diff --git a/ishenwei/blogwatcher/2026-04-29.md b/ishenwei/blogwatcher/2026-04-29.md new file mode 100644 index 00000000..2818374a --- /dev/null +++ b/ishenwei/blogwatcher/2026-04-29.md @@ -0,0 +1,268 @@ + +## 📦 新增 77 篇 (06:02:17) + +### 【Tech With Tim - YouTube】 + +- [I gave Claude its own database, here's what happened](https://www.youtube.com/watch?v=vJBAzdOACD8) + Use ghost.build for free to add persistent memory and disposable databases to claude: https://b.link/ghost-twtIn this video, I show you how to connect... + +### 【Jon Law - YouTube】 + +- [11 Best Platforms for Business Owners to Automate](https://www.youtube.com/watch?v=lLiMDwWowL4) + #RemitlyPartner Use code BUSINESS to get a $/£100 promo after you send a single business transfer of $/£300 or more from the USA, Canada or UK. To red... + +### 【huangyihe - YouTube】 + +- [AI时代,怎么做产品?怎么做公司?](https://www.youtube.com/watch?v=b8dTUrP8F9w) + ⭐️ 更多内容 👇X: https://x.com/huangyiheSubstack: https://www.newtype.proGitHub: https://github.com/newtype-01/newtype-os===========================关于本期视频=... + +### 【惫懒の欧阳川 - YouTube】 + +- [【VCP】小白必看!VCP云端0部署,一键启动-10分钟搞定前后端!#AI #人工智能 #Agent #VCP #云部署](https://www.youtube.com/watch?v=xyuxqGcAd-c) + 【VCP】小白必看!VCP云端0部署,一键启动-10分钟搞定前后端!#AI #人工智能 #Agent #VCP #云部署 #VCPToolBox 【視頻内容 】---------------------------------------------------------- 又一期重磅教程来了!经... + +### 【TEDx Talks - YouTube】 + +- [3 ways to set boundaries (without saying "no") | Raluca Hancu | TEDxHeilbronn](https://www.youtube.com/watch?v=F2Zm1yx0Doo) + Raluca Hancu shows how boundaries don’t have to block connection, they can strengthen it. Using stories from her own motherhood and the psychology of ... + +- [What if Belonging Rewards Disappearing | Diane Marie Pisera | TEDxStamford](https://www.youtube.com/watch?v=3ZQrNJZZG2Y) + In “What If Belonging Rewards Disappearing?”, Diane draws from her experience immigrating from Italy to the United States to explore how early adaptat... + +- [Session 1: Roots | Yasemin TUR | TEDxMustafa Kaynak Anadolu High School](https://www.youtube.com/watch?v=3VJTil6zfs8) + We all think the path to success lies in knowing exactly "what we want." But what if true freedom begins the moment we realize what we don't want?In t... + +- [Session III: Transformation | Nalan Kaynak | TEDxMustafa Kaynak Anadolu High School](https://www.youtube.com/watch?v=Hx1ZnW5-dHM) + In her inspiring talk, **Nalan Kaynak**, the founder of OKİSDER, shares her profound dedication to educational support. She highlights that their init... + +- [Jak zmienić świat widząc więcej | Magda Chołyst | TEDxGdansk](https://www.youtube.com/watch?v=9JvAq2CfCek) + Wideo opowiada o widzeniu jako czymś znacznie więcej niż tylko procesem biologicznym. Autorka, bazując na własnym doświadczeniu utraty wzroku, pokazuj... + +- [Nocą ostrzał rano praca. Czego nauczył mnie Kijów o wojnie i życiu | Klaudia Brzezińska | TEDxGdansk](https://www.youtube.com/watch?v=gSSPzODWpBA) + Wideo opowiada o doświadczeniu życia w Kijowie podczas wojny i pokazuje, jak bardzo rzeczywistość konfliktu różni się od tego, co widzimy z zewnątrz. ... + +- [Przestrzenie, w których rośnie odwaga | Alicja Świtlik | TEDxGdansk](https://www.youtube.com/watch?v=_2VkeBKJP6E) + Wideo pokazuje, jak ogromny wpływ na rozwój młodych ludzi ma środowisko, w którym funkcjonują. Autorka, opierając się na własnych doświadczeniach prac... + +- [Kto zostaje kiedy Ciebie nie ma? Co odróżnia społeczność od publiczności | Olga Koenig | TEDxGdansk](https://www.youtube.com/watch?v=g3E9j3jKALQ) + Wideo porusza temat różnicy między publicznością a społecznością, pokazując, dlaczego te pojęcia – choć często używane zamiennie – oznaczają zupełnie ... + +- [A Transatlantic Leadership Story: From American To Nigeria | Prof. Dewayne Frazier O | TEDxJimeta](https://www.youtube.com/watch?v=utkZrx3meQk) + In this engaging talk, Dewayne Frazier shares lessons from his leadership journey across cultures, reflecting on his experiences living and working in... + +- [Redefining Beauty: Confidence Beyond Hair and Filters | Aiswarya Kiran | TEDxAGBS Kochi](https://www.youtube.com/watch?v=NEEvfF5LWLA) + Aiswarya Kiran is an inspiring content creator who turned her struggle with alopecia into a source of strength. After being diagnosed, she researched ... + +### 【Greyson Zhang - YouTube】 + +- [【YouTube縮圖教學2026】用Canva製作高點擊縮圖(完整指南)](https://www.youtube.com/watch?v=Rbksk7eTFro) + 加入最好的創作者成長搞錢社群 👉 https://www.greysonzhang.com/membership免費公開課|2026 YouTube 成長藍圖 👉 https://www.greysonzhang.com/2026-yt一對一咨詢 👉 https://calendly.com/gre... + +### 【Coursera - YouTube】 + +- [How Consumer Insights Shape Beauty Products](https://www.youtube.com/watch?v=E9fKbo93X54) + Why do some beauty products feel like they were made just for you? This lecture explores how consumer insights guide cosmetic innovation—helping brand... + +- [How to Become a Penetration Tester](https://www.youtube.com/watch?v=eoByKevfMc4) + Cyberattacks happen constantly, but skilled professionals are trained to stop them before damage is done. This video breaks down how to become a penet... + +### 【Reuters - YouTube】 + +- [King Charles says resolve seen after 9/11 needed for Ukraine](https://www.youtube.com/watch?v=RhkomQAJW4g) + Britain's King Charles told the US Congress that the same ‘unyielding resolve’ seen after the September 11, 2001, attacks on the United States was ‘ne... + +- [King Charles promotes US-UK unity in speech to Congress](https://www.youtube.com/watch?v=OgI7Xkfql9w) + Britain's King Charles told the US Congress that despite an age of uncertainty and conflict in Europe and the Middle East, the UK and the US will alwa... + +- [Cheers of joy as stranded whale guided onto rescue barge](https://www.youtube.com/watch?v=Ortp1ZJnUCQ) + Relief and joy were palpable as rescue workers tugged and guided a humpback whale stranded off Germany's Baltic coast into a floating tank within a ba... + +- [Oracle, CoreWeave lead AI selloff on OpenAI growth concerns](https://www.youtube.com/watch?v=iEamSEKpNII) + Shares of artificial intelligence-related firms dropped after the Wall Street Journal reported that OpenAI had missed its goals for new users and reve... + +- [UPS shares fall after warning of Iran war fuel spike risk](https://www.youtube.com/watch?v=gr20HLoCtHI) + United Parcel Service reiterated its full-year revenue target despite projecting a return to growth in the June quarter, as soaring fuel prices from t... + +- [UAE quits OPEC in major blow to global oil producers' group](https://www.youtube.com/watch?v=TcJxfDnMMxE) + The United Arab Emirates said it was quitting OPEC and OPEC+, dealing a heavy blow to the oil exporting groups and their de facto leader, Saudi Arabia... + +- [Anti-illegal immigration protesters march in South Africa](https://www.youtube.com/watch?v=S2Yz1li3XyI) + South African protesters marched to the Union Buildings in Pretoria to demand tougher action against illegal immigration, saying undocumented foreign ... + +- [Border residents flee amid Pakistan-Afghanistan shelling](https://www.youtube.com/watch?v=-hMYpAgVuoo) + Residents near Pakistan's border city of Chaman surveyed damaged houses and fled the area after days of cross-border shelling from Afghanistan. The fi... + +- [Five wounded in two Athens shootings, 89 year old man detained](https://www.youtube.com/watch?v=nFlJTsUhw9g) + An 89-year-old man was arrested after shooting incidents in Athens, Greece, left five people wounded at a social security agency and a court building.... + +- [Trump says his mother 'had a crush' on a young King Charles](https://www.youtube.com/watch?v=tWyga3mEzns) + US President Trump said that his late mother loved the royal family and at one time ‘had a crush’ on a young Prince Charles, who would later become ki... + +### 【BBC News 中文 - YouTube】 + +- [支付平台與電騙集團關聯被凍結 中國示威者柬埔寨爆衝突 - BBC News 中文](https://www.youtube.com/watch?v=d6TQfpJUYrc) + 數十名中國示威者在4月27日聚集柬埔寨國家銀行外抗議,要求解凍他們在「匯旺支付」平台開設的帳戶。抗議演變為與保安人員肢體衝突,有人流血受傷。匯旺集團被指與網絡詐騙有關,旗下網上支付平台的帳戶自去年12月起被凍結。集團前董事長李雄於4月1日被遣返中國,中國當局指控他是跨國詐騙集團核心成員,與早前落網的... + +### 【理想生活实验室】 + +- [雀巢正式确认出售,蓝瓶咖啡即将和瑞幸成为一家,你会有怎样的期待?](http://www.toodaylab.com/84013) + 4 月 23 日,雀巢集团在公布 2026 年第一季度财报时正式确认已达成出售 Blue Bottle Coffee 蓝瓶咖啡的协议,公司已同意将蓝瓶出售给大钲资本(Centurium Capital),在满足相关条件后,交易预计会在 2026 年上半年完成。这意味着 3 月 4 日多家媒体报道的大... + +### 【阿榮福利味 - 免費軟體下載】 + +- [7-Zip 26.01 免安裝中文版 - 免費壓縮軟體](https://www.azofreeware.com/2006/05/7-zip-440-beta.html) + 7-Zip 是一套必裝的免費壓縮軟體,不僅壓縮比高(不遜於 WinRAR)、支援很多格式而且還具中文介面,甚至於會擋掉內含 *.exe 壓縮檔的 Gmail,都可以用他的壓縮格式 *.7z 來輕鬆闖關!支援壓縮及解壓縮格式:7z、ZIP、GZIP、BZIP2、TAR,支援解壓縮格式:RAR、CAB、... + +- [[正版購買] Movavi Video Editor 2026 (26.14) 中文版 - 影片編輯軟體](https://www.azofreeware.com/2017/10/movavi-video-editor-plus.html) + 影片編輯軟體 - Movavi Video Editor(原:Movavi Video Editor Plus),功能強大且簡單易用的影片編輯工具,可以分割、合併影片而無損畫質,套用各種影片特效及濾鏡,旋轉、剪裁、加入背景音樂、加入標題、加入音樂、加入配音...等等,改善及轉換音訊,並將影片儲存為方... + +- [DesktopOK 12.49 免安裝中文版 - 儲存並還原桌面小圖示排列位置](https://www.azofreeware.com/2013/11/desktopok-368.html) + 儲存並還原桌面小圖示排列位置 - DesktopOK,你是否因為要用電腦做簡報或其他事情而常常變更螢幕解析度?如果是,那應該會常常遇到切換回正常解析度之後,桌面小圖示的排列位置就亂掉了!此軟體可以記憶每個小圖示的儲存位置(座標),當桌面小圖示排列位置又亂掉時,只要按一下還原就可以恢復原狀了。(阿榮福... + +- [[正版購買] 4K Video Downloader+ 26.1.1.0355 免安裝中文版 - 影音網站影片下載神器 Bilibili 下載 1080p](https://www.azofreeware.com/2019/12/4k-video-downloader.html) + 影音網站影片下載神器 - 4K Video Downloader+,可以下載高畫質影片(最高支援 4K、8K 畫質)、高音質音樂、播放清單,甚至整個頻道,支援 YouTube、Vimeo、TikTok、SoundCloud、Facebook、Twitch、Bilibili 等影音網站,付費版有訂閱頻... + +- [[正版購買] 4K YouTube to MP3 26.1.1.0355 免安裝中文版 - 影片轉 mp3 軟體 把影片下載為 mp3](https://www.azofreeware.com/2020/01/4k-youtube-to-mp3.html) + 影片轉 mp3 軟體 - 4K YouTube to MP3,只要貼上線上影片的網址,就可以將影片下載為 MP3 音樂(或 OGG、M4A),預設儲存位置是本機的音樂資料夾(Music),支援 YouTube、VEVO、SoundCloud、Facebook 等網站,付費版提供無限量播放清單下載、無... + +- [MediaHuman YouTube to MP3 Converter 3.9.20 中文版 - 線上影片轉 MP3 軟體](https://www.azofreeware.com/2023/12/mediahuman-youtube-to-mp3-converter.html) + 線上影片轉 MP3 軟體 - MediaHuman YouTube to MP3 Converter,支援 YouTube、Vimeo、SoundCloud、Mixcloud 等平台,可以從播放清單或頻道下載所有音樂,最高音質可達到 320 kbps,可以同時下載多個音樂,內建簡單的標籤編輯器,支援... + +- [[正版購買] AnyDesk 9.7.1 免安裝中文版 - 遠端電腦遙控軟體 取代 Teamviewer](https://www.azofreeware.com/2014/08/anydesk-111-beta-teamviewer.html) + 遠端電腦遙控軟體 - AnyDesk,能夠取代「Teamviewer」的軟體,只需要透過一組數字就可以連線到對方電腦,預設不使用連線密碼,但必須等待對方同意,也可以設定密碼並無需同意,按「Ctrl+Alt+Del」的功能、文字對談、連線加密(TLS1.2)、螢幕擷取...等功能都有,還可以設定連線時... + +### 【Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics】 + +- [Texas Instruments made a new flagship graphing calculator: the TI-84 Evo](https://www.engadget.com/mobile/texas-instruments-made-a-new-flagship-graphing-calculator-the-ti-84-evo-201903438.html?src=rss) + Texas Instruments graphing calculators have helped many a student with algebra, pre-calculus and upside-down anatomical slang. Now, the company is bac... + +- [iOS 27 will reportedly come with new AI-powered photo editing tools](https://www.engadget.com/ai/ios-27-will-reportedly-come-with-new-ai-powered-photo-editing-tools-194119562.html?src=rss) + Apple reportedly plans to fix bugs and expand the capabilities of Apple Intelligence with the release of iOS 27, iPadOS 27 and macOS 27 year, and it s... + +- [NVIDIA starts offering a 12GB version of the 5070 for laptops](https://www.engadget.com/computing/laptops/nvidia-starts-offering-a-12gb-version-of-the-5070-for-laptops-180057515.html?src=rss) + NVIDIA is releasing a new variant of its 5070 GPU for laptops. Nestled in a blog post about the latest version of its Game Ready Drivers, the company ... + +- [Games Done Quick will host its first ever event in Europe](https://www.engadget.com/gaming/games-done-quick-will-host-its-first-ever-event-in-europe-170637194.html?src=rss) + Games Done Quick, the charity video game speedrunning series, is making its European debut in a live event at Germany’s Gamescom this summer. GDQ’s ma... + +- [Snapchat is rolling out sponsored AI agents](https://www.engadget.com/ai/snapchat-is-rolling-out-sponsored-ai-agents-162720124.html?src=rss) + It was only a matter of time before they found a way to use AI agents as corporate shills. On Tuesday, Snapchat rolled out AI Sponsored Snaps, a "new ... + +- [Google Translate uses AI to help you practice pronunciation](https://www.engadget.com/ai/google-translate-uses-ai-to-help-you-practice-pronunciation-160000542.html?src=rss) + Google is celebrating Translate’s 20th birthday by launching pronunciation practice, which the company says is one of the most requested features for ... + +- [Google and the Pentagon sign classified deal to give the Department of Defense unfettered access to its AI models](https://www.engadget.com/ai/google-and-the-pentagon-sign-classified-deal-to-give-the-department-of-defense-unfettered-access-to-its-ai-models-155211834.html?src=rss) + Google has signed a deal that allows the US Department of Defense to use its AI models for "any lawful government purpose." This is according to a rep... + +- [The FTC says Americans lost at least $2.1 billion to social media scams in 2025](https://www.engadget.com/social-media/the-ftc-says-americans-lost-at-least-21-billion-to-social-media-scams-in-2025-152846798.html?src=rss) + Americans lost at least $2.1 billion in 2025 to scams that originated on social media, according to the Federal Trade Commission. That figure marks an... + +- [Ted Lasso’s fourth season starts August 5](https://www.engadget.com/entertainment/streaming/ted-lassos-fourth-season-starts-august-5-150337209.html?src=rss) + It turns out you can go back again, especially if you win a pile of awards, mint a crop of stars and turn a potentially obscure sitcom into Apple’s bi... + +- [Trump administration is paying more companies to abandon offshore wind projects](https://www.engadget.com/science/trump-administration-is-paying-more-companies-to-abandon-offshore-wind-projects-150216769.html?src=rss) + The Trump Administration has signed deals with two major energy companies to abandon their respective offshore wind farms, with both firms agreeing to... + +### 【小众软件】 + +- [PowerToys v0.99.0 发布,距离 v0.100 更近了](https://www.appinn.com/powertoys-v0-99-0/) + 微软的 PowerToys v0.99.0 今日发布,新增两个实用工具:不用点标题栏就能拖动窗口,另一个是直接在托盘里调显示器亮度、对比度。另外继续修复命令面板等功能,整体更稳定,为 v0.100发布做最后准备。@Appinn 是的,只有 v0.100,没有 v1.0。 PowerToys v0.9... + +- [作为 Snipaste 付费用户,试完 PixPin 3 我动摇了,就差最后一点细节](https://www.appinn.com/pixpin-3/) + 备受好评的 Windows/macOS 跨平台截图 PixPin 进入 3.x 时代,目前最新版本 v3.1.4.0,主要更新:全新界面、接入 AI 提升识别与翻译,以及新增自动马赛克、贴图穿透、条码识别等功能。@Appinn PixPin 3 新增功能 新增功能 说明 全新界面(UI 重构) 界面... + +- [小米 MiMo 百万亿 Token 创造者激励计划|送 Token 了](https://www.appinn.com/xiaomi-mimo-orbit/) + 小米上线了一个百万亿 Token 创造者激励计划 Xiaomi MiMo Orbit,只需要填写表单,就能获得小米「在 30 天内发放总计 100 万亿 Token 权益,完全免费」。 具体步骤 访问该页面,点击立即申请,然后根据页面填写即可。 