Auto-sync: update nexus workspace

2026-04-29 07:09:24 +08:00
parent 15cd44b2ca
commit 070bd42886
36 changed files with 1602 additions and 221 deletions
--- a/ishenwei/blogwatcher/2026-04-29.md
+++ b/ishenwei/blogwatcher/2026-04-29.md
@@ -0,0 +1,268 @@
 ## 📦 新增 77 篇 (06:02:17)
 ### 【Tech With Tim - YouTube】
 - [I gave Claude its own database, here's what happened](https://www.youtube.com/watch?v=vJBAzdOACD8)
  Use ghost.build for free to add persistent memory and disposable databases to claude: https://b.link/ghost-twtIn this video, I show you how to connect...
 ### 【Jon Law - YouTube】
 - [11 Best Platforms for Business Owners to Automate](https://www.youtube.com/watch?v=lLiMDwWowL4)
  #RemitlyPartner Use code BUSINESS to get a $/£100 promo after you send a single business transfer of $/£300 or more from the USA, Canada or UK. To red...
 ### 【huangyihe - YouTube】
 - [AI时代，怎么做产品？怎么做公司？](https://www.youtube.com/watch?v=b8dTUrP8F9w)
  ⭐️ 更多内容 👇X: https://x.com/huangyiheSubstack: https://www.newtype.proGitHub: https://github.com/newtype-01/newtype-os===========================关于本期视频=...
 ### 【惫懒の欧阳川 - YouTube】
 - [【VCP】小白必看！VCP云端0部署，一键启动-10分钟搞定前后端！#AI #人工智能 #Agent #VCP #云部署](https://www.youtube.com/watch?v=xyuxqGcAd-c)
  【VCP】小白必看！VCP云端0部署，一键启动-10分钟搞定前后端！#AI #人工智能 #Agent #VCP #云部署 #VCPToolBox 【視頻内容 】---------------------------------------------------------- 又一期重磅教程来了！经...
 ### 【TEDx Talks - YouTube】
 - [3 ways to set boundaries (without saying "no") | Raluca Hancu | TEDxHeilbronn](https://www.youtube.com/watch?v=F2Zm1yx0Doo)
  Raluca Hancu shows how boundaries don’t have to block connection, they can strengthen it. Using stories from her own motherhood and the psychology of ...
 - [What if Belonging Rewards Disappearing | Diane Marie Pisera | TEDxStamford](https://www.youtube.com/watch?v=3ZQrNJZZG2Y)
  In “What If Belonging Rewards Disappearing?”, Diane draws from her experience immigrating from Italy to the United States to explore how early adaptat...
 - [Session 1: Roots | Yasemin TUR | TEDxMustafa Kaynak Anadolu High School](https://www.youtube.com/watch?v=3VJTil6zfs8)
  We all think the path to success lies in knowing exactly "what we want." But what if true freedom begins the moment we realize what we don't want?In t...
 - [Session III: Transformation | Nalan Kaynak | TEDxMustafa Kaynak Anadolu High School](https://www.youtube.com/watch?v=Hx1ZnW5-dHM)
  In her inspiring talk, **Nalan Kaynak**, the founder of OKİSDER, shares her profound dedication to educational support. She highlights that their init...
 - [Jak zmienić świat widząc więcej | Magda Chołyst | TEDxGdansk](https://www.youtube.com/watch?v=9JvAq2CfCek)
  Wideo opowiada o widzeniu jako czymś znacznie więcej niż tylko procesem biologicznym. Autorka, bazując na własnym doświadczeniu utraty wzroku, pokazuj...
 - [Nocą ostrzał rano praca. Czego nauczył mnie Kijów o wojnie i życiu | Klaudia Brzezińska | TEDxGdansk](https://www.youtube.com/watch?v=gSSPzODWpBA)
  Wideo opowiada o doświadczeniu życia w Kijowie podczas wojny i pokazuje, jak bardzo rzeczywistość konfliktu różni się od tego, co widzimy z zewnątrz. ...
 - [Przestrzenie, w których rośnie odwaga | Alicja Świtlik | TEDxGdansk](https://www.youtube.com/watch?v=_2VkeBKJP6E)
  Wideo pokazuje, jak ogromny wpływ na rozwój młodych ludzi ma środowisko, w którym funkcjonują. Autorka, opierając się na własnych doświadczeniach prac...
 - [Kto zostaje kiedy Ciebie nie ma? Co odróżnia społeczność od publiczności | Olga Koenig | TEDxGdansk](https://www.youtube.com/watch?v=g3E9j3jKALQ)
  Wideo porusza temat różnicy między publicznością a społecznością, pokazując, dlaczego te pojęcia – choć często używane zamiennie – oznaczają zupełnie ...
 - [A Transatlantic Leadership Story: From American To Nigeria | Prof. Dewayne Frazier O | TEDxJimeta](https://www.youtube.com/watch?v=utkZrx3meQk)
  In this engaging talk, Dewayne Frazier shares lessons from his leadership journey across cultures, reflecting on his experiences living and working in...
 - [Redefining Beauty: Confidence Beyond Hair and Filters | Aiswarya Kiran | TEDxAGBS Kochi](https://www.youtube.com/watch?v=NEEvfF5LWLA)
  Aiswarya Kiran is an inspiring content creator who turned her struggle with alopecia into a source of strength. After being diagnosed, she researched ...
 ### 【Greyson Zhang - YouTube】
 - [【YouTube縮圖教學2026】用Canva製作高點擊縮圖（完整指南）](https://www.youtube.com/watch?v=Rbksk7eTFro)
  加入最好的創作者成長搞錢社群 👉 https://www.greysonzhang.com/membership免費公開課｜2026 YouTube 成長藍圖 👉 https://www.greysonzhang.com/2026-yt一對一咨詢 👉 https://calendly.com/gre...
 ### 【Coursera - YouTube】
 - [How Consumer Insights Shape Beauty Products](https://www.youtube.com/watch?v=E9fKbo93X54)
  Why do some beauty products feel like they were made just for you? This lecture explores how consumer insights guide cosmetic innovation—helping brand...
 - [How to Become a Penetration Tester](https://www.youtube.com/watch?v=eoByKevfMc4)
  Cyberattacks happen constantly, but skilled professionals are trained to stop them before damage is done. This video breaks down how to become a penet...
 ### 【Reuters - YouTube】
 - [King Charles says resolve seen after 9/11 needed for Ukraine](https://www.youtube.com/watch?v=RhkomQAJW4g)
  Britain's King Charles told the US Congress that the same ‘unyielding resolve’ seen after the September 11, 2001, attacks on the United States was ‘ne...
 - [King Charles promotes US-UK unity in speech to Congress](https://www.youtube.com/watch?v=OgI7Xkfql9w)
  Britain's King Charles told the US Congress that despite an age of uncertainty and conflict in Europe and the Middle East, the UK and the US will alwa...
 - [Cheers of joy as stranded whale guided onto rescue barge](https://www.youtube.com/watch?v=Ortp1ZJnUCQ)
  Relief and joy were palpable as rescue workers tugged and guided a humpback whale stranded off Germany's Baltic coast into a floating tank within a ba...
 - [Oracle, CoreWeave lead AI selloff on OpenAI growth concerns](https://www.youtube.com/watch?v=iEamSEKpNII)
  Shares of artificial intelligence-related firms dropped after the Wall Street Journal reported that OpenAI had missed its goals for new users and reve...
 - [UPS shares fall after warning of Iran war fuel spike risk](https://www.youtube.com/watch?v=gr20HLoCtHI)
  United Parcel Service reiterated its full-year revenue target despite projecting a return to growth in the June quarter, as soaring fuel prices from t...
 - [UAE quits OPEC in major blow to global oil producers' group](https://www.youtube.com/watch?v=TcJxfDnMMxE)
  The United Arab Emirates said it was quitting OPEC and OPEC+, dealing a heavy blow to the oil exporting groups and their de facto leader, Saudi Arabia...
 - [Anti-illegal immigration protesters march in South Africa](https://www.youtube.com/watch?v=S2Yz1li3XyI)
  South African protesters marched to the Union Buildings in Pretoria to demand tougher action against illegal immigration, saying undocumented foreign ...
 - [Border residents flee amid Pakistan-Afghanistan shelling](https://www.youtube.com/watch?v=-hMYpAgVuoo)
  Residents near Pakistan's border city of Chaman surveyed damaged houses and fled the area after days of cross-border shelling from Afghanistan. The fi...
 - [Five wounded in two Athens shootings, 89 year old man detained](https://www.youtube.com/watch?v=nFlJTsUhw9g)
  An 89-year-old man was arrested after shooting incidents in Athens, Greece, left five people wounded at a social security agency and a court building....
 - [Trump says his mother 'had a crush' on a young King Charles](https://www.youtube.com/watch?v=tWyga3mEzns)
  US President Trump said that his late mother loved the royal family and at one time ‘had a crush’ on a young Prince Charles, who would later become ki...
 ### 【BBC News 中文 - YouTube】
 - [支付平台與電騙集團關聯被凍結 中國示威者柬埔寨爆衝突 － BBC News 中文](https://www.youtube.com/watch?v=d6TQfpJUYrc)
  數十名中國示威者在4月27日聚集柬埔寨國家銀行外抗議，要求解凍他們在「匯旺支付」平台開設的帳戶。抗議演變為與保安人員肢體衝突，有人流血受傷。匯旺集團被指與網絡詐騙有關，旗下網上支付平台的帳戶自去年12月起被凍結。集團前董事長李雄於4月1日被遣返中國，中國當局指控他是跨國詐騙集團核心成員，與早前落網的...
 ### 【理想生活实验室】
 - [雀巢正式确认出售，蓝瓶咖啡即将和瑞幸成为一家，你会有怎样的期待？](http://www.toodaylab.com/84013)
  4 月 23 日，雀巢集团在公布 2026 年第一季度财报时正式确认已达成出售 Blue Bottle Coffee 蓝瓶咖啡的协议，公司已同意将蓝瓶出售给大钲资本（Centurium Capital），在满足相关条件后，交易预计会在 2026 年上半年完成。这意味着 3 月 4 日多家媒体报道的大...
 ### 【阿榮福利味 - 免費軟體下載】
 - [7-Zip 26.01 免安裝中文版 - 免費壓縮軟體](https://www.azofreeware.com/2006/05/7-zip-440-beta.html)
  7-Zip 是一套必裝的免費壓縮軟體，不僅壓縮比高（不遜於 WinRAR）、支援很多格式而且還具中文介面，甚至於會擋掉內含 *.exe 壓縮檔的 Gmail，都可以用他的壓縮格式 *.7z 來輕鬆闖關！支援壓縮及解壓縮格式：7z、ZIP、GZIP、BZIP2、TAR，支援解壓縮格式：RAR、CAB、...
