如何高效可靠进行事件监听，k8s 客户端工具包 client-go 提供了一个通用的 informer 包，通过 informer，可以方便和高效的进行 controller 开发。

随着 Kubernetes 的广泛应用，安全风险也逐渐凸显出来。本文将从 Cloud、Cluster、Container 角度出发，以一种由下至上的方式，列举 Kubernetes 的安全风险，并提供相应的加固建议。

Coban - Grab’s real-time data streaming platform - has been operating Kafka on Kubernetes with Strimzi in production for about two years. In a previous article (Zero trust with Kafka), we explained how we leveraged Strimzi to enhance the security of our data streaming offering.

In this article, we are going to describe how we improved the fault tolerance of our initial design, to the point where we no longer need to intervene if a Kafka broker is unexpectedly terminated.

Modern compute platforms are foundational to accelerating innovation and running applications more efficiently. At Pinterest, we are evolving our compute platform to provide an application-centric and fully managed compute API for the 90th percentile of use cases. This will accelerate innovation through platform agility, scalability, and a reduced cost of keeping systems up to date, and will improve efficiency by running our users’ applications on Kubernetes-based compute. We refer to this next generation compute platform as PinCompute, and our multi-year vision is for PinCompute to run the most mission critical applications and services at Pinterest.

PinCompute aligns with the Platform as a Service (PaaS) cloud computing model, in that it abstracts away the undifferentiated heavy lifting of managing infrastructure and Kubernetes and enables users to focus on the unique aspects of their applications. PinCompute evolves Pinterest architecture with cloud-native principles, including containers, microservices, and service mesh, reduces the cost of keeping systems up to date by providing and managing immutable infrastructure, operating system upgrades, and graviton instances, and delivers costs savings by applying enhanced scheduling capabilities to large multi-tenant Kubernetes clusters, including oversubscription, bin packing, resource tiering, and trough usage.

In this article, we discuss the PinCompute primitives, architecture, control plane and data plane capabilities, and showcase the value that PinCompute has delivered for innovation and efficiency at Pinterest.

弹性云是滴滴内部提供给网约车等核心服务的容器平台，其基于 k8s 实现了对海量 node 的管理和 pod 的调度，本文重点介绍弹性云的调度能力。

本文主要讲述了一些对于k8s多集群管理的思考，包括为什么需要多集群、多集群的优势以及现有的一些基于Kubernetes衍生出的多集群管理架构实践。

初始的 Kubernetes 内部服务向外暴露，使用的是自身的 LoadBlancer 和 NodePort 类型的Service，在集群规模逐渐扩大的时候，这种 Service 管理的方式满足不了我们的需求。

字节跳动用于 Kubernetes 控制平面的追踪系统正式开源，文章邀请项目同学分享其设计与思考，期待反馈与交流。

本文将侧重介绍部署 K8s 环境，在任务开发、任务部署以及任务监控方面的一些实践总结。

Grab’s real-time data platform team, Coban, has been running its stream processing framework on Kubernetes, as detailed in Plumbing at scale. We’ve also written another article (Scaling Kafka consumers) about vertical pod autoscaling (VPA) and the benefits of using it.

本文主要介绍微店通过容器技术搭建机器学习平台的演进过程，特别是离线模型训练任务流程和模型预测在线服务等核心部分的架构设计经验。

分享网易传媒在 Flink on K8S 落地过程中关键问题的解决方案和自研实时计算平台 Riverrun 的特色建设。

随着云原生技术的普及，其暴露出来的攻击面也被黑客们念念不忘，相关的攻击技术也跟着被“普及”，自动化漏洞利用攻击工具更是如雨后春笋般出现在GitHub开源平台，其中比较有代表性的如cdk-team/CDK。

传统意义上说，弹性伸缩主要解决的问题是容量规划与实际负载的矛盾。而云计算为云原生中提供的优势之一就是弹性能力，从Kubernetes实战出发，不管是在业务稳定性保障还是成本治理角度，弹性扩缩容能力都是必要研究方向。

本文主要针对 Serverless Container 技术的特殊性，分享其对 Kubernetes 的架构影响，以及阿里云在Serverless Kubernetes方面架构选择。

本文在大的框架上记录了K8S的架构与原理。