This document provides an overview and agenda for a presentation on secure multitenancy in Kubernetes. It discusses what Kubernetes multitenancy is, available solutions, architectural models for multitenancy including namespace grouping and virtual Kubernetes clusters. It also covers community initiatives for multitenancy control plane including tenant controllers and hierarchical namespaces. The document outlines benchmarking categories and a proposed baseline reference implementation for multitenancy including control plane, data plane, and network isolation techniques.
In this talk we will discuss how to build and run containers without root privileges. As part of the discussion, we will introduce new programs like fuse-overlayfs and slirp4netns and explain how it is possible to do this using user namespaces. fuse-overlayfs allows to use the same storage model as "root" containers and use layered images. slirp4netns emulates a TCP/IP stack in userland and allows to use a network namespace from a container and let it access the outside world (with some limitations).
We will also introduce Usernetes, and how to run Kubernetes in an unprivileged user namespace
https://sched.co/Jcgg
Presented as part of Container Conference 2018: www.containerconf.in
Deep dive into Kubernetes networking
"Container networking is pretty complex and Kubernetes has taken a unique approach to solve container networking challenges. Both simplicity and scalability have been key design principles of Kubernetes networking. This session will illustrate kubernetes networking concepts with examples and demos. Best practises and considerations for deploying container networks in production using Kubernetes will be covered.
This session will also go into latest developments in Kubernetes networking like Network policy and Service policy using Istio."
An in depth overview of Kubernetes and it's various components.
NOTE: This is a fixed version of a previous presentation (a draft was uploaded with some errors)
Kubespray and Ansible can be used to automate the installation of Kubernetes in a production-ready environment. Kubespray provides tools to configure highly available Kubernetes clusters across multiple Linux distributions. Ansible is an IT automation tool that can deploy software and configure systems. The document then provides a 6 step guide for installing Kubernetes on Ubuntu using kubeadm, including installing Docker, kubeadm, kubelet and kubectl, disabling swap, configuring system parameters, initializing the cluster with kubeadm, and joining nodes. It also briefly explains Kubernetes architecture including the master node, worker nodes, addons, CNI, CRI, CSI and key concepts like pods, deployments, networking,
This document provides an overview of cloud native concepts including:
- Cloud native is defined as applications optimized for modern distributed systems capable of scaling to thousands of nodes.
- The pillars of cloud native include devops, continuous delivery, microservices, and containers.
- Common use cases for cloud native include development, operations, legacy application refactoring, migration to cloud, and building new microservice applications.
- While cloud native adoption is growing, challenges include complexity, cultural changes, lack of training, security concerns, and monitoring difficulties.
The document discusses Kubernetes networking. It describes how Kubernetes networking allows pods to have routable IPs and communicate without NAT, unlike Docker networking which uses NAT. It covers how services provide stable virtual IPs to access pods, and how kube-proxy implements services by configuring iptables on nodes. It also discusses the DNS integration using SkyDNS and Ingress for layer 7 routing of HTTP traffic. Finally, it briefly mentions network plugins and how Kubernetes is designed to be open and customizable.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
This document provides an overview of Kubernetes including:
1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications.
2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager.
3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies.
In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace.
By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.
Kubernetes dealing with storage and persistenceJanakiram MSV
Storage is a critical part of running containers, and Kubernetes offers some powerful primitives for managing it. This webinar discusses various strategies for adding persistence to the containerised workloads.
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
This document provides an overview of Docker concepts including containers, images, Dockerfiles, and the Docker architecture. It defines key Docker terms like images, containers, and registries. It explains how Docker utilizes Linux kernel features like namespaces and control groups to isolate containers. It demonstrates how to run a simple Docker container and view logs. It also describes the anatomy of a Dockerfile and common Dockerfile instructions like FROM, RUN, COPY, ENV etc. Finally, it illustrates how Docker works by interacting with the Docker daemon, client and Docker Hub registry to build, run and distribute container images.
Cluster-as-code. The Many Ways towards KubernetesQAware GmbH
iSAQB Software Architecture Gathering – Digital 2022, November 2022, Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware).