 - [[正版購買] Movavi Video Editor 2026 (26.14) 中文版 - 影片編輯軟體](https://www.azofreeware.com/2017/10/movavi-video-editor-plus.html)
  影片編輯軟體 - Movavi Video Editor（原：Movavi Video Editor Plus），功能強大且簡單易用的影片編輯工具，可以分割、合併影片而無損畫質，套用各種影片特效及濾鏡，旋轉、剪裁、加入背景音樂、加入標題、加入音樂、加入配音...等等，改善及轉換音訊，並將影片儲存為方...
 - [DesktopOK 12.49 免安裝中文版 - 儲存並還原桌面小圖示排列位置](https://www.azofreeware.com/2013/11/desktopok-368.html)
  儲存並還原桌面小圖示排列位置 - DesktopOK，你是否因為要用電腦做簡報或其他事情而常常變更螢幕解析度？如果是，那應該會常常遇到切換回正常解析度之後，桌面小圖示的排列位置就亂掉了！此軟體可以記憶每個小圖示的儲存位置（座標），當桌面小圖示排列位置又亂掉時，只要按一下還原就可以恢復原狀了。（阿榮福...
 - [[正版購買] 4K Video Downloader+ 26.1.1.0355 免安裝中文版 - 影音網站影片下載神器 Bilibili 下載 1080p](https://www.azofreeware.com/2019/12/4k-video-downloader.html)
  影音網站影片下載神器 - 4K Video Downloader+，可以下載高畫質影片（最高支援 4K、8K 畫質）、高音質音樂、播放清單，甚至整個頻道，支援 YouTube、Vimeo、TikTok、SoundCloud、Facebook、Twitch、Bilibili 等影音網站，付費版有訂閱頻...
 - [[正版購買] 4K YouTube to MP3 26.1.1.0355 免安裝中文版 - 影片轉 mp3 軟體 把影片下載為 mp3](https://www.azofreeware.com/2020/01/4k-youtube-to-mp3.html)
  影片轉 mp3 軟體 - 4K YouTube to MP3，只要貼上線上影片的網址，就可以將影片下載為 MP3 音樂（或 OGG、M4A），預設儲存位置是本機的音樂資料夾（Music），支援 YouTube、VEVO、SoundCloud、Facebook 等網站，付費版提供無限量播放清單下載、無...
 - [MediaHuman YouTube to MP3 Converter 3.9.20 中文版 - 線上影片轉 MP3 軟體](https://www.azofreeware.com/2023/12/mediahuman-youtube-to-mp3-converter.html)
  線上影片轉 MP3 軟體 - MediaHuman YouTube to MP3 Converter，支援 YouTube、Vimeo、SoundCloud、Mixcloud 等平台，可以從播放清單或頻道下載所有音樂，最高音質可達到 320 kbps，可以同時下載多個音樂，內建簡單的標籤編輯器，支援...
 - [[正版購買] AnyDesk 9.7.1 免安裝中文版 - 遠端電腦遙控軟體 取代 Teamviewer](https://www.azofreeware.com/2014/08/anydesk-111-beta-teamviewer.html)
  遠端電腦遙控軟體 - AnyDesk，能夠取代「Teamviewer」的軟體，只需要透過一組數字就可以連線到對方電腦，預設不使用連線密碼，但必須等待對方同意，也可以設定密碼並無需同意，按「Ctrl+Alt+Del」的功能、文字對談、連線加密（TLS1.2）、螢幕擷取...等功能都有，還可以設定連線時...
 ### 【Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics】
 - [Texas Instruments made a new flagship graphing calculator: the TI-84 Evo](https://www.engadget.com/mobile/texas-instruments-made-a-new-flagship-graphing-calculator-the-ti-84-evo-201903438.html?src=rss)
  Texas Instruments graphing calculators have helped many a student with algebra, pre-calculus and upside-down anatomical slang. Now, the company is bac...
 - [iOS 27 will reportedly come with new AI-powered photo editing tools](https://www.engadget.com/ai/ios-27-will-reportedly-come-with-new-ai-powered-photo-editing-tools-194119562.html?src=rss)
  Apple reportedly plans to fix bugs and expand the capabilities of Apple Intelligence with the release of iOS 27, iPadOS 27 and macOS 27 year, and it s...
 - [NVIDIA starts offering a 12GB version of the 5070 for laptops](https://www.engadget.com/computing/laptops/nvidia-starts-offering-a-12gb-version-of-the-5070-for-laptops-180057515.html?src=rss)
  NVIDIA is releasing a new variant of its 5070 GPU for laptops. Nestled in a blog post about the latest version of its Game Ready Drivers, the company ...
 - [Games Done Quick will host its first ever event in Europe](https://www.engadget.com/gaming/games-done-quick-will-host-its-first-ever-event-in-europe-170637194.html?src=rss)
  Games Done Quick, the charity video game speedrunning series, is making its European debut in a live event at Germany’s Gamescom this summer. GDQ’s ma...
 - [Snapchat is rolling out sponsored AI agents](https://www.engadget.com/ai/snapchat-is-rolling-out-sponsored-ai-agents-162720124.html?src=rss)
  It was only a matter of time before they found a way to use AI agents as corporate shills. On Tuesday, Snapchat rolled out AI Sponsored Snaps, a "new ...
 - [Google Translate uses AI to help you practice pronunciation](https://www.engadget.com/ai/google-translate-uses-ai-to-help-you-practice-pronunciation-160000542.html?src=rss)
  Google is celebrating Translate’s 20th birthday by launching pronunciation practice, which the company says is one of the most requested features for ...
 - [Google and the Pentagon sign classified deal to give the Department of Defense unfettered access to its AI models](https://www.engadget.com/ai/google-and-the-pentagon-sign-classified-deal-to-give-the-department-of-defense-unfettered-access-to-its-ai-models-155211834.html?src=rss)
  Google has signed a deal that allows the US Department of Defense to use its AI models for "any lawful government purpose." This is according to a rep...
 - [The FTC says Americans lost at least $2.1 billion to social media scams in 2025](https://www.engadget.com/social-media/the-ftc-says-americans-lost-at-least-21-billion-to-social-media-scams-in-2025-152846798.html?src=rss)
  Americans lost at least $2.1 billion in 2025 to scams that originated on social media, according to the Federal Trade Commission. That figure marks an...
 - [Ted Lasso’s fourth season starts August 5](https://www.engadget.com/entertainment/streaming/ted-lassos-fourth-season-starts-august-5-150337209.html?src=rss)
  It turns out you can go back again, especially if you win a pile of awards, mint a crop of stars and turn a potentially obscure sitcom into Apple’s bi...
 - [Trump administration is paying more companies to abandon offshore wind projects](https://www.engadget.com/science/trump-administration-is-paying-more-companies-to-abandon-offshore-wind-projects-150216769.html?src=rss)
  The Trump Administration has signed deals with two major energy companies to abandon their respective offshore wind farms, with both firms agreeing to...
 ### 【小众软件】
 - [PowerToys v0.99.0 发布，距离 v0.100 更近了](https://www.appinn.com/powertoys-v0-99-0/)
  微软的 PowerToys v0.99.0 今日发布，新增两个实用工具：不用点标题栏就能拖动窗口，另一个是直接在托盘里调显示器亮度、对比度。另外继续修复命令面板等功能，整体更稳定，为 v0.100发布做最后准备。@Appinn 是的，只有 v0.100，没有 v1.0。 PowerToys v0.9...
 - [作为 Snipaste 付费用户，试完 PixPin 3 我动摇了，就差最后一点细节](https://www.appinn.com/pixpin-3/)
  备受好评的 Windows/macOS 跨平台截图 PixPin 进入 3.x 时代，目前最新版本 v3.1.4.0，主要更新：全新界面、接入 AI 提升识别与翻译，以及新增自动马赛克、贴图穿透、条码识别等功能。@Appinn PixPin 3 新增功能 新增功能 说明 全新界面（UI 重构） 界面...
 - [小米 MiMo 百万亿 Token 创造者激励计划｜送 Token 了](https://www.appinn.com/xiaomi-mimo-orbit/)
  小米上线了一个百万亿 Token 创造者激励计划 Xiaomi MiMo Orbit，只需要填写表单，就能获得小米「在 30 天内发放总计 100 万亿 Token 权益，完全免费」。 具体步骤 访问该页面，点击立即申请，然后根据页面填写即可。 不过 既然都是大模型了，是不是可以这样： 这件事情交给...
 ### 【TED Talks Daily】
 - [You got what you wanted. Now what? | Debbie Millman](http://go.ted.com/debbiemillman26)
  Over two decades of interviewing countless creative people, Debbie Millman (host of the iconic "Design Matters" podcast) had a realization: the pride ...
 ### 【Slashdot】
 - [Apple Vision Pro Used In World-First Cataract Surgery](https://science.slashdot.org/story/26/04/28/1923255/apple-vision-pro-used-in-world-first-cataract-surgery?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  Apple's Vision Pro has been used in what's described as the world's first cataract surgery performed with the headset. MacRumors reports: [New York op...
 - [Sony Rolls Out 30-Day Online DRM Check-In For PlayStation Digital Games](https://games.slashdot.org/story/26/04/28/1919200/sony-rolls-out-30-day-online-drm-check-in-for-playstation-digital-games?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  Sony is reportedly rolling out a 30-day online check-in requirement for some digital PS4 and PS5 games, meaning players could temporarily lose access ...
 - [Apple Introduces a Cheaper Option For App Store Subscriptions](https://news.slashdot.org/story/26/04/28/1913247/apple-introduces-a-cheaper-option-for-app-store-subscriptions?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  Apple is adding a new App Store subscription option that lets developers offer lower monthly prices in exchange for a 12-month commitment. "This model...
 - [The Bloomberg Terminal Is Getting an AI Makeover](https://news.slashdot.org/story/26/04/28/1832202/the-bloomberg-terminal-is-getting-an-ai-makeover?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  An anonymous reader quotes a report from Wired: For its famous intractability, the Bloomberg Terminal has long inspired devotion, bordering on obsessi...
 - [Google and Pentagon Reportedly Agree On Deal For 'Any Lawful' Use of AI](https://tech.slashdot.org/story/26/04/28/1634227/google-and-pentagon-reportedly-agree-on-deal-for-any-lawful-use-of-ai?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  Google has reportedly signed a classified agreement allowing the Pentagon to use its AI models for "any lawful government purpose." While the deal is ...
 - [UAE To Leave OPEC Amid Hormuz Oil Crisis](https://news.slashdot.org/story/26/04/28/1622229/uae-to-leave-opec-amid-hormuz-oil-crisis?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  fjo3 writes: The United Arab Emirates announced Tuesday that it would exit the Organization of the Petroleum Exporting Countries (source paywalled; al...
