MicroCeph on MicroK8s — an exciting fusion of powerful storage capabilities and lightweight container orchestration. MicroCeph, the compact and scalable storage solution, finds its perfect match in the MicroK8s ecosystem.
Ceph is a open source , software defined storage excellent and the only ( i would say ) storage backend as a cloud storage. Ceph is the Future of Storage. In this presentation i am explaining ceph and openstack briefly , you would definitely enjoy it.
Full recorded presentation at https://www.youtube.com/watch?v=2UfAgCSKPZo for Tetrate Tech Talks on 2022/05/13.
Envoy's support for Kafka protocol, in form of broker-filter and mesh-filter.
Contents:
- overview of Kafka (usecases, partitioning, producer/consumer, protocol);
- proxying Kafka (non-Envoy specific);
- proxying Kafka with Envoy;
- handling Kafka protocol in Envoy;
- Kafka-broker-filter for per-connection proxying;
- Kafka-mesh-filter to provide front proxy for multiple Kafka clusters.
References:
- https://adam-kotwasinski.medium.com/deploying-envoy-and-kafka-8aa7513ec0a0
- https://adam-kotwasinski.medium.com/kafka-mesh-filter-in-envoy-a70b3aefcdef
Kubernetes has two simple but powerful network concepts: every Pod is connected to the same network, and Services let you talk to a Pod by name. Bryan will take you through how these concepts are implemented - Pod Networks via the Container Network Interface (CNI), Service Discovery via kube-dns and Service virtual IPs, then on to how Services are exposed to the rest of the world.
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
The document compares eBPF, XDP and DPDK for packet inspection. It describes the speaker's experience using these tools to build a virtual machine that can handle 10Gbps of traffic and drop packets to mitigate DDoS attacks. It details how eBPF and XDP were able to achieve higher packet drop rates than iptables or a custom module. While DPDK could drop traffic at line rate, it required specialized hardware and expertise. Ultimately, XDP provided the best balance of performance, driver support and programmability using eBPF to drop millions of packets per second.
Ceph is a open source , software defined storage excellent and the only ( i would say ) storage backend as a cloud storage. Ceph is the Future of Storage. In this presentation i am explaining ceph and openstack briefly , you would definitely enjoy it.
Full recorded presentation at https://www.youtube.com/watch?v=2UfAgCSKPZo for Tetrate Tech Talks on 2022/05/13.
Envoy's support for Kafka protocol, in form of broker-filter and mesh-filter.
Contents:
- overview of Kafka (usecases, partitioning, producer/consumer, protocol);
- proxying Kafka (non-Envoy specific);
- proxying Kafka with Envoy;
- handling Kafka protocol in Envoy;
- Kafka-broker-filter for per-connection proxying;
- Kafka-mesh-filter to provide front proxy for multiple Kafka clusters.
References:
- https://adam-kotwasinski.medium.com/deploying-envoy-and-kafka-8aa7513ec0a0
- https://adam-kotwasinski.medium.com/kafka-mesh-filter-in-envoy-a70b3aefcdef
Kubernetes has two simple but powerful network concepts: every Pod is connected to the same network, and Services let you talk to a Pod by name. Bryan will take you through how these concepts are implemented - Pod Networks via the Container Network Interface (CNI), Service Discovery via kube-dns and Service virtual IPs, then on to how Services are exposed to the rest of the world.
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
The document compares eBPF, XDP and DPDK for packet inspection. It describes the speaker's experience using these tools to build a virtual machine that can handle 10Gbps of traffic and drop packets to mitigate DDoS attacks. It details how eBPF and XDP were able to achieve higher packet drop rates than iptables or a custom module. While DPDK could drop traffic at line rate, it required specialized hardware and expertise. Ultimately, XDP provided the best balance of performance, driver support and programmability using eBPF to drop millions of packets per second.
Receive side scaling (RSS) with eBPF in QEMU and virtio-netYan Vugenfirer
eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module. Receive side scaling (RSS) is the mechanism of packet steering for multi-queue NICs optimizing multiple CPU utilization. The first usage of eBPF in QEMU is the optimization of the RSS packet steering in virtio-net. During this session, Yan will provide the motives for the RSS optimization using eBPF, review the technical solution, describe integration with libvirt, and discuss future development and additional usages of eBPF in QEMU.
FreeIPA is the open source answer to Active Directory, bringing the functionality of Kerberos and centralized management to the unix world. This talk will dive into the background of FreeIPA, how to attack it, and its parallels to traditional Active Directory. We will cover the FreeIPA equivalents of credential abuse, discovery, and lateral movement, highlighting the similarities and differences from traditional Active Directory tradecraft. This will culminate in multiple real-world demos showing how chains of abuse, previously accessible only in Windows environments, are now possible in the unix realm, providing a new medium for offensive research into Kerberos and LDAP environments.