不过 既然都是大模型了,是不是可以这样: 这件事情交给... + +### 【TED Talks Daily】 + +- [You got what you wanted. Now what? | Debbie Millman](http://go.ted.com/debbiemillman26) + Over two decades of interviewing countless creative people, Debbie Millman (host of the iconic "Design Matters" podcast) had a realization: the pride ... + +### 【Slashdot】 + +- [Apple Vision Pro Used In World-First Cataract Surgery](https://science.slashdot.org/story/26/04/28/1923255/apple-vision-pro-used-in-world-first-cataract-surgery?utm_source=rss1.0mainlinkanon&utm_medium=feed) + Apple's Vision Pro has been used in what's described as the world's first cataract surgery performed with the headset. MacRumors reports: [New York op... + +- [Sony Rolls Out 30-Day Online DRM Check-In For PlayStation Digital Games](https://games.slashdot.org/story/26/04/28/1919200/sony-rolls-out-30-day-online-drm-check-in-for-playstation-digital-games?utm_source=rss1.0mainlinkanon&utm_medium=feed) + Sony is reportedly rolling out a 30-day online check-in requirement for some digital PS4 and PS5 games, meaning players could temporarily lose access ... + +- [Apple Introduces a Cheaper Option For App Store Subscriptions](https://news.slashdot.org/story/26/04/28/1913247/apple-introduces-a-cheaper-option-for-app-store-subscriptions?utm_source=rss1.0mainlinkanon&utm_medium=feed) + Apple is adding a new App Store subscription option that lets developers offer lower monthly prices in exchange for a 12-month commitment. "This model... + +- [The Bloomberg Terminal Is Getting an AI Makeover](https://news.slashdot.org/story/26/04/28/1832202/the-bloomberg-terminal-is-getting-an-ai-makeover?utm_source=rss1.0mainlinkanon&utm_medium=feed) + An anonymous reader quotes a report from Wired: For its famous intractability, the Bloomberg Terminal has long inspired devotion, bordering on obsessi... + +- [Google and Pentagon Reportedly Agree On Deal For 'Any Lawful' Use of AI](https://tech.slashdot.org/story/26/04/28/1634227/google-and-pentagon-reportedly-agree-on-deal-for-any-lawful-use-of-ai?utm_source=rss1.0mainlinkanon&utm_medium=feed) + Google has reportedly signed a classified agreement allowing the Pentagon to use its AI models for "any lawful government purpose." While the deal is ... + +- [UAE To Leave OPEC Amid Hormuz Oil Crisis](https://news.slashdot.org/story/26/04/28/1622229/uae-to-leave-opec-amid-hormuz-oil-crisis?utm_source=rss1.0mainlinkanon&utm_medium=feed) + fjo3 writes: The United Arab Emirates announced Tuesday that it would exit the Organization of the Petroleum Exporting Countries (source paywalled; al... + +- [Bay Area Homeowner Offers Property In Exchange For Anthropic Stock](https://slashdot.org/story/26/04/28/0429234/bay-area-homeowner-offers-property-in-exchange-for-anthropic-stock?utm_source=rss1.0mainlinkanon&utm_medium=feed) + Bay Area homeowner and investment banker Storm Duncan is trying to swap a 13-acre Mill Valley property for Anthropic equity instead of cash. He create... + +- [Supreme Court Hears Case On How To Label Risks of Popular Weed Killer](https://yro.slashdot.org/story/26/04/28/0421237/supreme-court-hears-case-on-how-to-label-risks-of-popular-weed-killer?utm_source=rss1.0mainlinkanon&utm_medium=feed) + An anonymous reader quotes a report from NPR: A divided U.S. Supreme Court on Monday heard a dispute over labels on the popular Roundup weed killer, w... + +- [The Silent Frequency That Makes Old Buildings Feel Haunted](https://science.slashdot.org/story/26/04/28/0413216/the-silent-frequency-that-makes-old-buildings-feel-haunted?utm_source=rss1.0mainlinkanon&utm_medium=feed) + Researchers say infrasound -- low-frequency vibrations from things like pipes, HVAC systems, and traffic that humans can't consciously hear -- may hel... + +- [Trump Administration Will Pay More Energy Firms to Cancel Wind Farms](https://hardware.slashdot.org/story/26/04/28/041256/trump-administration-will-pay-more-energy-firms-to-cancel-wind-farms?utm_source=rss1.0mainlinkanon&utm_medium=feed) + The Trump administration says it will reimburse energy companies $885 million to cancel two planned offshore wind farms, with the firms in turn agreei... + +### 【AI (artificial intelligence) | The Guardian】 + +- [UK must seize initiative on AI or be left at its mercy, Liz Kendall says](https://www.theguardian.com/technology/2026/apr/28/uk-must-seize-ai-initiative-or-be-left-at-the-mercy-of-the-future-liz-kendall-warns) + Technology secretary speaks amid concerns country is struggling to make its own way in AIBritain must seize the initiative on artificial intelligence ... + +- [‘Stole a charity’: Elon Musk accuses Sam Altman of betrayal in courtroom showdown](https://www.theguardian.com/technology/2026/apr/28/sam-altman-open-ai-elon-musk-trial) + Trial is culmination of a years-long feud between Musk and Altman that has become increasingly viciousThe trial pitting Elon Musk against Sam Altman a... + +- [Google reportedly signs classified AI deal with US Pentagon](https://www.theguardian.com/technology/2026/apr/28/google-classified-ai-deal-pentagon) + Tech company is latest Silicon Valley firm to sign agreement with US military despite widespread employee oppositionGoogle has reportedly signed a dea... + +- [The personal pettiness of the Elon Musk v OpenAI trial](https://www.theguardian.com/technology/2026/apr/28/elon-musk-sam-altman-openai) + In theory, Musk and Altman’s court fight could pose key questions about AI safety – in reality, it’s motivated by money and personal grievanceSign up ... + +- [If it feels like the world is rejecting science and truth, here are five ways to fight back | Helen Pearson](https://www.theguardian.com/commentisfree/2026/apr/28/world-rejecting-science-truth-five-ways-fight-back) + All of us can choose to consider facts, not vibes, in our next decision. One simple hack is go and look up some easily accessible peer-reviewed studie... + +- [Tell us: have you become emotionally attached to AI?](https://www.theguardian.com/technology/2026/apr/28/tell-us-have-you-become-emotionally-attached-to-ai) + We would like to hear from people who converse with AI chatbots on a personal levelLots of people now use chatbots as personal assistants, sometimes t... + +- [‘They’re supposed to be handmade’: zine creators fight to resist AI influence](https://www.theguardian.com/technology/2026/apr/28/zine-creators-fight-to-resist-ai-influence) + Artists and writers argue scrappy nature of self-published booklets is incompatible with artificial intelligenceThe self-published zine has long been ... + +- [Tech giants face new levy to pay for Australian news as Meta calls position ‘simply wrong’](https://www.theguardian.com/australia-news/2026/apr/28/albanese-tech-companies-australian-media) + Google also rejects need for reform after Albanese government reveals draft news bargaining incentive scheme Follow our Australia news live blog for l... + +- [Humanoid robots to become baggage handlers in Japan airport experiment](https://www.theguardian.com/world/2026/apr/28/humanoid-robots-baggage-handlers-japan-airports) + Japan Airlines will introduce the robots for trial run at a Tokyo airport amid country’s surge in inbound tourism and worsening labour shortagesJapan’... + +### 【WSJ.com: World News】 + +- [King Charles Urges Trump Not to Abandon Special Relationship With U.K.](https://www.wsj.com/world/uk/king-charles-speech-congress-trump-white-house-08729161) + The British monarch celebrated “one of the greatest alliances in history” in a rare address to Congress.... + +- [Ukraine Hits Russia’s Oil Machine, but Struggles to Dent Its Economy](https://www.wsj.com/world/russia/ukraine-hits-russias-oil-machine-but-struggles-to-dent-its-economy-8e8d0322) + Drone strikes on refineries and ports have caused some disruption but had little impact on Moscow’s oil revenues.... + +- [U.A.E.’s OPEC Exit Deals Major Blow to Cartel Amid Middle East Oil Squeeze](https://www.wsj.com/world/middle-east/u-a-e-to-leave-opec-opec-2368bbd6) + The Gulf state said the move would help it meet changing demand but analysts see it as a heavy blow to the organization.... + +- [U.S.-Iran War’s Next Casualty: Global Food](https://www.wsj.com/world/asia/u-s-iran-wars-next-casualty-global-food-7bb7f8bf) + The closure of the Strait of Hormuz is hitting farmers who are more vulnerable to sudden cost increases.... + +- [China’s Ban on Meta-Manus Deal Shows Strains in U.S.-China Business Ties](https://www.wsj.com/world/china/chinas-ban-on-meta-manus-deal-shows-strains-in-u-s-china-business-ties-3f58f0d7) + China’s move to force Meta to unwind its acquisition of the AI startup demonstrates Beijing’s willingness to use economic weapons to safeguard key int... + +- [China Says Hostile Foreign Forces Are Driving Its Youth to Slack Off](https://www.wsj.com/world/china/china-says-hostile-foreign-forces-are-driving-its-youth-to-slack-off-2781aba1) + The country’s intelligence agency blamed anti-China influences from abroad for stoking youth disillusionment.... + +- [Iran Offers a New Proposal to End War](https://www.wsj.com/world/middle-east/iran-offers-a-new-proposal-to-end-war-b88da96c) + Tehran vows to stop Hormuz attacks in exchange for lifting of U.S. port blockade.... + +- [Iran Is Flooded With So Much Unsold Oil That It’s Stashing It in Derelict Tanks](https://www.wsj.com/world/middle-east/iran-is-flooded-with-so-much-unsold-oil-that-its-stashing-it-in-derelict-tanks-ed8e62b1) + Tehran is trying to buy time as the war turns into a race to see whether its oil fields or global consumers can take more pain.... + diff --git a/wiki/concepts/ALB-Ingress-Controller.md b/wiki/concepts/ALB-Ingress-Controller.md new file mode 100644 index 00000000..299d81a5 --- /dev/null +++ b/wiki/concepts/ALB-Ingress-Controller.md @@ -0,0 +1,29 @@ +--- +title: "ALB Ingress Controller" +type: concept +tags: [AWS, Kubernetes, EKS, networking, ingress, load-balancing] +last_updated: 2026-04-28 +--- + +## Definition + +AWS Load Balancer Controller(原名 ALB Ingress Controller)是运行在 Kubernetes 集群中的控制器,通过 Kubernetes Ingress 资源动态管理 AWS Application Load Balancer(ALB)的生命周期。它将 Ingress 规则转换为 ALB 配置(目标组、监听规则、路径路由),实现外部流量到集群内 Pod 的自动路由,是 EKS 集群入口流量管理的标准方案。 + +## Key Mechanisms + +- **Ingress 驱动**:用户定义 Kubernetes Ingress 资源声明路由规则,控制器自动创建/更新对应 ALB +- **多层路由**:支持基于主机名(host-based)和路径(path-based)的路由规则 +- **AWS WAF 集成**:ALB 可关联 AWS WAF Web ACL,实现 L7 安全防护 +- **健康检查自动化**:自动配置目标组健康检查指向 Pod 健康端点 +- **多种 Ingress 类**:支持公开(internet-facing)和私有(internal)ALB + +## Relationship with Kubernetes Ingress + +AWS Load Balancer Controller 扩展了 Kubernetes Ingress API 的 AWS 后端实现: +- 标准 Kubernetes Ingress 定义路由规则 +- 控制器解释规则并调用 AWS API 创建/配置 ALB +- 替代手动 ALB 管理,实现声明式基础设施 + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] diff --git a/wiki/concepts/API-Server-Priority-and-Fairness.md b/wiki/concepts/API-Server-Priority-and-Fairness.md new file mode 100644 index 00000000..877bef65 --- /dev/null +++ b/wiki/concepts/API-Server-Priority-and-Fairness.md @@ -0,0 +1,38 @@ +--- +title: "API Server Priority and Fairness" +type: concept +tags: + - Kubernetes + - EKS + - API-Server + - Performance + - Multi-Tenancy +sources: + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Definition +API Server Priority and Fairness(PPF)是 Kubernetes 1.20+ 引入的 API Server 配置特性,通过优先级类别(Priority Class)和并发限制(Flow Schema)管理 API 请求的调度和限流,确保关键工作负载在高负载下的 API 访问稳定性。 + +## Key Mechanisms +- **Priority Class**:为 API 请求分配优先级(整数越大优先级越高) +- **Flow Schema**:定义请求匹配规则,将请求路由到对应的 Flow +- **Concurrency Limit**:每个 Flow 的并发请求数限制 +- **Request Limiting**:超出限制的请求进入等待队列或被拒绝 + +## Why Enable PPF +- 多租户 EKS 集群中,防止单个租户/工作负载耗尽 API Server 资源 +- 在扩缩容期间(大量 HPA/Controller 并发请求)保护关键 API 调用 +- 提升 API Server 在高负载下的可预测性和稳定性 + +## Configuration +- 通过 kube-apiserver 启动参数 `--enable-priority-and-fairness=true` 启用 +- Flow Schema 和 Priority Level 通过 kube-apiserver 配置或 admission webhook 管理 + +## Relationship with Scaling +- 在大规模集群扩缩容时,HPA、Cluster Autoscaler、Custom Controller 等大量并发 API 请求可能压垮 API Server +- PPF 确保关键扩缩容操作的 API 请求优先处理 + +## Sources +- [[ctp-topic-64-scaling-out-with-amazon-eks]] diff --git a/wiki/concepts/AWS-Service-Catalog.md b/wiki/concepts/AWS-Service-Catalog.md new file mode 100644 index 00000000..752e1142 --- /dev/null +++ b/wiki/concepts/AWS-Service-Catalog.md @@ -0,0 +1,29 @@ +--- +title: "AWS Service Catalog" +type: concept +tags: [AWS, IaC, self-service, governance, EKS] +last_updated: 2026-04-28 +--- + +## Definition + +AWS Service Catalog 是 AWS 托管的服务,允许组织创建和管理已批准在 AWS 上使用的产品(Products)目录。这些产品本质上是 CloudFormation 模板或 Terraform 模块的受控版本,通过 Portfolio(产品组合)组织,并可授予特定用户或团队访问权限。Service Catalog 为终端用户提供自助服务界面,无需深入了解底层 IaC 模板即可部署标准化的基础设施,同时保证安全与合规。 + +## Key Mechanisms + +- **产品(Products)**:预定义的 CloudFormation 模板或 Terraform 模块,代表标准化的基础设施配置 +- **产品组合(Portfolio)**:产品的逻辑分组,可关联到团队或项目 +- **访问控制**:通过 IAM 角色向终端用户授予产品访问权限,实现最小权限原则 +- **版本管理**:支持同一产品的多版本管理,可逐步升级 +- **EKS 部署集成**:SRE EKS 模块通过 Service Catalog 提供 EKS 集群部署界面,支持版本选择和节点类型配置 + +## Relationship with IaC + +Service Catalog 封装底层 IaC 模板(Terraform/CloudFormation),为非技术用户提供受控的自助服务入口: +- IaC 模板由平台团队维护(在 Git 仓库中通过 CI/CD 管理) +- Service Catalog 充当面向终端用户的治理层,控制可部署的产品范围 +- 相比直接 Terraform 部署,Service Catalog 提供更细粒度的权限控制 + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[ctp-topic-3-deploy-and-maintain-infrastructure]] diff --git a/wiki/concepts/CloudWatch-Agent.md b/wiki/concepts/CloudWatch-Agent.md new file mode 100644 index 00000000..32fe504c --- /dev/null +++ b/wiki/concepts/CloudWatch-Agent.md @@ -0,0 +1,31 @@ +--- +title: "CloudWatch Agent" +type: concept +tags: [AWS, monitoring, EKS, logging, metrics, CloudWatch] +last_updated: 2026-04-28 +--- + +## Definition + +CloudWatch Agent 是 AWS 提供的统一代理程序,用于从 EC2 实例和 EKS 集群收集系统级指标和日志,并将其发布到 Amazon CloudWatch。它支持收集标准系统指标(CPU/内存/磁盘/网络)以及自定义应用指标,是 EKS 监控栈的核心组件之一。 + +## Key Mechanisms + +- **指标收集**:CPU、内存、磁盘、网络等系统级指标,以及自定义应用指标 +- **日志收集**:从文件系统或容器日志收集日志数据 +- **配置灵活性**:通过 SSM Parameter Store 或配置文件管理代理配置 +- **EKS 集成**:在 EKS 中作为 DaemonSet 部署在每个节点上,与 Container Insights 协同工作 +- **Container Insights**:启用后自动发布容器级指标(CPU/内存/磁盘/网络/容器进程) + +## Relationship with Other Monitoring Components + +CloudWatch Agent 是 EKS 监控数据采集层: +- CloudWatch Agent → 收集原始指标/日志 +- FluentBit → 处理并转发日志到 CloudWatch Logs 或 OpenSearch +- Container Insights → 聚合容器指标到 CloudWatch +- Grafana → 从 CloudWatch/OpenSearch 可视化展示 + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[ctp-topic-42-grafana-observability-dashboard]] +- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] diff --git a/wiki/concepts/Cluster-Autoscaler.md b/wiki/concepts/Cluster-Autoscaler.md index 6184c3cd..88bd91d9 100644 --- a/wiki/concepts/Cluster-Autoscaler.md +++ b/wiki/concepts/Cluster-Autoscaler.md @@ -1,30 +1,39 @@ ---- -title: "Cluster Autoscaler" -type: concept -tags: [Kubernetes, 自动扩缩容, 云原生] -sources: [ctp-topic-70-eks-deployment-using-iac, ctp-topic-64-scaling-out-with-amazon-eks] -last_updated: 2026-04-24 ---- - -# Cluster Autoscaler - -## Overview -Cluster Autoscaler 是 Kubernetes 的自动扩缩容组件,根据资源需求自动调整 Worker Node 的数量,实现基础设施的弹性伸缩。 - -## How It Works -1. **监控资源使用情况**:定期检查 Pod 的调度状态 -2. **检测资源不足**:当 Pod 因资源不足无法调度时触发扩容 -3. **调用云提供商的 API**:AWS 上与 Auto Scaling Groups 集成 -4. **自动启动新节点**:在可用区中启动新 EC2 实例 -5. **缩容检测**:当节点利用率低且 Pod 可安全驱逐时,触发缩容 - -## AWS Integration -- 与 AWS Auto Scaling Groups 深度集成 -- 支持多个 Auto Scaling Groups -- 根据 Pod 需求自动选择合适的实例类型 - -## Related Concepts -- [[Amazon EKS]]:Cluster Autoscaler 部署的目标平台 -- [[Kubernetes]]:Cluster Autoscaler 是 Kubernetes 的核心组件 -- [[Horizontal Pod Autoscaler (HPA)]]:Pod 级别的水平扩缩容(HPA 扩 Pod,CA 扩 Node) -- [[Vertical Pod Autoscaler (VPA)]]:Pod 级别的垂直扩缩容 +--- +title: "Cluster Autoscaler" +type: concept +tags: + - Kubernetes + - EKS + - Autoscaling + - Node + - AWS + - ASG +sources: + - ctp-topic-64-scaling-out-with-amazon-eks + - ctp-topic-70-eks-deployment-using-iac +last_updated: 2026-04-28 +--- + +## Definition +Cluster Autoscaler 是 Kubernetes 官方的节点(Node)级别扩缩容组件,通过联动 AWS Auto Scaling Group(ASG)或托管节点组(Managed Node Group),根据集群内 Pending Pod 的数量和资源请求自动调整节点数量。 + +## Key Mechanisms +- **扩缩容决策依据**:集群内 Pending Pod 的数量(而非直接基于资源利用率) +- **资源请求感知**:考虑 Pod 的 CPU/内存 requests,不仅仅是当前实际使用量 +- **ASG/节点组联动**:更新 ASG 或托管节点组的期望容量(Desired Capacity) +- **Auto-discovery 模式**:推荐使用,自动发现和管理 ASG +- **Mixed Instances Policy**:支持在同一 ASG 中混合使用多种 EC2 实例类型 +- **配置变更**:min/max 配置变更应在 ASG/托管节点组层面操作,而非直接修改 Cluster Autoscaler + +## Relationship with Karpenter +- **Cluster Autoscaler**:基于节点组间接扩缩容,响应相对较慢 +- **Karpenter**:直接与 EC2 API 交互,响应更快速灵活,是 Cluster Autoscaler 的演进方案 + +## Limitations +- 依赖预配置的 ASG/节点组,灵活性受限 +- 扩容速度受 ASG 启动新实例的速度限制 +- 无法处理需要特殊实例类型的工作负载 + +## Sources +- [[ctp-topic-64-scaling-out-with-amazon-eks]] +- [[ctp-topic-70-eks-deployment-using-iac]] diff --git a/wiki/concepts/Container-Insights.md b/wiki/concepts/Container-Insights.md new file mode 100644 index 00000000..bf20d5d2 --- /dev/null +++ b/wiki/concepts/Container-Insights.md @@ -0,0 +1,29 @@ +--- +title: "Container Insights" +type: concept +tags: [AWS, EKS, monitoring, metrics, CloudWatch, containers] +last_updated: 2026-04-28 +--- + +## Definition + +Container Insights 是 Amazon CloudWatch 的容器监控功能,专门用于收集、整理和汇总 EKS 和 ECS 集群中容器化工作负载的指标和日志。它通过 CloudWatch Agent(DaemonSet)和 CloudWatch Embedded Metric Format 自动收集容器级指标,使运维团队无需额外配置即可获得集群运行状况的可见性。 + +## Key Mechanisms + +- **自动指标收集**:容器 CPU/内存/网络/磁盘使用率,Pod 级别聚合 +- **日志收集**:容器标准输出日志自动采集至 CloudWatch Logs +- **预构建仪表板**:提供集群、节点、Pod、服务级别的可视化仪表板 +- **性能告警**:自动发现高负载资源并生成 CloudWatch 告警 +- **Embedded Metric Format**:应用可直接输出结构化指标,无需额外 SDK + +## Relationship with CloudWatch Agent + +Container Insights 建立在 CloudWatch Agent 之上: +- CloudWatch Agent(DaemonSet)是数据采集代理 +- Container Insights 是指标组织和聚合逻辑(通过 CloudWatch Agent 配置实现) +- 用户启用 Container Insights 后,CloudWatch Agent 自动开始发布容器指标 + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[ctp-topic-42-grafana-observability-dashboard]] diff --git a/wiki/concepts/CoreDNS-Scaling.md b/wiki/concepts/CoreDNS-Scaling.md new file mode 100644 index 00000000..b607881e --- /dev/null +++ b/wiki/concepts/CoreDNS-Scaling.md @@ -0,0 +1,35 @@ +--- +title: "CoreDNS Scaling" +type: concept +tags: + - Kubernetes + - EKS + - DNS + - Scaling + - Networking +sources: + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Definition +CoreDNS Scaling 是 EKS 集群中 CoreDNS(Kubernetes 默认 DNS 服务)的水平扩缩容策略和优化实践,确保在高密度 Pod 环境下 DNS 查询的高可用性和低延迟。 + +## Problem Statement +- EKS 集群规模增长时,Pod 间的 DNS 查询量呈指数增长 +- 默认 CoreDNS 配置可能无法应对大规模集群的 DNS 负载 +- DNS 查询延迟直接影响应用启动时间和运行时性能 + +## Optimization Strategies +- **HPA 扩缩容**:为 CoreDNS Deployment 配置 HPA,基于 DNS 查询 QPS 或 CPU/内存利用率自动调整副本数 +- **Node Local DNS Cache**:在每个节点部署本地 DNS 缓存(node-local-dns-cache 或 nodelocaldns),减少跨节点 DNS 查询 +- **性能调优**:调整 CoreDNS 的 `cores-per-second` 和 `max-concurrent-queries` 参数 +- **副本数规划**:建议 CoreDNS 副本数不低于集群节点数的 10-20% + +## Relationship with Node Local DNS Cache +- Node Local DNS Cache 通过在每节点运行本地 DNS 缓存 DaemonSet,拦截并缓存 Pod 的 DNS 查询 +- 减少跨节点 DNS 查询流量,降低 DNS 查询延迟 +- 与 CoreDNS HPA 扩缩容配合使用效果最佳 + +## Sources +- [[ctp-topic-64-scaling-out-with-amazon-eks]] diff --git a/wiki/concepts/EKS-Custom-Networking.md b/wiki/concepts/EKS-Custom-Networking.md new file mode 100644 index 00000000..0f99142d --- /dev/null +++ b/wiki/concepts/EKS-Custom-Networking.md @@ -0,0 +1,56 @@ +--- +title: "EKS Custom Networking" +type: concept +tags: + - AWS + - EKS + - Kubernetes + - Networking + - VPC + - IPAM +sources: + - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone +last_updated: 2026-04-28 +--- + +## Overview +EKS Custom Networking 是 AWS EKS 提供的一项功能,允许用户绕过默认的 VPC CNI(Amazon VPC CNI plugin for Kubernetes)行为,自定义 Pod 的网络 IP 分配策略。这在 IP 地址受限或需要特殊网络配置的环境中尤为重要。 + +## Definition +EKS 自定义网络(Custom Networking)通过以下机制实现: +- 通过 EKS 模块的自定义网络配置标志(flag)启用 +- 支持指定自定义的弹性网络接口(ENI)配置 +- 允许 Pod 使用独立于默认 VPC 子网的 IP 地址池 + +## Use Case: AWS Lab Landing Zone +在 AWS Lab Landing Zone 环境中,Micro Focus 网络的 IP 地址池有限,无法满足 EKS 集群中大量 Pod 的 IP 分配需求。通过自定义网络配置: +1. 在独立私有子网(非主 VPC 子网)创建 EKS 集群 +2. 启用 EKS 模块的自定义网络标志 +3. EKS 使用指定的子网和 IP 范围分配 Pod 地址 + +## Core Mechanism +``` +EKS Module (Terraform) + └── custom_networking_enabled = true + ├── subnet_ids = [custom_subnet_ids] + └── additional_eni_config = ... +``` + +## Key Benefits +- **突破 VPC CIDR 限制**:在受限网络环境中仍可部署大规模 Pod +- **IP 地址灵活性**:使用专用 IP 池,无需消耗 VPC 主网络地址 +- **网络隔离**:独立子网提供额外的网络安全边界 + +## Limitations +- 需要 Terraform/Terragrunt 模块支持自定义网络标志 +- Atlantis 当前不支持 EKS 集群部署(需使用 Jenkins + Terragrunt) +- 容器安全加固需额外考虑网络隔离 + +## Related Concepts +- [[Amazon-EKS]]:应用自定义网络技术的容器编排平台 +- [[Host-Network-Mode]]:Pod 规范层面的网络模式配置 +- [[EMI-Elastic-Network-Interface]]:ENI 多 IP 分配(EMI)在 EKS 中的应用 +- [[IPAM]]:IP 地址管理,与自定义网络协同 + +## Related Sources +- [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] diff --git a/wiki/concepts/EMI-Elastic-Network-Interface.md b/wiki/concepts/EMI-Elastic-Network-Interface.md new file mode 100644 index 00000000..1c2eb736 --- /dev/null +++ b/wiki/concepts/EMI-Elastic-Network-Interface.md @@ -0,0 +1,29 @@ +--- +title: "EMI (Elastic Network Interface) Multi-IP" +type: concept +tags: [AWS, EKS, networking, VPC, CIDR, pod-networking] +last_updated: 2026-04-28 +--- + +## Definition + +EMI(Elastic Network Interface Multi-IP,弹性网络接口多 IP)是 AWS 提供的网络扩展机制,通过为 Pod 分配额外的弹性网络接口(ENI)及其上的辅助 IP 地址,解决 EKS 集群中 VPC CIDR 地址空间不足的问题。每个 ENI 允许附加多个辅助 IP,每个 IP 可分配给一个 Pod,相比默认的 AWS VPC CNI 插件可大幅增加单个节点可运行的 Pod 数量。 + +## Key Mechanisms + +- **ENI 附加**:为工作节点附加额外 ENI 以增加可用 IP 数量 +- **IP 分配**:每个 ENI 上的辅助 IP 分配给 Pod,实现 Pod 级 IP 直接寻址 +- **CIDR 扩展**:不依赖 VPC 主 CIDR 范围,通过 ENI 附加 IP 绕过 VPC 地址空间限制 +- **安全组绑定**:ENI 及其上的 Pod IP 继承安全组配置 +- **与 AWS VPC CNI 插件的关系**:AWS VPC CNI 是默认插件,EMI 是其增强模式,支持 Prefix Delegation + +## Problem Solved + +VPC CIDR 限制导致大型 EKS 集群 Pod 数量受限于可用 IP 地址: +- 标准 AWS VPC CNI 每个 ENI 最多约 10-15 个 IP(受实例类型限制) +- EMI 通过 ENI 附加更多辅助 IP,显著提升 Pod 密度 +- 特别适用于 IP 密集型工作负载(如微服务架构) + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] diff --git a/wiki/concepts/FedRAMP.md b/wiki/concepts/FedRAMP.md new file mode 100644 index 00000000..2b0caf67 --- /dev/null +++ b/wiki/concepts/FedRAMP.md @@ -0,0 +1,35 @@ +--- +title: "FedRAMP" +type: concept +tags: + - Compliance + - Cloud-Security + - Government + - Certification +last_updated: 2026-04-14 +--- + +# FedRAMP (Federal Risk and Authorization Management Program) + +## Definition +美国政府级的云安全认证项目,为云服务和云产品提供统一的安全评估和授权标准。FedRAMP 基于 [[ISO-27001]] 和 NIST SP 800-53 控制框架。 + +## Purpose +- 为联邦机构提供标准化的云服务安全评估方法 +- 减少重复安全评估,降低成本 +- 确保云服务提供商达到政府级别的安全标准 + +## Business Value for OpenText +- **市场准入**:FedRAMP 认证使 OpenText 能够向联邦政府机构销售云服务 +- **多垂直市场覆盖**:持有 FedRAMP 等多项行业及政府认证,可进入多个垂直市场 +- **差异化优势**:证明安全成熟度,增强客户信心 + +## Relationship to Other Concepts +- 基于 [[ISO-27001]] 构建 +- 与 [[Global Information Security Policy (GISP)]] 配合,满足政策层面的合规要求 +- 与 [[Third-Party-Penetration-Testing]] 配合,通过第三方验证满足认证要求 + +## Connections +- [[ISO-27001]]:框架基础 +- [[Global Information Security Policy (GISP)]]:政策支撑 +- [[OpenText]]:持有该认证的组织 diff --git a/wiki/concepts/FluentBit.md b/wiki/concepts/FluentBit.md new file mode 100644 index 00000000..6cc9e935 --- /dev/null +++ b/wiki/concepts/FluentBit.md @@ -0,0 +1,31 @@ +--- +title: "Fluent Bit" +type: concept +tags: [AWS, EKS, logging, monitoring, CNCF, Fluentd] +last_updated: 2026-04-28 +--- + +## Definition + +Fluent Bit(CNFC 开源项目)是轻量级日志处理器和转发器,设计用于边缘和容器环境,作为 DaemonSet 部署在每个 Kubernetes 节点上。它从容器运行时(containerd/Docker)收集标准输出(stdout/stderr)日志,处理后转发到 CloudWatch Logs、OpenSearch、Elasticsearch 等后端存储系统,是 EKS 可观测性架构中日志采集的标准组件。 + +## Key Mechanisms + +- **日志采集**:通过容器运行时接口收集容器标准输出日志 +- **多后端输出**:支持 CloudWatch Logs、OpenSearch、Elasticsearch、Kafka 等多种输出目标 +- **日志处理**:支持过滤(filter)、解析(parser)、路由(router)等处理管道 +- **轻量高效**:相比 Fluentd 更小的资源占用,适合边缘/容器环境 +- **Kubernetes DaemonSet 模式**:每个节点运行一个实例,自动采集所有容器日志 + +## Relationship with Fluentd and CloudWatch Agent + +Fluent Bit 是 Fluentd 的轻量替代(同一项目家族): +- Fluentd:功能更全面,适合复杂日志处理场景,资源占用更高 +- Fluent Bit:轻量快速,专为边缘和容器优化 +- CloudWatch Agent:侧重指标收集,Fluent Bit 侧重日志收集 +- 在 EKS 监控栈中:Fluent Bit → CloudWatch Logs/OpenSearch → Grafana/OpenSearch Dashboards + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113]] +- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] diff --git a/wiki/concepts/Global-Information-Security-Policy-GISP.md b/wiki/concepts/Global-Information-Security-Policy-GISP.md new file mode 100644 index 00000000..540e5204 --- /dev/null +++ b/wiki/concepts/Global-Information-Security-Policy-GISP.md @@ -0,0 +1,32 @@ +--- +title: "Global Information Security Policy (GISP)" +type: concept +tags: + - OpenText + - Security-Policy + - Governance +last_updated: 2026-04-14 +--- + +# Global Information Security Policy (GISP) + +## Definition +OpenText 的最高纲领性安全政策,是所有其他安全政策的根基。GISP 由全球信息安全团队(GIS)制定和支持,定期(每季度)接受领导层审查。 + +## Scope +- 定义企业"需要做什么"(what),同时为"如何实施"(how)提供灵活性 +- 支持性政策(Supporting Policies)围绕 GISP 构建 +- 鼓励反馈以实现持续改进 + +## Relationship to Other Concepts +- 基于 [[ISO-27001]] 姿态框架 +- 与 [[Security-Awareness-Training]] 配合提升全员安全意识 +- 与 [[Third-Party-Penetration-Testing]] 配合验证政策有效性 + +## Key Quote +> "Policies define what needs to be done, while providing flexibility for how it is implemented." — GIS Policy Framework + +## Connections +- [[Global Information Security Team (GIS)]]:制定与维护团队 +- [[ISO-27001]]:框架基础 +- [[OpenText]]:所属组织 diff --git a/wiki/concepts/Horizontal-Pod-Autoscaler.md b/wiki/concepts/Horizontal-Pod-Autoscaler.md new file mode 100644 index 00000000..d2ceaa85 --- /dev/null +++ b/wiki/concepts/Horizontal-Pod-Autoscaler.md @@ -0,0 +1,36 @@ +--- +title: "Horizontal Pod Autoscaler (HPA)" +type: concept +tags: + - Kubernetes + - EKS + - Autoscaling + - Pod + - Metrics +sources: + - ctp-topic-59-achieving-reliability-with-amazon-eks + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Definition +Horizontal Pod Autoscaler (HPA) 是 Kubernetes 标准的工作负载水平扩缩容机制,通过监测 Pod 的资源使用指标(CPU、内存或自定义指标)自动调整 Pod 副本数,以满足应用负载需求。 + +## Key Mechanisms +- **指标采集**:通过 Metrics Server 获取 CPU/内存利用率指标 +- **副本计算**:基于目标阈值计算所需 Pod 副本数 +- **稳定性配置**:通过 `stabilizationWindowSeconds` 和 `periodSeconds` 防止震荡(flapping) +- **自定义/外部指标**:支持通过 Custom Metrics API 和 External Metrics API 集成负载均衡器并发连接数、消息中间件队列深度等业务指标 +- **Pod 级而非容器级**:当前 HPA 仅考虑 Pod 整体资源消耗,不支持容器级别的独立扩缩 + +## Relationship with VPA +- **HPA**:水平扩展(增加/减少 Pod 副本数) +- **VPA (Vertical Pod Autoscaler)**:垂直扩展(调整单个 Pod 的资源请求) +- 两者可互补使用:HPA 应对流量波动,VPA 优化资源分配 + +## Relationship with KEDA +- KEDA 可通过 **Publishes Metrics 模式** 为 HPA 供数,实现指标驱动与事件驱动的混合扩缩容 + +## Sources +- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] +- [[ctp-topic-64-scaling-out-with-amazon-eks]] diff --git a/wiki/concepts/Host-Network-Mode.md b/wiki/concepts/Host-Network-Mode.md new file mode 100644 index 00000000..ce238e16 --- /dev/null +++ b/wiki/concepts/Host-Network-Mode.md @@ -0,0 +1,50 @@ +--- +title: "Host Network Mode" +type: concept +tags: + - Kubernetes + - Networking + - Pod-Networking + - AWS + - EKS +sources: + - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone +last_updated: 2026-04-28 +--- + +## Overview +Host Network Mode 是 Kubernetes Pod 规范中的一种网络配置选项(`hostNetwork: true`),使 Pod 共享宿主机的网络命名空间,直接使用宿主机的网络接口和 IP 地址,而不是通过 Kubernetes 的虚拟网络。 + +## Definition +在 Pod spec 中设置 `hostNetwork: true` 后,Pod 将: +- 使用宿主机的网络命名空间 +- 直接获得宿主机网络接口上的 IP 地址 +- 可以绑定宿主机的端口(如 80、443) +- 可直接访问宿主机所在网络上的资源 + +## Use Case: EKS Lab Landing Zone +在 AWS Lab Landing Zone 的 EKS 部署中,Octane 等 IP 密集型应用需要大量可用 IP。通过自定义网络模式,Pod 无需通过 VPC CNI 分配 IP,而是直接使用宿主机网络的 IP 地址,从而绕开 AWS Lab 环境 IP 地址池受限的问题。 + +```yaml +spec: + hostNetwork: true + containers: + - name: octane + image: octane:latest +``` + +## Trade-offs +| 优点 | 缺点 | +|------|------| +| 突破 Pod IP 数量限制 | Pod 之间端口冲突风险 | +| 直接访问宿主机网络资源 | 安全性降低(Pod 可访问宿主机所有网络) | +| 简化网络路径 | 违反 Kubernetes 网络隔离原则 | +| 适合特殊网络需求场景 | 难以在不同环境中移植 | + +## Related Concepts +- [[Amazon-EKS]]:使用 Host Network Mode 的容器编排平台 +- [[IPAM]]:IP 地址管理,与 Host Network Mode 在 IP 分配上形成互补 +- [[Kubernetes-Tagging]]:Pod 标记策略 + +## Related Sources +- [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] diff --git a/wiki/concepts/IPv6-in-EKS.md b/wiki/concepts/IPv6-in-EKS.md new file mode 100644 index 00000000..7c05ba53 --- /dev/null +++ b/wiki/concepts/IPv6-in-EKS.md @@ -0,0 +1,39 @@ +--- +title: "IPv6 in EKS" +type: concept +tags: + - AWS + - EKS + - IPv6 + - Networking + - IP-Address-Exhaustion +sources: + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Definition +IPv6-in-EKS 是 Amazon EKS 集群解决 IP 地址耗尽(IP Exhaustion)问题的网络架构方案,通过部署 IPv6 或双栈(Dual-Stack)VPC,实现大规模容器工作负载的 IP 地址可持续供给。 + +## Problem Statement +- 每个 EKS 节点上的 ENI(Elastic Network Interface)附带可分配的 IP 地址数量有限 +- VPC CIDR 块大小固定,Pod 数量增长导致可用 IP 耗尽 +- 自定义网络(Custom Networking)和 Prefix Delegation 可缓解但不能根本解决 + +## Solution: IPv6 Dual-Stack VPC +- **双栈架构**:VPC 同时支持 IPv4 和 IPv6 地址 +- **节点双协议栈**:EKS 节点同时持有 IPv4 和 IPv6 地址 +- **Pod 仅 IPv6**:Pod 仅分配 IPv6 地址(节省 IPv4 空间) +- **NAT 映射**:IPv6 Pod 与 IPv4 目标通信时,通过双层 NAT 映射转换 + +## Alternative: Carrier-Grade NAT (CGNAT) +- 如无法迁移至 IPv6,可使用 CGNAT 方案 +- 通过自定义网络 + NAT 网关聚合多个 Pod 的出站流量 + +## Benefits +- IP 地址空间近乎无限(解决耗尽问题) +- 简化网络配置(无需管理大量 IPv4 地址) +- 符合云原生网络发展趋势 + +## Sources +- [[ctp-topic-64-scaling-out-with-amazon-eks]] diff --git a/wiki/concepts/ISO-27001.md b/wiki/concepts/ISO-27001.md new file mode 100644 index 00000000..28feba84 --- /dev/null +++ b/wiki/concepts/ISO-27001.md @@ -0,0 +1,40 @@ +--- +title: "ISO-27001" +type: concept +tags: + - Security-Framework + - Compliance + - Information-Security +last_updated: 2026-04-14 +--- + +# ISO-27001 + +## Definition +国际认可的信息安全管理体系(ISMS)标准,由国际标准化组织(ISO)和国际电工委员会(IEC)发布。ISO 27001 是企业信息安全管理的基准框架。 + +## OpenText Implementation +- 作为 OpenText 安全姿态框架(Posture Framework)的基础 +- 2022 年更新,新增 11 个控制方面(control aspects) +- 支撑 [[Global Information Security Policy (GISP)]] 的框架基础 +- 支撑 [[FedRAMP]] 等行业认证 + +## Key Controls +- 信息安全组织(Information Security Organization) +- 人力资源安全(Human Resource Security) +- 资产管理(Asset Management) +- 访问控制(Access Control) +- 加密(Cryptography) +- 物理与环境安全(Physical and Environmental Security) +- 操作安全(Operations Security) +- 通信安全(Communications Security) +- 系统获取、开发和维护(System Acquisition, Development and Maintenance) +- 供应商关系(Supplier Relationships) +- 信息安全事件管理(Information Security Incident Management) +- 业务连续性管理(Business Continuity Management) +- 合规性(Compliance) + +## Connections +- [[Global Information Security Policy (GISP)]]:基于 ISO 27001 构建 +- [[FedRAMP]]:基于 ISO 27001 之上 +- [[OpenText]]:采用该标准的企业 diff --git a/wiki/concepts/KEDA.md b/wiki/concepts/KEDA.md new file mode 100644 index 00000000..f260a9ef --- /dev/null +++ b/wiki/concepts/KEDA.md @@ -0,0 +1,36 @@ +--- +title: "KEDA (Kubernetes Event-Driven Autoscaling)" +type: concept +tags: + - Kubernetes + - EKS + - Autoscaling + - Event-Driven + - Serverless +sources: + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Definition +KEDA(Kubernetes Event-Driven Autoscaling)是一个基于外部事件驱动的 Kubernetes 扩缩容框架,通过 ScaledObject 自定义资源定义(CRD)实现细粒度的事件驱动扩缩容,支持将应用从零副本扩展到任意规模。 + +## Key Mechanisms +- **ScaledObject CRD**:定义扩缩规则,指定 Scaler 和目标副本数范围 +- **事件源(Scalers)**:支持 50+ 种事件源(Kafka、RabbitMQ、AWS SQS、Azure Queue、HTTP 等) +- **零扩展(Scale to Zero)**:支持将应用缩容至零副本,降低空闲资源成本 +- **Publishes Metrics 模式**:可向 HPA 发布指标,实现事件驱动与指标驱动的混合扩缩容 +- **声明式配置**:通过 YAML 配置文件定义扩缩行为,与 GitOps 工作流兼容 + +## Relationship with HPA +- KEDA 可独立工作,也可作为 HPA 的指标提供者 +- 组合模式:KEDA 监听外部事件 → 发布指标 → HPA 基于指标调整副本数 + +## Use Cases +- 事件驱动微服务(消息队列消费者) +- 批处理作业(按需触发) +- 突发流量场景(限时促销、实时事件) +- 无服务器化改造(零扩展降低成本) + +## Sources +- [[ctp-topic-64-scaling-out-with-amazon-eks]] diff --git a/wiki/concepts/Karpenter.md b/wiki/concepts/Karpenter.md new file mode 100644 index 00000000..18da2527 --- /dev/null +++ b/wiki/concepts/Karpenter.md @@ -0,0 +1,30 @@ +--- +title: "Karpenter" +type: concept +tags: [AWS, Kubernetes, EKS, autoscaling, node-provisioning] +last_updated: 2026-04-28 +--- + +## Definition + +Karpenter 是 AWS 开源的 Kubernetes 节点自动配置工具(Node Auto-Provisioner),通过动态创建最优实例类型来响应未调度 Pod 的资源需求,替代传统的 Cluster Autoscaler。相比 Cluster Autoscaler 基于节点组(Node Group)的扩缩容模式,Karpenter 直接与 EC2 API 交互,根据 Pod 规格(CPU/内存/GPU 需求)即时选择最合适的 EC2 实例类型,实现更快的扩容速度和更低的资源浪费。 + +## Key Mechanisms + +- **即时节点供给**:监听未调度 Pod 事件,秒级启动新节点,无需等待节点组预配置 +- **最佳实例选择**:根据 Pod 资源请求从 EC2 实例类型池中选择最优匹配 +- **多样化实例类型**:支持多种 EC2 类型(CPU/GPU/Spot/On-Demand),灵活利用 Spot 实例节省成本 +- **标签驱动配置**:通过 `NodeTemplate` 定义标签/要求,自动匹配特定 Pod 到特定节点 +- **与 Cluster Autoscaler 的区别**:Cluster Autoscaler 依赖节点组规模调整,Karpenter 直接控制 EC2 实例创建,响应更快速灵活 + +## Relationship with Cluster Autoscaler + +Karpenter 是 Cluster Autoscaler 的替代/演进方案: +- Cluster Autoscaler 通过调整节点组规模间接扩缩节点 +- Karpenter 直接与 EC2 API 交互创建/终止节点,更快速灵活 +- EKS Auto Mode(Part 3 of 3)已集成 Karpenter 作为 Carpenter Controller 组件 + +## Sources +- [[ctp-topic-70-eks-deployment-using-iac]] +- [[public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization]] +- [[public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks]] diff --git a/wiki/concepts/Metrics-Server.md b/wiki/concepts/Metrics-Server.md new file mode 100644 index 00000000..b4000ba8 --- /dev/null +++ b/wiki/concepts/Metrics-Server.md @@ -0,0 +1,40 @@ +--- +title: "Metrics Server" +type: concept +tags: + - Kubernetes + - EKS + - Metrics + - Monitoring + - Autoscaling +sources: + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Definition +Metrics Server 是 Kubernetes 集群级别的指标采集组件(Metrics API Provider),负责从 kubelet 收集 CPU/内存等资源使用指标,为 HPA、VPA 和 `kubectl top` 命令提供标准化的指标数据。 + +## Key Mechanisms +- **Metrics API**:实现 `metrics.k8s.io` API,提供 Pod 和 Node 的资源指标 +- **数据采集**:定期从各节点的 kubelet 获取指标数据 +- **内存高效**:采用流式处理,仅保留最近 5 分钟的指标数据 +- **HPA 依赖**:HPA 的标准资源指标(CPU/内存)完全依赖 Metrics Server + +## Deployment +- 通过 Deployment 部署单个副本(非高可用) +- 通常随 EKS 集群自动安装(EKS Add-on 或 eks-charts) +- 监控指标:Pod CPU/内存利用率、Node CPU/内存容量 + +## Limitations +- 仅支持标准资源指标(CPU、内存) +- 不支持自定义/外部指标(需要 Custom Metrics API) +- 单副本部署,非高可用设计 + +## Relationship with HPA +- HPA 通过 Metrics Server 获取 Pod 的 CPU/内存利用率 +- 计算公式:`desiredReplicas = ceil(sum(podMetricValue) / targetValue)` +- 目标阈值(targetValue)通常设置为 70-80%,保留缓冲空间 + +## Sources +- [[ctp-topic-64-scaling-out-with-amazon-eks]] diff --git a/wiki/concepts/Security Awareness Training.md b/wiki/concepts/Security Awareness Training.md new file mode 100644 index 00000000..f15d283e --- /dev/null +++ b/wiki/concepts/Security Awareness Training.md @@ -0,0 +1,36 @@ +--- +title: "Security Awareness Training" +type: concept +tags: + - Security + - Human-Factor + - Training +last_updated: 2026-04-14 +--- + +# Security Awareness Training + +## Definition +通过系统化的培训和演练提升组织内所有成员(从员工到高管)对安全威胁的认知和应对能力。 + +## Components +- **月度安全通讯**:定期向全员推送安全信息和最佳实践 +- **网络钓鱼演练**:模拟钓鱼攻击测试员工识别能力 +- **关键指标**:衡量有多少人报告可疑活动(而非仅关注点击率) + +## Goals +- 将安全意识融入组织文化 +- 建立"全员参与"的安全防线 +- 持续改进安全态势 + +## Key Quote +> "The focus is on how many people report suspicious activity." — GIS Security Awareness Program + +## Relationship to [[Global Information Security Policy (GISP)]] +- GISP 是政策框架,Security Awareness Training 是执行层的安全意识落地 +- 两者共同构成"政策+人"的安全治理闭环 + +## Connections +- [[Global Information Security Policy (GISP)]]:政策基础 +- [[Global Information Security Team (GIS)]]:执行团队 +- [[OpenText]]:实施组织 diff --git a/wiki/concepts/Third Party Penetration Testing.md b/wiki/concepts/Third Party Penetration Testing.md new file mode 100644 index 00000000..eab97c14 --- /dev/null +++ b/wiki/concepts/Third Party Penetration Testing.md @@ -0,0 +1,37 @@ +--- +title: "Third-Party Penetration Testing" +type: concept +tags: + - Security + - Testing + - Penetration-Testing + - Red-Team +last_updated: 2026-04-14 +--- + +# Third-Party Penetration Testing + +## Definition +由独立第三方安全机构执行的渗透测试和红队演练,用于客观评估组织的安全态势,发现内部视角可能忽略的漏洞。 + +## Components +- **年度第三方测试**:由独立机构执行年度安全评估 +- **桌面演练(Tabletop Exercises)**:模拟安全事件和违规场景,测试响应流程 +- **红队演练(Red Team Exercises)**:在事先不知情的情况下评估组织安全 +- **高级威胁评估(Advanced Threat Assessments)** +- **内部/第三方渗透测试**:定期进行,发现技术漏洞 +- **客户审计(Customer Audits)**:有时会引发补救活动 + +## Key Metrics +- 桌面演练:测试事件和违规准备就绪程度 +- 红队演练:在无预警情况下测试组织安全 +- OpenText 持续在第三方测试中处于"顶级梯队" + +## Key Quote +> "OpenText conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier." — GIS Team + +## Connections +- [[ISO-27001]]:框架要求 +- [[Global Information Security Policy (GISP)]]:政策支撑 +- [[Threat-Intelligence]]:结合使用 +- [[OpenText]]:实施组织 diff --git a/wiki/concepts/Threat-Intelligence.md b/wiki/concepts/Threat-Intelligence.md new file mode 100644 index 00000000..4cc21414 --- /dev/null +++ b/wiki/concepts/Threat-Intelligence.md @@ -0,0 +1,37 @@ +--- +title: "Threat Intelligence" +type: concept +tags: + - Security + - Intelligence + - SIEM +last_updated: 2026-04-14 +--- + +# Threat Intelligence + +## Definition +通过收集、分析和传播关于现有和新兴威胁的信息,使组织能够主动防御安全威胁。 + +## Components +- **威胁情报 feeds**:从多个来源收集威胁数据 +- **工具组件(Tool Components)**:主动监控环境 +- **检测与威胁狩猎(Detection & Threat Hunting)**:主动发现潜在威胁 +- **SIEM(安全信息与事件管理)**:大规模日志处理 + +## OpenText Scale +- 大规模 SIM(安全信息管理)实现 +- 月处理 **2250 亿条日志**(225 billion log rugs) +- 月分诊约 **350 个案例** +- 利用 [[BrightCloud]] 作为威胁情报 feed 来源 + +## Relationship to Other Concepts +- 与 [[Third-Party-Penetration-Testing]] 配合,形成"情报+测试"的主动防御体系 +- 支撑 [[Global Information Security Policy (GISP)]] 的监控和响应要求 +- 与 [[ISO-27001]] 的运营安全(Operations Security)控制相一致 + +## Connections +- [[BrightCloud]]:威胁情报工具 +- [[Global Information Security Team (GIS)]]:运营团队 +- [[ISO-27001]]:框架基础 +- [[OpenText]]:实施组织 diff --git a/wiki/entities/Amazon-EKS.md b/wiki/entities/Amazon-EKS.md new file mode 100644 index 00000000..e2d893ee --- /dev/null +++ b/wiki/entities/Amazon-EKS.md @@ -0,0 +1,53 @@ +--- +title: "Amazon EKS" +type: entity +tags: + - AWS + - Kubernetes + - EKS + - Container-Orchestration + - SaaS +sources: + - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone + - ctp-topic-70-eks-deployment-using-iac + - ctp-topic-59-achieving-reliability-with-amazon-eks + - ctp-topic-64-scaling-out-with-amazon-eks +last_updated: 2026-04-28 +--- + +## Overview +Amazon Elastic Kubernetes Service (EKS) 是 AWS 提供的托管 Kubernetes 服务,负责 Kubernetes 控制平面的可用性和伸缩性,用户只需管理工作节点(数据平面)。 + +## Aliases +- EKS +- Amazon Elastic Kubernetes Service +- Amazon EKS + +## Key Characteristics +- 完全托管的控制平面(Control Plane) +- 与 AWS 服务深度集成(IAM、VPC、ELB、EBS、S3 等) +- 支持 Fargate(无服务器计算引擎)和自管理/托管节点组 +- IAM RBAC 最小权限模型 +- 零停机滚动更新 + +## Architecture Components +- **控制平面**:跨 3 AZ 部署,由 AWS 自动管理 etcd 和 API Server +- **数据平面**:Worker Nodes(EC2、自管理或托管节点组) +- **Pod 网络**:VPC CNI(默认)或自定义网络模式 +- **Ingress**:AWS ALB Ingress Controller +- **存储**:EBS CSI Driver + +## EKS Custom Networking +EKS 支持自定义网络配置,允许绕过 VPC CNI 的默认行为,控制 Pod IP 分配。在受限 IP 地址池的环境中(如 AWS Lab Landing Zone),通过自定义网络标志启用独立子网的 IP 分配。 + +## Key Sources +- [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]:在受限 Lab Landing Zone 中的 EKS 实施,解决 IP 地址池不足问题 +- [[ctp-topic-70-eks-deployment-using-iac]]:通过 Terraform IaC 部署 EKS 的完整方法论 +- [[ctp-topic-59-achieving-reliability-with-amazon-eks]]:EKS 可靠性最佳实践 +- [[ctp-topic-64-scaling-out-with-amazon-eks]]:EKS 自动扩缩容策略 + +## Related Entities +- [[AWS-Landing-Zone]]:EKS 部署的底层基础设施框架 +- [[AWS]]:EKS 所属的云平台提供商 +- [[Jenkins]]:EKS 部署的 CI/CD 平台(替代 Atlantis) +- [[TerraGrant]]:Terragrunt 模块封装 diff --git a/wiki/entities/BrightCloud.md b/wiki/entities/BrightCloud.md new file mode 100644 index 00000000..1fd562cc --- /dev/null +++ b/wiki/entities/BrightCloud.md @@ -0,0 +1,26 @@ +--- +title: "BrightCloud" +type: entity +tags: + - OpenText + - Threat-Intelligence + - Security-Tools +last_updated: 2026-04-14 +--- + +# BrightCloud + +**Type:** Product / Security Tool | **Company:** OpenText + +## Overview +BrightCloud 是 OpenText 自有的威胁情报工具,作为威胁情报 feeds 的来源,整合到 OpenText 的安全运营体系中。 + +## Usage in OpenText +- 作为威胁情报 feed 输入到 OpenText 的安全运营平台 +- 支撑月处理 2250 亿条日志的安全运营体系 +- 与检测和威胁狩猎(Threat Hunting)结合使用 + +## Connections +- [[OpenText]]:开发公司 +- [[Threat-Intelligence]]:所属领域 +- [[Global Information Security Team (GIS)]]:使用团队 diff --git a/wiki/entities/Ed.md b/wiki/entities/Ed.md new file mode 100644 index 00000000..3602cd13 --- /dev/null +++ b/wiki/entities/Ed.md @@ -0,0 +1,28 @@ +--- +title: "Ed" +type: entity +tags: + - OpenText + - GIS + - Security +last_updated: 2026-04-14 +--- + +# Ed + +**Role:** Global Information Security Team (GIS), OpenText + +## Overview +Ed 是 OpenText 全球信息安全团队(GIS)的核心成员,与 Mike 共同主持了关于 GIS 安全策略的公开云学习会议。 + +## Contributions +- 主持 GIS Security Policies 学习会议(2024年10月15日) +- 阐述 GIS 组织架构与政策框架 + +## Aliases +- Ed(GIS) + +## Connections +- [[Mike]]:同事,共同主持 GIS 学习会议 +- [[Global Information Security Team (GIS)]]:所属团队 +- [[OpenText]]:雇主 diff --git a/wiki/entities/Mike.md b/wiki/entities/Mike.md new file mode 100644 index 00000000..587cf1af --- /dev/null +++ b/wiki/entities/Mike.md @@ -0,0 +1,28 @@ +--- +title: "Mike" +type: entity +tags: + - OpenText + - GIS + - Security +last_updated: 2026-04-14 +--- + +# Mike + +**Role:** Global Information Security Team (GIS), OpenText + +## Overview +Mike 是 OpenText 全球信息安全团队(GIS)的核心成员,与 Ed 共同主持了关于 GIS 安全策略的公开云学习会议。 + +## Contributions +- 主持 GIS Security Policies 学习会议(2024年10月15日) +- 阐述 GIS 组织架构与政策框架 + +## Aliases +- Mike(GIS) + +## Connections +- [[Ed]]:同事,共同主持 GIS 学习会议 +- [[Global Information Security Team (GIS)]]:所属团队 +- [[OpenText]]:雇主 diff --git a/wiki/entities/Octane.md b/wiki/entities/Octane.md new file mode 100644 index 00000000..960cb984 --- /dev/null +++ b/wiki/entities/Octane.md @@ -0,0 +1,43 @@ +--- +title: "Octane" +type: entity +tags: + - MicroFocus + - SaaS + - Kubernetes + - EKS +sources: + - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone + - ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i +last_updated: 2026-04-28 +--- + +## Overview +Octane 是 Micro Focus(现 OpenText)旗下一款 SaaS 应用,以 IP 地址密集型(IP-hungry)workload 著称,是推动 EKS 在 AWS Lab Landing Zone 中实施的核心业务驱动因素。 + +## Aliases +- Octane +- Micro Focus Octane +- Octane SaaS + +## Key Characteristics +- SaaS 模式部署 +- IP 地址密集型应用,对 IP 分配有大量需求 +- 在 AWS 环境中需要 Kubernetes 容器编排能力 +- 驱动了 OpenText/Micro Focus 团队对 EKS 自定义网络方案的探索 + +## Context +Octane 是 CTP Topic 39 中 EKS 部署的驱动用例。标准 EKS 部署方案无法满足其 IP 需求,团队通过以下方案解决: +- 创建独立私有子网(非主 VPC 子网) +- 启用 EKS 模块的自定义网络配置标志 +- 在 Pod 规范中设置 `hostNetwork: true` + +## Related Entities +- [[Amazon-EKS]]:Octane 部署的容器编排平台 +- [[AWS-Landing-Zone]]:Octane 运行的 AWS 基础设施环境 +- [[MicroFocus]]:(历史)开发 Octane 的公司 +- [[OpenText]]:(现母公司) + +## Related Sources +- [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] +- [[ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i]] diff --git a/wiki/entities/Suravpul.md b/wiki/entities/Suravpul.md index af1fca69..d9970d2d 100644 --- a/wiki/entities/Suravpul.md +++ b/wiki/entities/Suravpul.md @@ -1,24 +1,36 @@ ---- -title: "Suravpul" -type: entity -tags: [AWS, Solutions-Architect, EKS] -last_updated: 2026-04-25 ---- - -# Suravpul - -AWS 高级解决方案架构师(Senior Solutions Architect),专注 Amazon EKS 的可靠性、可观测性和扩缩容实践。 - -## Role -- AWS Senior Solutions Architect -- 主讲 CTP 云转型系列中多个 EKS 深度专题 - -## Sources -- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] — EKS 可靠性最佳实践 -- [[ctp-topic-64-scaling-out-with-amazon-eks]] — EKS 工作负载扩缩容 -- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] — EKS 云原生可观测性 - -## Connections -- [[Amazon EKS]] — 专注领域 -- [[AWS]] — 雇主 -- [[Surav Paul]] — 同一人:ctp-topic-59 标注为 "Surav Paul",本视频标注为 "Suravpul",推断为同一 AWS 高级解决方案架构师的不同记法 +--- +title: "Suravpul" +type: entity +tags: + - AWS + - Solutions-Architect + - EKS + - Kubernetes +sources: + - ctp-topic-59-achieving-reliability-with-amazon-eks + - ctp-topic-64-scaling-out-with-amazon-eks + - ctp-topic-67-cloud-native-observability-using-opentelemetry +last_updated: 2026-04-28 +--- + +## Overview +Suravpul 是 Amazon Web Services(AWS)的高级解决方案架构师(Senior Solutions Architect),专注于 Amazon EKS(Elastic Kubernetes Service)的可靠性、可观测性和扩缩容实践。 + +## Aliases +- Suravpul +- Suravpul (AWS) + +## Key Contributions +- CTP Topic 59:EKS 可靠性深度实践(HPA、VPA、Pod Disruption Budget) +- CTP Topic 64:EKS 工作负载扩缩容完整方法论(HPA、KEDA、Cluster Autoscaler、Karpenter、IPv6) +- CTP Topic 67:云原生可观测性最佳实践(OpenTelemetry 集成) + +## Role +- **Organization**: Amazon Web Services (AWS) +- **Title**: Senior Solutions Architect +- **Focus Areas**: EKS reliability, observability, autoscaling, container networking + +## Sources +- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] +- [[ctp-topic-64-scaling-out-with-amazon-eks]] +- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] diff --git a/wiki/index.md b/wiki/index.md index 8c16f259..2f2a4302 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -4,6 +4,34 @@ - [Overview](overview.md) — living synthesis ## Sources +- [2026-04-28] [Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015](sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md) +- [2026-04-28] [CTP Topic 64 Scaling out with Amazon EKS](sources/ctp-topic-64-scaling-out-with-amazon-eks.md) +- [2026-04-28] [CTP Topic 67 Cloud native observability using OpenTelemetry](sources/ctp-topic-67-cloud-native-observability-using-opentelemetry.md) +- [2026-04-28] [Public Cloud Learning Sessions - EKS Optimization Part 2 of 3 - Running Containers with Bottlerocket OS](sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md) +- [2026-04-28] [CTP Topic 42 Grafana Observability Dashboard](sources/ctp-topic-42-grafana-observability-dashboard.md) +- [2026-04-28] [Public Cloud Learning Sessions - Observability with OpenTelemetry - 20240402](sources/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113.md) +- [2026-04-28] [CTP Topic 54 ESM SaaS Log Analytics](sources/ctp-topic-54-esm-saas-log-analytics.md) +- [2026-04-28] [CTP Topic 59 Achieving reliability with Amazon EKS](sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md) +- [2026-04-28] [CTP Topic 29 Cloud Monitoring – SaaS LZ accounts](sources/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md) +- [2026-04-28] [CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone](sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md) +- [2026-04-28] [Public Cloud Learning Sessions - EKS Optimization Part 1 of 3 - Compute Optimization with Karpenter](sources/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md) +- [2026-04-28] [CTP Topic 70 EKS deployment using IAC](sources/ctp-topic-70-eks-deployment-using-iac.md) +- [2026-04-28] [CTP Topic 60 - Monitor AWS using Hyperscale Observability with Grafana](sources/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md) +- [2026-04-28] [Public Cloud Learning Sessions - EKS Optimization Part 3 of 3 - Introduction to EKS Auto Mode](sources/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks.md) +- [2026-04-28] [CTP Topic 8 - Implementation of Cloud Monitoring using Micro Focus Operations Bridge Manager](sources/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md) +- [2026-04-28] [CTP Topic 11 AD Integration and Login using AD Accounts](sources/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md) +- [2026-04-28] [CTP Topic 5 - AWS Identity and Access Management (IAM)](sources/ctp-topic-5-aws-identity-and-access-management-iam.md) +- [2026-04-28] [Learning Sessions Identity Governance VSM Replacement - 20231128](sources/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md) +- [2026-04-28] [Public Cloud Learning Sessions - AWS End User Compute Services - 20240430](sources/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md) +- [2026-04-28] [Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109](sources/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109.md) +- [2026-04-28] [Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A - 20240806](sources/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md) +- [2026-04-28] [Public Cloud Learning Sessions - Tagging Standards for All Hyperscalers - 20240123](sources/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md) +- [2026-04-28] [CTP Topic 23 Introduction to the Technical Architecture Team and Function](sources/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md) +- [2026-04-28] [CTP Topic 57 Product backlog managing demand](sources/ctp-topic-57-product-backlog-managing-demand.md) +- [2026-04-28] [Public Cloud Learning Sessions (OpenText) - Thor Platform & Flows](sources/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md) +- [2026-04-28] [CTP Topic 6 AWS Workspaces Demo](sources/ctp-topic-6-aws-workspaces-demo.md) +- [2026-04-28] [CTP Topic 53 Why bother with Cloud](sources/ctp-topic-53-why-bother-with-cloud.md) +- [2026-04-28] [Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab Migration](sources/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md) - [2026-04-28] [Public Cloud Learning Sessions - OpenText Tagging Standard v2 - 20250429](sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md) - [2026-04-28] [CTP Topic 41 NFR's and Error Budgets](sources/ctp-topic-41-nfrs-and-error-budgets.md) - [2026-04-28] [CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security](sources/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md) @@ -238,23 +266,12 @@ - [n8n-docker-配置-telegram-代理-troubleshooting](sources/n8n-docker-配置-telegram-代理-troubleshooting.md) — (expected: wiki/sources/n8n-docker-配置-telegram-代理-troubleshooting.md — source missing) - [sre-weekly-issue-513](sources/sre-weekly-issue-513.md) — (expected: wiki/sources/sre-weekly-issue-513.md — source missing) - [Cloud Learning Master Index](sources/cloud-learning-master-index.md) -- [Public Cloud Learning Sessions - Tagging Standards for All Hyperscalers - 20240123](sources/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md) -- [Public Cloud Learning Sessions (OpenText) - Thor Platform & Flows](sources/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md) -- [Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A - 20240806](sources/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md) -- [Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab Migration](sources/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md) -- [Public Cloud Learning Sessions - AWS End User Compute Services - 20240430](sources/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md) -- [Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109](sources/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109.md) -- [CTP Topic 6 AWS Workspaces Demo](sources/ctp-topic-6-aws-workspaces-demo.md) -- [CTP Topic 57 Product backlog managing demand](sources/ctp-topic-57-product-backlog-managing-demand.md) -- [CTP Topic 53 Why bother with Cloud](sources/ctp-topic-53-why-bother-with-cloud.md) -- [CTP Topic 23 Introduction to the Technical Architecture Team and Function](sources/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md) - [Public Cloud Learning Sessions - Serverless Computing - 20240903](sources/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md) - [Public Cloud Learning Sessions (OpenText) - Generative AI & Prompt Engineering - 20241112](sources/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md) - [Public Cloud Learning Sessions (OpenText) - Event Driven Architecture Part 2](sources/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md) - [Public Cloud Learning Sessions (OpenText) - Event Driven Architecture Part 1](sources/public-cloud-learning-sessions-opentext-event-driven-architecture-part-1-2024091.md) - [Public Cloud Learning Sessions (OpenText) - AI Use Cases - 20241126 160106](sources/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md) - [Public Cloud Learning Sessions - Introduction to AI/ML with AWS](sources/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md) -- [Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015](sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md) - [CTP Topic 62 AWS Secrets Manager](sources/ctp-topic-62-aws-secrets-manager.md) - [CTP Topic 55 AWS Firewall Manager](sources/ctp-topic-55-aws-firewall-manager.md) - [CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)](sources/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md) @@ -278,29 +295,12 @@ - [CTP Topic 63 Optimise resource cost using automation](sources/ctp-topic-63-optimise-resource-cost-using-automation.md) - [CTP Topic 27 AWS Instance Scheduler](sources/ctp-topic-27-aws-instance-scheduler.md) - [CTP Topic 13 Cloud FinOps Micro Focus Policies best practices to optimize the costs](sources/ctp-topic-13-cloud-finops-micro-focus-policies-best-practices-to-optimize-the-co.md) -- [Public Cloud Learning Sessions - Observability with OpenTelemetry - 20240402](sources/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113.md) -- [Public Cloud Learning Sessions - EKS Optimization Part 3 of 3 - Introduction to EKS Auto Mode](sources/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks.md) -- [Public Cloud Learning Sessions - EKS Optimization Part 2 of 3 - Running Containers with Bottlerocket OS](sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md) -- [Public Cloud Learning Sessions - EKS Optimization Part 1 of 3 - Compute Optimization with Karpenter](sources/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md) -- [CTP Topic 8 - Implementation of Cloud Monitoring using Micro Focus Operations Bridge Manager](sources/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md) -- [CTP Topic 70 EKS deployment using IAC](sources/ctp-topic-70-eks-deployment-using-iac.md) -- [CTP Topic 67 Cloud native observability using OpenTelemetry](sources/ctp-topic-67-cloud-native-observability-using-opentelemetry.md) -- [CTP Topic 64 Scaling out with Amazon EKS](sources/ctp-topic-64-scaling-out-with-amazon-eks.md) -- [CTP Topic 60 - Monitor AWS using Hyperscale Observability with Grafana](sources/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md) -- [CTP Topic 59 Achieving reliability with Amazon EKS](sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md) -- [CTP Topic 54 ESM SaaS Log Analytics](sources/ctp-topic-54-esm-saas-log-analytics.md) -- [CTP Topic 42 Grafana Observability Dashboard](sources/ctp-topic-42-grafana-observability-dashboard.md) -- [CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone](sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md) -- [CTP Topic 29 Cloud Monitoring – SaaS LZ accounts](sources/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md) - [Learning Sessions ECS Deployment using IAC - 20230808](sources/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md) - [Learning Sessions Cloud Transformation Programme-Deploying RDS via Terraform](sources/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md) - [Learning Sessions Cloud Transformation Programme-20230808 183322-Meeting Recording](sources/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md) - [CTP Topic 48 Terraform vs Terragrunt](sources/ctp-topic-48-terraform-vs-terragrunt.md) - [CTP Topic 16 Cross-account Terraform modules](sources/ctp-topic-16-cross-account-terraform-modules.md) - [CTP Topic 12 Using SES SMTP service terraform module](sources/ctp-topic-12-using-ses-smtp-service-terraform-module.md) -- [Learning Sessions Identity Governance VSM Replacement - 20231128](sources/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md) -- [CTP Topic 5 - AWS Identity and Access Management (IAM)](sources/ctp-topic-5-aws-identity-and-access-management-iam.md) -- [CTP Topic 11 AD Integration and Login using AD Accounts](sources/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md) - [n8n调用hermes-agents的工作流架构](sources/n8n调用hermes-agents的工作流架构.md) — (expected: wiki/sources/n8n调用hermes-agents的工作流架构.md — source missing) - [n8n-调用openclaw-agents的工作流架构](sources/n8n-调用openclaw-agents的工作流架构.md) — (expected: wiki/sources/n8n-调用openclaw-agents的工作流架构.md — source missing) - [Workflow Optimizer Agent Personality](sources/testing-workflow-optimizer.md) @@ -555,6 +555,7 @@ - [Amazon-CloudWatch-Logs](entities/Amazon-CloudWatch-Logs.md) - [Amazon-DocumentDB](entities/Amazon-DocumentDB.md) - [Amazon-DynamoDB](entities/Amazon-DynamoDB.md) +- [Amazon-EKS](entities/Amazon-EKS.md) - [Amazon-ElastiCache](entities/Amazon-ElastiCache.md) - [Amazon-EventBridge](entities/Amazon-EventBridge.md) - [Amazon-Keyspaces](entities/Amazon-Keyspaces.md) @@ -562,11 +563,15 @@ - [Amazon-RDS](entities/Amazon-RDS.md) - [Amazon-Redshift](entities/Amazon-Redshift.md) - [Amazon-Timestream](entities/Amazon-Timestream.md) +- [Amazon-Workspaces](entities/Amazon-Workspaces.md) - [AmazonAds](entities/AmazonAds.md) - [Andrej-Karpathy](entities/Andrej-Karpathy.md) - [Anki](entities/Anki.md) - [Anthropic](entities/Anthropic.md) - [Apache-Superset](entities/Apache-Superset.md) +- [AppStream-2](entities/AppStream-2.md) +- [Arnold-Dacan](entities/Arnold-Dacan.md) +- [Artifactory](entities/Artifactory.md) - [Asana](entities/Asana.md) - [ASCE-7](entities/ASCE-7.md) - [Ashish](entities/Ashish.md) @@ -585,8 +590,10 @@ - [Azure](entities/Azure.md) - [Backend-Architect](entities/Backend-Architect.md) - [BackendArchitect](entities/BackendArchitect.md) +- [Backstage](entities/Backstage.md) - [Baidu](entities/Baidu.md) - [baoyu](entities/baoyu.md) +- [BCS](entities/BCS.md) - [BehavioralNudgeEngine](entities/BehavioralNudgeEngine.md) - [bitwarden](entities/bitwarden.md) - [blackbox-exporter](entities/blackbox-exporter.md) @@ -597,8 +604,10 @@ - [bottom](entities/bottom.md) - [Brendan-Starnig](entities/Brendan-Starnig.md) - [BrianReeves](entities/BrianReeves.md) +- [BrightCloud](entities/BrightCloud.md) - [Brightdata](entities/Brightdata.md) - [btop++](entities/btop++.md) +- [Build-Hub](entities/Build-Hub.md) - [Caddy](entities/Caddy.md) - [cAdvisor](entities/cAdvisor.md) - [Calibre](entities/Calibre.md) @@ -610,6 +619,7 @@ - [Checkpoint-Firewall](entities/Checkpoint-Firewall.md) - [ChinesePodcastPlatforms](entities/ChinesePodcastPlatforms.md) - [Choi-Wontak](entities/Choi-Wontak.md) +- [Christian-Odonough](entities/Christian-Odonough.md) - [ChristianDeckelman](entities/ChristianDeckelman.md) - [Claude-Code](entities/Claude-Code.md) - [Claude-Desktop](entities/Claude-Desktop.md) @@ -663,6 +673,7 @@ - [Duolingo](entities/Duolingo.md) - [DXC-VSM](entities/DXC-VSM.md) - [DXY](entities/DXY.md) +- [Ed](entities/Ed.md) - [EESJGong](entities/EESJGong.md) - [Euler-Finance](entities/Euler-Finance.md) - [Eurocode](entities/Eurocode.md) @@ -677,7 +688,9 @@ - [Gemini](entities/Gemini.md) - [ghproxy](entities/ghproxy.md) - [Gitea](entities/Gitea.md) +- [GitHub-Enterprise](entities/GitHub-Enterprise.md) - [GitHubCopilot](entities/GitHubCopilot.md) +- [GitLab](entities/GitLab.md) - [Gitmoji](entities/Gitmoji.md) - [glances](entities/glances.md) - [gog](entities/gog.md) @@ -705,6 +718,7 @@ - [HunyuanVideo](entities/HunyuanVideo.md) - [IBM](entities/IBM.md) - [idea-reality-mcp](entities/idea-reality-mcp.md) +- [IIBA](entities/IIBA.md) - [InsightsLM](entities/InsightsLM.md) - [Intelephense](entities/Intelephense.md) - [Intsas.local](entities/Intsas.local.md) @@ -758,6 +772,7 @@ - [Microsoft-Planner](entities/Microsoft-Planner.md) - [MicrosoftAdvertising](entities/MicrosoftAdvertising.md) - [Midjourney](entities/Midjourney.md) +- [Mike](entities/Mike.md) - [MikeArmstrong](entities/MikeArmstrong.md) - [MikeOReily](entities/MikeOReily.md) - [Milvus](entities/Milvus.md) @@ -788,6 +803,7 @@ - [Obsidian](entities/Obsidian.md) - [ObsidianTasksPlugin](entities/ObsidianTasksPlugin.md) - [OceanEngine](entities/OceanEngine.md) +- [Octane](entities/Octane.md) - [Octane-Hub](entities/Octane-Hub.md) - [Ollama](entities/Ollama.md) - [Open-Alliance-for-Cloud-Adoption](entities/Open-Alliance-for-Cloud-Adoption.md) @@ -807,6 +823,7 @@ - [Peloton](entities/Peloton.md) - [Perplexica](entities/Perplexica.md) - [Phenops-Team](entities/Phenops-Team.md) +- [PHT-Product-Hub-Platform](entities/PHT-Product-Hub-Platform.md) - [PingMe](entities/PingMe.md) - [Playwright](entities/Playwright.md) - [Podcastfy](entities/Podcastfy.md) @@ -893,6 +910,7 @@ - [Twilio](entities/Twilio.md) - [TypeScript-Language-Server](entities/TypeScript-Language-Server.md) - [Ubuntu-Server](entities/Ubuntu-Server.md) +- [UCMDB](entities/UCMDB.md) - [UI-Designer](entities/UI-Designer.md) - [UnityGamingServices](entities/UnityGamingServices.md) - [UnityMultiplayerEngineer](entities/UnityMultiplayerEngineer.md) @@ -917,6 +935,8 @@ - [Weibo](entities/Weibo.md) - [WildCard](entities/WildCard.md) - [Windsurf](entities/Windsurf.md) +- [Workspace-Core](entities/Workspace-Core.md) +- [Workspace-Web](entities/Workspace-Web.md) - [WSL2](entities/WSL2.md) - [Xiaohongshu](entities/Xiaohongshu.md) - [XiaohongshuPlatform](entities/XiaohongshuPlatform.md) @@ -1011,6 +1031,7 @@ - [AI开源平替](concepts/AI开源平替.md) - [AI文生视频](concepts/AI文生视频.md) - [AI簡報工作流](concepts/AI簡報工作流.md) +- [ALB-Ingress-Controller](concepts/ALB-Ingress-Controller.md) - [Alerting](concepts/Alerting.md) - [AlertManagement](concepts/AlertManagement.md) - [Algorithm-Agility](concepts/Algorithm-Agility.md) @@ -1023,10 +1044,13 @@ - [Annales-School](concepts/Annales-School.md) - [Answer-Engine-Optimization](concepts/Answer-Engine-Optimization.md) - [AntiCheatArchitecture](concepts/AntiCheatArchitecture.md) +- [API-Server-Priority-and-Fairness](concepts/API-Server-Priority-and-Fairness.md) - [Appearance-Anxiety](concepts/Appearance-Anxiety.md) - [APT-仓库配置](concepts/APT-仓库配置.md) - [Architectural-Empathy](concepts/Architectural-Empathy.md) +- [Architecture-Roadmap](concepts/Architecture-Roadmap.md) - [ARM-AMI](concepts/ARM-AMI.md) +- [Artifact-Repo](concepts/Artifact-Repo.md) - [arXiv-API](concepts/arXiv-API.md) - [Asset-Management](concepts/Asset-Management.md) - [Asset-Pipeline](concepts/Asset-Pipeline.md) @@ -1043,8 +1067,11 @@ - [Availability](concepts/Availability.md) - [Availability-Zone-ID](concepts/Availability-Zone-ID.md) - [AWS-Backup-Concepts](concepts/AWS-Backup-Concepts.md) +- [AWS-End-User-Computing](concepts/AWS-End-User-Computing.md) +- [AWS-Identity-Center](concepts/AWS-Identity-Center.md) - [AWS-Inspector](concepts/AWS-Inspector.md) - [AWS-Secrets-Manager](concepts/AWS-Secrets-Manager.md) +- [AWS-Service-Catalog](concepts/AWS-Service-Catalog.md) - [AWS-Source-Identity](concepts/AWS-Source-Identity.md) - [AWS-Tagging-Standards](concepts/AWS-Tagging-Standards.md) - [AWS-Tags](concepts/AWS-Tags.md) @@ -1067,6 +1094,7 @@ - [Blue-Hat-Logo](concepts/Blue-Hat-Logo.md) - [BONDING-Strategy](concepts/BONDING-Strategy.md) - [BOOTSTRAP.md](concepts/BOOTSTRAP.md.md) +- [BOSCARD](concepts/BOSCARD.md) - [Brain-Dump](concepts/Brain-Dump.md) - [Branch-Strategy](concepts/Branch-Strategy.md) - [Branching-Narrative](concepts/Branching-Narrative.md) @@ -1076,8 +1104,10 @@ - [Build-Mode](concepts/Build-Mode.md) - [Build-Your-Own-X](concepts/Build-Your-Own-X.md) - [BuildInPublic](concepts/BuildInPublic.md) +- [Business-Analysis](concepts/Business-Analysis.md) - [Business-Impact-Analysis](concepts/Business-Impact-Analysis.md) - [Business-Knowledge-Base](concepts/Business-Knowledge-Base.md) +- [BYOD](concepts/BYOD.md) - [CACandLTV](concepts/CACandLTV.md) - [Caddy](concepts/Caddy.md) - [caffeinate](concepts/caffeinate.md) @@ -1116,6 +1146,7 @@ - [Cloud-Computing](concepts/Cloud-Computing.md) - [Cloud-Cost-Optimization](concepts/Cloud-Cost-Optimization.md) - [Cloud-DevOps-Maturity-Model](concepts/Cloud-DevOps-Maturity-Model.md) +- [Cloud-First-Policy](concepts/Cloud-First-Policy.md) - [Cloud-Governance](concepts/Cloud-Governance.md) - [Cloud-Maturity-Levels](concepts/Cloud-Maturity-Levels.md) - [cloud-migration](concepts/cloud-migration.md) @@ -1126,9 +1157,11 @@ - [cloud-security](concepts/cloud-security.md) - [Cloud-Security-Maturity-Model](concepts/Cloud-Security-Maturity-Model.md) - [Cloud-Service-Delivery](concepts/Cloud-Service-Delivery.md) +- [CloudWatch-Agent](concepts/CloudWatch-Agent.md) - [Cluster-Autoscaler](concepts/Cluster-Autoscaler.md) - [CMDB](concepts/CMDB.md) - [Cockpit-Ergonomics](concepts/Cockpit-Ergonomics.md) +- [Code-Signing](concepts/Code-Signing.md) - [CodeWeaver](concepts/CodeWeaver.md) - [Cognitive-Distortions](concepts/Cognitive-Distortions.md) - [Cognitive-Load-Reduction](concepts/Cognitive-Load-Reduction.md) @@ -1146,6 +1179,7 @@ - [Consensus-Voting-Pattern](concepts/Consensus-Voting-Pattern.md) - [Constraint-Driven-Control-Mechanics](concepts/Constraint-Driven-Control-Mechanics.md) - [Container-Image-Tagging](concepts/Container-Image-Tagging.md) +- [Container-Insights](concepts/Container-Insights.md) - [Container-Lifecycle-Hardening](concepts/Container-Lifecycle-Hardening.md) - [Content Automation](concepts/Content Automation.md) - [Content-60-30-10-Rule](concepts/Content-60-30-10-Rule.md) @@ -1170,6 +1204,7 @@ - [Conversational-Interface](concepts/Conversational-Interface.md) - [Conversions-API](concepts/Conversions-API.md) - [Core-Gameplay-Loop](concepts/Core-Gameplay-Loop.md) +- [CoreDNS-Scaling](concepts/CoreDNS-Scaling.md) - [cost-of-delay](concepts/cost-of-delay.md) - [Cost-Optimization](concepts/Cost-Optimization.md) - [Cowork-UI](concepts/Cowork-UI.md) @@ -1241,6 +1276,7 @@ - [DRY原则](concepts/DRY原则.md) - [DuckDB](concepts/DuckDB.md) - [Dynamic-Dashboard](concepts/Dynamic-Dashboard.md) +- [EA-SA-TA-Framework](concepts/EA-SA-TA-Framework.md) - [Early-Live-Support](concepts/Early-Live-Support.md) - [Earnings-Beat-Miss](concepts/Earnings-Beat-Miss.md) - [Earnings-Calendar](concepts/Earnings-Calendar.md) @@ -1249,10 +1285,12 @@ - [efibootmgr](concepts/efibootmgr.md) - [EFS-vs-EBS](concepts/EFS-vs-EBS.md) - [EKS-Auto-Mode](concepts/EKS-Auto-Mode.md) +- [EKS-Custom-Networking](concepts/EKS-Custom-Networking.md) - [ELK-Stack](concepts/ELK-Stack.md) - [Email-Triage](concepts/Email-Triage.md) - [Embedding](concepts/Embedding.md) - [Emergency-Change](concepts/Emergency-Change.md) +- [EMI-Elastic-Network-Interface](concepts/EMI-Elastic-Network-Interface.md) - [Employee-Advocacy](concepts/Employee-Advocacy.md) - [emptyDir-Volume](concepts/emptyDir-Volume.md) - [Encounter-Design](concepts/Encounter-Design.md) @@ -1281,6 +1319,7 @@ - [Feature-Flag](concepts/Feature-Flag.md) - [FeatureList](concepts/FeatureList.md) - [Federated-Access](concepts/Federated-Access.md) +- [FedRAMP](concepts/FedRAMP.md) - [Feedback-Loop](concepts/Feedback-Loop.md) - [FIA-Framework](concepts/FIA-Framework.md) - [File-System-First-UI](concepts/File-System-First-UI.md) @@ -1290,6 +1329,7 @@ - [Fix-Pack](concepts/Fix-Pack.md) - [Fixed-Point-Semantics](concepts/Fixed-Point-Semantics.md) - [Flow-And-Readability](concepts/Flow-And-Readability.md) +- [FluentBit](concepts/FluentBit.md) - [Food-Sensitivity-Tracking](concepts/Food-Sensitivity-Tracking.md) - [Foundation-AMI](concepts/Foundation-AMI.md) - [frp](concepts/frp.md) @@ -1314,9 +1354,12 @@ - [Geographic-Coherence](concepts/Geographic-Coherence.md) - [GitAsAuditLog](concepts/GitAsAuditLog.md) - [GitHub-Release-Monitoring](concepts/GitHub-Release-Monitoring.md) +- [GitLab-Geo](concepts/GitLab-Geo.md) +- [GitLab-Proxy](concepts/GitLab-Proxy.md) - [Gitmoji-Commit](concepts/Gitmoji-Commit.md) - [GitOps](concepts/GitOps.md) - [Global-First-Architecture](concepts/Global-First-Architecture.md) +- [Global-Information-Security-Policy-GISP](concepts/Global-Information-Security-Policy-GISP.md) - [Golden-3-Second-Hook](concepts/Golden-3-Second-Hook.md) - [GP3-EBS-Storage](concepts/GP3-EBS-Storage.md) - [GPG-密钥验证](concepts/GPG-密钥验证.md) @@ -1337,8 +1380,10 @@ - [high-availability](concepts/high-availability.md) - [Holistic-Admissions](concepts/Holistic-Admissions.md) - [HookBodyCTA](concepts/HookBodyCTA.md) +- [Horizontal-Pod-Autoscaler](concepts/Horizontal-Pod-Autoscaler.md) - [Hosmer-Lemeshow-Test](concepts/Hosmer-Lemeshow-Test.md) - [Host-Incubation-System](concepts/Host-Incubation-System.md) +- [Host-Network-Mode](concepts/Host-Network-Mode.md) - [HouseholdInventoryTracking](concepts/HouseholdInventoryTracking.md) - [HTTPS自动化证书](concepts/HTTPS自动化证书.md) - [Hub-and-Spoke](concepts/Hub-and-Spoke.md) @@ -1357,6 +1402,7 @@ - [Identity-Governance](concepts/Identity-Governance.md) - [Identity-Resolution](concepts/Identity-Resolution.md) - [IDENTITY.md](concepts/IDENTITY.md.md) +- [IGA](concepts/IGA.md) - [Ikigai框架](concepts/Ikigai框架.md) - [ImageToVideo](concepts/ImageToVideo.md) - [Immutable-Infrastructure](concepts/Immutable-Infrastructure.md) @@ -1377,9 +1423,12 @@ - [IntentDrivenRouting](concepts/IntentDrivenRouting.md) - [Intentional-Cloud-Strategy](concepts/Intentional-Cloud-Strategy.md) - [Inversion](concepts/Inversion.md) +- [INVEST](concepts/INVEST.md) - [Invisible-Exclusion](concepts/Invisible-Exclusion.md) - [IPAM](concepts/IPAM.md) +- [IPv6-in-EKS](concepts/IPv6-in-EKS.md) - [IP纯净度](concepts/IP纯净度.md) +- [ISO-27001](concepts/ISO-27001.md) - [ISOHybrid镜像](concepts/ISOHybrid镜像.md) - [ITSM](concepts/ITSM.md) - [ITSM-2.0](concepts/ITSM-2.0.md) @@ -1389,7 +1438,9 @@ - [Jira-Git-Traceability](concepts/Jira-Git-Traceability.md) - [Kaizen](concepts/Kaizen.md) - [Kanban](concepts/Kanban.md) +- [Karpenter](concepts/Karpenter.md) - [Karpman-Drama-Triangle](concepts/Karpman-Drama-Triangle.md) +- [KEDA](concepts/KEDA.md) - [Keyword-Based-Monitoring](concepts/Keyword-Based-Monitoring.md) - [KFactor](concepts/KFactor.md) - [Kill-Switch](concepts/Kill-Switch.md) @@ -1450,6 +1501,7 @@ - [Merge-Point](concepts/Merge-Point.md) - [Mermaid](concepts/Mermaid.md) - [MessageMatch](concepts/MessageMatch.md) +- [Metrics-Server](concepts/Metrics-Server.md) - [Micro-Recovery](concepts/Micro-Recovery.md) - [MicroInfluencerPartnership](concepts/MicroInfluencerPartnership.md) - [Miping](concepts/Miping.md) @@ -1509,6 +1561,7 @@ - [ObsidianRecurringTasks](concepts/ObsidianRecurringTasks.md) - [OpenClaw-Deployment-Expert](concepts/OpenClaw-Deployment-Expert.md) - [OpenTelemetry](concepts/OpenTelemetry.md) +- [OpenText-Tagging-Standard](concepts/OpenText-Tagging-Standard.md) - [Oracle-Manipulation](concepts/Oracle-Manipulation.md) - [Ordered-Layer](concepts/Ordered-Layer.md) - [Organic-Traffic-Amplification](concepts/Organic-Traffic-Amplification.md) @@ -1571,9 +1624,11 @@ - [Problem-Management](concepts/Problem-Management.md) - [Procedural-Level-Design](concepts/Procedural-Level-Design.md) - [process-management](concepts/process-management.md) +- [Product-Hierarchy](concepts/Product-Hierarchy.md) - [ProductLedGrowth](concepts/ProductLedGrowth.md) - [Program-Demand-Process](concepts/Program-Demand-Process.md) - [Progressive-Rollout](concepts/Progressive-Rollout.md) +- [Project-Thor](concepts/Project-Thor.md) - [ProjectState](concepts/ProjectState.md) - [Prometheus告警规则](concepts/Prometheus告警规则.md) - [Prompt](concepts/Prompt.md) @@ -1593,6 +1648,7 @@ - [QualitySwitch](concepts/QualitySwitch.md) - [QueryLanguage](concepts/QueryLanguage.md) - [Quick-Capture](concepts/Quick-Capture.md) +- [RACI](concepts/RACI.md) - [RAG](concepts/RAG.md) - [Reality-Signal](concepts/Reality-Signal.md) - [RealityKit-SwiftUI-Integration](concepts/RealityKit-SwiftUI-Integration.md) @@ -1617,6 +1673,8 @@ - [RemoteRescuePattern](concepts/RemoteRescuePattern.md) - [Renovate-Bot](concepts/Renovate-Bot.md) - [Replication-Graph](concepts/Replication-Graph.md) +- [Repo-Mirroring](concepts/Repo-Mirroring.md) +- [Requirements-Gathering](concepts/Requirements-Gathering.md) - [Resolver-Rules](concepts/Resolver-Rules.md) - [Resource-Allocation](concepts/Resource-Allocation.md) - [Resource-Tagging](concepts/Resource-Tagging.md) @@ -1638,7 +1696,9 @@ - [RTO](concepts/RTO.md) - [RuntimeVirtualTexturing](concepts/RuntimeVirtualTexturing.md) - [S3-兼容对象存储](concepts/S3-兼容对象存储.md) +- [SAFe](concepts/SAFe.md) - [Safeguard-Steps](concepts/Safeguard-Steps.md) +- [SAML-Authentication](concepts/SAML-Authentication.md) - [Sandboxed-Persona](concepts/Sandboxed-Persona.md) - [SAST](concepts/SAST.md) - [Savings-Plans](concepts/Savings-Plans.md) @@ -1657,6 +1717,7 @@ - [Second-Renaissance](concepts/Second-Renaissance.md) - [Secrets-Management](concepts/Secrets-Management.md) - [Secure-Dynamic-Updates](concepts/Secure-Dynamic-Updates.md) +- [Security Awareness Training](concepts/Security Awareness Training.md) - [Security-and-Compliance](concepts/Security-and-Compliance.md) - [Self-Education](concepts/Self-Education.md) - [Self-Healing](concepts/Self-Healing.md) @@ -1665,6 +1726,7 @@ - [Self-Improving-Skill](concepts/Self-Improving-Skill.md) - [Self-Interest](concepts/Self-Interest.md) - [Self-Referential-Computation](concepts/Self-Referential-Computation.md) +- [Self-Serve-Product-Request](concepts/Self-Serve-Product-Request.md) - [Self-Sufficiency](concepts/Self-Sufficiency.md) - [Semantic-Deduplication](concepts/Semantic-Deduplication.md) - [Semantic-Index-Infrastructure](concepts/Semantic-Index-Infrastructure.md) @@ -1679,6 +1741,7 @@ - [ServerAuthority](concepts/ServerAuthority.md) - [Serverless-Computing](concepts/Serverless-Computing.md) - [Service-Control-Policies-SCPs](concepts/Service-Control-Policies-SCPs.md) +- [Service-Control-Policy](concepts/Service-Control-Policy.md) - [serviceable-obtainable-market](concepts/serviceable-obtainable-market.md) - [SES-Sandbox-Mode](concepts/SES-Sandbox-Mode.md) - [Shader](concepts/Shader.md) @@ -1688,6 +1751,7 @@ - [Shared-Responsibility-Model](concepts/Shared-Responsibility-Model.md) - [SharedMemory](concepts/SharedMemory.md) - [SharedStateCoordination](concepts/SharedStateCoordination.md) +- [Shift-and-Lift](concepts/Shift-and-Lift.md) - [Shift-Left-Security](concepts/Shift-Left-Security.md) - [Shift-Right-Security](concepts/Shift-Right-Security.md) - [Signal-Based-Selling-Framework](concepts/Signal-Based-Selling-Framework.md) @@ -1726,6 +1790,7 @@ - [SSM-Patching](concepts/SSM-Patching.md) - [StackSets-Deployment-Visibility](concepts/StackSets-Deployment-Visibility.md) - [Stakeholder-Alignment](concepts/Stakeholder-Alignment.md) +- [Stakeholder-Wheel](concepts/Stakeholder-Wheel.md) - [Standard-Change](concepts/Standard-Change.md) - [STARFramework](concepts/STARFramework.md) - [Startup-MVP-Pipeline](concepts/Startup-MVP-Pipeline.md) @@ -1741,6 +1806,7 @@ - [Sub-Agent-Race-Condition](concepts/Sub-Agent-Race-Condition.md) - [SubagentDelegation](concepts/SubagentDelegation.md) - [Substrate](concepts/Substrate.md) +- [Supply-Chain-Security](concepts/Supply-Chain-Security.md) - [SwiftUI-Volumetric-APIs](concepts/SwiftUI-Volumetric-APIs.md) - [symbolic-link](concepts/symbolic-link.md) - [SymbolicLink](concepts/SymbolicLink.md) @@ -1748,6 +1814,7 @@ - [System-Economy](concepts/System-Economy.md) - [system-monitoring](concepts/system-monitoring.md) - [systemd](concepts/systemd.md) +- [T-Shaped-Skills](concepts/T-Shaped-Skills.md) - [Tag-Validation-Tool](concepts/Tag-Validation-Tool.md) - [TagBasedIndexing](concepts/TagBasedIndexing.md) - [TAIL-Strategy](concepts/TAIL-Strategy.md) @@ -1760,6 +1827,7 @@ - [TCO](concepts/TCO.md) - [TCP隧道](concepts/TCP隧道.md) - [Technical-Architecture](concepts/Technical-Architecture.md) +- [Technical-Architecture-Domains](concepts/Technical-Architecture-Domains.md) - [Technical-Objection-Handling](concepts/Technical-Objection-Handling.md) - [Telegram-Trigger](concepts/Telegram-Trigger.md) - [Telephony-Integration](concepts/Telephony-Integration.md) @@ -1772,7 +1840,9 @@ - [TextToSpeech](concepts/TextToSpeech.md) - [TextToVideo](concepts/TextToVideo.md) - [TGW-Peering](concepts/TGW-Peering.md) +- [Third Party Penetration Testing](concepts/Third Party Penetration Testing.md) - [Thought-Leadership](concepts/Thought-Leadership.md) +- [Threat-Intelligence](concepts/Threat-Intelligence.md) - [Threat-Modeling](concepts/Threat-Modeling.md) - [Three-Tier-Review-Mechanism](concepts/Three-Tier-Review-Mechanism.md) - [ThreeActProposalNarrative](concepts/ThreeActProposalNarrative.md) @@ -1810,6 +1880,7 @@ - [Unified-Inbox](concepts/Unified-Inbox.md) - [UnityLobby](concepts/UnityLobby.md) - [UnityRelay](concepts/UnityRelay.md) +- [Urban-Sprawl](concepts/Urban-Sprawl.md) - [USER.md](concepts/USER.md.md) - [value-stream](concepts/value-stream.md) - [Value-Stream-Mapping](concepts/Value-Stream-Mapping.md) @@ -1821,6 +1892,7 @@ - [Vibe-Coding](concepts/Vibe-Coding.md) - [Video-Hook](concepts/Video-Hook.md) - [ViralLoop](concepts/ViralLoop.md) +- [Virtual-Desktop-Infrastructure](concepts/Virtual-Desktop-Infrastructure.md) - [Visual-Coherence-Engine](concepts/Visual-Coherence-Engine.md) - [Visual-Debugging](concepts/Visual-Debugging.md) - [vLLM](concepts/vLLM.md) @@ -1850,6 +1922,7 @@ - [Workflow-Tree-Spec](concepts/Workflow-Tree-Spec.md) - [Workspace](concepts/Workspace.md) - [WorldPartition](concepts/WorldPartition.md) +- [WSP-Protocol](concepts/WSP-Protocol.md) - [X-Twitter-API-Automation](concepts/X-Twitter-API-Automation.md) - [X11](concepts/X11.md) - [Xinchuang](concepts/Xinchuang.md) diff --git a/wiki/log.md b/wiki/log.md index fcfddcce..f2bb3f9d 100644 --- a/wiki/log.md +++ b/wiki/log.md @@ -6057,3 +6057,57 @@ - Source page: wiki/sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md - Notes: 步骤3完成:新建 source page;步骤4完成:index.md 条目已存在(第242行),无需更新;步骤5完成:overview.md 中已有标签相关内容,本次无需修订;步骤6完成:新建1个 Entity 页面(Martin Rosler.md),更新 Phenops-Team.md 的 sources 和 last_updated;步骤7完成:新建2个 Concept 页面(Kubernetes-Tagging.md、Container-Image-Tagging.md);步骤8完成:无冲突(V2 在 V1 基础上扩展,保持向前兼容);步骤9完成:log.md 追加记录 +## [2026-04-28] ingest | CTP Topic 70 EKS deployment using IAC +- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac.md +- Status: ✅ 成功摄入 +- Summary: 通过 IaC(Terraform/Service Catalog)部署 Amazon EKS 集群的完整方法论——容器与 VM 对比、EKS 核心特性(完全托管控制平面/零停机滚动更新/IAM RBAC)、两种部署路径、自定义 EMI 网络解决 CIDR 限制、Cluster Autoscaler 自动扩缩容、监控栈(CloudWatch Agent + FluentBit + Container Insights + Grafana)。