 - [Bay Area Homeowner Offers Property In Exchange For Anthropic Stock](https://slashdot.org/story/26/04/28/0429234/bay-area-homeowner-offers-property-in-exchange-for-anthropic-stock?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  Bay Area homeowner and investment banker Storm Duncan is trying to swap a 13-acre Mill Valley property for Anthropic equity instead of cash. He create...
 - [Supreme Court Hears Case On How To Label Risks of Popular Weed Killer](https://yro.slashdot.org/story/26/04/28/0421237/supreme-court-hears-case-on-how-to-label-risks-of-popular-weed-killer?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  An anonymous reader quotes a report from NPR: A divided U.S. Supreme Court on Monday heard a dispute over labels on the popular Roundup weed killer, w...
 - [The Silent Frequency That Makes Old Buildings Feel Haunted](https://science.slashdot.org/story/26/04/28/0413216/the-silent-frequency-that-makes-old-buildings-feel-haunted?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  Researchers say infrasound -- low-frequency vibrations from things like pipes, HVAC systems, and traffic that humans can't consciously hear -- may hel...
 - [Trump Administration Will Pay More Energy Firms to Cancel Wind Farms](https://hardware.slashdot.org/story/26/04/28/041256/trump-administration-will-pay-more-energy-firms-to-cancel-wind-farms?utm_source=rss1.0mainlinkanon&utm_medium=feed)
  The Trump administration says it will reimburse energy companies $885 million to cancel two planned offshore wind farms, with the firms in turn agreei...
 ### 【AI (artificial intelligence) | The Guardian】
 - [UK must seize initiative on AI or be left at its mercy, Liz Kendall says](https://www.theguardian.com/technology/2026/apr/28/uk-must-seize-ai-initiative-or-be-left-at-the-mercy-of-the-future-liz-kendall-warns)
  Technology secretary speaks amid concerns country is struggling to make its own way in AIBritain must seize the initiative on artificial intelligence ...
 - [‘Stole a charity’: Elon Musk accuses Sam Altman of betrayal in courtroom showdown](https://www.theguardian.com/technology/2026/apr/28/sam-altman-open-ai-elon-musk-trial)
  Trial is culmination of a years-long feud between Musk and Altman that has become increasingly viciousThe trial pitting Elon Musk against Sam Altman a...
 - [Google reportedly signs classified AI deal with US Pentagon](https://www.theguardian.com/technology/2026/apr/28/google-classified-ai-deal-pentagon)
  Tech company is latest Silicon Valley firm to sign agreement with US military despite widespread employee oppositionGoogle has reportedly signed a dea...
 - [The personal pettiness of the Elon Musk v OpenAI trial](https://www.theguardian.com/technology/2026/apr/28/elon-musk-sam-altman-openai)
  In theory, Musk and Altman’s court fight could pose key questions about AI safety – in reality, it’s motivated by money and personal grievanceSign up ...
 - [If it feels like the world is rejecting science and truth, here are five ways to fight back | Helen Pearson](https://www.theguardian.com/commentisfree/2026/apr/28/world-rejecting-science-truth-five-ways-fight-back)
  All of us can choose to consider facts, not vibes, in our next decision. One simple hack is go and look up some easily accessible peer-reviewed studie...
 - [Tell us: have you become emotionally attached to AI?](https://www.theguardian.com/technology/2026/apr/28/tell-us-have-you-become-emotionally-attached-to-ai)
  We would like to hear from people who converse with AI chatbots on a personal levelLots of people now use chatbots as personal assistants, sometimes t...
 - [‘They’re supposed to be handmade’: zine creators fight to resist AI influence](https://www.theguardian.com/technology/2026/apr/28/zine-creators-fight-to-resist-ai-influence)
  Artists and writers argue scrappy nature of self-published booklets is incompatible with artificial intelligenceThe self-published zine has long been ...
 - [Tech giants face new levy to pay for Australian news as Meta calls position ‘simply wrong’](https://www.theguardian.com/australia-news/2026/apr/28/albanese-tech-companies-australian-media)
  Google also rejects need for reform after Albanese government reveals draft news bargaining incentive scheme Follow our Australia news live blog for l...
 - [Humanoid robots to become baggage handlers in Japan airport experiment](https://www.theguardian.com/world/2026/apr/28/humanoid-robots-baggage-handlers-japan-airports)
  Japan Airlines will introduce the robots for trial run at a Tokyo airport amid country’s surge in inbound tourism and worsening labour shortagesJapan’...
 ### 【WSJ.com: World News】
 - [King Charles Urges Trump Not to Abandon Special Relationship With U.K.](https://www.wsj.com/world/uk/king-charles-speech-congress-trump-white-house-08729161)
  The British monarch celebrated “one of the greatest alliances in history” in a rare address to Congress....
 - [Ukraine Hits Russia’s Oil Machine, but Struggles to Dent Its Economy](https://www.wsj.com/world/russia/ukraine-hits-russias-oil-machine-but-struggles-to-dent-its-economy-8e8d0322)
  Drone strikes on refineries and ports have caused some disruption but had little impact on Moscow’s oil revenues....
 - [U.A.E.’s OPEC Exit Deals Major Blow to Cartel Amid Middle East Oil Squeeze](https://www.wsj.com/world/middle-east/u-a-e-to-leave-opec-opec-2368bbd6)
  The Gulf state said the move would help it meet changing demand but analysts see it as a heavy blow to the organization....
 - [U.S.-Iran War’s Next Casualty: Global Food](https://www.wsj.com/world/asia/u-s-iran-wars-next-casualty-global-food-7bb7f8bf)
  The closure of the Strait of Hormuz is hitting farmers who are more vulnerable to sudden cost increases....
 - [China’s Ban on Meta-Manus Deal Shows Strains in U.S.-China Business Ties](https://www.wsj.com/world/china/chinas-ban-on-meta-manus-deal-shows-strains-in-u-s-china-business-ties-3f58f0d7)
  China’s move to force Meta to unwind its acquisition of the AI startup demonstrates Beijing’s willingness to use economic weapons to safeguard key int...
 - [China Says Hostile Foreign Forces Are Driving Its Youth to Slack Off](https://www.wsj.com/world/china/china-says-hostile-foreign-forces-are-driving-its-youth-to-slack-off-2781aba1)
  The country’s intelligence agency blamed anti-China influences from abroad for stoking youth disillusionment....
 - [Iran Offers a New Proposal to End War](https://www.wsj.com/world/middle-east/iran-offers-a-new-proposal-to-end-war-b88da96c)
  Tehran vows to stop Hormuz attacks in exchange for lifting of U.S. port blockade....
 - [Iran Is Flooded With So Much Unsold Oil That It’s Stashing It in Derelict Tanks](https://www.wsj.com/world/middle-east/iran-is-flooded-with-so-much-unsold-oil-that-its-stashing-it-in-derelict-tanks-ed8e62b1)
  Tehran is trying to buy time as the war turns into a race to see whether its oil fields or global consumers can take more pain....
--- a/wiki/concepts/ALB-Ingress-Controller.md
+++ b/wiki/concepts/ALB-Ingress-Controller.md
@@ -0,0 +1,29 @@
 ---
 title: "ALB Ingress Controller"
 type: concept
 tags: [AWS, Kubernetes, EKS, networking, ingress, load-balancing]
 last_updated: 2026-04-28
 ---
 ## Definition
 AWS Load Balancer Controller（原名 ALB Ingress Controller）是运行在 Kubernetes 集群中的控制器，通过 Kubernetes Ingress 资源动态管理 AWS Application Load Balancer（ALB）的生命周期。它将 Ingress 规则转换为 ALB 配置（目标组、监听规则、路径路由），实现外部流量到集群内 Pod 的自动路由，是 EKS 集群入口流量管理的标准方案。
 ## Key Mechanisms
 - **Ingress 驱动**：用户定义 Kubernetes Ingress 资源声明路由规则，控制器自动创建/更新对应 ALB
 - **多层路由**：支持基于主机名（host-based）和路径（path-based）的路由规则
 - **AWS WAF 集成**：ALB 可关联 AWS WAF Web ACL，实现 L7 安全防护
 - **健康检查自动化**：自动配置目标组健康检查指向 Pod 健康端点
 - **多种 Ingress 类**：支持公开（internet-facing）和私有（internal）ALB
 ## Relationship with Kubernetes Ingress
 AWS Load Balancer Controller 扩展了 Kubernetes Ingress API 的 AWS 后端实现：
 - 标准 Kubernetes Ingress 定义路由规则
 - 控制器解释规则并调用 AWS API 创建/配置 ALB
 - 替代手动 ALB 管理，实现声明式基础设施
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[ctp-topic-59-achieving-reliability-with-amazon-eks]]
--- a/wiki/concepts/API-Server-Priority-and-Fairness.md
+++ b/wiki/concepts/API-Server-Priority-and-Fairness.md
@@ -0,0 +1,38 @@
 ---
 title: "API Server Priority and Fairness"
 type: concept
 tags:
  - Kubernetes
  - EKS
  - API-Server
