data collected is mostly in time series formulation. It's often low efficient due to high dimension and high volume of tremendous historical/real-time telemetry data with large-scale cloud infrastructure and distributed microservices to be processed by traditional methods.This session will review the current status and challenges of traditional ways to manage/operate the cloud infrastructure and microservices, and comparingly introducing AI on those telemetry data with transformation and ML algorithms to enable more intelligence on cloud infrastructure/workloads management and operation, such as anomaly detection, resource forecasting, failure detection, root-cause analysis and so on. Specifically, using the Chronos to pave the way to land the AIOps to cloud infrastructure/services.

Speakers
avatar for Ethan Gao

Ethan Gao

Solutions Architect, Intel Corporation
Surf the cloud with more intelligence
PL

Pang Liye

Cloud Computing R&D Engineer, Inspur



Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

在上海浦东发展银行探索云原生大数据平台 | Exploring Cloud Native Big Data Platform in SPDB - Jie Chu & Qingqing Shao, Shanghai Pudong Development Bank & Alex Zheng, DaoCloud
在中国,采用金融科技 (FinTech) 已成为金融业的全行业共识。上海浦东发展银行一直在其大数据平台上部署越来越复杂的业务工作负载,其中的数据容量每天都在以拍字节增加。面对这样的挑战,上海浦东发展银行利用云原生技术重组其传统数据分析中台,提升了上下游用户体验,促进了商业银行服务的数字化转型。关注 1.在 Kubernetes 上构建金融产业级容器化大数据平台,为用户提供各种计算服务。2.采用 Piraeus 存储技术,为数据应用提供持久卷,高效利用本地存储介质以实现高可用性、动态卷供应和智能调度。3.Hive 和 Impala 的横向扩展计算执行器 4.将上海浦东发展银行内部的大数据应用的容器化操作标准化。

In China, adopting FinTech has become an industry-wide consensus in the financial sector. SPDB has been deploying ever more complex business workload on its Big Data Platform, of which data capacity is increasing by PBs on a daily basis. Facing such a challenge, SPDB utilizes cloud native technology to restructure its traditional data analytic middle office, which improves upstream and downstream user experience, and facilitate the digital transition of commercial banking service. Focus 1. Construct a financial-industrial-grade containerized big data platform on Kubernetes, to to provide various computing services to users. 2. Adopting Piraeus storage technology to provide persistent volumes for data applications, which efficiently use local storage media to achieve high availability, dynamic provisioning and intelligent scheduling. 3. Scaling-out computing executors of Hive and Impala 4. Standardizing the containerizing operation for big data applications inside SPDB.

Speakers
avatar for Alex Zheng

Alex Zheng

Senior Data Engineer, DaoCloud
Alex Zheng works at DaoCloud as a Senior Data Engineer. He has extensive experience of cloud native storage and data service in enterprise environments, and has overseen the production of container data service in SAIC Cloud and Haier Cosmoplat.He helped found Piraeus-Datastore project... Read More →
avatar for Jie Chu

Jie Chu

SPDB Big Data Project Manager, Shanghai Pudong Development Bank
Jie Chu,Shanghai Pudong Development Bank Big Data Project Manager.
avatar for Qingqing Shao

Qingqing Shao

Shanghai ,China, Shanghai Pudong Development Bank
Qingqing Shao,Shanghai Pudong Development Bank Big Data Tech Division Senior Assistant.



Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

Kubernetes 上的 Vivo 人工智能计算平台 | Vivo's AI Computing Platform on Kubernetes - Ziyang Wu, Vivo
Vivo 是世界上最大的智能手机公司之一。人工智能实验室的数百名工程师和研究人员在 NLP、CV、推荐、演讲等各个领域工作,带来了各种各样复杂的模型训练和服务案例。人工智能计算平台的建立是为了解决两大挑战:1.为大规模分布式模型培训和服务提供有效的资源调度。2.实现计算资源的高利用率,特别是昂贵的 GPU 设备。今天,该平台有几个生产集群,数千个 GPU 节点和数百个 GPU 节点。每天会部署数百个服务,运行数百个 ML 作业。这一节将讨论如何使用 Kubernetes、kube-batch、kubeflow 和其他开源软件构建平台。它还将涵盖他们遇到的问题,来之不易的最佳实践和他们对开源社区的贡献。

Vivo is one of the biggest smartphone companies in the world. Hundreds of engineers and researchers of AI Lab are working on various areas like NLP, CV, recommendation, speech, etc., which bring various and complicated cases of model training and serving. The AI computing platform is built to address two major challenges: 1. Provide efficient scheduling of resources for massively distributed model training and serving. 2. Achieve high utilization of computing resources, especially expensive GPU devices. Today the platform has several clusters on production, thousands of GPU nodes and hundreds of GPU nodes. Hundreds of services are deployed and hundreds of ML jobs are run every day. This session will cover how the platform is built with Kubernetes, kube-batch, kubeflow, and other OSS. It will also cover the issues they ran into, the hard-earned best practices and the contribution they made to the open-source community.

Speakers
ZW

Ziyang Wu

Staff Engineer, vivo
Ziyang is a staff engineer of vivo AI lab and is leading the engineering effort at vivo AI computing platform. Prior to vivo, Ziyang worked for Rancher and Oracle. He is active in cloud native community and is the contributor of kube-batch、tf-operator etc..


Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

DGL Operator:基于 DGL 和 K8s 的分布式图神经网络训练控制器 | DGL Operator: Distributed Graph Neural Network Training with DGL and K8s - Xiaoyu Zhai, Qihoo 360
DGL Operator(翟晓宇,奇虎 360)——许多学习任务需要处理包含元素间关系丰富信息的图形数据;工作流程的自动化和训练工作负载的细粒度管理可以使基于 DGL 的分布式图神经网络训练提高资源利用率,动态扩展各种 DGL 组件,降低分布式训练的系统复杂性,并应用机器学习操作。在本演示中,翟晓宇将首先通过一个图神经网络训练示例介绍图神经网络和 DGL 的背景,讨论执行 DGL 分布式训练的本地方式,以及它在生产规模集群中面临的挑战。稍后,翟晓宇将向观众展示 DGL Operator 解决方案的全貌,简要讨论如何使每个 DGL 组件成为容器化工作负载的概念,最后深入探讨 DGL Operator 的实现,包括多个分区选项和未来的设计。

DGL Operator (Xiaoyu Zhai, Qihoo 360) – Many learning tasks require processing graph data that contains rich information about the relationships between elements; the automation of workflow and fine-grained management of training workload can enable DGL-based distributed GNN training to improve resource utilization, dynamic scaling of various DGL components, reduce system complexity of distributed training, and apply MLOps purposes. In this presentation, Xiaoyu Zhai will firstly go through a GNN training example to introduce the background of GNNs and DGL, talk about the native way to execute DGL distributed training, and the challenges in production-scale clusters it faces. Later on, Xiaoyu Zhai will give the audiences a big picture of DGL Operator solution, briefly discuss the abstraction that how to make each DGL component to be a containerized workload, and finally dive into the implementations of DGL Operator, including multiple partitioning options and future design.

Speakers
avatar for Xiaoyu Zhai

Xiaoyu Zhai

Senior Machine Learning Engineer, Qihoo 360
Xiaoyu Zhai is a senior machine learning engineer in Qihoo 360 and a Kubeflow member. He is working on distributed training and optimization about deep learning and machine learning frameworks.



Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

Kubernetes 提供商 IBM 云项目概述和深入研究 | Kubernetes Provider IBM Cloud Project Overview and Deep Dive - Sahdev Zala, Guang Ya Liu, WenTao Zhang & Emma Yang, IBM
Kubernetes IBM 云服务供应商是云提供商 SIG 的子项目之一。此项目拥有 cluster -api-provider-ibmcloud、ibm-vpc-block-csi-driver 和提供商的 GitHub 代码。在此次讨论中,此项目负责人将对项目工作进行概述和深入探讨。此项目计划不涵盖 IBM 云的 IaaS 详细信息,并提供与其他供应商相同的用户体验。与此同时,其涵盖了不同种类的 IBM 云 IaaS,如 VPC、PowerVS 等。用户不需要知道如何创建集群级资源。不管是 VPC 还是 PowerVS,cluster-api-provider-ibmcloud 都会进行处理。其使 IBM 云基础设施更紧密地参与到 k8s 特殊兴趣小组社区中,为用户提供更多的可能性。

The Kubernetes IBM Cloud Provider is one of the subprojects of the Cloud Provider SIG. This project owns GitHub code for cluster-api-provider-ibmcloud, ibm-vpc-block-csi-driver, and provider. In this session, the project leads will provide an overview and deep dive into the project work. This project intends to hide the IaaS details of IBM Cloud and provide an identical user experience as other providers. Meanwhile, it covers different kinds of IBM Cloud IaaS like VPC, PowerVS etc. The user doesn't need to know how to create cluster level resources. No matter it is VPC or PowerVS. cluster-api-provider-ibmcloud will handle it. It makes IBM Cloud infrastructure take part in the k8s sigs community much closely and provides more possibilities for users.