== Dokument bitte herunterladen, falls unscharf! Please download slides if blurred! ==
Kubernetes is the de-facto standard when it comes to container orchestration. But why is there is no established, standard and uniform way to spin-up and manage a single or even a whole farm of Kubernetes clusters yet? Instead, a whole bunch of different and mostly incompatible ways towards Kubernetes exist today. Each with its own pros and cons in regards to ease of use, flexibility and many other requirements. In this session we will have a closer look at the different available options to create, manage and operate Kubernetes clusters at scale.
Kubernetes for Beginners: An Introductory GuideBytemark
Kubernetes is an open-source tool for managing containerized workloads and services. It allows for deploying, maintaining, and scaling applications across clusters of servers. Kubernetes operates at the container level to automate tasks like deployment, availability, and load balancing. It uses a master-slave architecture with a master node controlling multiple worker nodes that host application pods, which are groups of containers that share resources. Kubernetes provides benefits like self-healing, high availability, simplified maintenance, and automatic scaling of containerized applications.
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors.
In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others.
I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.
The document provides an overview of Red Hat OpenShift Container Platform, including:
- OpenShift provides a fully automated Kubernetes container platform for any infrastructure.
- It offers integrated services like monitoring, logging, routing, and a container registry out of the box.
- The architecture runs everything in pods on worker nodes, with masters managing the control plane using Kubernetes APIs and OpenShift services.
- Key concepts include pods, services, routes, projects, configs and secrets that enable application deployment and management.
Kubernetes can be complex to manage at enterprise scale! Cloud provider services like Amazon EKS solves the challenge of bringing up a Kubernetes control plane. However, production Kubernetes requires multi-layer security, access controls, load-balancing, monitoring, logging, governance, secrets management, policy management, and several other considerations. In this fast paced talk, we will cover how enterprises can address each of these areas and discuss best practices to fast track deployments.
This document provides an overview of Kubernetes and how Nirmata can help enterprises manage Kubernetes clusters and workloads. It begins with basic Kubernetes concepts like pods, deployments, services, and networking. It then discusses how Nirmata provides centralized management of Kubernetes infrastructure and applications across public and private clouds through its policy engine and integration with DevOps tools. The document concludes by stating that Kubernetes enables enterprise agility when managed with solutions like Nirmata.
The document provides an overview of implementing Software as a Service (SaaS) applications on Kubernetes. It discusses using Kubernetes tools like namespaces, network policies, and resource quotas to provide isolation between tenants. It also covers using custom resource definitions and custom controllers to build APIs for tenant-specific resources. The document outlines an architecture for SaaS on Kubernetes that separates the custom API server from the controller manager and discusses common API endpoints and middleware for authentication and authorization.
Simplify Your Way To Expert Kubernetes ManagementDevOps.com
Kubernetes is a deep and complex technology that is evolving fast with new functionality and a growing ecosystem of cloud-native solutions. While the public cloud delivers an almost frictionless user experience, configuring and managing a production Kubernetes environment is an enormous technical challenge for the majority of enterprises that choose to do so on premises. Without the right approach, operationalizing Kubernetes in the data center can take upwards of 6 months, jeopardizing developer productivity and speed-to-market.
In this webinar, you’ll learn from Nutanix cloud native experts on how to fast-track your way to operationalizing a production-ready Kubernetes environment on-prem.
Specifically, we’ll talk about:
How containerized applications use IT resources (and why legacy infrastructure isn’t built for Kubernetes);
The main advantages of running Kubernetes on prem (as part of a multi-cloud strategy);
Key aspects of Kubernetes lifecycle management that greatly benefit from automation.
Meetup 12-12-2017 - Application Isolation on Kubernetesdtoledo67
Here are the slides I presented on 12-12-2017 at the Bay Area Microservices Meeting. I presented some of the best practices to achieve application isolation on Kubernetes
The document discusses using TOSCA modeling to orchestrate Kubernetes on OpenStack in a hybrid environment. It describes defining custom node types for Kubernetes, MongoDB, and microservices to model the target architecture. Workflows then execute to render the modeled infrastructure by deploying the necessary VMs, containers, and services. Metrics collected by a Diamond container are sent to Riemann, which triggers Kubernetes scaling through the orchestrator when thresholds are breached. TOSCA allows portably modeling multi-cloud orchestrations and hiding cloud implementation details.