  - Performance
  - Multi-Tenancy
 sources:
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Definition
 API Server Priority and Fairness（PPF）是 Kubernetes 1.20+ 引入的 API Server 配置特性，通过优先级类别（Priority Class）和并发限制（Flow Schema）管理 API 请求的调度和限流，确保关键工作负载在高负载下的 API 访问稳定性。
 ## Key Mechanisms
 - **Priority Class**：为 API 请求分配优先级（整数越大优先级越高）
 - **Flow Schema**：定义请求匹配规则，将请求路由到对应的 Flow
 - **Concurrency Limit**：每个 Flow 的并发请求数限制
 - **Request Limiting**：超出限制的请求进入等待队列或被拒绝
 ## Why Enable PPF
 - 多租户 EKS 集群中，防止单个租户/工作负载耗尽 API Server 资源
 - 在扩缩容期间（大量 HPA/Controller 并发请求）保护关键 API 调用
 - 提升 API Server 在高负载下的可预测性和稳定性
 ## Configuration
 - 通过 kube-apiserver 启动参数 `--enable-priority-and-fairness=true` 启用
 - Flow Schema 和 Priority Level 通过 kube-apiserver 配置或 admission webhook 管理
 ## Relationship with Scaling
 - 在大规模集群扩缩容时，HPA、Cluster Autoscaler、Custom Controller 等大量并发 API 请求可能压垮 API Server
 - PPF 确保关键扩缩容操作的 API 请求优先处理
 ## Sources
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
--- a/wiki/concepts/AWS-Service-Catalog.md
+++ b/wiki/concepts/AWS-Service-Catalog.md
@@ -0,0 +1,29 @@
 ---
 title: "AWS Service Catalog"
 type: concept
 tags: [AWS, IaC, self-service, governance, EKS]
 last_updated: 2026-04-28
 ---
 ## Definition
 AWS Service Catalog 是 AWS 托管的服务，允许组织创建和管理已批准在 AWS 上使用的产品（Products）目录。这些产品本质上是 CloudFormation 模板或 Terraform 模块的受控版本，通过 Portfolio（产品组合）组织，并可授予特定用户或团队访问权限。Service Catalog 为终端用户提供自助服务界面，无需深入了解底层 IaC 模板即可部署标准化的基础设施，同时保证安全与合规。
 ## Key Mechanisms
 - **产品（Products）**：预定义的 CloudFormation 模板或 Terraform 模块，代表标准化的基础设施配置
 - **产品组合（Portfolio）**：产品的逻辑分组，可关联到团队或项目
 - **访问控制**：通过 IAM 角色向终端用户授予产品访问权限，实现最小权限原则
 - **版本管理**：支持同一产品的多版本管理，可逐步升级
 - **EKS 部署集成**：SRE EKS 模块通过 Service Catalog 提供 EKS 集群部署界面，支持版本选择和节点类型配置
 ## Relationship with IaC
 Service Catalog 封装底层 IaC 模板（Terraform/CloudFormation），为非技术用户提供受控的自助服务入口：
 - IaC 模板由平台团队维护（在 Git 仓库中通过 CI/CD 管理）
 - Service Catalog 充当面向终端用户的治理层，控制可部署的产品范围
 - 相比直接 Terraform 部署，Service Catalog 提供更细粒度的权限控制
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[ctp-topic-3-deploy-and-maintain-infrastructure]]
--- a/wiki/concepts/CloudWatch-Agent.md
+++ b/wiki/concepts/CloudWatch-Agent.md
@@ -0,0 +1,31 @@
 ---
 title: "CloudWatch Agent"
 type: concept
 tags: [AWS, monitoring, EKS, logging, metrics, CloudWatch]
 last_updated: 2026-04-28
 ---
 ## Definition
 CloudWatch Agent 是 AWS 提供的统一代理程序，用于从 EC2 实例和 EKS 集群收集系统级指标和日志，并将其发布到 Amazon CloudWatch。它支持收集标准系统指标（CPU/内存/磁盘/网络）以及自定义应用指标，是 EKS 监控栈的核心组件之一。
 ## Key Mechanisms
 - **指标收集**：CPU、内存、磁盘、网络等系统级指标，以及自定义应用指标
 - **日志收集**：从文件系统或容器日志收集日志数据
 - **配置灵活性**：通过 SSM Parameter Store 或配置文件管理代理配置
 - **EKS 集成**：在 EKS 中作为 DaemonSet 部署在每个节点上，与 Container Insights 协同工作
 - **Container Insights**：启用后自动发布容器级指标（CPU/内存/磁盘/网络/容器进程）
 ## Relationship with Other Monitoring Components
 CloudWatch Agent 是 EKS 监控数据采集层：
 - CloudWatch Agent → 收集原始指标/日志
 - FluentBit → 处理并转发日志到 CloudWatch Logs 或 OpenSearch
 - Container Insights → 聚合容器指标到 CloudWatch
 - Grafana → 从 CloudWatch/OpenSearch 可视化展示
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[ctp-topic-42-grafana-observability-dashboard]]
 - [[ctp-topic-67-cloud-native-observability-using-opentelemetry]]
--- a/wiki/concepts/Cluster-Autoscaler.md
+++ b/wiki/concepts/Cluster-Autoscaler.md
@@ -1,30 +1,39 @@
---
+---
-title: "Cluster Autoscaler"
+title: "Cluster Autoscaler"
-type: concept
+type: concept
-tags: [Kubernetes, 自动扩缩容, 云原生]
+tags:
-sources: [ctp-topic-70-eks-deployment-using-iac, ctp-topic-64-scaling-out-with-amazon-eks]
+  - Kubernetes
-last_updated: 2026-04-24
+  - EKS
---
+  - Autoscaling
-
+  - Node
-# Cluster Autoscaler
+  - AWS
-
+  - ASG
-## Overview
+sources:
-Cluster Autoscaler 是 Kubernetes 的自动扩缩容组件，根据资源需求自动调整 Worker Node 的数量，实现基础设施的弹性伸缩。
+  - ctp-topic-64-scaling-out-with-amazon-eks
-
+  - ctp-topic-70-eks-deployment-using-iac
-## How It Works
+last_updated: 2026-04-28
-1. **监控资源使用情况**：定期检查 Pod 的调度状态
+---
-2. **检测资源不足**：当 Pod 因资源不足无法调度时触发扩容
+
-3. **调用云提供商的 API**：AWS 上与 Auto Scaling Groups 集成
+## Definition
-4. **自动启动新节点**：在可用区中启动新 EC2 实例
+Cluster Autoscaler 是 Kubernetes 官方的节点（Node）级别扩缩容组件，通过联动 AWS Auto Scaling Group（ASG）或托管节点组（Managed Node Group），根据集群内 Pending Pod 的数量和资源请求自动调整节点数量。
-5. **缩容检测**：当节点利用率低且 Pod 可安全驱逐时，触发缩容
+
-
+## Key Mechanisms
-## AWS Integration
+- **扩缩容决策依据**：集群内 Pending Pod 的数量（而非直接基于资源利用率）
- 与 AWS Auto Scaling Groups 深度集成
+- **资源请求感知**：考虑 Pod 的 CPU/内存 requests，不仅仅是当前实际使用量
- 支持多个 Auto Scaling Groups
+- **ASG/节点组联动**：更新 ASG 或托管节点组的期望容量（Desired Capacity）
- 根据 Pod 需求自动选择合适的实例类型
+- **Auto-discovery 模式**：推荐使用，自动发现和管理 ASG
-
+- **Mixed Instances Policy**：支持在同一 ASG 中混合使用多种 EC2 实例类型
-## Related Concepts
+- **配置变更**：min/max 配置变更应在 ASG/托管节点组层面操作，而非直接修改 Cluster Autoscaler
- [[Amazon EKS]]：Cluster Autoscaler 部署的目标平台
+
- [[Kubernetes]]：Cluster Autoscaler 是 Kubernetes 的核心组件
+## Relationship with Karpenter
- [[Horizontal Pod Autoscaler (HPA)]]：Pod 级别的水平扩缩容（HPA 扩 Pod，CA 扩 Node）
+- **Cluster Autoscaler**：基于节点组间接扩缩容，响应相对较慢
- [[Vertical Pod Autoscaler (VPA)]]：Pod 级别的垂直扩缩容
+- **Karpenter**：直接与 EC2 API 交互，响应更快速灵活，是 Cluster Autoscaler 的演进方案
 ## Limitations
 - 依赖预配置的 ASG/节点组，灵活性受限
 - 扩容速度受 ASG 启动新实例的速度限制
 - 无法处理需要特殊实例类型的工作负载
 ## Sources
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
 - [[ctp-topic-70-eks-deployment-using-iac]]
--- a/wiki/concepts/Container-Insights.md
+++ b/wiki/concepts/Container-Insights.md
@@ -0,0 +1,29 @@
 ---
 title: "Container Insights"
 type: concept
 tags: [AWS, EKS, monitoring, metrics, CloudWatch, containers]
 last_updated: 2026-04-28
 ---
 ## Definition
 Container Insights 是 Amazon CloudWatch 的容器监控功能，专门用于收集、整理和汇总 EKS 和 ECS 集群中容器化工作负载的指标和日志。它通过 CloudWatch Agent（DaemonSet）和 CloudWatch Embedded Metric Format 自动收集容器级指标，使运维团队无需额外配置即可获得集群运行状况的可见性。
 ## Key Mechanisms
 - **自动指标收集**：容器 CPU/内存/网络/磁盘使用率，Pod 级别聚合
 - **日志收集**：容器标准输出日志自动采集至 CloudWatch Logs
 - **预构建仪表板**：提供集群、节点、Pod、服务级别的可视化仪表板
 - **性能告警**：自动发现高负载资源并生成 CloudWatch 告警
 - **Embedded Metric Format**：应用可直接输出结构化指标，无需额外 SDK
 ## Relationship with CloudWatch Agent
 Container Insights 建立在 CloudWatch Agent 之上：
 - CloudWatch Agent（DaemonSet）是数据采集代理
 - Container Insights 是指标组织和聚合逻辑（通过 CloudWatch Agent 配置实现）
 - 用户启用 Container Insights 后，CloudWatch Agent 自动开始发布容器指标
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[ctp-topic-42-grafana-observability-dashboard]]
--- a/wiki/concepts/CoreDNS-Scaling.md
+++ b/wiki/concepts/CoreDNS-Scaling.md
@@ -0,0 +1,35 @@
 ---
 title: "CoreDNS Scaling"
 type: concept
 tags:
  - Kubernetes
  - EKS
  - DNS
  - Scaling
  - Networking
 sources:
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Definition
 CoreDNS Scaling 是 EKS 集群中 CoreDNS（Kubernetes 默认 DNS 服务）的水平扩缩容策略和优化实践，确保在高密度 Pod 环境下 DNS 查询的高可用性和低延迟。
 ## Problem Statement
 - EKS 集群规模增长时，Pod 间的 DNS 查询量呈指数增长
 - 默认 CoreDNS 配置可能无法应对大规模集群的 DNS 负载
 - DNS 查询延迟直接影响应用启动时间和运行时性能
 ## Optimization Strategies
 - **HPA 扩缩容**：为 CoreDNS Deployment 配置 HPA，基于 DNS 查询 QPS 或 CPU/内存利用率自动调整副本数
 - **Node Local DNS Cache**：在每个节点部署本地 DNS 缓存（node-local-dns-cache 或 nodelocaldns），减少跨节点 DNS 查询
 - **性能调优**：调整 CoreDNS 的 `cores-per-second` 和 `max-concurrent-queries` 参数
 - **副本数规划**：建议 CoreDNS 副本数不低于集群节点数的 10-20%
 ## Relationship with Node Local DNS Cache
 - Node Local DNS Cache 通过在每节点运行本地 DNS 缓存 DaemonSet，拦截并缓存 Pod 的 DNS 查询
 - 减少跨节点 DNS 查询流量，降低 DNS 查询延迟
 - 与 CoreDNS HPA 扩缩容配合使用效果最佳
 ## Sources
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
--- a/wiki/concepts/EKS-Custom-Networking.md
+++ b/wiki/concepts/EKS-Custom-Networking.md
@@ -0,0 +1,56 @@
 ---
 title: "EKS Custom Networking"
 type: concept
 tags:
  - AWS
  - EKS
  - Kubernetes
  - Networking
  - VPC
  - IPAM
 sources:
  - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone
 last_updated: 2026-04-28
 ---
 ## Overview
 EKS Custom Networking 是 AWS EKS 提供的一项功能，允许用户绕过默认的 VPC CNI（Amazon VPC CNI plugin for Kubernetes）行为，自定义 Pod 的网络 IP 分配策略。这在 IP 地址受限或需要特殊网络配置的环境中尤为重要。
 ## Definition
 EKS 自定义网络（Custom Networking）通过以下机制实现：
 - 通过 EKS 模块的自定义网络配置标志（flag）启用
 - 支持指定自定义的弹性网络接口（ENI）配置
 - 允许 Pod 使用独立于默认 VPC 子网的 IP 地址池
 ## Use Case: AWS Lab Landing Zone
 在 AWS Lab Landing Zone 环境中，Micro Focus 网络的 IP 地址池有限，无法满足 EKS 集群中大量 Pod 的 IP 分配需求。通过自定义网络配置：
 1. 在独立私有子网（非主 VPC 子网）创建 EKS 集群
 2. 启用 EKS 模块的自定义网络标志
 3. EKS 使用指定的子网和 IP 范围分配 Pod 地址
 ## Core Mechanism
 ```
 EKS Module (Terraform)
  └── custom_networking_enabled = true
       ├── subnet_ids = [custom_subnet_ids]
       └── additional_eni_config = ...