Container Storage Best Practices in 2017Keith Resar
Docker Storage Drivers are a rapidly moving target. Considering the addition of new graphdrivers and continued maturing of the existing set, we evaluate how each works, performance implications from their implementation architecture, and ideal use cases for each.
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
Cilium is open source software for providing and transparently securing network connectivity and load balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. The foundation of Cilium is the new Linux kernel technology BPF which supports the dynamic insertion of BPF bytecode into the Linux kernel at various integration points. This presentation reveals the secrets of Kubernetes networking and gives you a deep dive into Cilium and why it is awesome!
BlueStore, A New Storage Backend for Ceph, One Year InSage Weil
BlueStore is a new storage backend for Ceph OSDs that consumes block devices directly, bypassing the local XFS file system that is currently used today. It's design is motivated by everything we've learned about OSD workloads and interface requirements over the last decade, and everything that has worked well and not so well when storing objects as files in local files systems like XFS, btrfs, or ext4. BlueStore has been under development for a bit more than a year now, and has reached a state where it is becoming usable in production. This talk will cover the BlueStore design, how it has evolved over the last year, and what challenges remain before it can become the new default storage backend.
The document summarizes new features and updates in Ceph's RBD block storage component. Key points include: improved live migration support using external data sources; built-in LUKS encryption; up to 3x better small I/O performance; a new persistent write-back cache; snapshot quiesce hooks; kernel messenger v2 and replica read support; and initial RBD support on Windows. Future work planned for Quincy includes encryption-formatted clones, cache improvements, usability enhancements, and expanded ecosystem integration.
An Operator is an application that encodes the domain knowledge of the application and extends the Kubernetes API through custom resources. They enable users to create, configure, and manage their applications. Operators have been around for a while now, and that has allowed for patterns and best practices to be developed.
In this talk, Lili will explain what operators are in the context of Kubernetes and present the different tools out there to create and maintain operators over time. She will end by demoing the building of an operator from scratch, and also using the helper tools available out there.
Presentation delivered at LinuxCon China 2017.
Open vSwitch (OVS) is a multilayer open source virtual switch. OVS is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces. OVN is a new network virtualization project that brings virtual networking to the Open vSwitch user community. OVN includes logical switches and routers, security groups, and L2/L3/L4 ACLs, implemented on top of a tunnel-based overlay network.
In this presentation, we will provide an overview of the current state of the projects and their future plans, such as:
- The current state of the Linux, DPDK, and Hyper-V ports
- A status update on a portable BPF-based datapath
- The latest stateful and OpenFlow features available in OVS
- Performance and debugging enhancement to OVN
- OVN features under development such as ACL logging and encrypted tunnels
Upgrading HDFS to 3.3.0 and deploying RBF in production #LINE_DMYahoo!デベロッパーネットワーク
LINE Developer Meetup #68 - Big Data Platformの発表資料です。HDFSのメジャーバージョンアップとRouter-based Federation(RBF)の適用について紹介しています。イベントページ: https://line.connpass.com/event/188176/
Troubleshooting Kafka's socket server: from incident to resolutionJoel Koshy
LinkedIn’s Kafka deployment is nearing 1300 brokers that move close to 1.3 trillion messages a day. While operating Kafka smoothly even at this scale is testament to both Kafka’s scalability and the operational expertise of LinkedIn SREs we occasionally run into some very interesting bugs at this scale. In this talk I will dive into a production issue that we recently encountered as an example of how even a subtle bug can suddenly manifest at scale and cause a near meltdown of the cluster. We will go over how we detected and responded to the situation, investigated it after the fact and summarize some lessons learned and best-practices from this incident.
This document discusses using microservice architecture with Kubernetes. It begins with an overview of microservice architecture compared to traditional monolithic architecture and its benefits. It then covers Kubernetes and containers, the Kubernetes architecture and components, and managed Kubernetes services like Google Kubernetes Engine. It proposes combining microservices, containers, Kubernetes, and services like Istio and GKE to build microservices applications at scale. The presenter is introduced as an expert with experience implementing such architectures for clients.
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
BPF is one of the fastest emerging technologies of the Linux kernel. The talk provides an introduction to Cilium which brings the powers of BPF to Kubernetes and other orchestration systems to provide highly scalable and efficient networking, security and load balancing for containers and microservices. The talk will provide an introduction to the capabilities of Cilium today but also deep dives into the emerging roadmap involving networking at the socket layer and service mesh datapath capabilities to provide highly efficient connectivity between cloud native apps and sidecar proxies.
