2021年中国 KubeCon + CloudNativeCon + Open Source Summit - 线上峰会

本次演讲从三个方面展开，旨在介绍浦发银行的生态银行战略，并由此战略引发了对科技理念、科技架构、科技管理的深层次思考，围绕数字化时代最核心的数据要素建设新一代的银行核心系统架构。在这一个探索摸索的过程中，云原生技术逐渐成为了浦发银行核心系统架构的基石技术，浦发银行于 2019 成为中国首家加入云原生基金会的股份制银行，标志着中国金融科技水平与云原生生态两股潮流的完美结合，将过去狭隘的对金融科技的理解，推动到了实体金融体系嫁接数字科技赋能产业转型的新高度。
1.浦发银行生态银行及全景银行的战略
2.浦发银行基于云原生架构的技术转型
3.浦发银行寻找和孵化的云原生技术

This speech is carried out from three aspects, aiming to introduce the ecological banking strategy of SPD Bank, and this strategy has triggered in-depth thinking on technology concepts, technology structure, and technology management, and built a new generation of bank core system structure around the most core data elements in the digital age.In this process of exploration , cloud native technology has gradually become the cornerstone technology of Pudong Development Bank's core system structure technology. Pudong Development Bank became the first joint-stock bank in China to join the Cloud Native Foundation in 2019, which marks the perfect combination of the two trends of China's financial technology level and the cloud-native ecology. It has changed people's narrow understanding of financial technology in the past, which pushed this understanding to a new height where the physical financial system is grafted with digital technology to empower industrial transformation.
1. The strategy of the "Ecology and Panorama" part of Shanghai Pudong Development Bank
2. Technical transformation of SPD Bank based on cloud native architecture
3. Cloud native technology seeks and incubates by SPD Bank

随着云原生的火热发展，云原生技术已经无处不在，逐步渗透到公有云，数据中心，边缘等多样化的客户场景。华为云也致力于打造开源开放的分布式云原生平台，并推出了UCS服务(Ubiquitous Cloud Native Service)给用户提供极致的云边端一致性云原生体验，当然你可以采用华为发起的CNCF开源项目Karmada/KubeEdge/Volcano构筑属于你的分布式云原生世界。

With the rapid development of cloud native technologies, they have become ubiquitous and gradually penetrate into diversified customer scenarios, such as public cloud, data center, and edge. HUAWEI CLOUD is also committed to building an open source, distributed cloud-native platform and launched the Ubiquitous Cloud-Native Service (UCS) to provide users with the ultimate, consistent cloud native experience. Of course, you can use Huawei-initiated open source projects in CNCF: Karmada, KubeEdge, and Volcano to build your own distributed cloud native world.

在工商银行，云原生基础设施平台支持着成千上万的业务，管理着各种异构硬件和大量资源，为这些业务提供服务。Kubernetes 很好，但考虑到可扩展性、可用性以及多区域部署、基础设施升级等因素，基于多集群的架构已经成为整个平台的关键部分。如何有效地管理这些集群的资源，使不同的业务团队能够自由、灵活地部署服务，同时保证足够高的资源利用率是需要解决的关键挑战。作为一个新的多集群编排框架，Karmada的设计是针对Kubernetes Native API，这使生活变得更加容易。在这次分享中，一帆和Kevin将详细介绍:
1. 工商银行超大规模基础设施的关键挑战。
2. 基于K8s的多集群解决方案的评估和考虑。
3. 取得的成绩，遇到的问题和解决方法。

At ICBC, the cloud native infrastructure platform supports thousands of businesses, manages various heterogeneous hardware and massive resources to provide services for these businesses. Kubernetes is great, but considering factors such as scalability, availability, and multi-regional deployment, infrastructure upgrade etc., the multi-cluster based architecture has become a key part of the whole platform. How to efficiently manage the resources of these clusters so that different business teams can deploy services freely and flexibly, while ensuring sufficiently high resource utilization is the key challenge needs to be resolved. As a new multi-cluster orchestration framework, Karmada is designed to be Kubernetes Native API oriented, which make life much easier.
In this sharing, Yifan and Kevin will go over:
1. Key challenges of hyperscale infrastructure at ICBC
2. Evaluation of K8s based multi-cluster solutions and considerations
3. Achievements, problems met and resolved

