Cloud native swallows the world? OID China 2021 Cloud Native Infrastructure Forum Decrypts for You

This picture must be familiar and unfamiliar to everyone.

In 2011, Marc Andreessen wrote in his well-known article: "Software is eating the world"; three years later, Jonathan Bryce added: "Everything in the world comes from open source"; after that, the industry generally agrees that "cloud computing has changed." The color of the sky"; but now the concept of cloud computing is clearly subdivided-"cloud native" is the biggest fish.

With the coding of infrastructure and the infrastructure of service functions, the concept of cloud native has gradually become popular. And containers, as the atomic carrier of immutable infrastructure, have also become the cornerstone of cloud-native infrastructure.

Why does cloud native swallow the world? How will cloud native eat the world? From the perspective of containers, what technology trends will we see in cloud native infrastructure in the future?

At the OpenInfra Days China 2021 cloud native infrastructure forum, technical experts from leading companies such as DatenLord, Flomesh, Intel, StreamNative, Alibaba Cloud, Fiberhome, Inspur, Lingque Cloud, NSFOCUS, Ant Group, Qingyun, etc. will focus on Discuss the latest developments and technical practices of cloud native technology.

Brief introduction

Wang Zhiguo: Elastic expansion of container storage volumes

speaker information:

Wang Zhiguo, senior R&D engineer of container cloud platform, works at Jinan Inspur Data Technology Co., Ltd. Mainly responsible for the design, development and optimization of CSI-based container cloud platform storage solutions.

content summary:

With the continuous development of cloud native technology, Kubernetes as the de facto standard in the container orchestration field has become an indisputable fact. For stateful services, the container orchestration layer has an increasing demand for stable and efficient storage capabilities. CSI-based cloud-native storage solutions continue to mature. Conventional functions such as persistent volume creation, manual expansion, snapshot/backup, and deletion can meet user needs. Due to the unpredictability of user business on storage capacity, it only depends on operation. Maintenance personnel manually expand the capacity to solve the problem of insufficient persistent storage volume capacity, often there are the following problems:

If the capacity expansion is not timely, the persistent storage volume will be full and the container application business will be interrupted. Even if part of the business expansion is successful, it cannot be quickly restored due to data integrity issues; the amount of business data cannot be accurately predicted, and the expansion capacity is unclear, resulting in storage Low resource utilization or frequent expansion; manual intervention is required, and maintenance costs are high;

This topic collects important issues found in the actual use of container storage, analyzes, researches, and develops related solutions. It aims to enhance storage stability, improve storage resource utilization, improve exception handling mechanisms, and effectively improve container applications The high availability of the business enhances the value of the cloud platform.

Liu Mengxin: Network interworking between OpenStack and Kubernetes based on Kube-OVN

Speaker information:

Liu Mengxin, senior R&D engineer of Lingqueyun, Kube-OVN project maintainer

content summary:

At present, OpenStack is used to manage virtualized workloads, and the scenario of Kubernetes to manage containerized workloads is becoming more and more popular, but how to open up the network between the two to achieve mutual access has become an increasingly difficult problem. In Kube-OVN, we have proposed two solutions to open up the network according to different scenarios. One can open up the network between the independently deployed OpenStack and Kubernetes through ovn-ic, and the other can connect the network through integrated deployment. OpenStack and Kuberentes are based on the same OVN for network control and interconnection. Both solutions are currently open source, hoping to get more feedback from the community.

Wang Junyi: Implementation of AI training acceleration practice based on CRI-RM to achieve CPU and NUMA binding in Kubernetes cluster

speaker information:

Wang Junyi is a solution architect in Intel's data center department. He is responsible for Intel Select Open Source Cloud, HPC Cloud, SmartNic/IPU, SPECVIRT, SPECLOUD, OpenStack large-scale deployment, PMEM KVM optimization and other projects.
Wang Dekui, Architect of Inspur Electronic Information Industry Co., Ltd.
Chen Pei, R&D Manager of Inspur Electronic Information Industry Co., Ltd.
Lin Xinyu, Senior Engineer, Inspur Electronic Information Industry Co., Ltd.