How to Avoid the Top 5 NGINX Configuration MistakesNGINX, Inc.
When helping NGINX users, we see the same configuration mistakes over and over again. Occasionally, these configurations are even written by fellow NGINX engineers!
Some misconfigurations are worse than others. Minor mistakes might just hurt NGINX performance a bit, but others can introduce serious security vulnerabilities. Not only can those mistakes result in data loss, they have the potential to snowball into countless other negative side effects: data breaches, loss of reputation, and ex‑customers.
In this webinar, we explore five of the most prevalent NGINX misconfigurations. Learn how to detect them and – most importantly – how to avoid and correct them.
Kubernetes advanced sheduling
- Taint and tolerant
- Affinity (Node & inter pod)
Learn how to place Pod like (same or different) node, rack, zone, region
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
This document introduces new Docker network drivers called Macvlan and Ipvlan. It provides information on setting up and using these drivers. Some key points:
- Macvlan and Ipvlan allow containers to have interfaces directly on the host network instead of going through NAT or VPN. This provides better performance and no NAT issues.
- The drivers can be used in bridge mode to connect containers to an existing network, or in L2/L3 modes for more flexibility in assigning IPs and routing.
- Examples are given for creating networks with each driver mode and verifying connectivity between containers on the same network.
- Additional features covered include IP address management, VLAN trunking, and dual-stack IPv4/
BPF (Berkeley Packet Filter) allows for safe dynamic program injection into the Linux kernel. It provides an in-kernel virtual machine and instruction set for running custom programs. The BPF infrastructure includes a verifier that checks programs for safety, helper functions to access kernel APIs, and maps for inter-process communication. BPF has become a core kernel subsystem and is used for applications like XDP, tracing, networking, and more.
This document discusses optimizations for CEPH storage on SSDs. It begins with an introduction to NIC tech lab and software defined storage. It then explains why SSDs provide higher performance than HDDs due to lower latency and higher parallelism. The document provides examples of optimizing the Linux IO scheduler and discusses principles of performance tuning. It describes the CEPH architecture including RADOS, CRUSH, and consistency models. It focuses on optimizations for metadata processing in BlueStore including sharding, pre-allocation, and reducing acknowledgment overhead. Overall optimizations included reducing metadata overhead, improving IO paths, using shard finishers, and optimizing the operating system.
CERN OpenStack Cloud Control Plane - From VMs to K8sBelmiro Moreira
CERN is the home of the Large Hadron Collider (LHC), a 27km circular proton accelerator that generates petabytes of physics data every year. To process all this data, CERN runs an OpenStack Cloud (>300K cores) that helps scientists all around the world to unveil the mysteries of the Universe. The Infrastructure is also used to run all the IT services of the Organization.
Delivering these services, with high performance and reliable service levels has been one of the major challenges for the CERN Cloud engineering team. We have been constantly iterating the architecture and deployment model of the Cloud control plane.
In this presentation we will describe the different control plane architecture models that we relied over the years. Finally, we will describe all the work done to move the OpenStack Cloud control plane from VMs into a kubernetes cluster. We will report about our experience running this architecture at scale, its advantages and challenges.
In this presentation, we are going to give a brief introduction to Ceph and cover some considerations around it's architecture, both in general and related to CloudStack. We are going to cover Ceph's integration into CloudStack, compare it's feature set versus other Primary Storage solutions for CloudStack and also share some general advises on it's setup.
Receive side scaling (RSS) with eBPF in QEMU and virtio-netYan Vugenfirer
eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module. Receive side scaling (RSS) is the mechanism of packet steering for multi-queue NICs optimizing multiple CPU utilization. The first usage of eBPF in QEMU is the optimization of the RSS packet steering in virtio-net. During this session, Yan will provide the motives for the RSS optimization using eBPF, review the technical solution, describe integration with libvirt, and discuss future development and additional usages of eBPF in QEMU.
FreeIPA is the open source answer to Active Directory, bringing the functionality of Kerberos and centralized management to the unix world. This talk will dive into the background of FreeIPA, how to attack it, and its parallels to traditional Active Directory. We will cover the FreeIPA equivalents of credential abuse, discovery, and lateral movement, highlighting the similarities and differences from traditional Active Directory tradecraft. This will culminate in multiple real-world demos showing how chains of abuse, previously accessible only in Windows environments, are now possible in the unix realm, providing a new medium for offensive research into Kerberos and LDAP environments.
Container Storage Best Practices in 2017Keith Resar
Docker Storage Drivers are a rapidly moving target. Considering the addition of new graphdrivers and continued maturing of the existing set, we evaluate how each works, performance implications from their implementation architecture, and ideal use cases for each.
