Kubernetes networking allows pods to communicate with each other and services to load balance traffic to pods. The document discusses Kubernetes networking concepts including the network model, pod networking using CNI plugins like Flannel, and different service types such as ClusterIP, NodePort, and Ingress. It provides examples of exposing a Kubernetes service using hostNetwork, hostPort, and NodePort and how network policies are implemented using iptables.
This document provides an overview and comparison of common container orchestration platforms including Docker Swarm, Mesosphere DC/OS, and Kubernetes. It begins with an introduction to using containers without an orchestrator and the challenges that presents at scale. Examples of Docker Swarm, DC/OS, and Kubernetes demonstrations are then shown. The document analyzes the features and suitability of each orchestrator for both production and development uses before concluding with additional resources.
Paradigm shift in CI at PayPal with Docker and MesosSathiya Narayanan
PayPal moved from a single large Jenkins instance to using containers to improve scalability and efficiency of their continuous integration and delivery (CI/CD) pipelines. They deployed Jenkins masters and slaves as Docker containers on a Mesos cluster. This reduced resource usage by 10x, saving over $2.7 million annually. Issues with inconsistent environments and slow tooling updates were also addressed by using containers to standardize environments.
This document summarizes a presentation about using Docker containers with routed networking to allow for relocatable microservices. It discusses using OSPF routing between servers, switches, and containers to enable moving containers between hosts while maintaining network connectivity. Example Docker and OSPF configurations are shown for servers, leaf switches, and using Boot2Docker for local development. The benefits of this approach include IP mobility and quick service failover without special configurations.
This document discusses deploying Ceph over IPv6. Some key points:
- Ceph works well over IPv6 by enabling IPv6 in ceph.conf. Monitors, OSDs, and librados support IPv6.
- IPv6 addresses issues with IPv4 running out of addresses and limitations of NAT. IPv6 allows unlimited addressing using techniques like top-of-rack routing.
- Early issues with Ceph and IPv6 like address string size and package signing were addressed with code fixes. Current production deployments of Ceph over IPv6 work well without issues.
The document discusses Linux performance optimization and provides examples from real-world troubleshooting cases. It begins by introducing the speaker and their company. The rest of the document details methods for collecting metrics like atop, Graphite, and NewRelic. Common issues identified are high CPU, disk saturation, and inefficient MySQL queries. Stories describe resolving Graphite write performance issues, tracking down a "sudden unexpected death syndrome" caused by improper AHCI settings, and high IRQ interrupts. The conclusion emphasizes that performance engineering is challenging but problems can often be solved through careful analysis of metrics.
Kubinception: using Kubernetes to run Kubernetes OVHcloud
More information and detailed schemas > http://bit.ly/2KjOSi7 (unclickable link - please copy and paste)
One of the most structural choices we made while building OVH Managed Kubernetes service was to deploy our customers’ clusters over our own ones. Kubinception indeed…
In this post we are relating our experience running Kubernetes over Kubernetes, with hundreds of customers’ clusters. Why did we choose this architecture? What are the main stakes with such a design? What problems did we encounter? How did we deal with those issues? And, even more important, if we had to take the decision today, would we choose again to do the Kubinception?
Kubernetes networking allows pods to communicate with each other and services to load balance traffic to pods. The document discusses Kubernetes networking concepts including the network model, pod networking using CNI plugins like Flannel, and different service types such as ClusterIP, NodePort, and Ingress. It provides examples of exposing a Kubernetes service using hostNetwork, hostPort, and NodePort and how network policies are implemented using iptables.
This document provides an overview and comparison of common container orchestration platforms including Docker Swarm, Mesosphere DC/OS, and Kubernetes. It begins with an introduction to using containers without an orchestrator and the challenges that presents at scale. Examples of Docker Swarm, DC/OS, and Kubernetes demonstrations are then shown. The document analyzes the features and suitability of each orchestrator for both production and development uses before concluding with additional resources.
Paradigm shift in CI at PayPal with Docker and MesosSathiya Narayanan
PayPal moved from a single large Jenkins instance to using containers to improve scalability and efficiency of their continuous integration and delivery (CI/CD) pipelines. They deployed Jenkins masters and slaves as Docker containers on a Mesos cluster. This reduced resource usage by 10x, saving over $2.7 million annually. Issues with inconsistent environments and slow tooling updates were also addressed by using containers to standardize environments.