云原生微服务架构技术在业界广泛深入的应用，通过其带来的程序模块化开发以及业务方案之间快速组合的技术优势正在变革着当今企业业务的发展。然而这种变革也带来了应用程序在服务启动、服务发现、自动扩缩容以及微服务间通信安全性方面的复杂性。面对这些挑战，英特尔®致力于和业界的合作伙伴们一起携手合作解决这些难题，以提高云的可靠性、安全性、性能和效率。十多年来，英特尔®一直是开源云软件社区的热情合作伙伴，致力于将创新的平台优化技术带给社区和合作伙伴，来改善和提高开发人员和方案部署的体验。在本次演讲中，您将进一步了解英特尔®在云原生领域的贡献以及为您的业务带来的帮助、对开源软件生态的长期承诺，以及未来您可以一起参与的技术方向。

The extensive shift to cloud native microservice architecture has transformed businesses by enabling modular development and speedy composition of solutions. This transformation presents complexities in launching, discovering, auto-scaling, and protecting the microservices and their inter-communication. Intel, together with the ecosystem, is committed to improving cloud reliability, security, performance, and efficiency. For over a decade Intel has been a passionate partner of the open-source cloud software community to integrate innovative platform technologies with optimizations that improve the developer and deployment experience. In this talk, you will learn more about Intel's cloud native contributions at the heart of your cloud, its long-term commitment to the open software ecosystem, and upcoming technologies that you can influence.

众所周知，CNCF 托管了很多当今最流行的开源项目，比如 Kubernetes，Prometheus 和 Envoy。而作为开源软件工程师，你其实也可以随时创建或者把你自己的项目提交给 CNCF 进行托管。在本次演讲中，两位 CNCF TOC 成员（同时也是多年的开源实践者）将详细的介绍如何创建属于你自己的 CNCF 项目。具体议程包括：
- 什么是 CNCF？它的愿景是什么？它是如何让开源社区受益的？
- 作为一个开源软件的作者，我又能够从 CNCF 得到哪些帮助？
- 如果要创建一个 CNCF 托管项目，我该怎么做？如何判断我的项目跟 CNCF 的愿景是一致的？
- CNCF 项目的“孵化级”和“毕业级”的具体要求是什么？“沙箱级”又是什么意思？为什么会有“沙箱级”？
- CNCF 介意有竞争关系的项目吗？
- 将开源项目交给 CNCF 托管的具体步骤是什么？有哪些常见的坑可以避免？
- 整个流程大概需要多长时间？
除了上述的一般性讨论之外，本次演讲还会以一些最近加入的项目为例，来更好的回答上述问题和阐述整个流程。你是云原生领域开源软件的从业者吗？那一定不要错过这个演讲！

CNCF manages a collection of open source projects like Kubernetes, Prometheus, and Envoy. As open source developers, you can create and submit your own projects to CNCF. In this session, two CNCF TOC members (and open source practitioners) will explain how you can create your own CNCF projects. We will cover topics such as:

• What is CNCF? What’s its vision? How does it benefit the open source community?
• As an author of open source software, how can I benefit from CNCF?
• What should I do to create a CNCF project? How to decide if my project aligns with CNCF?
• What qualifies a project to be graduated and incubation? What is sandbox level and why does it exist?
• Does CNCF accept competing projects?
• What are needed steps for submitting a project, and what pitfalls should I avoid?
• How long should I expect on the reviewing process to take?

Besides the general discussion, we will also highlight several newly joined projects as real-world examples to better understand the CNCF process. Working on open source software in cloud native area? Don’t miss this talk!