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
Cilium is open source software for providing and transparently securing network connectivity and load balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. The foundation of Cilium is the new Linux kernel technology BPF which supports the dynamic insertion of BPF bytecode into the Linux kernel at various integration points. This presentation reveals the secrets of Kubernetes networking and gives you a deep dive into Cilium and why it is awesome!
BlueStore, A New Storage Backend for Ceph, One Year InSage Weil
BlueStore is a new storage backend for Ceph OSDs that consumes block devices directly, bypassing the local XFS file system that is currently used today. It's design is motivated by everything we've learned about OSD workloads and interface requirements over the last decade, and everything that has worked well and not so well when storing objects as files in local files systems like XFS, btrfs, or ext4. BlueStore has been under development for a bit more than a year now, and has reached a state where it is becoming usable in production. This talk will cover the BlueStore design, how it has evolved over the last year, and what challenges remain before it can become the new default storage backend.
The document summarizes new features and updates in Ceph's RBD block storage component. Key points include: improved live migration support using external data sources; built-in LUKS encryption; up to 3x better small I/O performance; a new persistent write-back cache; snapshot quiesce hooks; kernel messenger v2 and replica read support; and initial RBD support on Windows. Future work planned for Quincy includes encryption-formatted clones, cache improvements, usability enhancements, and expanded ecosystem integration.
An Operator is an application that encodes the domain knowledge of the application and extends the Kubernetes API through custom resources. They enable users to create, configure, and manage their applications. Operators have been around for a while now, and that has allowed for patterns and best practices to be developed.
In this talk, Lili will explain what operators are in the context of Kubernetes and present the different tools out there to create and maintain operators over time. She will end by demoing the building of an operator from scratch, and also using the helper tools available out there.
Presentation delivered at LinuxCon China 2017.
Open vSwitch (OVS) is a multilayer open source virtual switch. OVS is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces. OVN is a new network virtualization project that brings virtual networking to the Open vSwitch user community. OVN includes logical switches and routers, security groups, and L2/L3/L4 ACLs, implemented on top of a tunnel-based overlay network.
In this presentation, we will provide an overview of the current state of the projects and their future plans, such as:
- The current state of the Linux, DPDK, and Hyper-V ports
- A status update on a portable BPF-based datapath
- The latest stateful and OpenFlow features available in OVS
- Performance and debugging enhancement to OVN
- OVN features under development such as ACL logging and encrypted tunnels
Upgrading HDFS to 3.3.0 and deploying RBF in production #LINE_DMYahoo!デベロッパーネットワーク
LINE Developer Meetup #68 - Big Data Platformの発表資料です。HDFSのメジャーバージョンアップとRouter-based Federation(RBF)の適用について紹介しています。イベントページ: https://line.connpass.com/event/188176/
Troubleshooting Kafka's socket server: from incident to resolutionJoel Koshy
LinkedIn’s Kafka deployment is nearing 1300 brokers that move close to 1.3 trillion messages a day. While operating Kafka smoothly even at this scale is testament to both Kafka’s scalability and the operational expertise of LinkedIn SREs we occasionally run into some very interesting bugs at this scale. In this talk I will dive into a production issue that we recently encountered as an example of how even a subtle bug can suddenly manifest at scale and cause a near meltdown of the cluster. We will go over how we detected and responded to the situation, investigated it after the fact and summarize some lessons learned and best-practices from this incident.
This document discusses using microservice architecture with Kubernetes. It begins with an overview of microservice architecture compared to traditional monolithic architecture and its benefits. It then covers Kubernetes and containers, the Kubernetes architecture and components, and managed Kubernetes services like Google Kubernetes Engine. It proposes combining microservices, containers, Kubernetes, and services like Istio and GKE to build microservices applications at scale. The presenter is introduced as an expert with experience implementing such architectures for clients.
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
BPF is one of the fastest emerging technologies of the Linux kernel. The talk provides an introduction to Cilium which brings the powers of BPF to Kubernetes and other orchestration systems to provide highly scalable and efficient networking, security and load balancing for containers and microservices. The talk will provide an introduction to the capabilities of Cilium today but also deep dives into the emerging roadmap involving networking at the socket layer and service mesh datapath capabilities to provide highly efficient connectivity between cloud native apps and sidecar proxies.
How to Avoid the Top 5 NGINX Configuration MistakesNGINX, Inc.
When helping NGINX users, we see the same configuration mistakes over and over again. Occasionally, these configurations are even written by fellow NGINX engineers!
Some misconfigurations are worse than others. Minor mistakes might just hurt NGINX performance a bit, but others can introduce serious security vulnerabilities. Not only can those mistakes result in data loss, they have the potential to snowball into countless other negative side effects: data breaches, loss of reputation, and ex‑customers.