This document summarizes a presentation about using Docker containers with routed networking to allow for relocatable microservices. It discusses using OSPF routing between servers, switches, and containers to enable moving containers between hosts while maintaining network connectivity. Example Docker and OSPF configurations are shown for servers, leaf switches, and using Boot2Docker for local development. The benefits of this approach include IP mobility and quick service failover without special configurations.
This document discusses deploying Ceph over IPv6. Some key points:
- Ceph works well over IPv6 by enabling IPv6 in ceph.conf. Monitors, OSDs, and librados support IPv6.
- IPv6 addresses issues with IPv4 running out of addresses and limitations of NAT. IPv6 allows unlimited addressing using techniques like top-of-rack routing.
- Early issues with Ceph and IPv6 like address string size and package signing were addressed with code fixes. Current production deployments of Ceph over IPv6 work well without issues.
The document discusses Linux performance optimization and provides examples from real-world troubleshooting cases. It begins by introducing the speaker and their company. The rest of the document details methods for collecting metrics like atop, Graphite, and NewRelic. Common issues identified are high CPU, disk saturation, and inefficient MySQL queries. Stories describe resolving Graphite write performance issues, tracking down a "sudden unexpected death syndrome" caused by improper AHCI settings, and high IRQ interrupts. The conclusion emphasizes that performance engineering is challenging but problems can often be solved through careful analysis of metrics.
Kubinception: using Kubernetes to run Kubernetes OVHcloud
More information and detailed schemas > http://bit.ly/2KjOSi7 (unclickable link - please copy and paste)
One of the most structural choices we made while building OVH Managed Kubernetes service was to deploy our customers’ clusters over our own ones. Kubinception indeed…
In this post we are relating our experience running Kubernetes over Kubernetes, with hundreds of customers’ clusters. Why did we choose this architecture? What are the main stakes with such a design? What problems did we encounter? How did we deal with those issues? And, even more important, if we had to take the decision today, would we choose again to do the Kubinception?
The document discusses the Collected Works of Mahatma Gandhi (CWMG) project. It outlines issues with scanning and digitizing original print books, including problems like fuzzy text, dirt, light and dark patches, dust, and missing or out of order pages. It then describes the standardization process used to clean, format and check the digital files. This includes assigning styles, filtering for errors, problem solving using software, and final checking. Estimates are provided for costs to develop an e-book and web portal, including one-time costs for hardware, software, and furniture, as well as recurring hosting, technical support and salary costs. The target dates for completion of the e-book and web portal are
For this info-packed and hands-on workshop we cover:
📍 Introduction to Kubernetes & GitOps talk:
We cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
📍 Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
- an opinionated repo structure to minimize decision fatigue
- disaster recovery using GitOps
- Helm charts example
- Multi-cluster example
- all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
This document provides an overview of Kubernetes 101. It begins with asking why Kubernetes is needed and provides a brief history of the project. It describes containers and container orchestration tools. It then covers the main components of Kubernetes architecture including pods, replica sets, deployments, services, and ingress. It provides examples of common Kubernetes manifest files and discusses basic Kubernetes primitives. It concludes with discussing DevOps practices after adopting Kubernetes and potential next steps to learn more advanced Kubernetes topics.
Docker and containers allow for much higher density and efficiency compared to virtual machines. Containers start in milliseconds versus minutes for VMs, and allow hundreds of containers to run on a single physical machine versus 16 VMs. This leads to significant cost savings through reduced infrastructure needs as well as increased developer productivity from faster deployment and testing. It also enables rapid experimentation to drive more innovation and revenue growth through features. StackEngine helps manage containers at scale in production environments.
Tectonic Summit 2016: Kubernetes 1.5 and BeyondCoreOS
Kubernetes 1.5 introduces several new features to simplify cluster setup and improve scheduling. It provides an easy way to initialize a Kubernetes cluster with a single command using kubeadm. Multiple clusters can also be easily federated together using kubefed. Additionally, Kubernetes 1.5 enhances scheduling capabilities with taints and tolerations, which allow pods to be selectively scheduled to nodes based on hardware requirements like GPUs. This helps optimize workload placement on large, heterogeneous clusters.