Speakers
avatar for Guangya Liu

Guangya Liu

Senior Technical Staff Member, IBM
Guang Ya Liu is a Senior Software Architect in IBM CDL and now focusing on cloud computing, data center operating system and container technology, he is also a Member of IBM Academy of Technology. Starting from 2013, Guang Ya act as an OpenStack Active Contributor and contribute to... Read More →
avatar for Sahdev P. Zala

Sahdev P. Zala

Senior Software Engineer, IBM
Sahdev P. Zala is a senior software engineer and open source developer at IBM. He is a CNCF etcd project maintainer, Kubernetes contributor and co-lead of Kubernetes Provider IBM Cloud. Previously, Sahdev was a core contributor in OpenStack and a Technical Committee member of OASIS... Read More →
avatar for WenTao Zhang

WenTao Zhang

Senior Software Engineer, IBM
Zhang WenTao is a Senior Software Engineer in IBM. He is experienced in system/Cloud monitoring, DevOps, big data and kubernetes. He is interested in container orchestration in clusters, Service Mesh and AI.He had delivered the session "Extending Istio - Develop a New Mixer Adapter... Read More →
avatar for Emma Yang

Emma Yang

Software Engineer, IBM
Yang Yang is advisory software engineer in IBM. She's been working on monitoring for cloud platform over 4 years, and has a lot experience on large scale and dynamic environments. Besides cloud related, she is also very interested in front-end technologies. She had delivered the... Read More →



Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

SuperEdge将Kubernetes推广到边缘的技术解密 | SuperEdge Promoting Kubernetes to the Edge of Technology Decryption - Attlee Wang & Roy Liang, Tencent
SuperEdge 将 Kubernetes 的中心管理能力无缝下沉到边缘计算领域和分布式云管理领域,那么 SuperEdge 是如何实现的呢?原生的 Kubernetes 能力扩展到边缘的过程中又遇到了什么样的问题,SuperEdge又是如何解决的呢?边缘 Kubernetes 又将面对那些挑战和机遇?本次分享将您揭开神秘的面纱,带您了解 SuperEdge 设计背后的来龙去脉。向您介绍为什么需要云边隧道,边缘自治是如何实现的,ServiceGroup 是如何管理海量边缘站点的,以及边缘节点宕机后是又是如何被感知到的,还有SuperEdge最佳实践等技术干货……欢迎倾听背后的秘密。

SuperEdge seamlessly sinks the central cloud management capabilities of Kubernetes into the field of edge computing and distributed cloud management. So how does SuperEdge achieve this goal? What kind of problems do we encounter in extending the native Kubernetes to the edge computing, and how does SuperEdge solve these problems? What challenges and opportunities will Kubernetes face at the edge environment? This slide will unveil the mystery and take you to understand the ins and outs behind the SuperEdge architecture. It will introduce you why you need a cloud-edge tunnel, how the edge autonomy is achieved, how ServiceGroup manages the large number of edge sites, how edge nodes are perceived after downtime, and lots of technologies such as SuperEdge best practices. Welcome Listen to the secret behind SuperEdge.

  • Sandbox project SuperEdge
    • What is SuperEdge?
    • SuperEdge Architecture
    • Features of SuperEdge

  • SuperEdge cloud edge end
    • SuperEdge at cloud
    • SuperEdge at edge
    • SuperEdge at end

  • Best practices for SuperEdge
    • Quick demo
    • Best Practices  

Speakers
avatar for Hao Liang

Hao Liang

Edge Computing Engineer, Tencent
avatar for Attlee Wang

Attlee Wang

Edge Computing Expert, Tencent Cloud
Attlee wang, edge computing expert, senior engineer of Tencent Cloud. Focus on cloud native fields such as Kubernetes and containers. SuperEdge Co-Founder and core maintainer, is now responsible for the privatization of Tencent Cloud edge container TKE Edge.


Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

TAG-Runtime:开源工作负载生态系统 | TAG-Runtime: The Open Source Workload Ecosystem - Kevin Wang, Huawei & Ricardo Aravena, Rakuten
什么是 CNCF TAG-Runtime?我们如何确定项目得到 CNCF 的承认?云原生生态系统中 runtimes 的未来发展情况如何?本次讨论将包含:1) 对 TAG-Runtime 的概述、如何加入以及如何参与其中。2) 在我们的会议上提出的相关项目的最新情况。3) TAG 中现有和潜在工作组以及如何参与其中。4) TAG 如何向 CNCF 的技术监督委员会提供建议?5) TAG 范围内的云原生技术的未来趋势,如容器和边缘计算。

What is the CNCF TAG-Runtime? How do we identify projects for CNCF admission? Where do we see the future of runtimes in the cloud native ecosystem? The session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of the relevant projects that have presented in our meetings. 3) Existing and potential working groups in the TAG and how to get involved. 4) How the TAG provides advise to the CNCF TOC. 5) Future trends for cloud native technologies in the TAG scope such as containers, and Edge Computing

Speakers
avatar for Zefeng (Kevin) Wang

Zefeng (Kevin) Wang

Lead of Cloud Native Open Source Team, Huawei
Kevin Wang is a contributor in the CNCF community since its beginning, leader of the cloud native open source team at Huawei, and co-founder of the CNCF KubeEdge, Volcano and Karmada projects.Kevin has contributed to Kubenretes upstream for years and now spends 100% of his work and... Read More →
avatar for Ricardo Aravena

Ricardo Aravena

Infrastructure Engineering Manager, Rakuten
Ricardo currently works at Rakuten as an SRE Manager, automating everything in containers using open source. He's a co-chair of the CNCF SIG-Runtime and Kata Containers project contributor. He has been working in tech for more than 20 years and comes from a diverse professional background... Read More →


Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:10 CST

用 Kube-OVN 创建一个跨 Kubernetes 的统一网络平面 | Creating a Unified Network Plane across Kubernetes with Kube-OVN - Cheng Chen, PingCAP
Kubernetes 的网络组件一直是运营人员非常重要的一部分。Kube OVN 作为一个新的网络组件加入云原生计算基金会组织,这丰富了 Kubernetes 网络组件生态系统。Kube-OVN 具有许多特性,其中集成多个 Kubernetes 网络以开放和创建一个共同的网络平面的特性是其中最吸引人的特性之一。通过集成多个 Kubernetes 网络,并允许应用程序在多个 Kubernetes 集群上运行而无需感知。可以提高节点的使用效率;降低应用程序和体系结构的复杂性;更重要的是,支持数据中心级别的灾难恢复。本次演讲将介绍如何使用 Kube-OVN 构建一个跨 Kubernetes 网络平面。它还将通过在跨 Kubernetes 网络平面上部署 TiDB 来解释类似部署场景的重要性和概念。

The networking component of Kubernetes has always been a very important part of the operations staff. Kube-OVN joins the CNCF organization as a new network component, which enriches the Kubernetes network component ecosystem. Kube-OVN has many features, and the feature of integrating multiple Kubernetes networks to open up and create a common network plane is one of the attractive features. By integrating multiple Kubernetes networks and allowing applications to run on top of multiple Kubernetes clusters without perception. it can improve the efficiency of the use of node; reduce the complexity of the application and architecture; and more critically, enable data center level disaster recovery. This talk will introduce how to build a cross-Kubernetes network plane with Kube-OVN. It will also explain the importance and concept of a similar deployment scenario by deploying TiDB on top of a cross-Kubernetes network plane.

Speakers
avatar for Cheng Chen

Cheng Chen

Marketing & Community, PingCAP
Hi, This Cheng Chen. I am love to CNCF all project. Thank for Kubernetes to change my life. Thank for Open Source Community.