content summary:

Currently, AI training based on Kubernetes' resource management capabilities is a major trend. The CRI-RM component is used in the Kubernetes cluster to allocate resources within the node to accelerate AI training. The CRI-RM component is an Intel open source component used to control the allocation of resources within the node. AI training usually uses GPU resources to obtain higher performance. However, GPU resources are expensive and a separate GPU server needs to be purchased. For AI beginners and developers with limited funds, they may try to run AI training tasks based on existing servers. That is to run training tasks on a traditional CPU server, which usually has worse performance than running training tasks on a GPU, but it can meet the needs of some beginners, such as demos based on the MNIST data set, script debugging, etc. At present, the default CPU management of Kubernetes does not consider the affinity of CPU binding and NUMA. The higher version of Kubernetes will only take effect for the Pod whose QOS is Guaranteed. There may be some limitations to using native Kubernetes CPU management capabilities.

The speaker combined the usage habits of many AI developers and product-related features, and proposed a CPU-based AI training acceleration program combined with CRI-RM, which can improve the training performance in the CPU scenario on the basis of increasing the CPU utilization, and the AI computing performance is improved by 50 %Above, this topic mainly introduces the AI training acceleration practice based on CPU and CRI-RM in Kubernetes clusters. Integrating cri-resource-manager components in Kubernetes clusters can realize the optimal allocation of physical hosts according to topology resources in Kubernetes clusters. Significantly improve the performance of AI computing.

Wan Hongming: Multi-cluster and multi-tenant management of Kubernetes

Speaker Information:

Hongming Wan is a software engineer from Qingyun. He is a core contributor to the KubeSphere open source community and a TOC member, focusing on cloud-native multi-tenancy and security.

content summary:

Soft multi-tenancy is a form of multi-tenancy, and there is no strict isolation between different users, workloads or applications. As far as Kubernetes is concerned, the implementation of soft multi-tenancy is usually achieved through namespaces and RBAC. When multi-tenant management needs to span multiple Kubernetes clusters, many challenges will be encountered, such as the management of authentication and authorization, resource quotas, network policies, and security policies. In this speech, KubeSphere core contributors will share their experience and best practices in designing multi-tenant architecture.

1. Cross-cluster identity authentication.
2. Resource isolation between multiple tenants in a multi-cluster environment.
3. Cross-cluster resource quota management.

Liu Maoyang: Optimization and Practice of Application Hybrid Scheduling in a Cross-Processor Architecture Container Cluster

Speaker information:

Liu Maoyang, works in Jinan Inspur Data Technology Co., Ltd., currently works as a cloud computing development engineer. He has many years of working experience in the field of cloud computing. He is currently committed to the implementation of the K8s project in Inspur and is active in the k8s community.

content summary:

With the maturity and rise of technologies such as ARM and RISC-V, processor architecture and computing power have shown a diversified development trend, and there is an increasing demand for cloud platform heterogeneous computing power integration scheduling and cross-architecture smooth and efficient migration. However, when users create, update, and restart Pods on the native K8S heterogeneous cluster, because the Pod mirroring architecture cannot be guaranteed to be scheduled on the computing nodes of the same processor architecture, the problem of Pod startup failure often occurs.

The community currently has two solutions that have their own shortcomings. We will share the automatic scheduling algorithm through Pod heterogeneous clusters.

1. Developers only need to focus on defining the affinity scheduling strategy between Pods, and no longer need to care about the choice of node CPU architecture, which can reduce the complexity of application deployment caused by heterogeneous clusters.
2. You only need to update the Pod's mirror image to realize Pod cross-CPU architecture migration, which simplifies the application migration operation process.
3. Based on the automatic directed scheduling algorithm, implement the practice and application of istio heterogeneous cluster service management, complete the automatic injection of the proxy without changing the original istio-proxy injection method, and realize the application gray of the cross-processor architecture Microservice governance features such as degree publishing and traffic governance.