In this webinar, we explore five of the most prevalent NGINX misconfigurations. Learn how to detect them and – most importantly – how to avoid and correct them.
Kubernetes advanced sheduling
- Taint and tolerant
- Affinity (Node & inter pod)
Learn how to place Pod like (same or different) node, rack, zone, region
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
This document introduces new Docker network drivers called Macvlan and Ipvlan. It provides information on setting up and using these drivers. Some key points:
- Macvlan and Ipvlan allow containers to have interfaces directly on the host network instead of going through NAT or VPN. This provides better performance and no NAT issues.
- The drivers can be used in bridge mode to connect containers to an existing network, or in L2/L3 modes for more flexibility in assigning IPs and routing.
- Examples are given for creating networks with each driver mode and verifying connectivity between containers on the same network.
- Additional features covered include IP address management, VLAN trunking, and dual-stack IPv4/
BPF (Berkeley Packet Filter) allows for safe dynamic program injection into the Linux kernel. It provides an in-kernel virtual machine and instruction set for running custom programs. The BPF infrastructure includes a verifier that checks programs for safety, helper functions to access kernel APIs, and maps for inter-process communication. BPF has become a core kernel subsystem and is used for applications like XDP, tracing, networking, and more.
This document discusses optimizations for CEPH storage on SSDs. It begins with an introduction to NIC tech lab and software defined storage. It then explains why SSDs provide higher performance than HDDs due to lower latency and higher parallelism. The document provides examples of optimizing the Linux IO scheduler and discusses principles of performance tuning. It describes the CEPH architecture including RADOS, CRUSH, and consistency models. It focuses on optimizations for metadata processing in BlueStore including sharding, pre-allocation, and reducing acknowledgment overhead. Overall optimizations included reducing metadata overhead, improving IO paths, using shard finishers, and optimizing the operating system.
CERN OpenStack Cloud Control Plane - From VMs to K8sBelmiro Moreira
CERN is the home of the Large Hadron Collider (LHC), a 27km circular proton accelerator that generates petabytes of physics data every year. To process all this data, CERN runs an OpenStack Cloud (>300K cores) that helps scientists all around the world to unveil the mysteries of the Universe. The Infrastructure is also used to run all the IT services of the Organization.
Delivering these services, with high performance and reliable service levels has been one of the major challenges for the CERN Cloud engineering team. We have been constantly iterating the architecture and deployment model of the Cloud control plane.
In this presentation we will describe the different control plane architecture models that we relied over the years. Finally, we will describe all the work done to move the OpenStack Cloud control plane from VMs into a kubernetes cluster. We will report about our experience running this architecture at scale, its advantages and challenges.
In this presentation, we are going to give a brief introduction to Ceph and cover some considerations around it's architecture, both in general and related to CloudStack. We are going to cover Ceph's integration into CloudStack, compare it's feature set versus other Primary Storage solutions for CloudStack and also share some general advises on it's setup.
OpenNebulaConf 2016 - OpenNebula, a story about flexibility and technological...OpenNebula Project
Cloud providers are constantly addressing the technology limitations on their infrastructures, which must be overcome to meet customer needs. On this presentation, we will demonstrate how technological agnosticism and management flexibility of OpenNebula has allowed Todoencloud to provide the most efficient open source solution to the needs of its customers, choosing the most appropriate virtualization technology (Xen and KVM), storage approach (ZFS vs CEPH), Cloud Bursting solutions (Azure, Amazon) and customized networking topologies.
The slides from our first webinar on getting started with Ceph. You can watch the full webinar on demand from http://www.inktank.com/news-events/webinars/. Enjoy!
Quick-and-Easy Deployment of a Ceph Storage Cluster with SLESJan Kalcic
This document discusses quick deployment of a Ceph storage cluster using SUSE Linux Enterprise Server (SLES). It provides an overview of Ceph and its components, and steps for provisioning a Ceph cluster including bootstrapping an initial monitor, adding OSDs, and configuring a PXE boot server for automated installation. It also briefly introduces tools like SUSE Studio for appliance building and SUSE Manager for systems management that can aid in deploying and managing the Ceph cluster.
Ceph is an open source distributed storage system that is highly scalable, self-managing, and provides multiple access methods including block, file, and object storage. It uses CRUSH to intelligently distribute data and replicas across clusters. Ceph Storage Clusters contain OSD, MON, and optionally MDS daemons. OSDs store data objects, MONs maintain cluster maps and state, and MDS provides metadata for CephFS. Ceph can be deployed with CloudStack to provide the backend storage for virtual machine volumes.