Friday December 10, 2021 12:10 - 12:45 CST
Kubecon + CloudNativeCon 演讲厅

12:45 CST

12:45 CST

Project Office Hours: Serverless Workflow Specification
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Serverless Workflow Specification Project Office Hours here: https://zoom.us/webinar/register/WN_D9GugKFpT-O8UFsTxFmAqg


>> Full list of Project Office Hours


Friday December 10, 2021 12:45 - 13:30 CST
Project Office Hours

13:15 CST

NVDIMM 和 Bcache:支持 Linux 块层缓存的非易失性存储器 | NVDIMM & Bcache: Support Non-Volatile Memory for Linux Block Layer Cache - Coly (Yong) Li, SUSE & Qiaowei Ren, Intel
NVDIMM 和 Bcache:支持英特尔 DCPMM(数据中心持久性存储器模块)驱动的 Linux 块层缓存 NVDIMM(非易失性双列直插式内存模块)的非易失性存储器使得非易失性存储技术成为高性能存储行业的一场革命。bcache 子系统作为 Linux 块层缓存,被广泛应用于虚拟化、分布式存储和数据库工作负载中,以提高存储性能。在联想和英特尔的支持下,自 2020 年起,我们开始支持面向 bcache 的 NVDIMM。与其它子系统的不同之处在于,我们首先开发了一个专门针对 NVDIMM 的页面分配器,并将 NVDIMM 空间作为非易失性页面进行管理。然后,基于该非易失性存储器页面分配器(被称为 nvmpg 分配器),Bcache 可管理和访问其元数据,因为相较于传统的磁盘输入/输出方法,这些元数据更多地存储于存储页面中。本演讲将介绍 nvmpg 分配器的设计方式及其当前的状态。作为一个用例,大家还可以看到 bcache 如何使用 nvmpg 分配器将其日志数据存储到非易失性存储器页面中。作为实验代码,nvmpg 分配器和 bcache 日志记录在 NVDIMM 上的初步成果起效良好,目标是将 Linux 5.15 合并窗口用于上游。

NVDIMM & Bcache: Support Non-Volatile Memory for Linux Block Layer Cache NVDIMM (Non-Volatile Dual In-line Memory Module) powered by Intel DCPMM (Data Center Persistent Memory Module) makes the Non-Volatile Memory technology to be a revolution in high performance storage industry. The bcache subsystem, as a Linux block layer cache to accelerate storage performance, is widely deployed in virtualization, distributed storage and data base workloads. With the support by Lenovo and Intel, since 2020 we start to support NVDIMM for bcache. The difference from other subsystem is, we firstly develop a page allocator specific for NVDIMM, and manage the NVDIMM space as non-volatile pages. Then based on this nvm pages allocator (called nvmpg allocator) Bcache manages and accesses its meta data as they are stored in memory pages more than legacy disk I/O method. This talk will introduce how the nvmpg allocator is designed and its current status. As a use case, people may also see how bcache uses nvmpg allocator to store its journaling data into the non-volatile memory pages. The initial effort of both the nvmpg allocator and bcache journaling on NVDIMM works fine as EXPERIMENTAL code, and is aiming Linux 5.15 merge window for going upstream.

Speakers
avatar for Coly (Yong) Li

Coly (Yong) Li

Software Engineer, SUSE
Linux kernel developer from SUSE Labs, working on block layer and maintain md/dm/bcache for SUSE Linux Enterprise Server kernel. In year 2010-2015, I initiated Linux kernel engineering team for Taobao Core Infrastructure and then led cold data storage development for Alibaba Site... Read More →
QR

Qiaowei Ren

Software Engineer, Intel
Software engineer from Intel China. Has been always work on the development of open source projects including linux kernel, openstack, cloud native, ceph, etc.. The author of “Linux内核修炼之道” and “linux那些事儿” (Publish House of Electronic Industry)


Friday December 10, 2021 13:15 - 13:50 CST
Open Source Summit 演讲厅

13:15 CST

柏克莱封包过滤器:简介、编程技巧和诀窍 | BPF: Introduction, Programming Tips and Tricks - Wenbo Zhang, PingCAP
柏克莱封包过滤器 (BPF) 已成为 Linux 内核中最重要的子系统之一,其被广泛应用于追踪、联网和安全。其被用于安全有效地扩展内核的功能,而无需更改内核源码或加载内核模块。然而,柏克莱封包过滤器编程远比听起来要费劲的多,这可能会让很多人感到沮丧。在本演讲中,Wenbo 将与您分享 BPF 的前世、今生和未来,以及使用 libbpf 库开发 BPF 工具的一些技巧和诀窍。

Berkeley Packet Filter (BPF) has become one of the most important subsystems in the Linux kernel, widely used in tracing, networking, and security. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. However, BPF programming is far more strenuous than it may sound, which can be discouraging for many. In this talk, Wenbo will share with you the past, present and future of BPF, and some tips and tricks to developing BPF tools using the libbpf library.

Speakers
avatar for Wenbo Zhang

Wenbo Zhang

R&D, PingCAP
Wenbo Zhang is a PingCAP Development Engineer, focusing on performance analysis and diagnosis of Linux kernel. He talked about BPF for chaos and tracing in Kubernetes at Cloud Native + Open Source Summit China 2020.



Friday December 10, 2021 13:15 - 13:50 CST
Open Source Summit 演讲厅

13:15 CST

面向边缘集群的网格监控 | Monitor mesh for edge clusters - Liye Pang, Inspur & Huailong Zhang, Intel
受服务网格的启发,提出了一种监控网格解决方案,实现对边缘云的监控。1. 集中式云作为本解决方案的控制面,可以基于度量数据动态感知整个边缘集群、集群内工作负载类型的变化和各种监控资源,然后为每个边缘集群创建和分发监控组件的配置信息。2. 作为本解决方案控制面的所有边缘集群将接收控制面发送的配置信息和策略,并根据前者部署监控组件。3. 对于数据平面的边缘集群,每个集群都有自己的一套监控组件,以确保实时通知。同时,整个数据平面使用分布式 tsdb 作为持久存储,确保度量数据的全面性和全局性,并与集中式云共享,实现作为控制面的动态感知。

Inspiried by service mesh, propose a monitoring mesh solution to implement the monitoring of edge cloud. 1.Centralized cloud as a control plane of this solution can dynamically perceive the whole edge clusters, the changes of the workload type and various monitoring resources inside clusters based on the metric data, then it can create and distribute the configuration information of monitoring components for each edge cluster. 2.All edge clusters as a control plane of this solution will receive the configuration information and strategies sent by the control plane and deploy monitoring components according to the former. 3.For edge clusters of the data plane, each cluster has its own set of monitoring components to ensure the real-time notification. Meanwhile, The entire data plane uses distributed tsdb as persistent storage to ensure the comprehensiveness and globality of metric data which also be shared with the centralized cloud to achieve dynamic perception as a control plane.

Speakers
avatar for Huailong Zhang

Huailong Zhang

Cloud software engineer, Intel
Huailong(Steve) has rich development experience on cloud computing, such as participated in the research and development of PaaS platform for Operation and Maintenance Department of Baidu, developed PaaS monitoring solution for IBM's public cloud via open source and enterprised projects... Read More →
PL

Pang Liye

Cloud Computing R&D Engineer, Inspur



Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

为有状态工作负载保持持久卷的健康性 | Keep Persistent Volumes Healthy for Stateful Workloads - Xing Yang, VMware & Yuquan Ren, ByteDance
越来越多的有状态工作负载已被迁移至 Kubernetes 平台。这些工作负载依靠持久卷来储存数据。然而,在有状态工作负载配置卷并予以使用后,底层储存系统可能会发生很多情况。该卷可能会因意外被删除、该卷所在的磁盘可能会发生故障、磁盘可能会持续退化影响其性能等。Kubernetes 如何及早发现这些问题并提醒用户?Kubernetes 引入了卷健康监测功能,以发现这些存储问题,并通过发送事件信息将这些问题公开给用户。虽然这种方式很有用,但是需要用户手动修复这些问题。如果 Kubernetes 侦测到卷异常情况后也有方法进行自动修正呢?在此次讨论中,我们将讨论目前卷健康监测功能有何作用,以及我们正在做哪些努力以将此功能提升至下一层次?

More and more stateful workloads have been migrated to Kubernetes platforms. These workloads rely on persistent volumes to store data. However, many things could happen to the underlying storage system after a volume is provisioned and used by a stateful workload. The volume could be deleted by accident, the disk that the volume resides on could fail, the disk may be degrading which affects its performance, etc. How can Kubernetes detect these problems early and alert users? The volume health monitoring feature has been introduced in Kubernetes to detect these storage issues and expose them to users by sending events. This has been very helpful, however, the problem has to be fixed by users manually. What if Kubernetes also has a way to do automatic correction after detecting abnormal volume conditions? In this session, we will discuss what the volume health monitoring feature can do currently and what we are working on to move this feature to the next level.