Guo Dong: Use QAT and MultiBuffer technology to accelerate and optimize TLS in Envoy

speaker information:

Guo Dong, a cloud computing R&D engineer at Intel Asia Pacific R&D Co., Ltd., has many years of experience in cloud computing R&D and architecture, and currently focuses on the ServiceMesh field.

content summary:

With the development of network security technology, TLS has become the cornerstone of network communication. In the current very popular Service Mesh project Istio, the data plane is implemented through Envoy. This topic mainly introduces Intel's QAT and MultiBuffer encryption and decryption acceleration technologies. After adopting these technologies, the processing of TLS in Envoy can be accelerated, thereby speeding up the processing of the entire data plane, and achieving the effect of improving resource utilization.

Ge Changwei: Nydus-A next-generation container image acceleration system

Speaker information:

Ge Changwei is responsible for the construction of Ant Group's mirror acceleration infrastructure. The core developer of Ant and Alibaba Cloud open source project nydus.

content summary:

1. Why does ant do mirror acceleration
2. The overall architecture and design of nydus
3. Rafs-container image acceleration file system designed for image acceleration
4. Adding wings to a tiger-integrated with Dragonfly's distribution system
5. What value does nydus bring to users

Li Feng: Revising GraalVM-based unified runtime for eBPF and WebAssembly

speaker information:

Li Feng has worked for Motorola, Samsung and other IT companies, and is now an independent developer. He has accumulated more than ten years of R&D experience on mobile platforms, and has mainly focused on the field of cloud computing/edge computing infrastructure in recent years.

He is the main translator of the Chinese version of "Grey Hat Hackers 4th Edition: Ethics, Penetration Testing, Attack Methods, and Vulnerability Analysis Techniques for Righteous Hackers" and "Linux Defense in a Malicious Network Environment".

Have a strong interest and practical ability in technological innovation, enthusiastically participate in various activities in the open source community, participate in various IT conferences and share technology many times

content summary:

eBPF is the next Linux superpower, many Cloud Native projects are using eBPF or have their own wrappers in user-space. Though works mainly in kernel-space, in fact, eBPF can also be apply to user-space with the concept and implementation like ubpf(user-space BPF). WebAssembly is sure to be the next big thing, it will not only change the Web, but also the Cloud Native, and even the whole IT infrastructure.

GraalVM is a great innovation as a universal virtual machine for running applications written in JavaScript, Python, etc, JVM-based languages like Java, Scala, Kotlin, and LLVM-based languages such as C and C++. Now it also implements GraalWasm, which is a WebAssembly engine in the GraalVM.

So how about a unified runtime for both eBPF and WebAssembly that base on GraalVM?

This topic comes with the following sub-topics:

1) Try to implement uBPF VM in the GraalVM;
2) Demystify GraalWasm and evaluate SubStratevm for WASM;
3) How useful is a unified eBPF and WebAssembly runtime for Cloud Native?

Liu Yu: Tool chain construction for the full life cycle of Serverless: Serverless Devs

speaker information:

Liu Yu, Doctor of Electronic Information from National University of Defense Technology, Master of Software Engineering from Zhejiang University; Alibaba Cloud Serverless Product Manager, Alibaba Cloud Functional Computing (FC), Serverless Workflow (FNF) and other product experience side leaders, open source project Serverless Devs initiator and person in charge; author of publications such as "Serverless Architecture: From Principle, Design to Project Actual Combat", "Serverless Engineering Practice: From Entry to Advanced" and other publications.

content summary:

As a very hot technical architecture in the cloud native field, the development of serverless technology is rapid. As an infrastructure at the serverless tool chain level, Serverless Devs originated from Alibaba and was officially open sourced in October 2020. The core purpose is to allow serverless developers to use the serverless architecture more simply and conveniently through the tool chain level. Serverless applications play a role in the full life cycle. Based on Serverless Devs, developers can use multi-cloud products without vendor lock-in, and can customize the capabilities they need through the open component ecology, through the end-cloud joint debugging capabilities provided by Serverless Devs, CI/CD solutions, and JAMStack solutions. Traditional framework migration solutions, etc., to quickly experience, get started, develop, deploy, operate and maintain the serverless architecture. Serverless Devs has been working with community developers since it is open sourced: to make products with emotions, technology with a pattern, and tools to move developers, hoping to contribute an infrastructural force in the serverless field.