属 [[Amazon-EKS]] 部署方法的完整入口。 +- Concepts touched: [[Kubernetes]], [[Amazon-EKS]], [[Infrastructure-as-Code]], [[Terraform]], [[Cluster-Autoscaler]], [[OpenTelemetry]], [[Grafana]] +- Concepts created: [[Karpenter]], [[AWS-Service-Catalog]], [[ALB-Ingress-Controller]], [[EMI-Elastic-Network-Interface]], [[CloudWatch-Agent]], [[FluentBit]], [[Container-Insights]] +- Entities touched: [[AWS]], [[HashiCorp]] +- Entities created: 无(AWS.md、HashiCorp.md 均已存在) +- Source page: wiki/sources/ctp-topic-70-eks-deployment-using-iac.md +- Notes: 步骤3完成:新建 source page;步骤4完成:index.md 条目已存在(第290行),无需更新;步骤5完成:overview.md 条目已存在(第281行),内容一致无需修订;步骤6完成:无新增 Entity(AWS.md、HashiCorp.md 均已存在);步骤7完成:新建7个 Concept 页面(Karpenter、AWS-Service-Catalog、ALB-Ingress-Controller、EMI-Elastic-Network-Interface、CloudWatch-Agent、FluentBit、Container-Insights);步骤8完成:无冲突;步骤9完成:log.md 追加记录 + +## [2026-04-28] ingest | CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone +- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md +- Status: ✅ 成功摄入 +- Summary: 在受限 AWS Lab Landing Zone 网络环境中实施 EKS 的技术方案——Spencer 和 Guy 分享。核心问题:Micro Focus 网络 IP 地址池不足,无法满足 Octane(IP 密集型 SaaS 应用)的 EKS Pod 需求。解决方案:创建独立私有子网(非主 VPC 子网)、启用 EKS 模块自定义网络标志、Pod 规范设置 `hostNetwork: true`、Terraform/Terragrunt 模块封装。Atlantis 当前不支持 EKS 部署,需通过 Jenkins + Terragrunt 模块替代。属 [[Amazon-EKS]] 在受限网络场景下的技术实践。 +- Concepts touched: [[Amazon-EKS]], [[AWS-Landing-Zone]], [[EKS-Custom-Networking]], [[Host-Network-Mode]], [[Terraform-Terragrunt]], [[Kubernetes-Pod-Networking]] +- Concepts created: [[EKS-Custom-Networking]], [[Host-Network-Mode]] +- Entities touched: [[AWS]], [[Amazon-EKS]], [[Octane]], [[Jenkins]] +- Entities created: [[Amazon-EKS]], [[Octane]] +- Source page: wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md +- Notes: 步骤3完成:新建 source page;步骤4完成:index.md 条目已存在(第296行),无需更新;步骤5完成:overview.md 条目已存在(第279行),内容一致无需修订;步骤6完成:新建2个 Entity 页面(Amazon-EKS.md、Octane.md);步骤7完成:新建2个 Concept 页面(EKS-Custom-Networking.md、Host-Network-Mode.md);步骤8完成:无冲突(与 ctp-topic-70/ctp-topic-59 互补而非矛盾);步骤9完成:log.md 追加记录 + + +## [2026-04-28] ingest | Public Cloud Learning Sessions - EKS Optimization Part 2 of 3 - Running Containers with Bottlerocket OS +- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md +- Status: ✅ 成功摄入 +- Summary: Bottlerocket OS(火箭瓶)深度解析——AWS 专为容器工作负载优化的最小化开源 Linux 发行版。核心设计理念:最小化(去除包管理器/Shell/SSH,仅打包必要内核组件)、安全更新(分区镜像 A/B 切换确保原子性)、安全加固(dm-verity 根文件系统加密验证 + SE Linux enforcing 模式 + 根文件系统默认只读)。Variant 机制通过平台+架构+工作负载组件组合在构建时定制功能,支持自管理节点组、托管节点组和 Carpenter 节点池三种 EKS 集成方式。与 Part 1(Karpenter)和 Part 3(EKS Auto Mode)构成 EKS 优化完整链路。 +- Concepts touched: [[Immutable-Root-Filesystem]], [[dm-verity]], [[SE-Linux-Enforcing]], [[Partition-Updates]], [[CIS-Benchmark]], [[Karpenter]] +- Entities touched: [[Bottlerocket]], [[Amazon-EKS]], [[AWS]] +- Concepts created: 无(均已存在) +- Entities created: 无(均已存在) +- Source page: wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md +- Notes: 步骤3完成:source page 已存在,日期更新为 2026-04-14;步骤4完成:index.md 条目日期更新;步骤5完成:overview.md 条目已存在(第271行),内容一致无需修订;步骤6完成:Entity 页面均已存在(Bottlerocket.md、Amazon-EKS.md、AWS.md);步骤7完成:Concept 页面均已存在(Immutable-Root-Filesystem.md、dm-verity.md、SE-Linux-Enforcing.md、Partition-Updates.md、CIS-Benchmark.md、Karpenter.md);步骤8完成:无冲突(source page 已记录与相关页面的关系);步骤9完成:log.md 追加记录 + +## [2026-04-28] update | CTP Topic 64 - 补充缺失 Entity 和 Concept 页面 +- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md +- Status: ✅ 补充完成 +- Summary: 发现 Source Page ctp-topic-64-scaling-out-with-amazon-eks 引用了多个尚未建立独立页面的 Entity 和 Concept,补充创建以完善知识图谱 +- Entities created: [[Suravpul]](AWS 高级解决方案架构师,EKS 可靠性/扩缩容/可观测性专题讲师) +- Concepts created: [[Horizontal Pod Autoscaler (HPA)]], [[KEDA]], [[Cluster Autoscaler]], [[IPv6-in-EKS]], [[CoreDNS-Scaling]], [[Metrics-Server]], [[API-Server-Priority-and-Fairness]] +- Concepts existing: [[Karpenter]](已存在于 wiki/concepts/Karpenter.md) +- Source page: wiki/sources/ctp-topic-64-scaling-out-with-amazon-eks.md +- Notes: Suravpul Entity 补充创建后,该 Entity 页面覆盖 CTP Topic 59/64/67 三个关联 Source;HPA Concept 已在 ctp-topic-59 Source page 中引用,本次更新同步建立独立页面;Cluster Autoscaler Concept 已在 ctp-topic-70 Source page 中引用,本次同步更新 sources 字段 + +## [2026-04-29] ingest | Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015 +- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md +- Status: ✅ 成功摄入 +- Summary: OpenText 全球信息安全团队(GIS)安全策略全景——Mike & Ed 主持。内容涵盖:GIS 分层组织架构(运营、合规、治理、隐私);ISO 27001 姿态框架(2022版,11个新增控制方面);FedRAMP 等多项行业/政府认证;年度第三方测试+红队演练;月处理 2250 亿条日志,350 案例/月;GISP 最高纲领性政策季度审查;安全意识培训(月度通讯+钓鱼演练);BrightCloud 威胁情报工具。 +- Concepts touched: [[Global Information Security Policy (GISP)]], [[ISO-27001]], [[Security Awareness Training]], [[Third Party Penetration Testing]], [[Threat Intelligence]], [[FedRAMP]] +- Entities touched: [[Mike]], [[Ed]], [[OpenText]], [[BrightCloud]] +- Concepts created: [[Global Information Security Policy (GISP)]], [[ISO-27001]], [[Security Awareness Training]], [[Third Party Penetration Testing]], [[Threat Intelligence]], [[FedRAMP]] +- Entities created: [[Mike]], [[Ed]], [[BrightCloud]] +- Source page: wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md +- Notes: 步骤3完成:source page 已存在,内容确认/更新;步骤4完成:index.md 条目已存在(第274行),无需更新;步骤5完成:overview.md 无需修订(OpenText 安全专题系列,overview 已覆盖);步骤6完成:新建3个 Entity 页面(Mike.md、Ed.md、BrightCloud.md);步骤7完成:新建6个 Concept 页面(GISP、ISO-27001、Security Awareness Training、Third Party Penetration Testing、Threat Intelligence、FedRAMP);步骤8完成:与 CTP-Topic-10 和 CTP-Topic-52 互补而非冲突;步骤9完成:log.md 追加记录 diff --git a/wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md b/wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md index 61d4b3b3..10d5e727 100644 --- a/wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md +++ b/wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md @@ -6,61 +6,63 @@ tags: - EKS - Kubernetes - Landing-Zone + - Terraform + - Terragrunt - CTP -date: 2026-04-24 +date: 2026-04-14 +sources: [] +last_updated: 2026-04-28 --- ## Source File -- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md]] +- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] ## Summary(用中文描述) -- 核心主题:在 AWS Lab Landing Zone 中通过 Terraform/Terragrunt 自动化部署 EKS 集群,解决 Octane(Micro Focus SaaS 应用)IP 地址池不足的难题 -- 问题域:Micro Focus 网络环境下的 AWS Lab Landing Zone 网络地址空间受限,无法满足 EKS Pod 大量 IP 地址需求 +- 核心主题:在 AWS Lab Landing Zone 中实现 EKS(Elastic Kubernetes Service),解决 Microfocus Octane SaaS 应用的 IP 地址不足问题 +- 问题域:AWS Lab 网络环境中 IP 地址池受限,无法满足 EKS 集群中 Pod 的 IP 分配需求 - 方法/机制: - - 在独立私有子网(非主 VPC 子网)中部署 EKS,由 EKS 模块自定义网络标志控制 IP 分配 - - 通过 Terraform/Terragrunt 模块调用 EKS 模块,指定子网和联邦账户/角色映射 - - Pod 规范中设置 `hostNetwork: true` 使 Pod 直接使用宿主机网络 - - IAM 角色映射实现集群访问和 AWS Console 可视化 -- 结论/价值:即使在受限网络环境下,通过 EKS 自定义网络功能 + IaC 自动化仍可成功部署 EKS,无需 Atlantis(Jenkins + Terragrunt 模块替代方案) + - 在独立私网子网(非主 subnet)内创建 EKS 集群,提供大量可用 IP + - 使用 Terraform + Terragrunt 模块化部署 EKS + - 通过 EKS 模块的自定义网络配置标志(flag)控制 IP 分配 + - 在 Pod spec 中设置 `hostNetwork: true`,使 Pod 使用宿主机网络 + - 通过角色映射(role mapping)实现跨账户连接集群和 AWS Console 可视化 +- 结论/价值:成功在受限网络环境中部署 EKS,支持访问内部 Microfocus 网络资源和外部资源;Atlantis 当前无法部署 EKS,改用 Jenkins + Terragrunt 模块替代 ## Key Claims(用中文描述) -- EKS 模块提供自定义网络配置标志,可控制 Pod IP 地址分配策略 -- 在受限 Lab 网络环境下,创建独立私有子网(非主 VPC 子网)为 EKS Pod 提供充足 IP 地址池 -- Terraform/Terragrunt 模块可封装 EKS 集群的完整部署逻辑,支持跨账户角色映射 -- Atlantis 目前无法部署 EKS 集群,需通过 Jenkins + Terragrunt 模块替代 -- Pod 网络规范设置 `hostNetwork: true` 后,Pod 可同时访问内部 Micro Focus 网络和外部资源 -- IAM 角色映射使用户可连接集群并在 AWS Console 中查看 EKS 组件 -- 节点组数量当前硬编码,未来版本将支持可配置参数 +- Spencer 和 Guy 在 AWS Lab Landing Zone 中为 Microfocus Octane SaaS 应用(IP 密集型)成功部署了 EKS +- 标准 EKS 部署方案不支持在独立私网子网中分配大量 IP,需启用 EKS 模块的自定义网络配置标志 +- 在 Pod spec 中配置 `hostNetwork: true` 后,Pod 可直接使用宿主机网络 IP,实现与内部 Microfocus 网络的通信 +- Atlantis 当前无法部署 EKS 集群,改用 Jenkins 上的 Terragrunt 模块实现自动化部署 +- 通过角色映射(federated account/role mapping)实现跨账户连接 EKS 集群并在 AWS Console 中查看 EKS 组件 +- Node group 数量目前硬编码,未来版本将支持可配置化 +- 容器安全加固已与安全团队讨论并实施 ## Key Quotes -> "The problem was that this wasn't supported in the EKS sort of solution that was given to us." — Spencer,描述 IP 池不足问题在标准 EKS 方案中不受支持的困境 - -> "Within the spec configuration, we basically have to put host network equals true." — Guy,描述让 Pod 访问内部网络的关键配置 +> "The problem was was that this wasn't supported in the EKS sort of solution that was given to us." — Spencer,描述标准 EKS 方案在独立私网环境中的限制 +> "Within the spec configuration, we basically have to put host network equals true." — Guy,描述 Pod 如何使用宿主机网络实现 IP 访问 +> "Atlantis cannot currently deploy EKS clusters; a Terragrunt module on Jenkins is used instead." — 关于 EKS 部署工具链的说明 ## Key Concepts -- [[Amazon EKS]]:AWS 托管 Kubernetes 服务,完全托管控制平面,支持 IAM RBAC 最小权限 -- [[Kubernetes Custom Networking]]:EKS 自定义网络功能,允许控制 Pod IP 分配策略,解决 VPC CIDR 限制 -- [[Terraform-Terragrunt Module]]:封装 EKS 部署逻辑的基础设施即代码模块,支持跨账户部署 -- [[IAM Role Mapping (EKS)]]:通过 AWS IAM 角色映射实现集群访问控制和 AWS Console 可视化 -- [[Host Network Mode (Pod)]]:Pod 使用宿主机网络栈,`hostNetwork: true` 使 Pod 可访问底层网络资源 -- [[Container Hardening]]:容器安全加固标准,与安全团队协作实施的容器安全措施 +- [[AWS Landing Zone]]:AWS 多账户基础设施架构框架,提供基础网络、安全、合规框架 +- [[EKS Custom Networking]]:EKS 提供的自定义网络配置,允许控制 Pod IP 分配,不依赖 VPC CNI 默认行为 +- [[Host Network Mode]]:Kubernetes Pod 配置项(hostNetwork: true),使 Pod 共享宿主机的网络命名空间 +- [[Terraform Terragrunt]]:Terragrunt 作为 Terraform 的 wrapper,支持模块化和跨账户基础设施部署 +- [[Kubernetes Pod Networking]]:Pod 网络模型,决定 Pod 如何获取 IP 及与集群内外通信 ## Key Entities -- [[Octane-Hub]]:Software Factory 团队,Micro Focus 云转型计划一部分,主导 SaaS 应用容器化迁移,CTO 为 Holger Rode;本文档中 Octane 作为 EKS 部署的实际业务驱动方(IP 密集型 SaaS 应用) -- [[Spencer]]:AWS Lab Landing Zone EKS 实施分享人 -- [[Guy]]:AWS Lab Landing Zone EKS 实施技术细节讲解人 -- [[Terragrunt]]:Terraform 的 wrapper 工具,用于管理跨账户基础设施部署 -- [[Atlantis]]:Terraform GitOps 工具,当前不支持 EKS 集群部署 +- [[Spencer]]:OpenText/Micro Focus SRE,负责 AWS Lab Landing Zone 架构设计 +- [[Guy]]:OpenText/Micro Focus 技术专家,参与 EKS 部署实现 +- [[Octane]]:Micro Focus SaaS 应用,IP 地址密集型 workload,是本次 EKS 部署的驱动用例 +- [[Micro Focus]]:公司名称,现为 OpenText 旗下 +- [[Atlantis]]:基于 Terraform 的 Pull Request 自动化工具,当前不支持 EKS 部署 +- [[Jenkins]]:CI/CD 平台,用于执行 Terragrunt 模块部署 EKS 集群 ## Connections -- [[ctp-topic-70-eks-deployment-using-iac]] ← depends_on ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] - - Topic 39 解决了 EKS 在受限网络环境下的 IP 分配技术难题,为 Topic 70 的 IaC 部署实践提供底层支撑 -- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] ← related ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] - - 两者均讨论 EKS 可靠性,两者互补:Topic 39 侧重网络架构,Topic 59 侧重 SLA/SLO 保障 -- [[ctp-topic-25-labs-landing-zone-overview-itom-teams]] ← depends_on ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] - - Labs LZ 的多账户架构和 Terraform/Terragrunt 管理模式是 Topic 39 EKS 部署的基础设施上下文 -- [[ctp-topic-14-octane-hub-on-aws]] ← related ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]] - - 两者均涉及 Octane 的 AWS 迁移,但 Topic 14 聚焦 Octane Hub 整体迁移,Topic 39 聚焦 EKS 网络解决方案 +- [[CTP Topic 10 AWS Landing Zone LZ Data Collection Tagging Related Security]] ← relates_to ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] +- [[CTP Topic 70 EKS Deployment Using IAC]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] +- [[Public Cloud Learning Sessions EKS Optimization Part 1 of 3 Compute Optimization with Karpenter]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] +- [[CTP Topic 64 Scaling Out with Amazon EKS]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] +- [[CTP Topic 59 Achieving Reliability with Amazon EKS]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] ## Contradictions -- 无发现与现有 Wiki 页面的直接冲突 +- (暂无已知冲突内容) diff --git a/wiki/sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md b/wiki/sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md index 3fa00284..2334ff5b 100644 --- a/wiki/sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md +++ b/wiki/sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md @@ -1,67 +1,84 @@ --- title: "CTP Topic 59 Achieving reliability with Amazon EKS" type: source -tags: - - AWS - - EKS - - Kubernetes - - Reliability - - CTP +tags: [AWS, EKS, Kubernetes, Reliability, CTP] date: 2026-04-14 +sources: [] +last_updated: 2026-04-28 --- ## Source File -- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md]] +- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks]] -## Summary(用中文描述) -- 核心主题:Amazon EKS(Elastic Kubernetes Service)的可靠性最佳实践,涵盖容器服务选型、应用层可靠性、控制平面可靠性和数据平面可靠性四个维度。 -- 问题域:Kubernetes 在 AWS 上的生产级可靠性保障,涉及 shared responsibility model 下 AWS 与客户的责任边界划分。 -- 方法/机制:通过 Pod 反亲和性、拓扑分布约束、HPA/VPA 扩缩容、探针配置、PodDisruptionBudget 等机制实现故障检测、优雅降级、自愈和按需扩缩;控制平面通过监控、认证加固、准入 Webhook 管理、集群升级策略保障;数据平面通过节点问题检测、资源预留、QoS、资源配额和 Pod 优先级机制保障。 -- 结论/价值:EKS 可靠性需要在应用、控制平面、数据平面三个层面综合设计,结合 AWS shared responsibility model 明确责任边界,并通过多样性部署策略(Rolling/Blue-Green/Canary)实现安全升级。 +## Summary -## Key Claims(用中文描述) -- ECS 推荐给容器化初学者,提供简单界面和原生 AWS 集成;EKS 适合熟悉 Kubernetes 生态的用户,提供开放社区灵活性。 -- 系统可靠性意味着即使发生故障也能提供可预测行为,核心关注点包括:故障检测、优雅服务降级、确定性故障模式、自愈能力和按需扩缩。 -- AWS shared responsibility model 下,AWS 负责控制平面组件(state store、scheduler、controller manager、API servers),客户负责工作节点、操作系统和应用配置。 -- Fargate 模式下客户无需管理节点、补丁或升级工作。 -- 应用可靠性需避免单例 Pod,使用 Pod 反亲和性或拓扑分布约束将应用 Pod 分散到多个可用区;HPA 默认基于 CPU 和内存扩缩容,VPA 可正确调整 Pod 大小但会导致运行时重启。 -- 部署策略包括滚动升级、蓝绿部署和金丝雀部署,各有不同控制复杂度和安全保障级别;存活探针、就绪探针和启动探针是 Pod 健康监控的关键;PodDisruptionBudget 确保维护期间的最小服务水平。 -- 控制平面可靠性需监控 API server 请求和 HCT state store 大小;必须创建具有超级管理员角色的安全用户;准入 Webhook 需仔细配置以避免阻塞控制平面;EKS 平台版本自动处理补丁版本,Minor 版本有 14 个月支持周期后自动升级。 -- 数据平面可靠性需使用节点问题检测器、预留系统资源、实现 QoS、配置资源配额和限制范围;Pod 优先级控制抢占。 +- **核心主题**:Amazon EKS 的可靠性最佳实践,涵盖应用层、控制平面和数据平面的可靠性设计 +- **问题域**:容器化工作负载在 AWS EKS 上的生产级可靠性保障 +- **方法/机制**: + - 应用层:Pod 分布策略(anti-affinity / topology spread constraints)、弹性伸缩(HPA/VPA)、健康探针、部署策略 + - 控制平面:监控指标、安全认证、准入 webhook、集群升级策略 + - 数据平面:节点问题检测、资源预留、QoS、Pod 优先级 +- **结论/价值**:EKS 可靠性需从应用、控制平面、数据平面三个维度系统性设计;AWS 与客户遵循共享责任模型,各自承担不同职责 + +## Key Claims + +- **Surav Paul(AWS 高级解决方案架构师)** 通过展示 EKS 容器服务选项和可靠性实践,系统性讲解了三个可靠性维度的设计原则 +- **容器服务选型**:ECS 适合容器化入门者(AWS 原生集成);EKS 适合熟悉 Kubernetes 生态的用户(开放社区灵活性) +- **可靠性定义**:系统在发生故障时仍能提供可预测行为,包括故障检测、优雅降级、确定性故障模式、自愈能力和按需扩展 +- **共享责任模型**:AWS 负责控制平面组件(状态存储、调度器、控制器管理器、API 服务器);客户负责工作节点、操作系统和应用配置 +- **Fargate 优势**:使用 Fargate 时无需管理节点或担忧节点补丁和升级 +- **应用层可靠性**:避免单例 Pod,通过 pod anti-affinity 或 topology spread constraints 跨可用区分布应用 Pod +- **弹性伸缩**:HPA 默认基于 CPU 和内存,可使用自定义/外部指标;VPA 可调整 Pod 大小,但运行时调整会导致重启 +- **部署策略**:滚动升级、蓝绿部署、灰度部署,复杂度和控制力逐级递增 +- **控制平面可靠性**:监控 API 服务器请求和 etcd 状态存储大小;创建安全用户并分配超级管理员角色;谨慎配置和测试准入 webhook +- **集群升级**:控制平面和数据平面分阶段升级;EKS 平台版本透明处理补丁版本;次版本有 14 个月支持周期后自动升级 +- **数据平面可靠性**:使用节点问题检测器、预留系统资源、实现 QoS、配置资源配额和限制范围;Pod 优先级控制抢占 ## Key Quotes -> "ECS is a more AWS opinionated way of running containers." — ECS 与 EKS 的核心区别概述 -> "Reliability in a system means it offers predictable behavior even when failures occur." — 可靠性的本质定义 -> "With Fargate, you don't have to worry about managing the nodes or worrying about patching or upgrading the nodes." — Fargate 对 shared responsibility model 的影响 + +> "Reliability in a system means it offers predictable behavior even when failures occur." — Surav Paul, AWS + +> "ECS is a more AWS opinionated way of running containers." — Surav Paul, AWS + +> "With Fargate, you don't have to worry about managing the nodes or worrying about patching or upgrading the nodes." — Surav Paul, AWS ## Key Concepts -- [[Reliability(系统可靠性)]]:系统在发生故障时仍能提供可预测行为的能力,包含故障检测、优雅降级、确定性故障模式、自愈和按需扩缩五个核心关注点。 -- [[Application Reliability(应用可靠性)]]:通过避免单例 Pod、AZ 分散、HPA/VPA 扩缩容、部署策略(Rolling/Blue-Green/Canary)、健康探针和 PodDisruptionBudget 实现。 -- [[Control Plane Reliability(控制平面可靠性)]]:通过监控控制平面指标、安全认证加固、准入 Webhook 管理和集群升级策略保障。 -- [[Data Plane Reliability(数据平面可靠性)]]:通过节点问题检测、资源预留、QoS、资源配额、LimitRange 和 Pod 优先级机制保障。 -- [[Shared Responsibility Model(EKS)]]:AWS 负责控制平面(API server、scheduler 等),客户负责工作节点、操作系统和应用配置;Fargate 模式下进一步减少客户运维负担。 -- [[Pod Anti-Affinity]]:通过反亲和性规则将 Pod 分散到不同节点或可用区,避免单点故障。 -- [[Topology Spread Constraints]]:提供比 Pod 反亲和性更细粒度的工作负载分布控制。 -- [[Horizontal Pod Autoscaler (HPA)]]:基于 CPU 利用率和内存消耗的默认扩缩容机制,支持自定义/外部指标。 -- [[Vertical Pod Autoscaler (VPA)]]:根据实际资源使用情况自动调整 Pod 的大小配置,但运行时调整会导致 Pod 重启。 -- [[Liveness/Readiness/Startup Probes]]:三类 Kubernetes 探针,用于监控 Pod 健康状态和就绪情况。 -- [[PodDisruptionBudget]]:在自愿中断(如节点维护)期间保证最小数量或比例的 Pod 持续运行。 -- [[Rolling/Blue-Green/Canary Deployment]]:三种部署策略,滚动升级自动化程度高但回滚控制有限,蓝绿和金丝雀提供更精细的控制和快速回滚能力。 + +- [[Reliability-Engineering]]:系统在故障时仍提供可预测行为的工程学科 +- [[Kubernetes]]:开源容器编排平台,EKS 为其托管服务 +- [[Amazon-EKS]]:AWS 托管的 Kubernetes 服务 +- [[HPA]]:Horizontal Pod Autoscaler,根据 CPU/内存自动调整 Pod 副本数 +- [[VPA]]:Vertical Pod Autoscaler,根据资源使用情况调整 Pod 资源请求 +- [[Pod-Anti-Affinity]]:Pod 反亲和性,确保 Pod 分布在不同节点或可用区 +- [[Topology-Spread-Constraints]]:拓扑分布约束,实现细粒度的工作负载分布控制 +- [[Liveness-Probe]]:存活探针,检测 Pod 是否存活并决定是否重启 +- [[Readiness-Probe]]:就绪探针,检测 Pod 是否准备好接收流量 +- [[Startup-Probe]]:启动探针,检测应用启动完成前给予更长启动时间 +- [[Pod-Disruption-Budget]]:Pod 中断预算,确保维护期间最小服务级别 +- [[Admission-Webhook]]:准入控制器,在 API 请求到达对象存储前进行拦截和修改 +- [[Node-Problem-Detector]]:节点问题检测器,检测节点级硬件和系统问题 +- [[Quality-of-Service-QoS]]:服务质量等级,根据资源请求/限制划分 Pod 优先级 +- [[Shared-Responsibility-Model]]:AWS 与客户各自承担不同可靠性职责的模型 ## Key Entities -- [[Surav Paul]]:AWS 高级解决方案架构师(Senior Solutions Architect),本场演讲的主讲人。 -- [[Amazon EKS]]:AWS 托管的 Kubernetes 服务,适合熟悉 Kubernetes 生态的用户,提供开放社区灵活性。 -- [[Amazon ECS]]:AWS 原生容器服务,推荐给容器化初学者,提供简单界面和原生 AWS 集成。 -- [[AWS Fargate]]:无服务器容器运行平台,使用 Fargate 时客户无需管理节点、补丁或升级工作。 + +- [[AWS]]:Amazon Web Services,云服务提供商,负责 EKS 控制平面 +- [[Amazon-ECS]]:Elastic Container Service,AWS 容器服务之一,与 EKS 对比 +- [[AWS-Fargate]]:无服务器计算引擎,EKS 可选计算选项,无需管理节点 +- [[Surav-Paul]]:AWS 高级解决方案架构师,本次演讲讲师 ## Connections -- [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] ← topic_overlap ← [[CTP Topic 59 Achieving reliability with Amazon EKS]](均涉及 EKS 部署实践,本 Topic 聚焦可靠性设计,Topic 39 聚焦网络/IP 问题解决) -- [[CTP Topic 64 Scaling out with Amazon EKS]] ← topic_overlap ← [[CTP Topic 59 Achieving reliability with Amazon EKS]](均涉及 EKS 扩缩容,Topic 64 聚焦扩缩机制,Topic 59 聚焦可靠性全栈设计) -- [[CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana]] ← complements ← [[CTP Topic 59 Achieving reliability with Amazon EKS]](Grafana 监控可用于 Topic 59 中的控制平面和数据平面指标监控) -- [[Public Cloud Learning Sessions EKS Optimization Part 3 of 3 Introduction to EKS Auto Mode]] ← extends ← [[CTP Topic 59 Achieving reliability with Amazon EKS]](Auto Mode 是 EKS 可靠性自动化的进一步演进,涵盖 Fargate 集成和自动扩缩容) + +- [[Amazon-EKS]] ← extends ← [[Kubernetes]] +- [[Amazon-EKS]] ← supports ← [[AWS-Fargate]] +- [[Amazon-ECS]] ← competes_with ← [[Amazon-EKS]] +- [[HPA]] ← scales ← [[Kubernetes]] +- [[VPA]] ← scales ← [[Kubernetes]] +- [[Reliability-Engineering]] ← applies_to ← [[Amazon-EKS]] ## Contradictions -- 与 [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] 的潜在视角差异: - - 冲突点:Topic 39 描述 EKS 部署中的 IP 资源挑战,强调自定义网络配置(hostNetwork)和独立私有子网;Topic 59 侧重标准 EKS 可靠性机制,较少涉及网络约束场景。 - - 当前观点:两者面向不同场景——Topic 39 针对受限网络环境下的实际部署挑战,Topic 59 提供通用的 EKS 可靠性最佳实践,互为补充而非冲突。 - - 对方观点:Topic 39 认为在某些受限环境下标准 EKS 配置(如 CNI 插件默认 IP 分配)无法直接适用,需要自定义网络方案;Topic 59 的通用建议可能需要针对特殊环境调整。 + +- 与 [[ReliabilityBaseline]] 潜在交叉: + - 冲突点:可靠性基线的具体量化指标(如 SLO/SLI 数值)本文档未涉及 + - 当前观点:聚焦工程实践和机制设计层面 + - 对方观点:可能包含可靠性指标的量化定义 diff --git a/wiki/sources/ctp-topic-70-eks-deployment-using-iac.md b/wiki/sources/ctp-topic-70-eks-deployment-using-iac.md index e6d53617..6868c3c6 100644 --- a/wiki/sources/ctp-topic-70-eks-deployment-using-iac.md +++ b/wiki/sources/ctp-topic-70-eks-deployment-using-iac.md @@ -1,68 +1,81 @@ --- title: "CTP Topic 70 EKS deployment using IAC" type: source -tags: [AWS, EKS, IaC, Kubernetes, CTP] -sources: [raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac] -last_updated: 2026-04-24 +tags: + - AWS + - EKS + - IaC + - Kubernetes + - CTP +last_updated: 2026-04-28 --- ## Source File -- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac.md]] +- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac.md]] ## Summary(用中文描述) -- 核心主题:EKS(Amazon Elastic Kubernetes Service)集群通过 IaC(基础设施即代码)方式部署,涵盖容器与 VM 的对比、EKS 特性详解、Terraform 和 Service Catalog 两种部署方式,以及 EKS 集群与容器监控方案。 -- 问题域:如何在企业 AWS Landing Zone 中通过标准化 IaC 流程部署和管理 EKS 集群,实现容器化工作负载的统一治理。 +- 核心主题:通过基础设施即代码(IaC)部署 Amazon EKS 集群,涵盖容器与虚拟机对比、EKS 特性、Terraform/Service Catalog 两种部署方式、自定义网络与自动扩缩容、以及监控体系。 +- 问题域:企业如何在 AWS 云中使用 IaC 工具标准化、可重复地部署和管理 Kubernetes 集群。 - 方法/机制: - - **两种部署方式**:Terraform(使用 `tera-grant.scl` 文件定义集群参数)+ AWS Service Catalog(通过产品组合模块化部署) - - **自定义网络**:EMI(ENI Multi-IP)解决 Pod IP 分配 CIDR 限制问题 - - **自动扩缩容**:Kubernetes Cluster Autoscaler 根据资源需求自动扩缩 Worker Node - - **监控栈**:CloudWatch Agent + FluentBit(DaemonSet)+ Container Insights + AWS OpenTelemetry + Grafana -- 结论/价值:通过 SRE EKS 模块集成 Terraform/Service Catalog 两种 IaC 路径,实现 EKS 集群的标准化、可审计、可重复部署;配合 CloudWatch + Grafana 实现全栈可观测性。 + - **Terraform 部署**:通过 `tera-grant.scl` 文件定义环境变量、EKS 版本和工作节点类型(CPU/GPU/default),集成 AWS Secrets Manager 发送通知。 + - **Service Catalog 部署**:提供版本选择和工作节点类型配置,对安全与权限有更多控制。 + - **自定义网络(EMI)**:为 Pod 分配弹性网络接口以解决 CIDR 限制。 + - **集群自动扩缩容**:Kubernetes Cluster Autoscaler 根据资源需求自动扩缩工作节点。 + - **监控体系**:CloudWatch Agent + FluentBit(DaemonSet)+ Container Insights + Grafana 集中可视化。 +- 结论/价值:SRE EKS 模块提供企业级 Kubernetes 部署方案,通过 IaC 实现标准化,通过 ALB Ingress Controller 实现流量管理,通过自定义 EMI 解决网络限制,通过集中监控实现主动告警。 ## Key Claims(用中文描述) -- Kubernetes 相比 VM 具有更快的启动速度、更高的内存效率和更强的可移植性 -- EKS 提供完全托管的控制平面,实现 Worker Node 的零停机滚动部署 -- IAM RBAC Mapping 通过最小权限原则控制 EKS 集群访问 -- SRE EKS 模块集成 ALB Ingress Controller 实现流量管理 -- EMI 自定义网络通过虚拟 ENI 为 Pod 分配 IP 地址,解决 VPC CIDR 限制 -- Kubernetes Cluster Autoscaler 根据资源需求自动扩缩 Worker Node -- CloudWatch Agent + FluentBit 以 DaemonSet 方式部署,负责日志和指标收集 +- 容器相比虚拟机:启动时间更短、内存效率更高、更易于跨环境迁移。 +- Kubernetes 提供分布式系统运行框架,具备零停机滚动部署、负载均衡和水平 Pod 扩缩容能力。 +- EKS 提供完全托管的控制平面和工作节点自动扩缩,支持零停机滚动更新和 IAM RBAC 最小权限映射。 +- SRE EKS 模块通过 Terraform 或 Service Catalog 两种方式部署,Service Catalog 提供更细粒度的安全控制。 +- 自定义 EMI 网络为 Pod 分配 IP 地址,解决 VPC CIDR 限制问题。 +- Kubernetes Cluster Autoscaler 自动根据资源需求扩缩工作节点。 +- 监控方案:CloudWatch Agent + FluentBit(DaemonSet)+ Container Insights 发布指标至 CloudWatch,配合集中式 Grafana 仪表板可视化。 ## Key Quotes -> "Kubernetes is a framework for running distributed systems resiliently, automating rollouts/rollbacks, load balancing, and horizontal pod scaling." — 核心定义 -> "EKS offers fully managed control planes and autoscaling worker nodes." — EKS 核心价值 -> "Zero downtime rolling deployments for worker node updates" — EKS 高可用特性 -> "IAM RBAC mapping for least privilege access" — EKS 安全模型 -> "Service Catalog allows creating, organizing, and governing AWS resources with permission control." — Service Catalog 定位 +> "EKS, a managed Kubernetes service by Amazon, offers features like fully managed control planes and autoscaling worker nodes." — EKS 托管服务核心价值 + +> "Zero downtime rolling deployments for worker node updates and IAM RBAC mapping for least privilege access are implemented." — SRE EKS 模块核心安全实践 + +> "Service Catalog allows creating, organizing, and governing AWS resources with permission control." — Service Catalog 在 EKS 部署中的角色 + +> "Custom networking for pods addresses CIDR limitations by adding a virtual EMI to assign IP addresses to pods." — EMI 自定义网络机制 + +> "Monitoring is achieved using CloudWatch agent and FluentBit deployed as daemon sets." — EKS 监控架构 ## Key Concepts -- [[Kubernetes]]:容器编排框架,用于分布式系统的弹性运行,支持自动化部署/回滚、负载均衡和 Pod 水平扩缩容 -- [[Amazon EKS]](Amazon Elastic Kubernetes Service):AWS 托管的 Kubernetes 服务,提供完全托管的控制平面和自动扩缩的 Worker Node -- [[Infrastructure as Code]](IaC):通过代码定义和管理基础设施,实现标准化、可审计、可重复的部署 -- [[AWS Service Catalog]]:AWS 服务,允许组织创建、管理和组织云资源产品,并进行权限控制 -- [[IAM RBAC]]:基于角色的访问控制,通过最小权限原则管理 EKS 集群访问 -- [[Cluster Autoscaler]]:Kubernetes 组件,根据资源需求自动扩缩 Worker Node -- [[EMI]](ENI Multi-IP):EKS 自定义网络方案,通过虚拟弹性网络接口为 Pod 分配额外 IP 地址,解决 VPC CIDR 限制 -- [[ALB Ingress Controller]]:AWS Load Balancer Controller,负责管理 ALB Ingress 资源,实现 Kubernetes 服务的七层负载均衡 -- [[CloudWatch Container Insights]]:AWS 监控服务,收集容器级别的指标和日志并发布到 CloudWatch -- [[FluentBit]]:开源日志处理器,以 DaemonSet 方式部署于每个节点,负责收集容器日志 -- [[AWS OpenTelemetry]]:AWS 的可观测性数据收集方案,支持指标、日志和追踪的统一采集 +- [[Container]]:轻量级虚拟化技术,相比虚拟机具有更快的启动速度、更高的内存效率和更好的可移植性。 +- [[Kubernetes]]:分布式系统运行框架,提供自动化部署、扩缩容、负载均衡和滚动更新能力。 +- [[Amazon-EKS]]:AWS 托管的 Kubernetes 服务,提供完全托管的控制平面和工作节点自动扩缩。 +- [[Infrastructure-as-Code-IaC]]:通过声明式配置管理云基础设施,实现标准化、可重复的部署流程。 +- [[Terraform]]:HashiCorp 出品的云无关 IaC 工具,用于定义和部署 EKS 集群。 +- [[AWS-Service-Catalog]]:AWS 服务目录,允许用户通过预定义产品创建 EKS 集群,具备权限控制能力。 +- [[ALB-Ingress-Controller]]:AWS 负载均衡器入口控制器,用于 EKS 集群的流量管理。 +- [[EMI-Elastic-Network-Interface]]:弹性网络接口,用于为 EKS Pod 分配 IP 地址以解决 VPC CIDR 限制。 +- [[Cluster-Autoscaler]]:Kubernetes 组件,根据资源需求自动扩缩工作节点。 +- [[Karpenter]]:AWS 开源的 Kubernetes 节点自动配置工具,基于 Pod 需求动态创建最佳实例类型(未来替代 Cluster Autoscaler 的方案)。 +- [[CloudWatch-Agent]]:AWS 监控代理,用于收集 EKS 集群和容器的日志与指标。 +- [[FluentBit]]:开源日志处理器,作为 DaemonSet 部署在每个节点上收集容器日志。 +- [[Container-Insights]]:EKS 监控功能,发布容器指标至 CloudWatch。 +- [[AWS-Open-Telemetry]]:可观测性框架,可用于 EKS 监控数据采集。 +- [[Grafana]]:开源可视化平台,通过模板化仪表板展示 EKS 集群和容器指标。 ## Key Entities -- [[Kubernetes]](entity):容器编排框架,EKS 的底层技术,Google 开源,CNCF 托管 -- [[Amazon]](entity):AWS/EKS 的提供商 +- [[AWS]]:Amazon Web Services,提供 EKS 托管 Kubernetes 服务。 +- [[HashiCorp]]:Terraform 开发商,提供云无关 IaC 工具。 +- [[SRE]]:Site Reliability Engineering 团队,负责 EKS 模块的设计和维护。 ## Connections -- [[Amazon EKS]] ← 基于 ← [[Kubernetes]] -- [[Terraform]] ← 用于 ← [[Infrastructure as Code]] -- [[AWS Service Catalog]] ← 用于 ← [[Infrastructure as Code]] -- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] ← 相关 ← [[Amazon EKS]] -- [[ctp-topic-64-scaling-out-with-amazon-eks]] ← 相关 ← [[Cluster Autoscaler]] -- [[public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks]] ← 相关 ← [[Amazon EKS]] -- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] ← 相关 ← [[AWS OpenTelemetry]] +- [[Amazon-EKS]] ← uses ← [[Infrastructure-as-Code-IaC]] +- [[Amazon-EKS]] ← deployed_by ← [[Terraform]] +- [[Amazon-EKS]] ← deployed_by ← [[AWS-Service-Catalog]] +- [[Amazon-EKS]] ← manages_traffic_with ← [[ALB-Ingress-Controller]] +- [[Amazon-EKS]] ← networking_extended_by ← [[EMI-Elastic-Network-Interface]] +- [[Amazon-EKS]] ← scales_with ← [[Cluster-Autoscaler]] +- [[Amazon-EKS]] ← monitors_with ← [[CloudWatch-Agent]] + [[FluentBit]] + [[Container-Insights]] +- [[Grafana]] ← visualizes ← [[Amazon-EKS]] monitoring data +- [[Amazon-EKS]] ← extends ← [[Kubernetes]] ## Contradictions -- 与 [[ctp-topic-59-achieving-reliability-with-amazon-eks]] 可能存在内容重叠: - - 冲突点:两篇均涉及 EKS 特性,但侧重点不同 - - 当前观点:Topic 70 侧重 IaC 部署方法和网络/监控机制 - - 对方观点:Topic 59 侧重 EKS 可靠性保证和最佳实践 +- (本主题未发现与其他 Wiki 页面的直接冲突,与相关 EKS 主题形成互补关系) diff --git a/wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md b/wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md index 68a46ea5..c65c9e40 100644 --- a/wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md +++ b/wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md @@ -7,7 +7,7 @@ tags: - Bottlerocket - Container OS - Cloud-Native -date: 2026-04-24 +date: 2026-04-14 --- ## Source File diff --git a/wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md b/wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md index 1a756162..0f652506 100644 --- a/wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md +++ b/wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md @@ -34,9 +34,9 @@ date: 2026-04-14 ## Key Concepts - [[Global Information Security Policy (GISP)]]:最高纲领性政策,季度审查 - [[ISO-27001]]:姿态框架基础,2022 年更新,新增 11 个控制方面 -- [[Security-Awareness-Training]]:月度安全通讯 + 网络钓鱼演练 -- [[Third-Party-Penetration-Testing]]:年度桌面演练 + 红队演练 -- [[Threat-Intelligence]]:结合 BrightCloud 等工具的威胁情报体系 +- [[Security Awareness Training]]:月度安全通讯 + 网络钓鱼演练 +- [[Third Party Penetration Testing]]:年度桌面演练 + 红队演练 +- [[Threat Intelligence]]:结合 BrightCloud 等工具的威胁情报体系 - [[FedRAMP]]:政府级云安全认证 ## Key Entities @@ -51,5 +51,5 @@ date: 2026-04-14 ## Contradictions - 与 [[CTP-Topic-10-AWS-Landing-Zone-LZ-Data-Collection-Tagging-Related-Security]] 存在视角互补而非冲突: - - 冲突点:两者均涉及安全治理,但 Topic 10 聚焦于 AWS 层面的标签化安全策略(SCP/Checkpoint),Topic 41 聚焦于企业级安全政策框架(ISO 27001/GISP) + - 冲突点:两者均涉及安全治理,但 Topic 10 聚焦于 AWS 层面的标签化安全策略(SCP/Checkpoint),本主题聚焦于企业级安全政策框架(ISO 27001/GISP) - 当前观点:两者互补——GISP 定义全局政策纲领,AWS Landing Zone 层面通过标签和 SCP 实现技术落地