 ```
 ## Key Benefits
 - **突破 VPC CIDR 限制**：在受限网络环境中仍可部署大规模 Pod
 - **IP 地址灵活性**：使用专用 IP 池，无需消耗 VPC 主网络地址
 - **网络隔离**：独立子网提供额外的网络安全边界
 ## Limitations
 - 需要 Terraform/Terragrunt 模块支持自定义网络标志
 - Atlantis 当前不支持 EKS 集群部署（需使用 Jenkins + Terragrunt）
 - 容器安全加固需额外考虑网络隔离
 ## Related Concepts
 - [[Amazon-EKS]]：应用自定义网络技术的容器编排平台
 - [[Host-Network-Mode]]：Pod 规范层面的网络模式配置
 - [[EMI-Elastic-Network-Interface]]：ENI 多 IP 分配（EMI）在 EKS 中的应用
 - [[IPAM]]：IP 地址管理，与自定义网络协同
 ## Related Sources
 - [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
--- a/wiki/concepts/EMI-Elastic-Network-Interface.md
+++ b/wiki/concepts/EMI-Elastic-Network-Interface.md
@@ -0,0 +1,29 @@
 ---
 title: "EMI (Elastic Network Interface) Multi-IP"
 type: concept
 tags: [AWS, EKS, networking, VPC, CIDR, pod-networking]
 last_updated: 2026-04-28
 ---
 ## Definition
 EMI（Elastic Network Interface Multi-IP，弹性网络接口多 IP）是 AWS 提供的网络扩展机制，通过为 Pod 分配额外的弹性网络接口（ENI）及其上的辅助 IP 地址，解决 EKS 集群中 VPC CIDR 地址空间不足的问题。每个 ENI 允许附加多个辅助 IP，每个 IP 可分配给一个 Pod，相比默认的 AWS VPC CNI 插件可大幅增加单个节点可运行的 Pod 数量。
 ## Key Mechanisms
 - **ENI 附加**：为工作节点附加额外 ENI 以增加可用 IP 数量
 - **IP 分配**：每个 ENI 上的辅助 IP 分配给 Pod，实现 Pod 级 IP 直接寻址
 - **CIDR 扩展**：不依赖 VPC 主 CIDR 范围，通过 ENI 附加 IP 绕过 VPC 地址空间限制
 - **安全组绑定**：ENI 及其上的 Pod IP 继承安全组配置
 - **与 AWS VPC CNI 插件的关系**：AWS VPC CNI 是默认插件，EMI 是其增强模式，支持 Prefix Delegation
 ## Problem Solved
 VPC CIDR 限制导致大型 EKS 集群 Pod 数量受限于可用 IP 地址：
 - 标准 AWS VPC CNI 每个 ENI 最多约 10-15 个 IP（受实例类型限制）
 - EMI 通过 ENI 附加更多辅助 IP，显著提升 Pod 密度
 - 特别适用于 IP 密集型工作负载（如微服务架构）
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
--- a/wiki/concepts/FedRAMP.md
+++ b/wiki/concepts/FedRAMP.md
@@ -0,0 +1,35 @@
 ---
 title: "FedRAMP"
 type: concept
 tags:
  - Compliance
  - Cloud-Security
  - Government
  - Certification
 last_updated: 2026-04-14
 ---
 # FedRAMP (Federal Risk and Authorization Management Program)
 ## Definition
 美国政府级的云安全认证项目，为云服务和云产品提供统一的安全评估和授权标准。FedRAMP 基于 [[ISO-27001]] 和 NIST SP 800-53 控制框架。
 ## Purpose
 - 为联邦机构提供标准化的云服务安全评估方法
 - 减少重复安全评估，降低成本
 - 确保云服务提供商达到政府级别的安全标准
 ## Business Value for OpenText
 - **市场准入**：FedRAMP 认证使 OpenText 能够向联邦政府机构销售云服务
 - **多垂直市场覆盖**：持有 FedRAMP 等多项行业及政府认证，可进入多个垂直市场
 - **差异化优势**：证明安全成熟度，增强客户信心
 ## Relationship to Other Concepts
 - 基于 [[ISO-27001]] 构建
 - 与 [[Global Information Security Policy (GISP)]] 配合，满足政策层面的合规要求
 - 与 [[Third-Party-Penetration-Testing]] 配合，通过第三方验证满足认证要求
 ## Connections
 - [[ISO-27001]]：框架基础
 - [[Global Information Security Policy (GISP)]]：政策支撑
 - [[OpenText]]：持有该认证的组织
--- a/wiki/concepts/FluentBit.md
+++ b/wiki/concepts/FluentBit.md
@@ -0,0 +1,31 @@
 ---
 title: "Fluent Bit"
 type: concept
 tags: [AWS, EKS, logging, monitoring, CNCF, Fluentd]
 last_updated: 2026-04-28
 ---
 ## Definition
 Fluent Bit（CNFC 开源项目）是轻量级日志处理器和转发器，设计用于边缘和容器环境，作为 DaemonSet 部署在每个 Kubernetes 节点上。它从容器运行时（containerd/Docker）收集标准输出（stdout/stderr）日志，处理后转发到 CloudWatch Logs、OpenSearch、Elasticsearch 等后端存储系统，是 EKS 可观测性架构中日志采集的标准组件。
 ## Key Mechanisms
 - **日志采集**：通过容器运行时接口收集容器标准输出日志
 - **多后端输出**：支持 CloudWatch Logs、OpenSearch、Elasticsearch、Kafka 等多种输出目标
 - **日志处理**：支持过滤（filter）、解析（parser）、路由（router）等处理管道
 - **轻量高效**：相比 Fluentd 更小的资源占用，适合边缘/容器环境
 - **Kubernetes DaemonSet 模式**：每个节点运行一个实例，自动采集所有容器日志
 ## Relationship with Fluentd and CloudWatch Agent
 Fluent Bit 是 Fluentd 的轻量替代（同一项目家族）：
 - Fluentd：功能更全面，适合复杂日志处理场景，资源占用更高
 - Fluent Bit：轻量快速，专为边缘和容器优化
 - CloudWatch Agent：侧重指标收集，Fluent Bit 侧重日志收集
 - 在 EKS 监控栈中：Fluent Bit → CloudWatch Logs/OpenSearch → Grafana/OpenSearch Dashboards
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113]]
 - [[ctp-topic-67-cloud-native-observability-using-opentelemetry]]
--- a/wiki/concepts/Global-Information-Security-Policy-GISP.md
+++ b/wiki/concepts/Global-Information-Security-Policy-GISP.md
@@ -0,0 +1,32 @@
 ---
 title: "Global Information Security Policy (GISP)"
 type: concept
 tags:
  - OpenText
  - Security-Policy
  - Governance
 last_updated: 2026-04-14
 ---
 # Global Information Security Policy (GISP)
 ## Definition
 OpenText 的最高纲领性安全政策，是所有其他安全政策的根基。GISP 由全球信息安全团队（GIS）制定和支持，定期（每季度）接受领导层审查。
 ## Scope
 - 定义企业"需要做什么"（what），同时为"如何实施"（how）提供灵活性
 - 支持性政策（Supporting Policies）围绕 GISP 构建
 - 鼓励反馈以实现持续改进
 ## Relationship to Other Concepts
 - 基于 [[ISO-27001]] 姿态框架
 - 与 [[Security-Awareness-Training]] 配合提升全员安全意识
 - 与 [[Third-Party-Penetration-Testing]] 配合验证政策有效性
 ## Key Quote
 > "Policies define what needs to be done, while providing flexibility for how it is implemented." — GIS Policy Framework
 ## Connections
 - [[Global Information Security Team (GIS)]]：制定与维护团队
 - [[ISO-27001]]：框架基础
 - [[OpenText]]：所属组织
--- a/wiki/concepts/Horizontal-Pod-Autoscaler.md
+++ b/wiki/concepts/Horizontal-Pod-Autoscaler.md
@@ -0,0 +1,36 @@
 ---
 title: "Horizontal Pod Autoscaler (HPA)"
 type: concept
 tags:
  - Kubernetes
  - EKS
  - Autoscaling
  - Pod
  - Metrics
 sources:
  - ctp-topic-59-achieving-reliability-with-amazon-eks
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Definition
 Horizontal Pod Autoscaler (HPA) 是 Kubernetes 标准的工作负载水平扩缩容机制，通过监测 Pod 的资源使用指标（CPU、内存或自定义指标）自动调整 Pod 副本数，以满足应用负载需求。
 ## Key Mechanisms
 - **指标采集**：通过 Metrics Server 获取 CPU/内存利用率指标
 - **副本计算**：基于目标阈值计算所需 Pod 副本数
 - **稳定性配置**：通过 `stabilizationWindowSeconds` 和 `periodSeconds` 防止震荡（flapping）
 - **自定义/外部指标**：支持通过 Custom Metrics API 和 External Metrics API 集成负载均衡器并发连接数、消息中间件队列深度等业务指标
 - **Pod 级而非容器级**：当前 HPA 仅考虑 Pod 整体资源消耗，不支持容器级别的独立扩缩
 ## Relationship with VPA
 - **HPA**：水平扩展（增加/减少 Pod 副本数）
 - **VPA (Vertical Pod Autoscaler)**：垂直扩展（调整单个 Pod 的资源请求）
 - 两者可互补使用：HPA 应对流量波动，VPA 优化资源分配
 ## Relationship with KEDA
 - KEDA 可通过 **Publishes Metrics 模式** 为 HPA 供数，实现指标驱动与事件驱动的混合扩缩容
 ## Sources
 - [[ctp-topic-59-achieving-reliability-with-amazon-eks]]
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
--- a/wiki/concepts/Host-Network-Mode.md
+++ b/wiki/concepts/Host-Network-Mode.md
@@ -0,0 +1,50 @@
 ---
 title: "Host Network Mode"
 type: concept
 tags:
  - Kubernetes
  - Networking
  - Pod-Networking
  - AWS
  - EKS
 sources:
  - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone
 last_updated: 2026-04-28
 ---
 ## Overview
 Host Network Mode 是 Kubernetes Pod 规范中的一种网络配置选项（`hostNetwork: true`），使 Pod 共享宿主机的网络命名空间，直接使用宿主机的网络接口和 IP 地址，而不是通过 Kubernetes 的虚拟网络。
 ## Definition
 在 Pod spec 中设置 `hostNetwork: true` 后，Pod 将：
 - 使用宿主机的网络命名空间
 - 直接获得宿主机网络接口上的 IP 地址
 - 可以绑定宿主机的端口（如 80、443）
 - 可直接访问宿主机所在网络上的资源
 ## Use Case: EKS Lab Landing Zone
 在 AWS Lab Landing Zone 的 EKS 部署中，Octane 等 IP 密集型应用需要大量可用 IP。通过自定义网络模式，Pod 无需通过 VPC CNI 分配 IP，而是直接使用宿主机网络的 IP 地址，从而绕开 AWS Lab 环境 IP 地址池受限的问题。
 ```yaml
 spec:
  hostNetwork: true
  containers:
    - name: octane
      image: octane:latest
 ```
 ## Trade-offs
 | 优点 | 缺点 |
 |------|------|
 | 突破 Pod IP 数量限制 | Pod 之间端口冲突风险 |
 | 直接访问宿主机网络资源 | 安全性降低（Pod 可访问宿主机所有网络） |
 | 简化网络路径 | 违反 Kubernetes 网络隔离原则 |
 | 适合特殊网络需求场景 | 难以在不同环境中移植 |
 ## Related Concepts
 - [[Amazon-EKS]]：使用 Host Network Mode 的容器编排平台
 - [[IPAM]]：IP 地址管理，与 Host Network Mode 在 IP 分配上形成互补
 - [[Kubernetes-Tagging]]：Pod 标记策略
 ## Related Sources
 - [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
--- a/wiki/concepts/IPv6-in-EKS.md
+++ b/wiki/concepts/IPv6-in-EKS.md
@@ -0,0 +1,39 @@
 ---
 title: "IPv6 in EKS"
 type: concept
 tags:
  - AWS
  - EKS
  - IPv6
  - Networking
  - IP-Address-Exhaustion
 sources:
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Definition