Ceph Day Shanghai - Hyper Converged PLCloud with Ceph Ceph Community
Hyper Converged PLCloud with CEPH
This document discusses PowerLeader Cloud (PLCloud), a cloud computing platform that uses a hyper-converged infrastructure with OpenStack, Docker, and Ceph. It provides an overview of PLCloud and how it has adopted OpenStack, Ceph, and other open source technologies. It then describes PLCloud's hyper-converged architecture and how it leverages OpenStack, Docker, and Ceph. Finally, it discusses a specific use case where Ceph RADOS Gateway is used for media storage and access in PLCloud.
Automating Your CloudStack Cloud with Puppetbuildacloud
This document discusses automating the deployment and configuration of virtual machines (VMs) created with Apache CloudStack using Puppet. It provides an overview of CloudStack and its architecture before explaining how Puppet can be used to classify and configure VMs at launch based on custom facts extracted from metadata passed to the VM. The document recommends minimizing templates and configuring all VMs via Puppet for easy management at scale. It also describes how the CloudStack API can be used to programmatically deploy VMs that are then automatically configured by Puppet.
TUT18972: Unleash the power of Ceph across the Data CenterEttore Simone
From SUSECon 2015: Smooth integration of emerging Software Defined Storage technologies into traditional Data Center using Fiber Channel and iSCSI as key values for success.
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
The document provides an overview of Kubernetes architecture and introduces how to deploy Kubernetes clusters on different platforms like Mesosphere's DCOS, Google Container Engine, and Mesos/Docker. It discusses the core components of Kubernetes including the API server, scheduler, controller manager and kubelet. It also demonstrates how to interact with Kubernetes using kubectl and view cluster state.
Who is afraid of privileged containers ?Marko Bevc
This talk will focus on a possible privilege escalation to bypass RBAC rules when running privileged containers without any security policies in place. We will also do a live demo and show how this can be achieved in AWS EKS cluster. Afterwards we will show how to remediate this using PodSecurityPolicies and what to watch for when implementing those in an active cluster.
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]Wong Hoi Sing Edison
Wong Hoi Sing presented on hosting multiple websites on a single Kubernetes cluster. He discussed how virtual hosting traditionally works using a single or multiple servers. He then explained how Kubernetes and related tools like Ansible, CephFS, and Docker can provide a simpler and more scalable approach. Key aspects included using Kubernetes namespaces for isolation, CephFS for shared storage, automated deployment with Ansible, and demos of deploying Drupal on the cluster. Tips were also provided on optimizing applications, databases and caching.
Storage 101: Rook and Ceph - Open Infrastructure Denver 2019Sean Cohen
Starting from the basics, we explore the advantages of using Rook as a Storage operator to serve Ceph storage, the leading Software-Defined Storage platform in the Open Source world. Ceph automates the internal storage management, while Rook automates the user-facing operations and effectively turns a storage technology into a service transparent to the user. The combination delivers an impressive improvement in UX and provides the ideal storage platform for Kubernetes.
A comprehensive examination of use cases and open problems will complement our review of the Rook architecture. We will deep-dive into what Rook does well, what it does not do (yet), and what trade-offs using a storage operator involves operationally. With live access to a running cluster, we will showcase Rook in action as we discuss its capabilities.
https://www.openstack.org/summit/denver-2019/summit-schedule/events/23515/storage-101-rook-and-ceph
This document discusses Ceph, an open-source storage platform that provides object, block, and file storage using a single distributed computer cluster. Ceph's goals are to be completely distributed without single points of failure, scalable to the exabyte level, and freely available. Inktank was created to drive adoption of Ceph in enterprises. Ceph offers advantages like being self-managing, self-healing, web-scale, integrated into Linux and OpenStack, and avoiding vendor lock-in. The document also briefly discusses converged infrastructure using Ceph and other software-based storage solutions.
The document discusses performance analysis of Ceph storage clusters. It begins by providing context on SUSE Enterprise Storage 5 and why performance analysis is important. It then describes how to analyze performance using tools like Ceph commands, FIO, LTTNG, and Iperf. Example results are shown from testing network performance, disk performance, and cluster-level benchmarks on an HPE Apollo storage cluster. Integration with Salt is also discussed for automating performance testing across a Ceph cluster.
TechWiseTV Workshop: Application Hosting on Catalyst 9000 Series SwitchesRobb Boyd
Watch the REPLAY right now: http://bit.ly/2YoLbt3
Enterprise networks are now dealing with massive volumes of data, with a critical need to collect and analyze this data to respond faster and deliver insightful context. Traditional approaches, in which data is processed in remote servers, will no longer work. Data can burden the network unless some context is known. Edge computing can greatly reduce the data sent to the cloud or a remote server. Collecting and analyzing the data at the edge and making decisions locally rather than in centralized servers significantly reduces the latency and bandwidth of the network.