Azure meetup cloud native concepts - may 28th 2018Jim Bugwadia
This document provides an overview of cloud-native concepts and technologies like containers, microservices, and Kubernetes. It discusses how containers package applications and provide isolation using technologies like Docker. Microservices are described as a way to build applications as independent, interoperable services. Kubernetes is presented as an open-source system for automating deployment and management of containerized workloads at scale. The document outlines Kubernetes concepts like pods, deployments, services and how they help developers and operations teams manage applications in a cloud-native way.
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
The edge gateway has undergone several evolutions driven by changes in application architecture. Early gateways focused on load balancing and availability but evolved to support APIs and microservices. Adopting microservices and Kubernetes changes the architecture and development workflow, challenging edge management and requiring support for diverse workloads. There are three strategies for managing the edge with Kubernetes - deploying an additional gateway, extending an existing gateway, or deploying an in-cluster edge stack to simplify management. The optimal solution depends on the specific architecture and aims to scale edge management while supporting cloud-native practices.
SoftwareCircus 2020 "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer.
Join this session to learn about:
– The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow
– Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols
– Strategies for exposing Kubernetes services and APIs at the edge of your system
– A brief guide to the (potential) future of cloud native API gateways
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
Kubernetes: від знайомства до використання у CI/CD
Олександр Занічковський
Technical Lead у компанії SoftServe
14+ років досвіду розробки різноманітного програмного забезпечення, як для десктопа, так і для веб
Працював фріланс-програмістом та в команді
Цікавиться архітектурою ПЗ, автоматизацією процесів інтеграції та доставки нових версій продукту, хмарними технологіями
Віднедавна займається менторінгом майбутніх техлідів
У вільний від роботи час грає на гітарі і мріє про велику сцену
Олександр поділиться власним досвідом роботи з Kubernetes:
ознайомить з базовими поняттями та примітивами K8S
опише можливі сценарії використання Kubernetes для CI/CD на прикладі GitLab
покаже, як можна використовувати постійне сховище, збирати метрики контейнерів, використовувати Ingress для роутинга запитів за певними правилами
покаже, як можна самому встановити K8S для ознайомлення чи локальної роботи
Virtual Kubernetes Clusters on Amazon EKSJim Bugwadia
From AWS Community Day 2019!
Learn how to use Kubernetes native constructs to build Virtual Clusters, so that your teams can focus on delivering business value.
Cloud Native ClickHouse at Scale--Using the Altinity Kubernetes Operator-2022...Altinity Ltd
Over the last few years Kubernetes has transitioned from an object of curiosity and fear to a robust platform for big data. Watch this webinar and you will learn how the Altinity Kubernetes Operator for ClickHouse enables users to run high performance analytics on ClickHouse. You will see a simple installation and teach you how to scale it into a cluster that can analyze 100s of terabytes of data. Along the way we’ll share our lessons for ClickHouse on Kubernetes in Altinity.Cloud. We built it on Kubernetes using the Altinity Operator and now run hundreds of clusters in the cloud. You can too!
Building a Kubernetes cluster for a large organisation 101Ed Schouten
Ed Schouten from Prodrive Technologies gave a talk on building a Kubernetes cluster for a large organization. He discussed Prodrive's move to using Kubernetes to provide a standardized development environment for all teams. This included setting up a multi-tenant Kubernetes cluster with simplified role-based access control, automatic namespace and network policies for groups, and resource quotas. Future work may include integrating Kubernetes into more of Prodrive's products and open source contributions.
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
Many engineers are confused about how a cloud-native API gateway relates to Kubernetes Ingress or a Service load balancer. This talk will unravel this confusion.
An API gateway is at the core of how APIs are managed, secured and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud-native space.
Join the expert to experts Daniel Bryant in uncovering the evolution of API gateways over the past ten years and how the original problems they were solving have shifted in relation to cloud-native technologies and workflow.