Speakers
avatar for Xing Yang

Xing Yang

Tech Lead, VMware
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect of OpenSDS... Read More →
YR

Yuquan Ren

Senior Software Engineer, Bytedance
Yuquan Ren is a senior software engineer at Bytedance focusing on kubernetes related work.任玉泉现就职于字节跳动,主要从事和 kubernetes 相关的设计和开发工作。


Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

用云原生无服务器技术构建现代 FaaS(功能即服务)平台 | Build a modern FaaS platform with Cloud Native Serverless technologies - Benjamin Huo & Wanjun Lei, QingCloud
作为无服务器的核心,FaaS(功能即服务)越来越受到人们的关注。新兴的云原生无服务器技术可以通过用更强大的云原生替代方案替换 FaaS(功能即服务)平台的关键组件,从而构建一个强大的现代 FaaS(功能即服务)平台。在本次讨论中,OpenFunction 的维护人员将讨论:- 构成 FaaS 平台的关键组成部分,包括功能框架、功能构建、功能服务以及功能事件管理。- 新兴云原生无服务器技术在 FaaS 各个关键领域中的优势,包括 Knative 服务、云原生构建包、Shipwright、Tekton、KEDA 和 Dapr。- 如何以 OpenFunction 为例,利用这些云原生技术构建强大的现代 FaaS 平台。- 事件管理对 FaaS 很重要的原因。- 既然已经有了 Knative eventing 和 Argo Events,为什么 OpenFunction 还要创建自己的事件管理系统“OpenFunction Events”?

As the core of Serverless, FaaS (Function-as-a-Service) has gained more and more attention. The emerging cloud native serverless technologies make it possible to build a powerful modern FaaS platform by replacing the key components of a FaaS platform with more powerful cloud native alternatives. In this talk, OpenFunction maintainers will talk about: - The key components that make a FaaS platform including function framework, function build, function serving, and function event management. - The advantage of the emerging cloud native serverless technologies in each of the key areas of FaaS including Knative Serving, Cloud Native Buildpacks, Shipwright, Tekton, KEDA, and Dapr. - How to build a powerful modern FaaS platform with these cloud native technologies taking OpenFunction as an example - Why does event management matter for FaaS? - Why OpenFunction create its own event management system "OpenFunction Events" when there're already Knative eventing and Argo Events?

Speakers
avatar for Benjamin Huo

Benjamin Huo

Founder, OpenFunction
Benjamin Huo led the KubeSphere Observability and Serverless team. He is the creator of FluentBit Operator and the founder of the FaaS project OpenFunction (https://github.com/OpenFunction/OpenFunction). He is also the author and architect of several observability open source projects... Read More →
WL

Wanjun Lei

QingCloud Technologies
Wanjun Lei is the maintainer of OpenFunction. He is responsible for developing OpenFunction. He is also the maintainer of FluentBit Operator. He is a member of the KubeSphere Observability team and is responsible for the development of Notification Manager. He loves cloud native and... Read More →



Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

Fluid:Kubernetes 原生分布式数据集协调器和加速器 | Fluid: Kubernetes Native Distributed Dataset Orchestrator and Accelerator - Yang Che, Alibaba & Yuandong Xie, Tencent
在公共云上使用 Kubernetes 运行大数据和人工智能应用成为新趋势。然而,在 S3、谷歌云存储、Hadoop 分布式文件系统 (HDFS) 等云分解环境中访问数据,极大地挑战了训练性能,限制了计算的可伸缩性。Yang Che 和 Chris 将介绍 Fluid,以及它如何提高 Kubernetes 中大数据和人工智能应用程序的性能。Fluid 是一个开源、社区驱动、高度协作的项目,由大学里的工程师和研究人员提供。它由云原生计算基金会 (CNCF) 作为沙盒项目主办。在本课程中,与会者将了解项目动机、体系结构、最新功能和用户采用情况。之后,Yang Che 和 Chris 将介绍项目路线图以及新贡献者如何参与,并展示一个关于通过 Fluid 加速无服务器计算的演示。

Running big data and AI applications with Kubernetes on public cloud becomes new trend. However, accessing data in S3, Google Cloud Storage, HDFS and etc such cloud disaggregated environment significantly challenges training performance and limits compute scalability. Yang and Chris will introduce Fluid and how it improves performance of big data and AI applications in Kubernetes . Fluid is an open source, community driven, and highly collaborative project, contributed by engineers and researchers in university. It is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox project. In this session, attendees will learn about project motivation, architecture, the latest features and user adoptions,.After that Yang and Chris will introduce project roadmap and how new contributors to get involved and show a demo about accelerate serverless computing via Fluid.

Speakers
avatar for Yang Che

Yang Che

Staff Engineer, Alibaba
Yang Che, is a senior engineer of Alibaba Cloud. He works in Alibaba cloud container service team, and focuses on Kubernetes and container related product development. Yang also works on building elastic machine learning platform on those technologies. He is an active contributor... Read More →
avatar for Yuandong Xie

Yuandong Xie

Senior Engineer, Tencent
YuanDong Xie, is a senior engineer of Tencent Cloud.He works in Tencent Kubernetes Engine(TKE) team, focuses on cloud native AI infrastructure and other kubernetes related products. Yuandong also focus on elastic kubernetes service on tencent cloud.He likes to explore and contribute... Read More →



Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

ChubaoFS简介及深入剖析 | Introduction and Deep Dive to ChubaoFS - Shuoran Liu & Yong Sheng, Beike
ChubaoFS是具备生产级别的分布式存储系统。它同时提供POSIX和S3兼容的接口,并且具有高可用,可扩展及高性能等特性。ChubaoFS非常契合云原生的理念及生态系统,不仅能够很好的支持传统应用,也可以支持容器内应用。本次分享会回顾ChubaoFS的发展历程,为初次接触的伙伴简单介绍ChubaoFS是什么,能在生产中解决什么问题。另外,我们会介绍一些使用ChubaoFS的小技巧,能够更好的服务终端用户。之后,本次分享会详细介绍ChubaoFS的架构,控制流、数据流,以及当初从零开始设计时的一些思考和设计取舍。正是由于这些创新性的架构设计,使得ChubaoFS不同于其它任何一款开源分布式存储项目,并且极大的拓展了ChubaoFS可以支持的业务范围。然后,本次分享会选取一些有代表性的生产案例及最佳实践分享,其中有些场景之前没有使用过分布式存储,但是ChubaoFS能够很好的进行支撑。最后,我们会介绍下目前正在做的一些开发进展。

ChubaoFS is a production-ready distributed storage system which provides both POSIX-compatible and S3-compatible interfaces with high availability, scalability and performance. It is aligned with the cloud-native ecosystem and suitable for both traditional and containerized applications.    This presentation will go over the history of ChubaoFS and what it can do, to give you a general perception to the newcomers. There will also be some interesting using hints to fulfill diverse needs of the end users.    Then this presentation will also go through the architecture, control/data flows as well as design decisions made when developed from scratch. It is the innovative architecture and workflow design that makes it a unique distributed storage system and capable of supporting diverse using scenarios.    After that we will show some production case studies collected from different companies. Some of the using scenarios seldom involved a distributed storage before, but ChubaoFS can be used in such situations due to the architecture and data flows introduced in the previous section. And we will explain why in this part.    Finally, there will be an introduction and roadmap to the work we are doing.

Speakers
avatar for Shuoran Liu

Shuoran Liu

Software Architect, Beike
YS

Yong Sheng

Senior Software Engineer, Beike
Key member and contributor of ChubaoFS



Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

CloudEvents- 版本 1 正处于开始阶段 | CloudEvents - Version 1 is just the beginning - Ryan Horn, Twillio
自从去年 CloudEvents v1.0 发布以来,社区一直在关注还有哪些其他与事件相关的痛点可以从一些标准化活动中受益。为此,我们一直专注于努力缓解与活动管理生命周期的剩余部分相关的挑战…主要是围绕设置订阅。在此次讨论中,您将了解到正在开发的新规范,旨在帮助人们以编程方式发现感兴趣的事件生成器,以及他们如何订阅获得这些事件,这些事件以可互操作的方式交付。

Since CloudEvents v1.0 was released last year the community has been focused on what other eventing-related pain-points might benefit from some standardization. To that end, there's been a focus on trying ease the challenges that are associated with the remaining portion of the lifecycle of event management... mainly around setting up subscriptions. In this session you'll learn about the new specifications being developed aimed at helping people programmatically discover the event producers of interest and how they can subscribe to get those events delivered in an interoperable fashion.