Kubernetes has become the default container orchestrator framework, setting the standards for application deployment in a distributed environment. In the past years, numerous tools have been developed to extend Kubernetes capabilities and enhance its features. Simultaneously, the expansion of the technology landscape prompted the growth of the adopter base and the number of scenarios where cloud native can be applied. The organic adoption and development of new tools, created the ecosystem and community as we know it today.

This keynote will feature the 3 core principles that define the next generation's identity of cloud native practitioners using a reverse engineering approach. It will present the interoperability of tools, inclusivity at the community and adopters level, and a culture of change and education that drives the ubiquity of the cloud native.

随着云计算和云原生技术的发展，越来越多的服务、更大的集群规模和更复杂的应用使数据中心变得越来越大。TPOS、PUE和服务器密度给管理层面带来了巨大的挑战。利用云原生技术和生态建立IDC大数据/AI管理系统是本次演讲的主题。Smarthaven 利用云原生、大数据和AI技术，是IDC开源管理项目的重要组成部分。我们希望分享：
* 如何收集和管理数据，特别是背景音频信息。数据在边缘侧处理，节省60%的带宽，速度提高10倍。(Kubeedge/Kubernetes）
* 如何用大数据/物联网管理1M+传感器和每天10TB+（Flink和Kubeedge）
* 如何用AI进行边缘检测故障报警推理和预测。节省2%以上的能源。(Kubeflow)
* 如何在5秒内收集、传输和分发AI模型。(Nats)

With the evolution of cloud-computing and cloud-native technologies, more and more services, larger cluster sizes, and more complex applications make data center bigger and bigger. TPOS, PUE and server density pose great challenges to the management level. Using cloud native technology and ecology to establish IDC Bigdata/AI management system is this speech theme. The "Smarthaven" is an important part of IDC's open source management projects, using cloud native, big data, and AI technology. We want to share:
* How to collect and manage data, especially background audio information. The data is processed on the edge side.Saving 60% bandwidth and speed up 10 times. (Kubeedge/Kubernetes)
* How to manage 1M+ sensors and 10TB+/day with Bigdata/IoT (Flink and Kubeedge)
* How to perform edge detection fault alarm reasoning and prediction with AI. Saving 2%+ energy. (Kubeflow)
* How to collect, transmit and distribute AI models in 5 seconds. (Nats)

当今已处于星际航海时代，卫星制造的通用化，智能化，软件化趋势逐渐加快，卫星互联网已经成为全球热点。本次演讲将会介绍卫星计算的现状以及遇到的问题，并在此基础上介绍如何通过KubeEdge的云原生边缘计算能力将卫星作为边缘节点进行管理，并将AI工作负载延伸至太空中，通过边缘协同的AI赋能空间探索，并进行高精度地面科研工作，例如农田面积统计等。

在此演讲中，观众可以了解卫星计算的现状，特点和技术挑战。为什么KubeEdge作为云原生的边缘计算项目适用于对卫星的管理中。以及是如何通过KubeEdge Sedna来进行边缘协同的AI运算，满足在卫星上在对设备功率有极高要求的条件下进行实时计算的要求。

Nowadays, in the age of interstellar navigation, the trend of generalization, intelligence and software of satellite manufacturing is accelerating gradually, and the satellite Internet has become a hot spot in the world. In this talk, Qi and Shangguang will introduce the current state of satellite computing and the problems encountered. They will then introduce how to manage satellites as edge nodes and extend AI workloads into space with KubeEdge's cloud-native edge computing capabilities. More specifically how AI-enabled edge collaboration enables space exploration and high-precision ground-based scientific research, such as farmland area statistics.

In this talk, the audience will learn about the current state, characteristics, and technical challenges of satellite computing. The question “Why is KubeEdge suitable for satellite management as a cloud-native edge computing project?” will also be answered. We will also cover how to use KubeEdge Sedna to perform edge-coordinated AI computing, meeting the requirements for real-time computing on satellites in conditions that have high requirements on device power.