Current challenges of using an API gateway within Kubernetes: scaling the developer workflow, and supporting multiple architecture styles and protocols
In this talk, you'll learn:
How the evolution of API gateways looks
Strategies for exposing Kubernetes services and APIs at the edge of your system
A brief guide to the (potential) future of cloud-native API gateways
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale
This document summarizes a presentation about how RightScale uses Kubernetes, Terraform, and other tools in their cloud management platform. It discusses how RightScale has transitioned from using Docker containers on individual VMs ("Bay of Containers") to using Kubernetes container clusters in the cloud ("Sea of Containers"). RightScale built custom images with Kubernetes components pre-installed to speed up cluster creation. Terraform is used to provision infrastructure including Kubernetes clusters and integrate with the RightScale platform. The goal was to enable developers to have self-managed Kubernetes clusters using infrastructure as code principles. Key aspects included making clusters disposable while maintaining high availability, and distributing Terraform modules to development teams to simplify cluster creation and management
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. The core components of Kubernetes include Pods to host containers, Nodes to host Pods, and a master control plane for managing the cluster. It uses controllers like Deployments to ensure that the desired number of Pod replicas are running and available.
Kubernetes have been widely adopted. The next challenge of scaling Kubernetes through the organization is multi-tenancy. This session will walk through how we can do multi-tenancy on Kubernetes with access control, fair sharing, and isolation.
Youtube Recorded: https://youtu.be/oCEL-nWhc-w
TechTalkThai Conference: Kubernetes Trends
September 16, 2021
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDaniel Bryant
An API gateway is at the core of how APIs are managed, secured, and presented within any web-based system. Although the technology has been in use for many years, it has not always kept pace with recent developments within the cloud native space, and many engineers are confused about how a cloud native API gateway relates to Kubernetes Ingress or a Service load balancer.
Join this session to learn about:
– The evolution of API gateways over the past ten years, and how the original problems they were solving have shifted in relation to cloud native technologies and workflow
– Current challenges of using an API gateway within Kubernetes: scaling the developer workflow; and supporting multiple architecture styles and protocols
– Strategies for exposing Kubernetes services and APIs at the edge of your system
– A brief guide to the (potential) future of cloud native API gateways
Similar to Kubecon US 2019: Kubernetes Multitenancy WG Deep Dive (20)
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
Cilium is an open source software that provides networking and security for Kubernetes. It implements Kubernetes networking, security policies, load balancing, and service mesh capabilities using eBPF. Cilium provides multi-cluster networking by coupling multiple Kubernetes clusters into a cluster mesh with a shared control plane. It also offers a sidecar-less service mesh that uses eBPF and Envoy for L4 and L7 traffic management instead of injecting proxies into each pod. Demos showed Cilium's multi-cluster load balancing and policies as well as its service mesh capabilities.
Container security within Cisco Container PlatformSanjeev Rampal
The document discusses security within Cisco Container Platform. It provides an overview of the security model and features, including platform hardening through the Cisco Secure Development Lifecycle process, role-based access control for Kubernetes, and secure multi-tenancy capabilities in Kubernetes clusters. It also covers container and Kubernetes security best practices like encryption, authentication, and network policies that are supported in Cisco Container Platform. The presentation concludes with a demo of secure multi-tenancy in Kubernetes clusters.
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
Container networking with Docker Enterprise Edition (EE) and Cisco Contiv allows for:
1) Defining network policies and security controls across virtual and container workloads using Contiv's open source software.
2) Deploying containerized applications on Docker EE across a swarm of nodes using network and security policies defined in Contiv.
3) Integrating Contiv with underlying data center infrastructure like Cisco Application Centric Infrastructure (ACI) to leverage physical network services and policy enforcement.
Presentation + demo at Triangle Kubernetes and Openshift Meetup June 2017. Architecture overview and live demo of Contiv open container networking project working with Red Hat Openshift Container platform.
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
Container networking & policies across mixed cloud environments (containers, VMs, bare metal). Talk & demo at Openstack Summit 2017 Boston.
Video recording of talk: https://www.openstack.org/videos/boston-2017/cisco-networking-policies-across-containers-and-vms
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
How Netflix Builds High Performance Applications at Global ScaleScyllaDB
We all want to build applications that are blazingly fast. We also want to scale them to users all over the world. Can the two happen together? Can users in the slowest of environments also get a fast experience? Learn how we do this at Netflix: how we understand every user's needs and preferences and build high performance applications that work for every user, every time.
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
3. • Overview and Architecture
• What is Kubernetes Multitenancy ?
• Architectural models for Multitenancy
• Community initiatives: Multitenancy control plane
• Tenant controller & namespace grouping
• Hierarchical namespaces
• Virtual clusters
• Community initiatives: Data plane and benchmarking
• Benchmarking
• Data plane models
• Demo
• Q & A
Agenda
5. • What is it ?