 IPv6-in-EKS 是 Amazon EKS 集群解决 IP 地址耗尽（IP Exhaustion）问题的网络架构方案，通过部署 IPv6 或双栈（Dual-Stack）VPC，实现大规模容器工作负载的 IP 地址可持续供给。
 ## Problem Statement
 - 每个 EKS 节点上的 ENI（Elastic Network Interface）附带可分配的 IP 地址数量有限
 - VPC CIDR 块大小固定，Pod 数量增长导致可用 IP 耗尽
 - 自定义网络（Custom Networking）和 Prefix Delegation 可缓解但不能根本解决
 ## Solution: IPv6 Dual-Stack VPC
 - **双栈架构**：VPC 同时支持 IPv4 和 IPv6 地址
 - **节点双协议栈**：EKS 节点同时持有 IPv4 和 IPv6 地址
 - **Pod 仅 IPv6**：Pod 仅分配 IPv6 地址（节省 IPv4 空间）
 - **NAT 映射**：IPv6 Pod 与 IPv4 目标通信时，通过双层 NAT 映射转换
 ## Alternative: Carrier-Grade NAT (CGNAT)
 - 如无法迁移至 IPv6，可使用 CGNAT 方案
 - 通过自定义网络 + NAT 网关聚合多个 Pod 的出站流量
 ## Benefits
 - IP 地址空间近乎无限（解决耗尽问题）
 - 简化网络配置（无需管理大量 IPv4 地址）
 - 符合云原生网络发展趋势
 ## Sources
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
--- a/wiki/concepts/ISO-27001.md
+++ b/wiki/concepts/ISO-27001.md
@@ -0,0 +1,40 @@
 ---
 title: "ISO-27001"
 type: concept
 tags:
  - Security-Framework
  - Compliance
  - Information-Security
 last_updated: 2026-04-14
 ---
 # ISO-27001
 ## Definition
 国际认可的信息安全管理体系（ISMS）标准，由国际标准化组织（ISO）和国际电工委员会（IEC）发布。ISO 27001 是企业信息安全管理的基准框架。
 ## OpenText Implementation
 - 作为 OpenText 安全姿态框架（Posture Framework）的基础
 - 2022 年更新，新增 11 个控制方面（control aspects）
 - 支撑 [[Global Information Security Policy (GISP)]] 的框架基础
 - 支撑 [[FedRAMP]] 等行业认证
 ## Key Controls
 - 信息安全组织（Information Security Organization）
 - 人力资源安全（Human Resource Security）
 - 资产管理（Asset Management）
 - 访问控制（Access Control）
 - 加密（Cryptography）
 - 物理与环境安全（Physical and Environmental Security）
 - 操作安全（Operations Security）
 - 通信安全（Communications Security）
 - 系统获取、开发和维护（System Acquisition, Development and Maintenance）
 - 供应商关系（Supplier Relationships）
 - 信息安全事件管理（Information Security Incident Management）
 - 业务连续性管理（Business Continuity Management）
 - 合规性（Compliance）
 ## Connections
 - [[Global Information Security Policy (GISP)]]：基于 ISO 27001 构建
 - [[FedRAMP]]：基于 ISO 27001 之上
 - [[OpenText]]：采用该标准的企业
--- a/wiki/concepts/KEDA.md
+++ b/wiki/concepts/KEDA.md
@@ -0,0 +1,36 @@
 ---
 title: "KEDA (Kubernetes Event-Driven Autoscaling)"
 type: concept
 tags:
  - Kubernetes
  - EKS
  - Autoscaling
  - Event-Driven
  - Serverless
 sources:
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Definition
 KEDA（Kubernetes Event-Driven Autoscaling）是一个基于外部事件驱动的 Kubernetes 扩缩容框架，通过 ScaledObject 自定义资源定义（CRD）实现细粒度的事件驱动扩缩容，支持将应用从零副本扩展到任意规模。
 ## Key Mechanisms
 - **ScaledObject CRD**：定义扩缩规则，指定 Scaler 和目标副本数范围
 - **事件源（Scalers）**：支持 50+ 种事件源（Kafka、RabbitMQ、AWS SQS、Azure Queue、HTTP 等）
 - **零扩展（Scale to Zero）**：支持将应用缩容至零副本，降低空闲资源成本
 - **Publishes Metrics 模式**：可向 HPA 发布指标，实现事件驱动与指标驱动的混合扩缩容
 - **声明式配置**：通过 YAML 配置文件定义扩缩行为，与 GitOps 工作流兼容
 ## Relationship with HPA
 - KEDA 可独立工作，也可作为 HPA 的指标提供者
 - 组合模式：KEDA 监听外部事件 → 发布指标 → HPA 基于指标调整副本数
 ## Use Cases
 - 事件驱动微服务（消息队列消费者）
 - 批处理作业（按需触发）
 - 突发流量场景（限时促销、实时事件）
 - 无服务器化改造（零扩展降低成本）
 ## Sources
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
--- a/wiki/concepts/Karpenter.md
+++ b/wiki/concepts/Karpenter.md
@@ -0,0 +1,30 @@
 ---
 title: "Karpenter"
 type: concept
 tags: [AWS, Kubernetes, EKS, autoscaling, node-provisioning]
 last_updated: 2026-04-28
 ---
 ## Definition
 Karpenter 是 AWS 开源的 Kubernetes 节点自动配置工具（Node Auto-Provisioner），通过动态创建最优实例类型来响应未调度 Pod 的资源需求，替代传统的 Cluster Autoscaler。相比 Cluster Autoscaler 基于节点组（Node Group）的扩缩容模式，Karpenter 直接与 EC2 API 交互，根据 Pod 规格（CPU/内存/GPU 需求）即时选择最合适的 EC2 实例类型，实现更快的扩容速度和更低的资源浪费。
 ## Key Mechanisms
 - **即时节点供给**：监听未调度 Pod 事件，秒级启动新节点，无需等待节点组预配置
 - **最佳实例选择**：根据 Pod 资源请求从 EC2 实例类型池中选择最优匹配
 - **多样化实例类型**：支持多种 EC2 类型（CPU/GPU/Spot/On-Demand），灵活利用 Spot 实例节省成本
 - **标签驱动配置**：通过 `NodeTemplate` 定义标签/要求，自动匹配特定 Pod 到特定节点
 - **与 Cluster Autoscaler 的区别**：Cluster Autoscaler 依赖节点组规模调整，Karpenter 直接控制 EC2 实例创建，响应更快速灵活
 ## Relationship with Cluster Autoscaler
 Karpenter 是 Cluster Autoscaler 的替代/演进方案：
 - Cluster Autoscaler 通过调整节点组规模间接扩缩节点
 - Karpenter 直接与 EC2 API 交互创建/终止节点，更快速灵活
 - EKS Auto Mode（Part 3 of 3）已集成 Karpenter 作为 Carpenter Controller 组件
 ## Sources
 - [[ctp-topic-70-eks-deployment-using-iac]]
 - [[public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization]]
 - [[public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks]]
--- a/wiki/concepts/Metrics-Server.md
+++ b/wiki/concepts/Metrics-Server.md
@@ -0,0 +1,40 @@
 ---
 title: "Metrics Server"
 type: concept
 tags:
  - Kubernetes
  - EKS
  - Metrics
  - Monitoring
  - Autoscaling
 sources:
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Definition
 Metrics Server 是 Kubernetes 集群级别的指标采集组件（Metrics API Provider），负责从 kubelet 收集 CPU/内存等资源使用指标，为 HPA、VPA 和 `kubectl top` 命令提供标准化的指标数据。
 ## Key Mechanisms
 - **Metrics API**：实现 `metrics.k8s.io` API，提供 Pod 和 Node 的资源指标
 - **数据采集**：定期从各节点的 kubelet 获取指标数据
 - **内存高效**：采用流式处理，仅保留最近 5 分钟的指标数据
 - **HPA 依赖**：HPA 的标准资源指标（CPU/内存）完全依赖 Metrics Server
 ## Deployment
 - 通过 Deployment 部署单个副本（非高可用）
 - 通常随 EKS 集群自动安装（EKS Add-on 或 eks-charts）
 - 监控指标：Pod CPU/内存利用率、Node CPU/内存容量
 ## Limitations
 - 仅支持标准资源指标（CPU、内存）
 - 不支持自定义/外部指标（需要 Custom Metrics API）
 - 单副本部署，非高可用设计
 ## Relationship with HPA
 - HPA 通过 Metrics Server 获取 Pod 的 CPU/内存利用率
 - 计算公式：`desiredReplicas = ceil(sum(podMetricValue) / targetValue)`
 - 目标阈值（targetValue）通常设置为 70-80%，保留缓冲空间
 ## Sources
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
--- a/wiki/concepts/Security
+++ b/wiki/concepts/Security
@@ -0,0 +1,36 @@
 ---
 title: "Security Awareness Training"
 type: concept
 tags:
  - Security
  - Human-Factor
  - Training
 last_updated: 2026-04-14
 ---
 # Security Awareness Training
 ## Definition
 通过系统化的培训和演练提升组织内所有成员（从员工到高管）对安全威胁的认知和应对能力。
 ## Components
 - **月度安全通讯**：定期向全员推送安全信息和最佳实践
 - **网络钓鱼演练**：模拟钓鱼攻击测试员工识别能力
 - **关键指标**：衡量有多少人报告可疑活动（而非仅关注点击率）
 ## Goals
 - 将安全意识融入组织文化
 - 建立"全员参与"的安全防线
 - 持续改进安全态势
 ## Key Quote
 > "The focus is on how many people report suspicious activity." — GIS Security Awareness Program
 ## Relationship to [[Global Information Security Policy (GISP)]]
 - GISP 是政策框架，Security Awareness Training 是执行层的安全意识落地
 - 两者共同构成"政策+人"的安全治理闭环
 ## Connections
 - [[Global Information Security Policy (GISP)]]：政策基础
 - [[Global Information Security Team (GIS)]]：执行团队
 - [[OpenText]]：实施组织
--- a/wiki/concepts/Third
+++ b/wiki/concepts/Third
@@ -0,0 +1,37 @@
 ---
 title: "Third-Party Penetration Testing"
 type: concept
 tags:
  - Security
  - Testing
  - Penetration-Testing
  - Red-Team
 last_updated: 2026-04-14
 ---
 # Third-Party Penetration Testing
 ## Definition
 由独立第三方安全机构执行的渗透测试和红队演练，用于客观评估组织的安全态势，发现内部视角可能忽略的漏洞。
 ## Components
 - **年度第三方测试**：由独立机构执行年度安全评估
 - **桌面演练（Tabletop Exercises）**：模拟安全事件和违规场景，测试响应流程
 - **红队演练（Red Team Exercises）**：在事先不知情的情况下评估组织安全
 - **高级威胁评估（Advanced Threat Assessments）**
 - **内部/第三方渗透测试**：定期进行，发现技术漏洞
 - **客户审计（Customer Audits）**：有时会引发补救活动
 ## Key Metrics
 - 桌面演练：测试事件和违规准备就绪程度
 - 红队演练：在无预警情况下测试组织安全
 - OpenText 持续在第三方测试中处于"顶级梯队"
 ## Key Quote
 > "OpenText conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier." — GIS Team
 ## Connections
 - [[ISO-27001]]：框架要求
 - [[Global Information Security Policy (GISP)]]：政策支撑
 - [[Threat-Intelligence]]：结合使用
 - [[OpenText]]：实施组织
--- a/wiki/concepts/Threat-Intelligence.md
+++ b/wiki/concepts/Threat-Intelligence.md
@@ -0,0 +1,37 @@
 ---
 title: "Threat Intelligence"
 type: concept
 tags:
  - Security
  - Intelligence
  - SIEM
 last_updated: 2026-04-14
 ---