Speakers
avatar for Ryan Horn

Ryan Horn

Senior Software Architect, Twilio
I'm a senior software architect acting as the technical leader for our customer data infrastructure at Twilio. My passion is designing, building and connecting distributed data infrastructure from operational systems where data originates to analytical systems where the data lands... Read More →


Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

云原生存储:存储 TAG 介绍、项目、经管和技术 | Cloud Native Storage: Storage TAG intro, Projects, Landscape & Technology - Alex Chircop, StorageOS & Raffaele Spazzoli, RedHat
本此讨论将介绍 CNCF 的存储 TAG,并讨论 TAG 如何运作,我们如何运用存储 CNCF 项目展开工作,以及为生态系统构建指南和编写白皮书的项目。在此讨论中,我们将介绍:对 TAG 的概述,如何加入以及如何提供帮助——CNCF 中存储项目的概述——目前正在审查的项目。我们还将分享我们近期工作的最新进展,包括:CNCF 存储环境白皮书、业绩与基准测试白皮书、云原生灾难恢复白皮书

This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with Storage CNCF projects as well as the projects to build guidance and write whitepapers for the ecosystem. During this session we will cover: - Overview of the TAG, how to join and how to help - Overview of storage projects in the CNCF - Projects that are currently being being reviewed. We will also share updates of our latest work including: - the CNCF Storage Landscape whitepaper - the Performance and Benchmarking whitepaper - the Cloud Native Disaster Recovery whitepaper

Speakers
avatar for Alex Chircop

Alex Chircop

Founder & CEO, Ondat
Alex is a founder and CEO of Ondat (formerly StoraeOS), building software defined solutions for cloud native environments. Alex is also a co-chair of the CNCF Storage TAG (previously SIG). Before embarking on the startup adventure he spent over 25 years engineering infrastructure... Read More →
RS

Raffaele Spazzoli

Senior Principal Architect, red hat



Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

边缘计算场景下 Service Mesh 的延伸和扩展 | Extension and expansion of Service Mesh in edge computing scenarios - Wang Jiezhang, Huawei
EdgeMesh 是 KubeEdge 的一部分,为边缘场景中服务之间的交互通信提供了一个简单的网络解决方案。KubeEdge 基于 Kubernetes 构建,将云本地容器化应用程序编排功能扩展到边缘。然而,在边缘计算机场景下,网络拓扑结构更加复杂。不同区域中的边缘节点通常不相互连接,应用程序之间的流量交互通信是业务的主要需求。对于这个场景,EdgeMesh 提供了一个解决方案。作为 KubeEdge 群集上数据面板的组件,EdgeMesh 为 KubeEdge 群集上运行的应用程序提供样本容量(例如,服务发现、流量代理等),从而屏蔽边缘场景的复杂网络拓扑。

EdgeMesh is a part of KubeEdge, and provides a simple network solution for the inter-communications between services at edge scenarios. KubeEdge is build based on Kubernetes, extending cloud-native containerized application orchestration capabilities to the edge. However, at the scenario of edge computer, the network topology is more complex. Edge nodes in different areas are offen not interconnected, and the inter-communication of traffic between applications is the primary requirement of the business. For this scenairo, EdgeMesh offers a solution. As the component of data panel on a KubeEdge cluster, EdgeMesh offers sample capacities (e.g, service discovery, traffic proxy, etc.) for applications running on the KubeEdge cluster, thus shielding the complex network topology at the edge scenairo.

Speakers
avatar for Wang Jiezhang

Wang Jiezhang

Huawei Cloud Native Technical Engineer, Huawei


Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

13:15 CST

在 OpenKruise 中扩展容器运行时的操作 | Extend the operations for container runtime in OpenKruise - Siyu Wang, Alibaba
通常情况下,人们只能使用普通旧数据作为 Kubernetes 中最小的操作单元。他们可以创建一个普通旧数据,但不能控制普通旧数据中的容器,也不能通过 Kubernetes 应用程序接口在某些节点上提取图像。这是因为 Kubernetes 没有提供操作运行时的应用程序接口,比如 Containerd 或 Docker。据我所知,一些公司在他们的集群中入侵了 Kubelet 的代码,以便他们可以对容器做更多的事情。然而,为运行时扩展操作确实是一种错误的方法,因为它不利于开源和社区的合作。现在,云原生计算基金会沙箱项目之一 OpenKruise 提供了高级功能,可以在每个原始 Kubernetes 集群中操作容器运行时。它支持通过 CRD 进行大规模图像预下载和容器重启,因此用户只需应用 CR 另一种标记语言即可完成这些工作。在本次演讲中,我们将介绍 OpenKruise 中功能的用法,以及它如何与 Kubelet 和 CRI 合作。

Usually, people could only use Pod as the minimal operating unit in Kubernetes. They can create a Pod, but they can not control the containers in Pod nor pull images on some nodes via Kubernetes API. It is because Kubernetes does not provide API for operating the Runtime, such as Containerd or Docker. As I know, some companies have hacked the code of Kubelet in their clusters, so that they can do more things to the containers. However, it is really a wrong way to extend operations for Runtime for it goes against the opensource and cooperation of community. Now that OpenKruise, one of the CNCF Sandbox projects, has provided high-level abilities that can operate the container runtime in every original Kubernetes cluster. It supports large-scale image pre-download and container restart by CRD, so that users can do these things by simply applying a CR YAML. In this talk, we would like to introduce usage of the features in OpenKruise and how does it cooperate with Kubelet and CRI.

Speakers
avatar for Siyu Wang

Siyu Wang

Senior Engineer, Alibaba Cloud
Siyu Wang is a Senior Engineer in Alibaba Could, a core maintainer of OpenKruise, and a contributor of Kubernetes/controller-runtime/OAM/KubeVela/kube-state-metrics and some other Kubernetes subprojects. He mainly focuses on cluster management, workloads developing, scheduling, and... Read More →



Friday December 10, 2021 13:15 - 13:50 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

使用 Rust 异步的 RDMA 编程 | RDMA Programming Using Rust Async - Pu Wang, China
Rust 是一种非常强大的系统开发语言。Rust 异步是实现异步输入输出的实用框架。在本演讲中,我们将介绍如何使用 Rust 异步进行 RDMA 编程。首先,我们为 RDMA 动词构建一个 Rust 绑定。由于 RDMA 动词是用 C 语言编写的,所以存在许多与 Rust 不兼容的 C 语言特性,如宏定义、匿名结构体/共用体定义等。此外,Rust 绑定生成工具 BindGen 不能处理内联函数。因此,我们解决了所有这些问题,提出了一个对 Rust 更友好的 RDMA 绑定,不仅保留了函数和变量命名,而且还保持了 Rust 语言的风格和特征。其次,我们使用 Rust 异步实现了一个特性丰富的 RDMA 框架。最重要的特性之一是面向 RDMA 的自动内存管理。每个 RDMA 应用程序均须跟踪存储块是否被远程对等方使用,这使得 RDMA 编程复杂很多。我们的 RDMA 框架不仅为 RDMA 提供了自动内存管理,而且还实现了异步输入输出。这样一来,我们的 RDMA 框架大大简化了 RDMA 编程。我们相信我们的工作将促进 Rust 社区利用 RDMA 建立高性能的应用程序。

Rust is a very powerful system development language. Rust async is a convenient framework to implement asynchronous IO. In this talk, we'll introduce how we use Rust async for RDMA programming. First, we build a Rust binding for RDMA verbs. Since RDMA verbs is written in C, there are many C language features that is incompatible with Rust, such as macro definitions, anonymous struct/union definitions. Also the Rust binding generation tool, BindGen, cannot handle inline functions. So we tackled all these issues to come up with a more Rust friendly RDMA binding, not only retains function and variable naming, but also sticks to Rust language style and features. Second, we implements a feature-rich RDMA framework using Rust async. One of the most important features is automatic memory management for RDMA. Every RDMA application must keep track of whether a block of memory is using by a remote peer or not, which complexes RDMA programming so much. Our RDMA framework not only provides automatic memory management for RDMA, but also implements asynchronous IO. By doing so, our RDMA framework greatly simplifies RDMA programming. we believe our work will facilitate Rust community leveraging RDMA to build high performance applications.