• Ability to share a Kubernetes cluster between multiple independent teams
• Why is it useful ?
• Improved resource efficiencies (esp when move to containers on BM)
• Reduced cluster sprawl
• Lower capex and opex for the cluster operator
• Resource usage burstability -> Higher application performance
• Essentially a bin-packing & statistical multiplexing problem
• Potential challenges
• Kubernetes not designed for Multitenancy at its core
• Unlike say Openstack, there are no core K8s resources for ”Users”, “Tenants”, “Projects”
• Wide spectrum of loosely defined scenarios and potential use case
• Defining “Standardization” vs best practice vs implementation choice
What is Kubernetes Multitenancy ?
6. The community feels this area needs work
• The New Stack poll (newstack.io November 2019)
7. • Categories of Multitenancy (high level use cases)
• “Soft” Multitenancy
• Ex. Multiple teams within the same enterprise sharing a K8S cluster
• “Hard” Multitenancy
• Ex. Service provider hosting multiple independent tenants on a shared cluster
• “Coke & Pepsi on the same K8s cluster”
• Other
• SaaS multitenancy
What is Kubernetes Multitenancy ? …
8. • Available solutions
1. Community Kubernetes + DIY solution using namespaces, network
policies etc
2. Vendor/ commercial distributions with features built on these
• E.g. Openshift “Projects”, Rancher “Projects”
3. Emerging community initiatives tracked within K8s Multitenancy
Working group & others
What is Kubernetes Multitenancy ? …
9. Architectural Models
VM VM VM
Hypervisor
k8s1 k8s2 k8s3
IaaS
ex. vSphere
k8s
cluster
mgmt
T1 T2 T3
BM BM BM BM
BM BMBMBM
ns1 ns2 ns3 ns-a ns-b ns-x ns-y
K8S
T1 T2 T3
Super K8S
BM BM BM BM
k8s1 k8s2 k8s3
T1 T2 T3
BM BMBMBM
K8S T1 T2 T3
A
B
C
D
10. Architecture Options
Multitenancy
Architecture Model
Resource
efficiency
Level of
Tenant
isolation
Tenant/
application
Config
restrictions
All “Cloud
Native”
architecture
Architecture maturity &
production readiness
A: Multiple K8S
clusters on top of a
Virtualization IaaS
Low-
medium
High No No (multiple
separate
platforms,
orch.)
Medium-High
B: Namespace
grouping with
Tenant resources
High Medium-
High
Some
restrictions
eg cluster
scoped rescs.
Yes Medium
C: Virtual
Kubernetes Clusters
High High No (?) Yes Early
D: Core Kubernetes
change (Tenant as
1st class resource)
High High No (?) Yes (in
theory)
Very low (design does
not exist)
11. Mapping Tenants, Applications, Services
Tenant-1
Application-1
Namespace-1
S1 S2 S3
Tenant-1
Application-1
N1
S1 S2 S3
N2 N3
Tenant-1
Application-1
N1
S1 S2 S3
N2
Virtual
Cluster1
Application-2
S4
N3 N4 N5 N6
1 tenant <> 1 app <> 1 NS
(M micro-services all in 1 NS)
Need to resolve naming conflicts
1 tenant <> 1 app <> M NS
(1 service per NS)
Better service portability
1 tenant <> M apps <> mix of H-NSs & VCs
12. Tenant vs Application Security Responsibility Model
Tenant-A
resources
Tenant-B
resources
Cluster control
Plane resources
(k8s, monitoring etc)
Cluster and provider infrastructure resources
Application Security tools
e.g. Aqua
14. Operational Model: Personas and workflows
Cluster-admin provisions K8S
cluster with 1 (of N)
recommended security profiles
Cluster-admin provisions
Tenant template and
Namespace template objects
Cluster-admin Tenant-admin Tenant-user
Tenant-admin provisions a
new tenant referring to
these templates
Tenant-admin provisions access
controls for the new tenant including
other admins & non-admin user RBAC
Tenant-user provisions
namespace scoped k8s
resources within tenant
Tenant-admin performs CRUD
operations and tenant life cycle
mgmt. on the tenant resource itself
15. Tenant Operator Model
• Self-service or Admin-
provisioned Tenants
• Each Tenant-CR manages a
collection of namespaces,
virtual clusters and associated
resources via corresponding
CRs that eventually own those
K8s resouces
• Named admins + named
resource RBAC
17. Team NS
Hierarchical Namespace Controller
• Propagates policy objects from parents to
children
• Hardcoded list in v0.1 (Nov), aim to be
configurable in v0.3 (early 2020)
• Self-service subnamespaces
• No need for cluster-level privileges to create
subnamespaces
• Hierarchical authz checks
• “Subadmins” cannot deprive “superadmins”
of access
• Integrations via K8s labels
• Namespaces receive labels indicating the
subtrees they’re in.