Powered by an x86 CPU, the application hosting solution on the Cisco Catalyst 9000 switching family provides the intelligence required at the edge. Native Docker engine support on the switches will enable users to build and bring their own applications without additional packaging. Cisco DNA Center will provide consistent workflows to manage the entire application lifecycle across multiple Cisco Catalyst 9000 switches through the App Hosting dashboard.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9001EIbih
TechWiseTV: http://cs.co/9009DzrjN
In-Ceph-tion: Deploying a Ceph cluster on DreamComputePatrick McGarry
This document discusses deploying a Ceph cluster on DreamCompute, an OpenStack-powered cloud computing service from DreamHost. It begins with an overview of Ceph's scalability and uses for object, block, and file storage. The document then discusses DreamCompute's open source infrastructure and deploying Ceph using tools like Juju. It provides details on configuring the Ceph cluster by deploying MONs, OSDs, the RGW gateway, and MDS. It concludes by discussing next steps like geo-replication and erasure coding, and opportunities to get involved with the Ceph community.
Similar to MicroK8s 1.28 - MicroCeph on MicroK8s.pdf (20)
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Paul Brebner
Closing talk for the Performance Engineering track at Community Over Code EU (Bratislava, Slovakia, June 5 2024) https://eu.communityovercode.org/sessions/2024/why-apache-kafka-clusters-are-like-galaxies-and-other-cosmic-kafka-quandaries-explored/ Instaclustr (now part of NetApp) manages 100s of Apache Kafka clusters of many different sizes, for a variety of use cases and customers. For the last 7 years I’ve been focused outwardly on exploring Kafka application development challenges, but recently I decided to look inward and see what I could discover about the performance, scalability and resource characteristics of the Kafka clusters themselves. Using a suite of Performance Engineering techniques, I will reveal some surprising discoveries about cosmic Kafka mysteries in our data centres, related to: cluster sizes and distribution (using Zipf’s Law), horizontal vs. vertical scalability, and predicting Kafka performance using metrics, modelling and regression techniques. These insights are relevant to Kafka developers and operators.
The Rising Future of CPaaS in the Middle East 2024Yara Milbes
Explore "The Rising Future of CPaaS in the Middle East in 2024" with this comprehensive PPT presentation. Discover how Communication Platforms as a Service (CPaaS) is transforming communication across various sectors in the Middle East.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
The Comprehensive Guide to Validating Audio-Visual Performances.pdfkalichargn70th171
Ensuring the optimal performance of your audio-visual (AV) equipment is crucial for delivering exceptional experiences. AV performance validation is a critical process that verifies the quality and functionality of your AV setup. Whether you're a content creator, a business conducting webinars, or a homeowner creating a home theater, validating your AV performance is essential.
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISTier1 app
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Nashik's top web development company, Upturn India Technologies, crafts innovative digital solutions for your success. Partner with us and achieve your goals
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...kalichargn70th171
Visual testing plays a vital role in ensuring that software products meet the aesthetic requirements specified by clients in functional and non-functional specifications. In today's highly competitive digital landscape, users expect a seamless and visually appealing online experience. Visual testing, also known as automated UI testing or visual regression testing, verifies the accuracy of the visual elements that users interact with.
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.
Enhanced Screen Flows UI/UX using SLDS with Tom KittPeter Caitens
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
React.js, a JavaScript library developed by Facebook, has gained immense popularity for building user interfaces, especially for single-page applications. Over the years, React has evolved and expanded its capabilities, becoming a preferred choice for mobile app development. This article will explore why React.js is an excellent choice for the Best Mobile App development company in Noida.
Visit Us For Information: https://www.linkedin.com/pulse/what-makes-reactjs-stand-out-mobile-app-development-rajesh-rai-pihvf/
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
14 th Edition of International conference on computer vision
MicroK8s 1.28 - MicroCeph on MicroK8s.pdf
1. Ceph storage on MicroK8s!
Angelos Kolaitis
Senior Engineer @MicroK8s
1.29 Release Lead Shadow
MicroK8s
Friday 1st of September, 1:30 pm GMT
https://meet.google.com/hjy-uogt-tax
Philip Williams
Product Manager
Ceph
&
2. Agenda
● What is MicroCeph?