后疫情时代，数字技术全面融入了我们的日常生活，发挥着不可或缺的作用。绿色发展，产业升级已经成为经济增长的新势能。云原生技术是支撑企业数字化转型的原动力，也在成为业务创新的引擎。

In the post-epidemic era, digital technology is fully integrated into our daily lives and plays an indispensable role. Green development and industrial upgrading have become a new potential for economic growth. Cloud native technology is the driving force behind the digital transformation of enterprises, and it is also becoming the engine of business innovation.

本次演讲围绕业务上云、网格管理、容器安全、信创转型等方面，介绍华泰证券的企业上云演进过程。数字化转型是证券行业适应新业务变革和创新需求，实现高质量发展的必由之路。
华泰证券通过安全、可靠、稳定、高效的云服务，实现对已有IT资源的充分利用，提高信息系统的效率和性能，加强经营决策的实时性，实现降本增效。
同时运用先进的数字化手段，构建合规与风控核心能力，通过架构开放、敏捷自助、管理一体等变革与创新，实现了从IT技术、思想理念、业务模式、组织架构和工程文化等全方位的转型，将证券业务的创新发展推上新的高度。

This speech will focus on the collaboration suite of business, grid management, container security, information technology application, innovation industry transformation, etc., to introduce the evolution process of Huatai Securities' enterprise collaboration suite migration. Digital transformation is the only way for the securities industry to adapt to new business changes and innovation needs and achieve high-quality development.

Through safe, reliable, stable and efficient cloud services, Huatai Securities realizes the full use of existing IT resources, improves the efficiency and performance of information systems, strengthens the real-time operation of business decision-making, and achieves cost reduction and efficiency increase.

At the same time, it uses advanced digital methods to build the compliance and risk control core ability. Through changes and innovations such as open structure, agile self-help, and integrated management, it has achieved a full range of IT technology, ideas, business models, organizational structures, and engineering culture, etc. The transformation of the securities business has pushed the innovation and development of the securities business to a new level.

你的云计算凭证是否曾通过 CSI、CPI 等方式泄露过？你的控制面节点是否曾经被集群中的 Pod 攻击过？大多数Kubernetes引擎采用的安全解决方案是:

• 不在控制面节点安装 kubelet，并将所有 Kubernetes 核心组件作为进程而不是Pod运行
• 供应商对账户/身份的许可控制解决方案。


然而，这些方法带来了额外的缺点：

• 控制面问题的故障排除变得很困难
• 上游交付物在部署时被修改
• 控制面组件失去了 HA 能力。演讲者一直致力于将集群api提供商嵌套项目整合到他们的 Kubernetes 引擎中。参加本次会议可以了解到：- 在管理集群中部署和管理控制平面的新方案，这个方案如何保证你的集群安全 - 以原生方式部署控制平面后有什么额外的好处 - 可能有什么挑战以及如何解决。


参加本次会议可以了解到：

• 在管理集群中部署和管理控制平面的新方案，这个方案如何保证你的集群安全
• 以本地方式部署控制平面后有什么额外的好处？
• 可能有什么挑战以及如何解决

Have your cloud credentials ever leaked through CSI, CPI and etc.? Have your control plane nodes ever been attacked from in cluster Pods? Security solutions adopted by majority Kubernetes engines are:
• Not install kubelet in control plane nodes and run all Kubernetes core components as processes instead of Pods
• Permission control solutions for accounts/identities by providers.

However, those approaches introduce extra downsides:
• Troubleshooting control plane issue becomes difficult
• Upstream deliverables are modified for deployment
• Control plane components lose the HA ability The speakers have been working on integrating the cluster api provider nested project into their Kubernetes engine.

Join this session to learn about:
• The new solution to deploy and manage control planes in a management cluster, how does this solution secure your clusters
• What’s the extra benefits after deploying control plane in a native way
• What challenges there might be and how to resolve it