Org NS
Service 1 NS Service 2 NS
SRE RBAC Network Policy
SRE RBAC Network Policy
Dev RBAC Team secrets
SRE RBAC Network Policy
Dev RBAC Team secrets
SRE RBAC Network Policy
Dev RBAC Team secrets
Original objects
Propagated
objects
Hierarchical config
Hierarchical configHierarchical config
21. Multitenancy Benchmarks
• Goals: validate whether multi-tenancy has been achieved, independently of how its configured
• Decouple how multi-tenancy is provisioned and managed from the desired state.
• Define the desired states for multi-tenancy
• Provide automated tests for validating the desired states
MT Profile Level Intent
Level 1 Uses K8s API objects; can be manually configured; limited tenancy features
Level 2 Level 1 + allow extensions for self-service DevOps i.e. namespace creation, etc.
Level 3 Level 2 + ability to create CRDs,etc. (virtual control plane)
22. • Categories:
1. Control Plane Isolation (CPI)
2. Tenant Isolation (TI)
3. Network Isolation (NI)
4. Host Isolation (HI)
5. Data Isolation (DI)
6. Fairness (FNS)
7. Self-Service Operations (OPS)
• Formatted similar to CIS benchmarks
• Test suite implemented using k8s e2e tests framework
• Open development model: community submits PRs for candidate benchmark
tests and implementations
Benchmark Categories & Formal Definition
23. • Profile Applicability:
• Level 1
• Type:
• Behavioral Check
• Category:
• Control Plane Isolation
• Description:
• Tenants should not be able to …
• Rationale:
• Tenants should not be able to access control
plane resources ...
Example: MTB-PL1-CC-CPI-1
• Audit:
• Run the following commands to retrieve
the list of non-namespaced resources:
• kubectl --kubeconfig cluster-admin api-
resources --namespaced=false For all non-
namespaced resources, and each verb
(get, list, create, update, patch, watch,
delete, and deletecollection) issue the
following commands:
• kubectl --kubeconfig tenant-a auth can-i
<verb> <resource> Each command must
return 'no'
24. Example Baseline Reference Implementation:
• Control Plane:
• Namespace Grouping Model (Tenant Operator based)
• Data Plane:
• containerD/ CRI-O runtime
• Container sandboxing
• Pod Security Policy (+Apparmor, Seccomp)
• Kata containers
• K8s Network Policy
• (CNI vendor specific) Global Network Policy
• Supported by Calico, Cisco ACI, Cilium, (others ?)
• Dynamic policy admission controller/ framework
• Open Policy Agent/ Gatekeeper/ Kyverno/ K-rail ..
25. Network Policy: Global Policy + K8s Policy
• Current K8s Network Policy is namespace scoped only non-ideal for Multi-tenancy
• Recommendation: Use a combo of K8s Network Policy + (CNI-specific) Global Network Policy
• Global Network Policy: Tool for Cluster Admin to isolate tenants
• K8s Network Policy: Developers, Devops use for micro-segmentation
Tenant-1 Tenant-2
Global nw policy rule
For tenant isolation
K8s nw policy rules for
App team microsegmentation
29. Where to find us
• Home page: https://github.com/kubernetes-sigs/multi-tenancy/
• https://github.com/kubernetes/community/tree/master/wg-
multitenancy
• Slack channel: Kubernetes Slack, #wg-multitenancy
• Google Group: https://groups.google.com/forum/#!forum/kubernetes-
wg-multitenancy
• Bi-weekly meeting (join google group for invite)
• Tuesday 11am Pacific Time