Yang Yong: k8s cluster service practice based on cluster-api and OpenStack platform

Speaker Information:

Yang Yong, a senior cloud computing engineer, currently works at inspur. He has more than ten years of design and development experience in the fields of high-performance computing, big data and cloud computing, focusing on the fields of scheduling, resource and cluster management. He has lecture experience such as 2019 Open Infrastructure Summit and OpenInfra Days China 2020, and is also deeply involved in the development and commercialization of related open source projects, such as hadoop, OpenStack, Kubernetes, etc.

content summary:

In today's data center, using openstack to deploy, operate and maintain the k8s platform is a common scenario, but how to make full use of their capabilities and provide the best use experience of k8s on openstack has become a challenge.

After exploring the integration solutions of kubespary, magnum and third-party products, we have summarized a large number of user feedbacks, and finally formed a more cloud-native, flexible and autonomously controllable k8s cluster solution based on cluster-api, making k8s cluster Services are more agile and robust on the openstack platform, providing best practices for the coexistence and win-win situation of the two ecosystems.

Core technologies:
1. Implemented the consistency audit framework of cluster-api objects and openstack resources, and improved the performance of resource state management and garbage collection;
2. Realize k8s workload cluster management through cluster agent, reducing dependence on floating IP;
3. Combine the k8s autoscaler and cluster-api projects to provide a complete autoscale solution based on openstack.

Zhai Jia: Architecture Design and Principle of Apache Pulsar, a Cloud Native Message Flow Platform

Speaker information:

Jia Zhai, co-founder of StreamNative, member of Apache Pulsar PMC and Committer. Previously worked at EMC as the technical leader of Beijing EMC's real-time processing platform. He is mainly engaged in real-time computing and distributed storage system related research work, and continues to contribute code to the open source projects Apache BookKeeper, Apache Pulsar and other projects. He is a PMC member and Committer of the open source projects Apache Pulsar and Apache BookKeeper.

content summary:

In the cloud-native era, developers should focus more on applications and microservices instead of wasting time on maintaining complex messaging and streaming data infrastructure. As a next-generation cloud-native distributed message flow platform, Apache Pulsar has proactively adopted a cloud-native architecture with separation of storage and computing and layered sharding since its birth, which greatly reduces the expansion and operation and maintenance of users in the message system. Difficulty is the best solution to solve real-time message streaming data transmission, storage and calculation in the cloud-native era.

In this sharing, I will introduce Apache Pulsar's cloud-native features and architectural advantages in depth, as well as the latest technological progress and evolution of Pulsar in the full cloud-native era.

Audience benefits:
Understand the architecture design and principle of Apache Pulsar
Understand the cloud-native features of Apache Pulsar
Get the latest plans and progress of Apache Pulsar in storage, messaging, and computing

Ruan Boyan: Metarget: Building a cloud-native infrastructure shooting range

Speaker information:

Ruan Boyan is a security researcher at NSFOCUS Nebula Laboratory. His main research direction is cloud and virtualization security.

As a core designer and developer, he participated in SOAR, container security, cloud native intrusion detection and other projects.

Write and publish multiple cloud-native security articles on platforms such as NSFOCUS Research Newsletter, NSFOCUS Technical Journal, NSFOCUS Blog, and participate in the preparation of the "2020 NSFOCUS Cloud-Native Security Technical Report" as a core author.

Once shared a post-penetration control technology k0otkit for Kubernetes clusters at the CIS2020 conference. The creation and maintenance of the cloud native offensive and defensive range open source project Metarget has received positive feedback and praise from security researchers at home and abroad.

Passionate about exploring Linux, cloud, virtualization and cutting-edge security offensive and defensive technologies.

content summary:

In the cloud-native era, as the pace of everything going to the cloud continues to accelerate, we must also continue to place greater emphasis on the security of cloud-native infrastructure.