Speakers
PW

Pu Wang

Co-founder, DatenLord
Dr. Pu Wang is the co-founder of the DatenLord project, which is a high performance distributed storage system. DatenLord aims to facilitate data access across multi-cloud, multi-datacenter . Dr. Wang used to work at Google. He was in charge of large scale Ads related user data management... Read More →


Friday December 10, 2021 14:05 - 14:40 CST
Open Source Summit 演讲厅

14:05 CST

在 Kubernetes 上保护您的数据库工作负载 | Protect your database workloads in Kubernetes - Yang Liu & Yongjie Gong, Shanghai Jibu Technology Co.
数据库对于企业客户来说至关重要,并且是 Kubernetes 最重要的生产工作负载之一。然而,如今很多客户对于在 Kubernetes 上运行数据库举棋不定,其中一个主要原因是目前 Kubernetes 中缺乏数据保护解决方案(备份和灾难恢复)。Velero 是目前 Kubernetes 社区中最著名的开源工具,其用于有状态应用程序的备份。但是,Velero 本身不提供足够的应用一致性保证,这是许多数据库应用程序所需要的。此次讨论将介绍使用 Velero 备份普遍使用的 SQL 和 NoSQL 数据库的最佳实践,以及提供所需应用一致性的其他工具。该分享将基于演讲者致力于容器本地存储和备份解决方案工作中的丰富经验。

Databases are crucial for enterprise customers, and it is one of the most critical production workloads for Kubernetes. However, today many customers are hesitate to run databases on Kubernetes, and one of the major reasons is the lacking of data protection solutions (backup and DR) in Kubernetes today. Velero is the most famous opensource tool today in Kubernetes community for stateful application backup. However, Velero itself does not provide enough application consistency guarantee, which is required for many database applications. This session will introduce the best practices to backup popular SQL and NoSQL databases using Velero, and additional tools to provide the application consistency required. The share will be based on the speaker's rich experience working on container native storage and backup solutions.

Speakers
avatar for Yang Liu

Yang Liu

CEO, Shanghai Jibu Technology Co.
2006年毕业于西安交大计算机系,毕业后加入IBM中国系统研发中心从事存储相关的研发工作,在IBM主要存储产品线上均有深厚的积累。2017年起任IBM中国存储研发中心CTO... Read More →



Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

关于与开源社区接洽的指标需求 | On the Need for Metrics to Engage with Open Source Communities - Willem Jiang, Huawei & Daniel Izquierdo, Bitergia
作为所有企业战略的一部分,开源是这一生态系统中的关键。这些是各组织可以在有或没有商业利益的情况下展开合作或直接与竞争对手合作的中立场所。技术的采用、消费或生产应该考虑到这些开源项目所处的阶段。例如,包括对项目的可持续性、其他项目利益相关者、项目领导者和其他人的影响的分析。开源在中国现在是一个热门话题。由于缺乏经验,许多大公司总是想知道如何衡量开源社区的成就以及他们的参与所带来的投资回报率。CHAOSS——开源软件社区健康分析,是指标定义和所有这些的软件实现方面的领先社区,可允许所有人使用开源工具分析开源软件。在本演讲中,听众可了解 CHAOSS 社区,其为一个 Linux 基金会项目,也可了解某些关键指标,用于分析公司(如华为)内部使用的开源项目,以减轻与使用外部软件相关的风险。

As part of any corporation strategy, open source is key in this ecosystem. These are neutral places where organizations can play together either with or without commercial interest or directly participating with competitors. Technology adoption, consumption, or production should take into account the stage of these open source projects. And this includes, as example, analysis such as sustainability of the project, influence of other project stakeholders, project leaders, and others. Open source is a hot topic in China now. Due to the lack of experience, a lot of large corporations always wonder how to measure the success of the open source community and their participation’s ROI. CHAOSS - Community Health Analytics for Open Source Software -, is the leading community in the metrics definition and software implementation of all of this and allows anyone to analyze open source software with open source tools. In this talk, the audience will learn about the community of CHAOSS, a Linux Foundation project, and some of the key metrics to analyze open source projects used within a corporation as Huawei to mitigate the risks associated with using external software.

Speakers
avatar for Daniel Izquierdo

Daniel Izquierdo

CEO, Bitergia
Daniel Izquierdo Cortázar is co-founder and current CEO of Bitergia, a company focused on producing software development analytics and business insights on public, open source, and internal projects. Bitergia helps organizations build and accelerate their Open Source Program Office... Read More →
avatar for Willem Jiang

Willem Jiang

Open Source Technical Expert, Huawei
Willem Jiang is the technical expert of Huawei, a member of the Apache Software Foundation, he worked on many Apache projects like Camel, CXF, ServiceMix and ServiceComb. Before joining Huawei, Willem was the principle engineer of RedHat working on Fuse ESB, he also worked for FuseSource... Read More →


Friday December 10, 2021 14:05 - 14:40 CST
Open Source Summit 演讲厅

14:05 CST

实现 Faas + Dapr + K8S 技术融合,构建全新的阿里巴巴云无服务器研发系统 | Achieving Faas + Dapr + K8S technology integration, and build a new Alibaba Cloud Serverless R&D system - Zhao Qingjie, Alibaba
随着云原生生态系统的不断发展,Kubernetes 已经成为了一种云操作系统。与此同时,无服务器是云计算下一个十年的发展主题这种声音越来越多,那么 Kubernetes 将如何更好地支持这种无服务器场景呢?如何使用 Kubernetes 生态系统更好地整合二者?尽管诸如 Kubernetes 原生和 Fission 一类基于 Kubernetes 的无服务器解决方案已经在行业内出现,但是其仍无法突破零还原和高密度 + 高频率创建等技术瓶颈。本次讨论主要介绍如何在阿里巴巴内部实现技术突破,以及如何实现现有应用的大规模迁移。1.FaaS 在 Kubernetes 上的瓶颈。2.如何突破节点瓶颈,实现单节点上 1200 个实例的高密度部署。3.如何打破性能瓶颈,实现 1w+/5s 的高频创建和删除。4.如何重复使用 Kubernetes 的生态能力,扩展 FaaS 的边界。5.如何快速大规模迁移现有应用的无服务器形式?

With the continuous development of the cloud-native ecosystem, Kubernetes has become a cloud operating system. At the same time, the assertion that serverless is the next decade of cloud computing is getting closer and closer, so how does Kubernetes better support the serverless scenario? How does one use the Kubernetes ecosystem to better integrate the two? Although serverless solutions based on kubernetes, such as Kubernetes native and Fission, have also appeared in the industry, they cannot break through technical bottlenecks such as zero reduction and high-density + high-frequency creation. This talk mainly introduces how to achieve technological breakthroughs within Alibaba and how to achieve large-scale migration of existing applications. 1. The bottleneck of FaaS on kubernetes 2. How to break through the node bottleneck and realize the high-density deployment of 1200 instances on a single node 3. How to break the performance bottleneck and realize the high frequency creation and deletion of 1w+/5s 4. How to reuse the ecological capabilities of kubernetes, Extend the boundary of FaaS 5. How to quickly migrate the serverless form of existing applications on a large scale.

Speakers
avatar for Zhao Qingjie

Zhao Qingjie

Senior software engineer, Alibaba Cloud
Qingjie Zhao, is a senior engineer of Alibaba Cloud. He works in Alibaba cloud FaaS team, and focuses on serverless, PAAS, distributed system architecture, etc..Qingjie is currently responsible for the stability of the FaaS system and next-gen application platform at Alibaba.



Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

字节跳动中基于异构资源的机器学习训练加速 | ML training acceleration with heterogeneous resources in Bytedance - Deliang Fan & Tao Xin, ByteDance
字节跳动中有大量的中央处理器/图形处理器资源支持大量的深度学习模型训练。这些中央处理器/图形处理器资源有多种类型或规格。如何有效地利用这些异构资源是一个关键问题,特别是对于大规模分布式模型。本次分享将讨论如何通过充分利用字节跳动中的异构资源,从系统角度加快模型培训。主要工作包括:1.通过多个图形处理器共享机制充分利用图形处理器资源,增强模型培训能力。2.深入研究非统一内存访问架构关联资源分配(包括中央处理器/内存/图形处理器和 NIC),以获得更好的培训性能。3.集成 RDMA CNI,使用英特尔 SRIOV 技术实现高通量网络通信。

There are vast CPU/GPU resources to support a large number of deep learning model training in ByteDance. These CPU/GPU resources have multiple types or specifications. How to effectively use these heterogeneous resources is a critical issue, especially for large-scale distributed model. This sharing will talk about how to accelerate model training from a system perspective by fully utilizing heterogeneous resources in ByteDance. The main work includes: 1. Empower model training by fully utilizing GPU resources via multiple GPU sharing mechanisms. 2. Deep dive into NUMA affinity resource allocation (including CPU/Mem/GPU and NIC) for better training performance. 3. Integrate RDMA CNI for high throughput networking communication using Intel SRIOV technology.