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
IPv6 was created to address the limited address space of IPv4 as global IPv4 address allocation was running out. Some of the key differences between IPv4 and IPv6 include IPv6's significantly larger 128-bit address space compared to IPv4's 32-bit addresses, as well as changes to areas like packet headers, fragmentation, and neighbor discovery. Transition technologies like dual stack, NAT64, and DS-Lite were developed to help transition from IPv4 to IPv6, while ensuring IPv6 connectivity even for networks and devices that still use IPv4. Fully enabling IPv6 requires changes to network infrastructure like firewalls, routers, and switches to support the new protocol.
This document discusses strategies for deploying IPv6 in cellular networks given the impending exhaustion of IPv4 addresses and increasing number of internet-connected devices. The best long-term solution is dual-stack (IPv4 and IPv6), but alternatives like IPv6-only with NAT64 and 464XLAT can work as well by allowing IPv6-only devices to access IPv4 content. NAT64 and DNS64 enable IPv6-only clients to reach IPv4 servers, while 464XLAT provides a more efficient solution that works for applications using literal IPv4 addresses. Large-scale deployments by mobile carriers demonstrate the viability of IPv6-only networks with NAT64 or 464XLAT.
The document discusses the need for organizations to deploy IPv6 in order to avoid business continuity risks as IPv4 addresses run out. It provides guidance on requesting IPv6 address space and deploying IPv6 routing within an organization's network. It also addresses common excuses for not deploying IPv6 and notes that initial IPv6 deployment takes less than one day of work. The document aims to convince readers that IPv6 deployment is straightforward and urgently needed.
This document discusses whether to use a managed or self-managed Kubernetes cluster. It describes Talend's initial deployment of Kubernetes using Kubespray on VMs, which required significant effort for upgrades and maintenance. It then discusses moving to Amazon EKS which simplified deployment and reduced monthly costs from $438 to $144, allowing Talend to focus more on applications. While EKS has limitations like a black box control plane, it offers easier setup and an evolving platform supported by AWS. The conclusion is that managed Kubernetes is good for application focus with small ops teams, while self-managed is better if fully controlling the infrastructure is important.
Google has been running everything in containers for the past 15 years, but how do we orchestrate and manage all those containers? We've built and released the open source Kubernetes (http://kubernetes.io), which is based on years of running containers internally at Google. Join us for an introduction to containers and Kubernetes, followed by a hands-on workshop building and deploying your own Kubernetes cluster with multiple front end, database and caching instances.
Docker containers help solve the issue of process-level reproducibility by packaging up your apps and execution environments into a number of containers. But once you have a lot of containers running, you'll need to coordinate them across a cluster of machines while keeping them healthy and making sure they can find each other. This can quickly turn into an unmanageable mess! Wouldn't it be helpful if you could declare what wanted, and then have the cluster assign the resources to get it done and to recover from failures and scale on demand? Kubernetes is here to help!
Key takeaways
- Gentle introduction into containers: why and how
- Learn how Google manages applications using containers
- Intro to Kubernetes: managing applications and services
- Build and deploy your own multi-tier application using Kubernetes
Matt Franklin - Apache Software (Geekfest)W2O Group
The document discusses the potential benefits of container technologies like Docker. It notes that containers offer significantly higher density than virtual machines by avoiding hypervisor overhead. This density improvement can lead to major cost reductions by reducing infrastructure needs. Containers also improve developer efficiency by making development environments portable and disposable. This allows more rapid experimentation and innovation, potentially translating to increased revenue. Technologies like Amazon Lambda take the on-demand aspects of containers even further by abstracting compute resources. The document promotes StackEngine as a solution for managing containers at scale in production environments.