 # Threat Intelligence
 ## Definition
 通过收集、分析和传播关于现有和新兴威胁的信息，使组织能够主动防御安全威胁。
 ## Components
 - **威胁情报 feeds**：从多个来源收集威胁数据
 - **工具组件（Tool Components）**：主动监控环境
 - **检测与威胁狩猎（Detection & Threat Hunting）**：主动发现潜在威胁
 - **SIEM（安全信息与事件管理）**：大规模日志处理
 ## OpenText Scale
 - 大规模 SIM（安全信息管理）实现
 - 月处理 **2250 亿条日志**（225 billion log rugs）
 - 月分诊约 **350 个案例**
 - 利用 [[BrightCloud]] 作为威胁情报 feed 来源
 ## Relationship to Other Concepts
 - 与 [[Third-Party-Penetration-Testing]] 配合，形成"情报+测试"的主动防御体系
 - 支撑 [[Global Information Security Policy (GISP)]] 的监控和响应要求
 - 与 [[ISO-27001]] 的运营安全（Operations Security）控制相一致
 ## Connections
 - [[BrightCloud]]：威胁情报工具
 - [[Global Information Security Team (GIS)]]：运营团队
 - [[ISO-27001]]：框架基础
 - [[OpenText]]：实施组织
--- a/wiki/entities/Amazon-EKS.md
+++ b/wiki/entities/Amazon-EKS.md
@@ -0,0 +1,53 @@
 ---
 title: "Amazon EKS"
 type: entity
 tags:
  - AWS
  - Kubernetes
  - EKS
  - Container-Orchestration
  - SaaS
 sources:
  - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone
  - ctp-topic-70-eks-deployment-using-iac
  - ctp-topic-59-achieving-reliability-with-amazon-eks
  - ctp-topic-64-scaling-out-with-amazon-eks
 last_updated: 2026-04-28
 ---
 ## Overview
 Amazon Elastic Kubernetes Service (EKS) 是 AWS 提供的托管 Kubernetes 服务，负责 Kubernetes 控制平面的可用性和伸缩性，用户只需管理工作节点（数据平面）。
 ## Aliases
 - EKS
 - Amazon Elastic Kubernetes Service
 - Amazon EKS
 ## Key Characteristics
 - 完全托管的控制平面（Control Plane）
 - 与 AWS 服务深度集成（IAM、VPC、ELB、EBS、S3 等）
 - 支持 Fargate（无服务器计算引擎）和自管理/托管节点组
 - IAM RBAC 最小权限模型
 - 零停机滚动更新
 ## Architecture Components
 - **控制平面**：跨 3 AZ 部署，由 AWS 自动管理 etcd 和 API Server
 - **数据平面**：Worker Nodes（EC2、自管理或托管节点组）
 - **Pod 网络**：VPC CNI（默认）或自定义网络模式
 - **Ingress**：AWS ALB Ingress Controller
 - **存储**：EBS CSI Driver
 ## EKS Custom Networking
 EKS 支持自定义网络配置，允许绕过 VPC CNI 的默认行为，控制 Pod IP 分配。在受限 IP 地址池的环境中（如 AWS Lab Landing Zone），通过自定义网络标志启用独立子网的 IP 分配。
 ## Key Sources
 - [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]：在受限 Lab Landing Zone 中的 EKS 实施，解决 IP 地址池不足问题
 - [[ctp-topic-70-eks-deployment-using-iac]]：通过 Terraform IaC 部署 EKS 的完整方法论
 - [[ctp-topic-59-achieving-reliability-with-amazon-eks]]：EKS 可靠性最佳实践
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]：EKS 自动扩缩容策略
 ## Related Entities
 - [[AWS-Landing-Zone]]：EKS 部署的底层基础设施框架
 - [[AWS]]：EKS 所属的云平台提供商
 - [[Jenkins]]：EKS 部署的 CI/CD 平台（替代 Atlantis）
 - [[TerraGrant]]：Terragrunt 模块封装
--- a/wiki/entities/BrightCloud.md
+++ b/wiki/entities/BrightCloud.md
@@ -0,0 +1,26 @@
 ---
 title: "BrightCloud"
 type: entity
 tags:
  - OpenText
  - Threat-Intelligence
  - Security-Tools
 last_updated: 2026-04-14
 ---
 # BrightCloud
 **Type:** Product / Security Tool | **Company:** OpenText
 ## Overview
 BrightCloud 是 OpenText 自有的威胁情报工具，作为威胁情报 feeds 的来源，整合到 OpenText 的安全运营体系中。
 ## Usage in OpenText
 - 作为威胁情报 feed 输入到 OpenText 的安全运营平台
 - 支撑月处理 2250 亿条日志的安全运营体系
 - 与检测和威胁狩猎（Threat Hunting）结合使用
 ## Connections
 - [[OpenText]]：开发公司
 - [[Threat-Intelligence]]：所属领域
 - [[Global Information Security Team (GIS)]]：使用团队
--- a/wiki/entities/Ed.md
+++ b/wiki/entities/Ed.md
@@ -0,0 +1,28 @@
 ---
 title: "Ed"
 type: entity
 tags:
  - OpenText
  - GIS
  - Security
 last_updated: 2026-04-14
 ---
 # Ed
 **Role:** Global Information Security Team (GIS), OpenText
 ## Overview
 Ed 是 OpenText 全球信息安全团队（GIS）的核心成员，与 Mike 共同主持了关于 GIS 安全策略的公开云学习会议。
 ## Contributions
 - 主持 GIS Security Policies 学习会议（2024年10月15日）
 - 阐述 GIS 组织架构与政策框架
 ## Aliases
 - Ed（GIS）
 ## Connections
 - [[Mike]]：同事，共同主持 GIS 学习会议
 - [[Global Information Security Team (GIS)]]：所属团队
 - [[OpenText]]：雇主
--- a/wiki/entities/Mike.md
+++ b/wiki/entities/Mike.md
@@ -0,0 +1,28 @@
 ---
 title: "Mike"
 type: entity
 tags:
  - OpenText
  - GIS
  - Security
 last_updated: 2026-04-14
 ---
 # Mike
 **Role:** Global Information Security Team (GIS), OpenText
 ## Overview
 Mike 是 OpenText 全球信息安全团队（GIS）的核心成员，与 Ed 共同主持了关于 GIS 安全策略的公开云学习会议。
 ## Contributions
 - 主持 GIS Security Policies 学习会议（2024年10月15日）
 - 阐述 GIS 组织架构与政策框架
 ## Aliases
 - Mike（GIS）
 ## Connections
 - [[Ed]]：同事，共同主持 GIS 学习会议
 - [[Global Information Security Team (GIS)]]：所属团队
 - [[OpenText]]：雇主
--- a/wiki/entities/Octane.md
+++ b/wiki/entities/Octane.md
@@ -0,0 +1,43 @@
 ---
 title: "Octane"
 type: entity
 tags:
  - MicroFocus
  - SaaS
  - Kubernetes
  - EKS
 sources:
  - ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone
  - ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i
 last_updated: 2026-04-28
 ---
 ## Overview
 Octane 是 Micro Focus（现 OpenText）旗下一款 SaaS 应用，以 IP 地址密集型（IP-hungry）workload 著称，是推动 EKS 在 AWS Lab Landing Zone 中实施的核心业务驱动因素。
 ## Aliases
 - Octane
 - Micro Focus Octane
 - Octane SaaS
 ## Key Characteristics
 - SaaS 模式部署
 - IP 地址密集型应用，对 IP 分配有大量需求
 - 在 AWS 环境中需要 Kubernetes 容器编排能力
 - 驱动了 OpenText/Micro Focus 团队对 EKS 自定义网络方案的探索
 ## Context
 Octane 是 CTP Topic 39 中 EKS 部署的驱动用例。标准 EKS 部署方案无法满足其 IP 需求，团队通过以下方案解决：
 - 创建独立私有子网（非主 VPC 子网）
 - 启用 EKS 模块的自定义网络配置标志
 - 在 Pod 规范中设置 `hostNetwork: true`
 ## Related Entities
 - [[Amazon-EKS]]：Octane 部署的容器编排平台
 - [[AWS-Landing-Zone]]：Octane 运行的 AWS 基础设施环境
 - [[MicroFocus]]：（历史）开发 Octane 的公司
 - [[OpenText]]：（现母公司）
 ## Related Sources
 - [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
 - [[ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i]]
--- a/wiki/entities/Suravpul.md
+++ b/wiki/entities/Suravpul.md
@@ -1,24 +1,36 @@
---
+---
-title: "Suravpul"
+title: "Suravpul"
-type: entity
+type: entity
-tags: [AWS, Solutions-Architect, EKS]
+tags:
-last_updated: 2026-04-25
+  - AWS
---
+  - Solutions-Architect
-
+  - EKS
-# Suravpul
+  - Kubernetes
-
+sources:
-AWS 高级解决方案架构师（Senior Solutions Architect），专注 Amazon EKS 的可靠性、可观测性和扩缩容实践。
+  - ctp-topic-59-achieving-reliability-with-amazon-eks
-
+  - ctp-topic-64-scaling-out-with-amazon-eks
-## Role
+  - ctp-topic-67-cloud-native-observability-using-opentelemetry
- AWS Senior Solutions Architect
+last_updated: 2026-04-28
- 主讲 CTP 云转型系列中多个 EKS 深度专题
+---
-
+
-## Sources
+## Overview
- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] — EKS 可靠性最佳实践
+Suravpul 是 Amazon Web Services（AWS）的高级解决方案架构师（Senior Solutions Architect），专注于 Amazon EKS（Elastic Kubernetes Service）的可靠性、可观测性和扩缩容实践。
- [[ctp-topic-64-scaling-out-with-amazon-eks]] — EKS 工作负载扩缩容
+
- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] — EKS 云原生可观测性
+## Aliases
-
+- Suravpul
-## Connections
+- Suravpul (AWS)
- [[Amazon EKS]] — 专注领域
+
- [[AWS]] — 雇主
+## Key Contributions
- [[Surav Paul]] — 同一人：ctp-topic-59 标注为 "Surav Paul"，本视频标注为 "Suravpul"，推断为同一 AWS 高级解决方案架构师的不同记法
+- CTP Topic 59：EKS 可靠性深度实践（HPA、VPA、Pod Disruption Budget）
 - CTP Topic 64：EKS 工作负载扩缩容完整方法论（HPA、KEDA、Cluster Autoscaler、Karpenter、IPv6）
 - CTP Topic 67：云原生可观测性最佳实践（OpenTelemetry 集成）
 ## Role
 - **Organization**: Amazon Web Services (AWS)
 - **Title**: Senior Solutions Architect
 - **Focus Areas**: EKS reliability, observability, autoscaling, container networking
 ## Sources
 - [[ctp-topic-59-achieving-reliability-with-amazon-eks]]
 - [[ctp-topic-64-scaling-out-with-amazon-eks]]
 - [[ctp-topic-67-cloud-native-observability-using-opentelemetry]]
--- a/wiki/index.md
+++ b/wiki/index.md
@@ -4,6 +4,34 @@
 - [Overview](overview.md) — living synthesis
 ## Sources
 - [2026-04-28] [Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015](sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md)