Speakers
avatar for Deliang Fan

Deliang Fan

ByteDance
avatar for Tao Xin

Tao Xin

Software Engineer, ByteDance



Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

ChaosBlade 项目的过去、现在与未来 | The Past, Present and Future of the ChaosBlade Project - Changjun Xiao, Alibaba
ChaosBlade 是阿里巴巴在2019年开源的混沌工程项目。此项目包含混沌工程实验工具 chaosblade 和混沌工程平台 chaosblade-box,旨在帮助企业解决云原生化过程中高可用问题。在2021年4月通过 CNCF TOC 投票加入到 CNCF Sandbox 项目中。这次分享分为四部分内容:
  1. ChaosBlade 项目概述:介绍 ChaosBlade 项目开源的背景和项目的发展。重点会介绍混沌工程实验模型,chaosblade 下所有的实验场景都基于此实验模型实现。
  2. ChaosBlade 项目过去:介绍混沌工程工具 chaosblade 能力和技术架构,通过一个案例介绍 chaosblade 工具的使用。
  3. ChaosBlade 项目现在:介绍混沌工程平台 chaosblade-box 的特性和架构设计。例如此平台支持实验工具托管、实验工具自动化部署、统一的混沌实验操作界面等。
  4. ChaosBlade 项目未来:介绍 ChaosBlade 项目未来规划以及商业化方面的探索。


ChaosBlade is Alibaba's open source chaos engineering project in 2019. The project includes chaos engineering experimental tool chaosblade and chaos engineering platform chaosblade-box, which aims to help enterprises solve high-availability problems in the cloud-native process through chaos engineering. In April 2021, through the CNCF TOC vote to join the CNCF Sandbox project. This sharing is divided into four parts:

1. ChaosBlade project overview: introduce the development and open source background of ChaosBlade project. We will focus on the chaos experimental model, because all experimental scenarios are implemented based on this model.
2. The past of the ChaosBlade project: Introduce the capabilities and architecture design of chaosblade as an experimental tool for chaos engineering. Introduce the use of chaosblade tool from a specific case.
3. The present of ChaosBlade project: Introduce chaosblade-box platform function and architecture design. For example, the platform supports hosting of experimental tools, automated installation, and execution of chaotic engineering experiments.
4. The future of the ChaosBlade project: Finally, an introduction to the future open source planning of the ChaosBlade project and the exploration of commercialization.

Speakers

Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

CNI 1.0.0 概述以及 CNI 2.0 扼要介绍 | Overview of CNI 1.0.0 and preview of CNI 2.0 - Bruce Ma, Ant Financial & Bingshen Wang, Alibaba
CNI 1.0.0 版本是最近发布的首个稳定版本,这也意味着规范和特征将在一定程度上暂时保持不变,并且可以广泛使用。本主题将详细回顾 CNI 1.0.0 版本发展过程中的主要特征和增强功能,以助您更加合理、规范地使用 CNI。第二部分中,我们将深入探讨 CNI2.0 的发展前景,以及 CNI1.0 时代存在的一些问题和不足,包括安全性、实时网络状态、插件二进制文件的执行、配置管理等。此外,我们希望这一主题能吸引更多 CNI 2.0 的贡献者。

CNI v1.0.0 is the first stable version which has been released recently, which also means that the specification and features will be changeless to some extent for a while, and could be widely used. This topic will take a close-up review of the key features and enhancements on the evolution way to CNI v1.0.0, to help you use CNI more reasonably and standardly. In the second deep dive part, an outlook about CNI 2.0 will be extended, also some problems and warts in CNI 1.0 era will be discussed, including security, real-time network status, execution of plugin binaries, configuration management and so on. Moreover, we hope this topic will attract more contributors on CNI 2.0.

Speakers
avatar for bingshen wang

bingshen wang

Senior Software Engineer, AlibabaCloud
avatar for Bruce Ma

Bruce Ma

Senior Software Engineer, Ant Financial



Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

Kubernetes SIG 存储介绍和更新 | Kubernetes SIG Storage Introduction and Update - Xing Yang, VMware & Michelle Au, Google
Kubernetes SIG 存储负责确保不同类型的文件和块存储在容器调度的任何地方都可用,确保存储容量管理(容器临时存储的使用,卷的体积调整等),根据存储影响容器的调度(数据引力,可用性等),以及存储的通用操作(快照等)。在此次讨论中,我们将对 SIG 存储进行介绍,然后深入探讨 SIG 存储目前正在开展的一些项目,提供最新状态更新,并讨论未来可能出现的情况。

Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will give an introduction to SIG Storage and then deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.

Speakers
avatar for Michelle Au

Michelle Au

Software Engineer, Google
Michelle Au is a software engineer at Google and is a Kubernetes SIG Storage tech lead. She has worked on Kubernetes volume security, the Container Storage Interface, volume topology, and local persistent storage.
avatar for Xing Yang

Xing Yang

Tech Lead, VMware
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect of OpenSDS... Read More →


Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

异构多集群全网格通信实践 | Heterogeneous multi-cluster full mesh communication practice - Li Yang, Transwarp; Liu Wenfeng, VMware
许多大数据业务都在 Kubernetes 集群上运行。为了使运行在不同 Kubernetes 集群上的大数据业务能够高效地访问彼此的数据,需要一种新的方式在异构多 Kubernetes 集群之间建立高性能、简单的网络通信。在第二层网络中,我们选择主机路由进行通信,以保证网络性能。主流容器网络接口 (CNI) 支持此功能。在第三层网络中,我们选择主流容器网络接口支持的 vxlan 隧道技术连接网络。对于异构容器网络接口,在第二层网络中,它们可以直接通信。在第三层网络中,它们的 VNI 可能不同,因此无法在集群之间创建 vxlan 隧道,因此至少可以通过编程扩展一个容器网络接口以适应另一个容器网络接口,确保使用相同的 VNI 在两个容器网络接口之间建立 vxlan 隧道,我们选择 antrea 作为核心容器网络接口以支持可配置的 VNI。

Many big data business are running on Kubernetes cluster. In order to allow big data business running on different Kubernetes' clusters efficiently access each other's data, it needs a novel way to establish high peformance and simple network communitcation between heterogeneous multi Kubernetes' clusters. In the second layer network, we chose the host routing to communicate to ensure network performance. The mainstream CNI supports this function. In the third layer network, we chose the vxlan tunnel technology supported by the mainstream CNI to connect the network. For heterogeneous CNI, in the second layer network, they can communicate directly. In the third layer network, their VNI could be different that the vxlan tunnel cannot be created between the clusters, so at least one CNI can be extended by programming to adapt to another CNI, ensure that the same VNI is used to establish a vxlan tunnel between the two CNIs, we chose antrea as the core CNI to support configurable VNIs.

Speakers
avatar for Liu Wenfeng

Liu Wenfeng

engineering manager for Project Antrea, VMware
Vicky Liu, Sr. R&D manager in Networking&Security BU at VMware. She has been working in IT domain for 10+ years and now focuses on Kubernetes networking solutions. She leads team to contribute to Antrea project which was officially announced on 2019 kubecon as an open sourced, light-weight... Read More →
avatar for Li Yang

Li Yang

Senior software engineer, Transwarp
Yang Li currently working at Transwarp, the position is senior software engineer, has been focusing on Cloud Networking for 9 years that has rich experience on the design and development of Iaas and Pass network functions.



Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

Kubernetes 中 Windows 工作负载管理的最佳实践 | Best Practice on Windows Workload Management In Kubernetes - Benjamin Wang & Wenli Wei, VMware
随着 Windows 容器的成熟,大部分 Windows 应用程序和服务正在迁移到 Kubernetes。即使拥有 Linux 工作负载管理的成功经验,大规模管理 Windows 工作负载也是一项挑战。您知道 Windows 工作负载的暂存空间吗?您是否曾经因过度配置的暂存空间而导致节点崩溃?我们如何避免孤立磁盘?它怎么可能在滚动更新时陷入困境?如何优雅地关闭守护程序?组托管服务帐户 (GMSA) 作为在 Windows 上运行任务和应用程序的更安全的方式,您知道组托管服务帐户是如何集成到 Windows 群集中的吗?你还在纠结于 Kubernetes 上的组托管服务帐户与动态目录的集成吗?

As Windows containers become mature, a large portion of Windows applications and services are moving to Kubernetes. Even with the successful experience of Linux workloads management, it is challenging to manage Windows workloads at scale. Did you know the scratch space for windows workloads? Have you ever had a node crash caused by over-provisioned scratch space? How do we avoid the orphan disks? how could it be prone to get stuck at rolling update? How gracefully shutdown Daemonset? Group Managed Service Accounts (gMSA) as a more secure way to run tasks and applications on windows, do you know how gMSA integrates into the windows clusters? Are you still struggling on gMSA integration with Active Directory on Kubernetes?