The document discusses configuring and building Qt for different targets, including:
- Configuring Qt for X11 on the host system
- Configuring Qt for QVFb to run on the host with emulated devices
- Configuring Qt for an embedded Linux target which will run on the target device
It provides options for the configure script to customize Qt for each target.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
The document discusses the Collected Works of Mahatma Gandhi (CWMG) project. It outlines issues with scanning and digitizing original print books, including problems like fuzzy text, dirt, light and dark patches, dust, and missing or out of order pages. It then describes the standardization process used to clean, format and check the digital files. This includes assigning styles, filtering for errors, problem solving using software, and final checking. Estimates are provided for costs to develop an e-book and web portal, including one-time costs for hardware, software, and furniture, as well as recurring hosting, technical support and salary costs. The target dates for completion of the e-book and web portal are
For this info-packed and hands-on workshop we cover:
📍 Introduction to Kubernetes & GitOps talk:
We cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
📍 Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
- an opinionated repo structure to minimize decision fatigue
- disaster recovery using GitOps
- Helm charts example
- Multi-cluster example
- all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
This document provides an overview of Kubernetes 101. It begins with asking why Kubernetes is needed and provides a brief history of the project. It describes containers and container orchestration tools. It then covers the main components of Kubernetes architecture including pods, replica sets, deployments, services, and ingress. It provides examples of common Kubernetes manifest files and discusses basic Kubernetes primitives. It concludes with discussing DevOps practices after adopting Kubernetes and potential next steps to learn more advanced Kubernetes topics.
Docker and containers allow for much higher density and efficiency compared to virtual machines. Containers start in milliseconds versus minutes for VMs, and allow hundreds of containers to run on a single physical machine versus 16 VMs. This leads to significant cost savings through reduced infrastructure needs as well as increased developer productivity from faster deployment and testing. It also enables rapid experimentation to drive more innovation and revenue growth through features. StackEngine helps manage containers at scale in production environments.
Tectonic Summit 2016: Kubernetes 1.5 and BeyondCoreOS
Kubernetes 1.5 introduces several new features to simplify cluster setup and improve scheduling. It provides an easy way to initialize a Kubernetes cluster with a single command using kubeadm. Multiple clusters can also be easily federated together using kubefed. Additionally, Kubernetes 1.5 enhances scheduling capabilities with taints and tolerations, which allow pods to be selectively scheduled to nodes based on hardware requirements like GPUs. This helps optimize workload placement on large, heterogeneous clusters.
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
IPv6 was created to address the limited address space of IPv4 as global IPv4 address allocation was running out. Some of the key differences between IPv4 and IPv6 include IPv6's significantly larger 128-bit address space compared to IPv4's 32-bit addresses, as well as changes to areas like packet headers, fragmentation, and neighbor discovery. Transition technologies like dual stack, NAT64, and DS-Lite were developed to help transition from IPv4 to IPv6, while ensuring IPv6 connectivity even for networks and devices that still use IPv4. Fully enabling IPv6 requires changes to network infrastructure like firewalls, routers, and switches to support the new protocol.
This document discusses strategies for deploying IPv6 in cellular networks given the impending exhaustion of IPv4 addresses and increasing number of internet-connected devices. The best long-term solution is dual-stack (IPv4 and IPv6), but alternatives like IPv6-only with NAT64 and 464XLAT can work as well by allowing IPv6-only devices to access IPv4 content. NAT64 and DNS64 enable IPv6-only clients to reach IPv4 servers, while 464XLAT provides a more efficient solution that works for applications using literal IPv4 addresses. Large-scale deployments by mobile carriers demonstrate the viability of IPv6-only networks with NAT64 or 464XLAT.
The document discusses the need for organizations to deploy IPv6 in order to avoid business continuity risks as IPv4 addresses run out. It provides guidance on requesting IPv6 address space and deploying IPv6 routing within an organization's network. It also addresses common excuses for not deploying IPv6 and notes that initial IPv6 deployment takes less than one day of work. The document aims to convince readers that IPv6 deployment is straightforward and urgently needed.
This document discusses whether to use a managed or self-managed Kubernetes cluster. It describes Talend's initial deployment of Kubernetes using Kubespray on VMs, which required significant effort for upgrades and maintenance. It then discusses moving to Amazon EKS which simplified deployment and reduced monthly costs from $438 to $144, allowing Talend to focus more on applications. While EKS has limitations like a black box control plane, it offers easier setup and an evolving platform supported by AWS. The conclusion is that managed Kubernetes is good for application focus with small ops teams, while self-managed is better if fully controlling the infrastructure is important.