Based on our own cloud-native security research experience, we have designed and implemented Metarget, an automatic construction tool for cloud-native infrastructure shooting ranges, dedicated to the automated construction of vulnerable scenarios of underlying infrastructure. Related projects have been open on Github (16163d2ec35825 https://github.com/brant-ruan/metarget).

This topic will introduce to you the functions, design, and concepts of Metarget, and combine specific complex shooting ranges to automatically build and penetrate actual combat DEMOs to show how Metarget can help quickly build a fragile environment for cloud-native infrastructure and greatly improve the efficiency of cloud-native security research. Promote the development of cloud-native security.

The essence of the vulnerability is the security flaw of the software. The process from the introduction of vulnerabilities to discovery and repair can be mapped to a range of specific software versions. Metarget realizes the installation and deployment of a single vulnerability by automatically installing cloud-native components within the range, and realizes the integrated deployment of multi-level complex vulnerability environments by combining different levels of vulnerability components. The complex shooting range case included in this topic only needs 4 Metarget commands to build.

Lu Wanlong: SRE system construction under cloud native

Speaker information:

Lu Wanlong, the current director of the operation and maintenance technology department of Epay, has worked as a cloud computing architect in companies such as Epay, Huawei, and Lenovo. For the past ten years, he has been focusing on the innovation and evangelism of information technology, including containers, virtualization, and software definition. And the infrastructure architecture aspects such as automated operation and maintenance.

Participate in and lead the feasibility study, design, implementation and operation and maintenance of many key projects of the construction enterprise, with advanced technical architecture knowledge and rich project management experience. The book "OpenStack Learn from Scratch", which is written, comprehensively expounds the knowledge of open source cloud technology from the aspects of theory, architecture and practical operation. At the same time, in order to drive enterprises to carry out cloud native transformation, articles such as "The Road to Enterprise Cloudization", "The Road to Enterprise Cloud Storage Construction", "The Certainty Is Absent, Chaos Lives Forever" and other articles have been widely praised by readers.

content summary:

Cloud-native infrastructure provides more types of capabilities and stability, giving businesses more scenarios and delivery speeds. Then there is a question, that is, how to maintain the cloud-native infrastructure and make it shine for the business? Undoubtedly, it must be the SRE system. How does SRE protect cloud native infrastructure? What is its guiding ideology? What kind of organizational structure is suitable for the operation of the SRE system? What is the long-term mechanism of operation?

Zhang Xiaohui: Using Flomesh for Spring+Dubbo Hybrid Environment Service Governance

Speaker information:

Zhang Xiaohui, Flomesh senior cloud native architect, senior engineer, cloud native practitioner, focusing on Kubernetes, DevOps, and microservices

content summary:

Many users are using the Spring Cloud-based microservice system. At the same time, they also need to support the existing Dubbo RPC service system. How to implement service grid-related functions without modifying or minimizing the application is a common requirement. In this topic, the speaker will introduce you how to achieve it-no matter your service is running in a virtual machine or a container, no matter which registry the service uses.

Zhou Liang: Enclave Attestation Architecture: A universal remote attestation architecture in cloud-native scenarios

Speaker information:

Zhou Liang is currently working as a technical development in the Alibaba Cloud operating system security team. His main research direction is the design and development of confidential computing, confidential containers, and remote attestation solutions.

Joined the Intel SGX SDK group in 2014 and engaged in SDK development in an isolated environment, including SGX-specific libraries such as pthread and Control Flow Guard, as well as open source libraries such as tcmalloc, C++11, mkl-dnn, Openmp and libunwind.

content summary:

In network protocol exchange, it is very useful for one end of the communication to know whether the other end is in the expected working state. A system that has been proven and verified to be in good condition can improve the overall system posture. Conversely, systems that cannot be proven and verified in good condition can be discontinued or otherwise marked for repair.

This presentation introduces the technical principles of the remote attestation process through the generation, transmission and verification of evidence, combined with the Enclave Attestation Architecture implemented by the Inclavare Containers open source project, and introduces the general remote attestation architecture in the cloud-native confidential container scenario.