● MicroCeph advantages
● Deployment of MicroCeph
● MicroCeph on MicroK8s
3. What is MicroCeph?
Consistent, Isolated and Upgrade Friendly
● Streamlined and effortless deployment
● Minimal setup and maintenance overheads
● MicroCeph is containerised snap with all of its
dependencies and runs fully isolated from the
underlying host
● Using channels for the distribution, going from
latest/stable to latest/edge is easy
4. MicroCeph advantages
Storage for non-experts
● Easiest way to deploy Ceph, just a few commands
● Designed for non-experts
● Highly scalable
○ dev workstation, to edge, to datacenter
● Reliable and resilient
● Open-source distributed storage system
● Flexibility for object, block, and file-level storage
● Supports encryption at rest too!
5. snap install microceph
microceph cluster bootstrap
microceph cluster add node[x]
microceph cluster join pasted-output-from-node1
microceph.ceph status
microceph disk add /dev/sd[x] --wipe
microceph.ceph status
microceph.ceph osd status
MicroCeph deployment
microceph.com
QR Code?
9. - Kubernetes solves container orchestration issues at scale
- I can run my massive distributed workloads at scale (machine learning, video
transcoding, my SaaS business)
- Where can I store the end results?
- We need persistent storage!
- CSI (Container Storage Interface)
- Kubernetes does not solve the problem of distributed storage, since
performance, stability requirements might differ
- Instead, it defines a standard interface to consume any storage
- Which CSI driver? Depends!
- On a public cloud? aws-ebs-csi-driver, azurefile-csi-driver, …
- On a private cloud? cinder-csi-driver, …
- On bare-metal? BYOS!
- Ceph
Distributed Storage In Kubernetes
11. sudo microk8s enable rook-ceph
Deploy rook-operator on the
MicroK8s cluster
Rook can:
- deploy a Ceph cluster inside
the MicroK8s cluster, using
disks from the hosts
- integrate with external
Ceph clusters and manage
them as citizens in
Kubernetes
MicroK8s Rook Ceph addon (1/2)
12. sudo microk8s enable rook-ceph
Why Rook?
- Can detect the right CSI
version depending on running
K8s and Ceph
- (Optionally) Can be used to
manage Ceph from
Kubernetes
- (Optionally) Simplifies ceph
auth clients and keyrings
- (Optionally) Can deploy a
Ceph cluster on top of the
Kubernetes nodes
MicroK8s Rook Ceph addon (2/2)
17. microk8s connect-external-ceph
- Connect to Ceph cluster and initialize RBD pool
- Detect appropriate Ceph CSI version to deploy
- Generate Ceph client keyrings for ceph-csi
- Create Kubernetes resources for connecting to Ceph (ceph mons, keyrings)
- Create StorageClasses for consuming Ceph storage
MicroK8s / MicroCeph
18. Deploy microceph and microk8s on an edge environment and use Ceph for
storage
$ sudo snap install microceph --channel quincy/stable
$ sudo snap install microk8s --classic --channel 1.28/stable
$ sudo microk8s enable rook-ceph
$ sudo microk8s connect-external-ceph
Scenarios (1/4)
19. More complex Ceph configuration, use an RBD pool backed by specific OSDs
(e.g. tenant separation, use only SSD disks, …)
$ ceph osd crush rule create-replicated replicated_ssd default host ssd
$ rbd pool create microk8s-ssd-pool
$ ceph osd pool set microk8s-ssd-pool crush_rule replicated_ssd
$ microk8s connect-external-ceph --rbd-pool microk8s-ssd-pool
Scenarios (2/4)
20. CephFS for RWX support
$ ceph fs volume create microk8s-cephfs0
$ microk8s connect-external-ceph
Scenarios (3/4)
21. Integrate with any Ceph cluster
$ microk8s connect-external-ceph
--ceph-conf ./ceph.conf
--ceph-keyring ./keyring.conf
Scenarios (4/4)
22. Can I Try This Out?
Sure!
1.28 cluster in 5 min
$ sudo snap install microk8s --classic --channel 1.28/stable
MicroK8s releases on 1.28/edge within 24 hours after upstream release
MicroK8s
23. Thank you
Interaction
• Websites
https://microk8s.io/
https://github.com/canonical/microk8s
• Discussion on
https://discuss.kubernetes.io/tag/microk8s
or in Slack on the #microk8s channel
• Report Issues
https://github.com/canonical/microk8s/issues
• MicroK8s Community Sync
Every Friday, 1:30pm GMT
Video call link: https://meet.google.com/hjy-uogt-tax
Upcoming sessions from MicroK8s 1.28
- 1.28 Upstream Updates
- MicroK8s CIS conformance
- MicroK8s Dual Stack
- MicroK8s Ceph integration (feat MicroCeph)
Upcoming sessions calendar
https://www.meetup.com/microk8s-meetup-group/
MicroK8s