Google has been running everything in containers for the past 15 years, but how do we orchestrate and manage all those containers? We've built and released the open source Kubernetes (http://kubernetes.io), which is based on years of running containers internally at Google. Join us for an introduction to containers and Kubernetes, followed by a hands-on workshop building and deploying your own Kubernetes cluster with multiple front end, database and caching instances.
Docker containers help solve the issue of process-level reproducibility by packaging up your apps and execution environments into a number of containers. But once you have a lot of containers running, you'll need to coordinate them across a cluster of machines while keeping them healthy and making sure they can find each other. This can quickly turn into an unmanageable mess! Wouldn't it be helpful if you could declare what wanted, and then have the cluster assign the resources to get it done and to recover from failures and scale on demand? Kubernetes is here to help!
Key takeaways
- Gentle introduction into containers: why and how
- Learn how Google manages applications using containers
- Intro to Kubernetes: managing applications and services
- Build and deploy your own multi-tier application using Kubernetes
Matt Franklin - Apache Software (Geekfest)W2O Group
The document discusses the potential benefits of container technologies like Docker. It notes that containers offer significantly higher density than virtual machines by avoiding hypervisor overhead. This density improvement can lead to major cost reductions by reducing infrastructure needs. Containers also improve developer efficiency by making development environments portable and disposable. This allows more rapid experimentation and innovation, potentially translating to increased revenue. Technologies like Amazon Lambda take the on-demand aspects of containers even further by abstracting compute resources. The document promotes StackEngine as a solution for managing containers at scale in production environments.
The document discusses configuring and building Qt for different targets, including:
- Configuring Qt for X11 on the host system
- Configuring Qt for QVFb to run on the host with emulated devices
- Configuring Qt for an embedded Linux target which will run on the target device
It provides options for the configure script to customize Qt for each target.
Similar to Our experiences deploying kubernetes with IPv6 (20)
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
3. What to expect from this talk?
• Quick history of IPv6
• IPv6 in kubernetes
– Can I run it?
• Step by step tutorial + Demo
4. IPv6 history
IPv4 is not enough?
IETF - ROAD
November 1991
IPv6 in Linux 2.6.12
(Stable)
~2005
No more IPv4 available!
Let’s do NAT over NAT over NAT!
>2008
Containers!
Let’s do IPv4, what could go wrong?
2014
20 Years of IPv6
The year of IPv6?
December 2018
IPv6 in Linux 2.1.8
(Alpha)
~1996
IPv6 was (re)born
RFC 2460
December 1998
IPng was born
RFC 1883
December 1995
IPv6 - Standard 86!
RFC 8200
July 2017
5. A Kubernetes
cluster
on IPv6
● Is it really worth it?
● Infrastructure?
● Kubernetes itself
○ Does it run?
○ Pods, Services and
Ingress?
● Does my app / service work?
10. Kubernetes cluster Is it really worth it? Infrastructure
Your house is not
a datacenter*
*unless it’s a start up
11. Kubernetes cluster Is it really worth it? Infrastructure
Your house is not
a datacenter*
*unless it’s a start up
12. Kubernetes cluster Is it really worth it? Infrastructure
Your house is not
a datacenter*
*unless it’s a start up
13. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
14. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle
● Cows - 10.0.0.0/8
○ Black cows - 10.1.0.0/16
○ Brown cows - 10.2.0.0/16
○ White cows - 10.3.0.0/16
● Sheeps - 172.16.0.0/12
○ Excited Sheeps - 172.16.0.0/16
○ Sleepy Sheeps - 172.17.0.0/16
15. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle containers
● Containers - 10.0.0.0/8
○ Yellow - 10.1.0.0/16
○ Orange - 10.2.0.0/16
○ Red - 10.3.0.0/16
○ Bordeaux - 10.4.0.0/16
16. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle lots of containers
● Containers - 10.0.0.0/8
○ Yellow - 10.1.0.0/16
○ Orange - 10.2.0.0/16
○ Red - 10.3.0.0/16
○ Bordeaux - 10.4.0.0/16
○ Yellow 2 - 10.5.0.0/16
17. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle lots of more containers
● Containers - 10.0.0.0/8
○ Yellow - 10.1.0.0/16
○ Orange - 10.2.0.0/16
○ Red - 10.3.0.0/16
○ Bordeaux - 10.4.0.0/16
○ Yellow 2 - 10.5.0.0/16
○ Orange 2 - 10.6.0.0/16
○ Blue 16 - 10.20.0.0/16
18. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle lots of more and more containers
● Containers - 10.0.0.0/8
○ Yellow - 10.1.0.0/16
○ Orange - 10.2.0.0/16
○ Red - 10.3.0.0/16
○ Bordeaux - 10.4.0.0/16
○ Yellow 2 - 10.5.0.0/16
○ Orange 2 - 10.6.0.0/16
○ Blue 16 - 10.20.0.0/16
ErrNoIPv4
Please help
19. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle lots of more and more containers
● Containers - 10.0.0.0/8
○ Yellow - 10.1.0.0/16
○ Orange - 10.2.0.0/16
○ Red - 10.3.0.0/16
○ Bordeaux - 10.4.0.0/16
○ Yellow 2 - 10.5.0.0/16
○ Orange 2 - 10.6.0.0/16
○ Blue 16 - 10.20.0.0/16
ErrNoIPv4
Please help
No more IPv4s?! Let’s do NAT!