Speakers
avatar for Benjamin  Wang

Benjamin Wang

VMware
He is a senior engineer in VMware, and I am interested in cloud-native projects, such as Kubernetes, etcd, CSI and etc.
avatar for Wenli Wei

Wenli Wei

Software Engineer, VMware
She is a software engineer from VMware, currently focuses on K8s Windows related technologies. She once worked in IBM analytics related solutions and now VMware Tanzu Kubernetes Grid windows solutions.



Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

KubeEdge 驱动的下一代云原生运行时边缘设备 | KubeEdge Powered Edge-Devices With Next Generation Cloud Native Runtime - Pengfei Jiang, Huawei
随着云本地边缘计算的实现,越来越多的边缘设备需要与.云协作。此外,随着各种专业芯片、硬件加速卡和微机器学习技术的发展,许多通用资源较低的专用设备也需要边缘云协同。因此,轻量级容器沙箱技术需要满足低服务开销、快速启动和服务隔离的要求。为了解决边缘设备的多体系结构系统迁移问题,实现统一的应用运行时,降低开发和维护成本,需要一种统一的跨体系结构运行时技术。

With the implementation of cloud-native edge computing, more and more edge devices need to collaborate with the cloud. In addition, with the development of various professional chips, hardware acceleration cards, and tinyML technologies, many dedicated devices with low general resources also require edge-cloud synergy. Therefore, lightweight container sandbox technology is required to meet the requirements of low service overhead, fast startup, and service isolation. A unified cross-architecture runtime technology is required to solve the problem of multi-architecture system migration of edge devices, achieving unified application runtime and reducing development and maintenance costs.

Speakers
avatar for Pengfei Jiang

Pengfei Jiang

Senior Software Engineer, Huawei
姜鹏飞:在华为2012实验室EulerOS团队工作,openEuler CloudNative SIG Maintainer成员,主要聚焦于容器、WebAssembly沙箱、虚拟化等技术Pengfei Jiang works at the EulerOS team from 2012 Laboratories of Huawei, Maintainer of CloudNative SIG in the openEuler... Read More →


Friday December 10, 2021 14:05 - 14:40 CST
Kubecon + CloudNativeCon 演讲厅

14:05 CST

编译程序与运行时间协同设计以支持基于 Webassembly 的 FaaS | Compiler and Runtime Co-design to Support Webassembly-based FaaS - Wei Tang & He Jie, Ant Group
WebAssembly (Wasm) 是为高效执行和紧凑表示而设计的一种安全、可移植的低级代码格式。随着越来越多的特性被标准化,许多源语言将被编译成 Wasm。其将逐渐成为 FAAS 的主力。我们相信编译程序和运行时间协同设计是有空间的,可以解决 FAAS 中的不同问题。

WebAssembly (Wasm) is a safe, portable, low-level code format designed for efficient execution and compact representation. As more and more features are standardized, plenty of source languages will be compiled to Wasm. It will be gradually becoming the main force of FAAS. We believe there is room for compiler and runtime codesign to address different problems in FAAS.

Speakers
avatar for He Jie

He Jie

Staff Engineer, AntGroup (Shanghai)



Friday December 10, 2021 14:05 - 14:40 CST
Open Source Summit 演讲厅

14:45 CST

Project Office Hours: Volcano
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Volcano Project Office Hours here: https://zoom.us/webinar/register/WN__nSW7oD6TJKik5laPDfAGg


>> Full list of Project Office Hours


Friday December 10, 2021 14:45 - 15:30 CST
Project Office Hours

14:45 CST

Virtual Project Office Hours: Vitess
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Vitess Project Office Hours here: https://zoom.us/webinar/register/WN_7nWUvAqKT1OACNylWZNW2g


>> Full list of Project Office Hours


Friday December 10, 2021 14:45 - 15:30 CST
Project Office Hours

14:45 CST

虚拟展位浏览 | Virtual Booth Crawl
加入我们的解决方案展示区,观看现场演示、互动会议,以及由我们的赞助商提供的专家办公时间。探索参展商的展位,了解更多关于最新的技术,浏览特别优惠和招聘信息,以及更多资讯。

为了促进活动中的网络和业务关系,您可以选择参观第三方的虚拟展位或访问赞助内容。我们永远不会要求您参观第三方展位或访问赞助内容。参观展位时(例如,通过点击解决方案展示或参展商目录中的第三方徽标,以及此后在该展位内的任何操作,包括查看资源),在赞助商展示厅访问赞助会议时,或参加赞助活动时,第三方将接收您的部分注册数据。这些数据包括您的名字、姓氏、职务、公司、地址、电子邮件、常规人口统计问题(即,工作职能、行业),以及关于您互动的赞助内容或资源的详细信息。选择与虚拟展位互动或访问赞助内容即表明,您明确同意第三方接收方接收和使用此类数据,这类行为将受第三方自己的隐私政策约束。

Join us in the Solutions Showcase for live demos, interactive sessions, and expert office hours presented by our sponsors. Explore exhibitor booths to learn more about the latest technologies, browse special offers and job posts, and much more.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s virtual booth or to access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth (e.g. by clicking on a third party’s logo in the exhibit hall or exhibitor directory, and any actions within the booth thereafter including viewing resources), when accessing sponsored sessions in the sponsor theater, accessing virtual swag provided by sponsors, or by participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a virtual booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.




Friday December 10, 2021 14:45 - 15:45 CST
Kubecon + CloudNativeCon 演讲厅

15:45 CST

Virtual Project Office Hours: Buildpacks
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for Buildpacks Project Office Hours here: https://zoom.us/webinar/register/WN_rjStYvnFQ_2P7BRNJys26A


>> Full list of Project Office Hours


Friday December 10, 2021 15:45 - 16:30 CST
Project Office Hours

15:45 CST

Virtual Project Office Hours: KEDA
Project Office Hours is an opportunity for KubeCon + CloudNativeCon attendees to meet the maintainers of the projects, learn more about the project, ask questions, learn about new features and upcoming updates. Below you'll find a list of upcoming Project Office Hours for Graduated, Incubating, and Sandbox projects with the date the office hour will be hosted. Click on the 'View Details' button for the project office hour in order to view additional information. Login is required to RSVP for the event. Once you register for an office hour, you will receive a confirmation email after you RSVP with the event details and how to join the project office hours.

RSVP for KEDA Project Office Hours here: https://zoom.us/webinar/register/WN_YJL0h3VTSQCg-g_-c-2Rqg


>> Full list of Project Office Hours


Friday December 10, 2021 15:45 - 16:30 CST
Project Office Hours

16:00 CST

《Apache Pulsar实战》虚拟书发布会:用一个事件驱动的架构来最大化您数据的价值 -- 由 StreamNative 主办 (注册费用:免费) | Apache Pulsar in Action Virtual Book Launch: Maximize the value of your data with an event-driven architecture hosted by StreamNative (Complimentary Registration Required)
今日,许多企业为了将数据的商业价值最大化而进行数字化转型。他们的重心从单一的流式数据处理转变到流式数据 + 统一批处理、从庞大的架构转移到了微服务上,同时也在为解锁新的使用场景而寻找新的解决方案。Apache Pulsar 的云原生能力和统一的信息传输模型对满足这类增长的商业趋势拥有独特的意义。
David Kjerrumgaard 的著作《Apache Pulsar实战》是您开启 Apache Pulsar 的终极向导。与 David 一起加入这场虚拟书发布会,探索为何更多的企业相比传统的信息传输系统选择了Pulsar,以及Pulsar会如何让您的公司或组织收益。
 如何注册:点击此处注册参加《Apache Pulsar实战》虚拟书发布会!
如您对本场活动有疑问,请联系elisha@streamnative.io

Today, many companies are undergoing digital transformation in order to maximize the business value of their data. They are pivoting away from a pure streaming workload to unified batch and streaming workloads, migrating from monolithic architecture to microservices, and looking for new solutions to unlock new use cases. Apache Pulsar’s cloud-native capabilities and unified messaging model makes it uniquely positioned to meet business’ emerging needs.

David Kjerrumgaard’s book Apache Pulsar in Action is your ultimate guide to getting started with Apache Pulsar. Join David for this virtual book launch to discover why companies are adopting Pulsar over traditional messaging systems and how Pulsar can benefit your organization.

How to Register: Register here to attend Apache Pulsar in Action Virtual Book Launch!

For questions regarding this event, please reach out to elisha@streamnative.io.

Friday December 10, 2021 16:00 - 17:00 CST