Andrew Zhang, Liu Mengxin: Streamline OpenStack and Kubernetes

Speaker information:

Andrew Zhang，Andrew is Chief Architect and Principal Engineer with Intel, covering China enterprise market. He has extensive background in hardware and software, spanning from IC/SOC design, firmware, OS and high level software stacks. Andrew was a founder for a fabless IC design start-up, developed software from scratch; as well as pushing technology envelope in established companies such as Microsoft and Intel. Andrew has extensive knowledge and experience in wireless communications, mobile phone, client devices, IoT, networking and cloud.

Liu Mengxin, senior R&D engineer of Lingqueyun, Kube-OVN project maintainer

content summary:

Most enterprises invested heavily in OpenStack and cannot abandon.

Current trend of cloud native and micro-services creates new opportunities for enterprises to tap into.

It costs much or even impossible to re-factor asserts from OpenStack to micro-services. Streamline OpenStack with cloud native (i.e., containers with Kubernetes) would provide tremendous opportunities.

Current solutions with Kubernetes on top of OpenStack would be more difficult for enterprises to move to cloud native in long term.
We propose an alternative architecture which might carry Open Infrastructure further into the future.

Zhu Jiazhen, a unified monitoring and alarm component based on Prometheus

Speaker information:

Zhu Jiazhen, graduated from Northwestern Polytechnical University, is currently a system architect in Fiberhome's cloud computing research and development, and has 6 years of cloud computing research and development experience. He has in-depth research in the fields of OpenStack private cloud construction, monitoring operation and maintenance.

content summary:

Monitoring alarms is an indispensable ability for cloud infrastructure. Although OpenStack uses Ceilometer+Gnocchi+Aodh to build the ability to monitor alarms, there are serious performance problems in medium and large-scale scenarios. Prometheus has become an open source new star in monitoring and alarming with its high performance, flexible expansion and powerful convergent computing capabilities, and has gradually become the mainstream solution in this field. Fiberhome's self-developed FitMonitor component is based on Prometheus, which has realized the commercial transformation of the Prometheus solution and has become the unified monitoring and alarm component of the FitCloud cloud product series.

Shi Jicheng: DatenLord cloud native high-speed storage solution

Speaker Information:

Shi Jicheng, co-founder of Datenlord, once worked in leading companies such as Google, Microsoft, and Alibaba. Focus on the research and development of operating systems and distributed computing.

content summary:

With the rapid development of cloud native today, storage problems have always plagued users, and the existing storage methods cannot meet the needs of users. The DateLord cloud native storage solution proposes a high-speed and reliable solution. This topic is to introduce the solution.

Free ticket benefits are here!

This year's conference will be held in the form of online + offline. On site, you can meet the most active open source community contributors and industry leaders in China; online, you can listen to industry technical experts focusing on new 5G infrastructure and cloud native infrastructure , Open source governance, computing and network integration, and wonderful sharing in the field of cloud infrastructure.

DAY ONE （10.15）

Conference content: Keynote speech| OpenStack seminar| Network cloud seminar| Inspur seminar| Social Lounge Lunch
Conference Venue: Beijing·HNA Plaza Marriott Hotel

DAY TWO （10.16）

Conference content: sub-forum speeches, focusing on 5G new infrastructure, cloud native infrastructure, open source governance, computing and network integration, cloud infrastructure
meeting place: live online

If you are interested in cloud-native infrastructure, you may wish to live broadcast room on time at 16163d2ec35b65 10.16. You are also welcome 10.15 to communicate with experts under the line . We have prepared 16163d2ec35b69 rich lunch with expert celebrities and enjoy the valuable opportunity of Social Lounge Lunch 16163d2ec35b6a!

10 limited free tickets (original price 888 yuan/piece) will be given away with the article
Scan the QR code and enter the coupon code " cloudnative " to redeem for free
Didn't grab it?
Scan the exclusive QR code to buy tickets at 50% off!

Click the link to view the detailed schedule of the meeting~
https://pages.segmentfault.com/openinfra-2021/agenda