20. Kubernetes cluster Is it really worth it? Infrastructure
Pets vs Cattle (again…)
Your house has pets
● Frog - 192.168.0.1/24
● Turtle - 192.168.0.2/24
● Scared Rabbit - 192.168.0.3/24
● Happy Dog - 192.168.0.4/24
● Apathetic Cat - 192.168.0.5/24
● Serious hamster - 192.168.0.6/24
● Hypnotoad - 192.168.0.7/24
Your datacenter has cattle lots of more and more containers
● Containers - 10.0.0.0/8
○ Yellow - 10.1.0.0/16
○ Orange - 10.2.0.0/16
○ Red - 10.3.0.0/16
○ Bordeaux - 10.4.0.0/16
○ Yellow 2 - 10.5.0.0/16
○ Orange 2 - 10.6.0.0/16
○ Blue 16 - 10.20.0.0/16
ErrNoIPv4
Please help
No more IPv4s?! Let’s do NAT!
NAT
ISP
21. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s assemble our cluster
Cloud
1. Does my OS support IPv6?...
On premises
22. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s assemble our cluster
Cloud
1. Does my OS support IPv6?...
2. Do my servers support IPv6?... 2. Do cloud providers support IPv6?
○ AWS
○ GCE
On premises
23. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s assemble our cluster
Cloud
1. Does my OS support IPv6?...
2. Do my servers support IPv6?...
3. Can and will my users use IPv6?
2. Do cloud providers support IPv6?
○ AWS
○ GCE
On premises
24. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s assemble our cluster
Cloud
1. Does my OS support IPv6?...
2. Do my servers support IPv6?...
3. Can and will my users use IPv6?
2. Do cloud providers support IPv6?
○ AWS
○ GCE
On premises
25. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s assemble our cluster
Cloud
1. Does my OS support IPv6?...
2. Do my servers support IPv6?...
3. Can and will my users use IPv6?
2. Do cloud providers support IPv6?
○ AWS
○ GCE
On premises
1 in 5!
26. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s assemble our cluster
Cloud
1. Does my OS support IPv6?...
2. Do my servers support IPv6?...
3. Can and will my users use IPv6?
2. Do cloud provides support IPv6?
○ AWS
○ GCE
On premises
1 in 5!
27. Is it really worth it? Infrastructure Kubernetes - Does it run?
Let’s go
deep dive!
28. Is it really worth it? Infrastructure Kubernetes - Does it run?
Kubernetes cheat sheet
master
controller-manager
kube-apiserver
kube-scheduler
worker
kubelet
kube-proxy
(cni plugin)
worker
kubelet
kube-proxy
(cni plugin)
worker
kubelet
kube-proxy
(cni plugin)
29. Is it really worth it? Infrastructure Kubernetes - Does it run?
1 - etcd
master
worker
kubelet
kube-proxy
(cni plugin)
worker
kubelet
kube-proxy
(cni plugin)
worker
kubelet
kube-proxy
(cni plugin)
- 53 CLI options (etcd not etcdctl)
30. Is it really worth it? Infrastructure Kubernetes - Does it run?
1 - etcd
master
worker
kubelet
kube-proxy
(cni plugin)
worker
kubelet
kube-proxy
(cni plugin)
worker
kubelet
kube-proxy
(cni plugin)
- 53 CLI options (etcd not etcdctl)
- 5 relevant for IPv6
- --advertise-client-urls 'http://localhost:2379'
- --initial-advertise-peer-urls 'http://localhost:2380'
- --initial-cluster 'default=http://localhost:2380'
- --listen-client-urls 'http://localhost:2379'
- --listen-peer-urls 'http://localhost:2380'
58. Is it really worth it? Infrastructure Kubernetes - Does it run?
Kubernetes cluster
master worker 2
kubelet
kube-proxy
(cni plugin)
controller-manager
kube-apiserver
kube-scheduler
worker 1
kubelet
kube-proxy
(cni plugin)
59. Is it really worth it? Infrastructure Kubernetes - Does it run?
Where’s kube-dns?
master worker 2
kubelet
kube-proxy
(cni plugin)
controller-manager
kube-apiserver
kube-scheduler
worker 1
kubelet
kube-proxy
(cni plugin)
(kube-dns) (kube-dns)
- DNS for the k8s cluster
- Serves all DNS requests
60. Is it really worth it? Infrastructure Kubernetes - Does it run?
Where’s kube-dns?
master worker 2
kubelet
kube-proxy
(cni plugin)
controller-manager
kube-apiserver
kube-scheduler
worker 1
kubelet
kube-proxy
(cni plugin)
(kube-dns) (kube-dns)
- DNS for the k8s cluster
- Serves all DNS requests
- Deployment k8s spec file
- Service k8s spec file
- 1 Change in Deployment file
- probe for AAAA instead of A
--probe=kubedns,[::1]:10053,kubernetes.default.svc.cluster.local,5,AAAA
--probe=dnsmasq,[::1]:53,kubernetes.default.svc.cluster.local,5,AAAA
61. Is it really worth it? Infrastructure Kubernetes - Does it run?
Where’s kube-dns?
master worker 2
kubelet
kube-proxy
(cni plugin)
controller-manager
kube-apiserver
kube-scheduler
worker 1
kubelet
kube-proxy
(cni plugin)
(kube-dns)
62. Is it really worth it? Infrastructure Kubernetes - Does it run?
Where’s ingress?
master worker 2
kubelet
kube-proxy
(cni plugin)
controller-manager
kube-apiserver
kube-scheduler
worker 1
kubelet
kube-proxy
(cni plugin)
(kube-dns)
- NGinx Ingress controller
- Exposes your pods to the outside
- Deployment k8s spec file
- Service k8s spec file
- No changes needed
64. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
65. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
66. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
67. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
68. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
69. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
70. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
71. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
72. Kubernetes - Does it run? Demo Final thoughts
Kubernetes cluster - demo!
worker 2worker 1
kube-dns guestbook
redis-masterredis-slave
73. Demo Final thoughts Questions?
Final thoughts
● Kubernetes has lots of CLI options!
74. Demo Final thoughts Questions?
Final thoughts
● Kubernetes has lots of CLI options!
● IPv6 is coming!
75. Demo Final thoughts Questions?
Final thoughts
● Kubernetes has lots of CLI options!
● IPv6 is coming!
● Kubernetes is getting ready
○ TODO:
■ Dual stack! - GH #27398
■ Kubelet’s node IP option with IPv6 - PR #45551
■ Waive IPv6 prefix size limit for cluster CIDR - PR #52033
■ Kubeadm
76. Demo Final thoughts Questions?
Final thoughts
● Kubernetes has lots of CLI options!
● IPv6 is coming!
● Kubernetes is getting ready
○ TODO:
■ Dual stack! - GH #27398
■ Kubelet’s node IP option with IPv6 - PR #45551
■ Waive IPv6 prefix size limit for cluster CIDR - PR #52033
■ Kubeadm
● Unless you try it you’ll never find out.
77. Final thoughts Questions? Cilium
Thank You!
Q & A
Coming next… @ 2:50 pm in Diamond Ballroom 6 (this room)
Cilium - Container Security and Networking Using BPF and XDP
By Thomas Graf, Covalent
André Martins
DM on twitter: @aanm__
We are on Booth 501
https://www.cilium.io