 - [2026-04-28] [CTP Topic 64 Scaling out with Amazon EKS](sources/ctp-topic-64-scaling-out-with-amazon-eks.md)
 - [2026-04-28] [CTP Topic 67 Cloud native observability using OpenTelemetry](sources/ctp-topic-67-cloud-native-observability-using-opentelemetry.md)
 - [2026-04-28] [Public Cloud Learning Sessions - EKS Optimization Part 2 of 3 - Running Containers with Bottlerocket OS](sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md)
 - [2026-04-28] [CTP Topic 42 Grafana Observability Dashboard](sources/ctp-topic-42-grafana-observability-dashboard.md)
 - [2026-04-28] [Public Cloud Learning Sessions - Observability with OpenTelemetry - 20240402](sources/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113.md)
 - [2026-04-28] [CTP Topic 54 ESM SaaS Log Analytics](sources/ctp-topic-54-esm-saas-log-analytics.md)
 - [2026-04-28] [CTP Topic 59 Achieving reliability with Amazon EKS](sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md)
 - [2026-04-28] [CTP Topic 29 Cloud Monitoring – SaaS LZ accounts](sources/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md)
 - [2026-04-28] [CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone](sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md)
 - [2026-04-28] [Public Cloud Learning Sessions - EKS Optimization Part 1 of 3 - Compute Optimization with Karpenter](sources/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md)
 - [2026-04-28] [CTP Topic 70 EKS deployment using IAC](sources/ctp-topic-70-eks-deployment-using-iac.md)
 - [2026-04-28] [CTP Topic 60 - Monitor AWS using Hyperscale Observability with Grafana](sources/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md)
 - [2026-04-28] [Public Cloud Learning Sessions - EKS Optimization Part 3 of 3 - Introduction to EKS Auto Mode](sources/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks.md)
 - [2026-04-28] [CTP Topic 8 - Implementation of Cloud Monitoring using Micro Focus Operations Bridge Manager](sources/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md)
 - [2026-04-28] [CTP Topic 11 AD Integration and Login using AD Accounts](sources/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md)
 - [2026-04-28] [CTP Topic 5 - AWS Identity and Access Management (IAM)](sources/ctp-topic-5-aws-identity-and-access-management-iam.md)
 - [2026-04-28] [Learning Sessions Identity Governance VSM Replacement - 20231128](sources/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md)
 - [2026-04-28] [Public Cloud Learning Sessions - AWS End User Compute Services - 20240430](sources/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md)
 - [2026-04-28] [Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109](sources/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109.md)
 - [2026-04-28] [Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A - 20240806](sources/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md)
 - [2026-04-28] [Public Cloud Learning Sessions - Tagging Standards for All Hyperscalers - 20240123](sources/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md)
 - [2026-04-28] [CTP Topic 23 Introduction to the Technical Architecture Team and Function](sources/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md)
 - [2026-04-28] [CTP Topic 57 Product backlog managing demand](sources/ctp-topic-57-product-backlog-managing-demand.md)
 - [2026-04-28] [Public Cloud Learning Sessions (OpenText) - Thor Platform & Flows](sources/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md)
 - [2026-04-28] [CTP Topic 6 AWS Workspaces Demo](sources/ctp-topic-6-aws-workspaces-demo.md)
 - [2026-04-28] [CTP Topic 53 Why bother with Cloud](sources/ctp-topic-53-why-bother-with-cloud.md)
 - [2026-04-28] [Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab Migration](sources/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md)
 - [2026-04-28] [Public Cloud Learning Sessions - OpenText Tagging Standard v2 - 20250429](sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md)
 - [2026-04-28] [CTP Topic 41 NFR's and Error Budgets](sources/ctp-topic-41-nfrs-and-error-budgets.md)
 - [2026-04-28] [CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security](sources/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md)
@@ -238,23 +266,12 @@
 - [n8n-docker-配置-telegram-代理-troubleshooting](sources/n8n-docker-配置-telegram-代理-troubleshooting.md) — (expected: wiki/sources/n8n-docker-配置-telegram-代理-troubleshooting.md — source missing)
 - [sre-weekly-issue-513](sources/sre-weekly-issue-513.md) — (expected: wiki/sources/sre-weekly-issue-513.md — source missing)
 - [Cloud Learning Master Index](sources/cloud-learning-master-index.md)
 - [Public Cloud Learning Sessions - Tagging Standards for All Hyperscalers - 20240123](sources/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md)
 - [Public Cloud Learning Sessions (OpenText) - Thor Platform & Flows](sources/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md)
 - [Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A - 20240806](sources/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md)
 - [Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab Migration](sources/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md)
 - [Public Cloud Learning Sessions - AWS End User Compute Services - 20240430](sources/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md)
 - [Public Cloud Learning Sessions- Applicable Business Analysis Techniques - 20240109](sources/public-cloud-learning-sessions-applicable-business-analysis-techniques-20240109.md)
 - [CTP Topic 6 AWS Workspaces Demo](sources/ctp-topic-6-aws-workspaces-demo.md)
 - [CTP Topic 57 Product backlog managing demand](sources/ctp-topic-57-product-backlog-managing-demand.md)
 - [CTP Topic 53 Why bother with Cloud](sources/ctp-topic-53-why-bother-with-cloud.md)
 - [CTP Topic 23 Introduction to the Technical Architecture Team and Function](sources/ctp-topic-23-introduction-to-the-technical-architecture-team-and-function.md)
 - [Public Cloud Learning Sessions - Serverless Computing - 20240903](sources/public-cloud-learning-sessions-opentext-serverless-computing-20240903-160139-mee.md)
 - [Public Cloud Learning Sessions (OpenText) - Generative AI & Prompt Engineering - 20241112](sources/public-cloud-learning-sessions-opentext-generative-ai-prompt-engineering-2024111.md)
 - [Public Cloud Learning Sessions (OpenText) - Event Driven Architecture Part 2](sources/public-cloud-learning-sessions-opentext-event-driven-architecture-part-2-2024091.md)
 - [Public Cloud Learning Sessions (OpenText) - Event Driven Architecture Part 1](sources/public-cloud-learning-sessions-opentext-event-driven-architecture-part-1-2024091.md)
 - [Public Cloud Learning Sessions (OpenText) - AI Use Cases - 20241126 160106](sources/public-cloud-learning-sessions-opentext-ai-use-cases-20241126-160106-meeting-rec.md)
 - [Public Cloud Learning Sessions - Introduction to AI/ML with AWS](sources/public-cloud-learning-sessions-introduction-to-artificial-intelligence-ai-machin.md)
 - [Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015](sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md)
 - [CTP Topic 62 AWS Secrets Manager](sources/ctp-topic-62-aws-secrets-manager.md)
 - [CTP Topic 55 AWS Firewall Manager](sources/ctp-topic-55-aws-firewall-manager.md)
 - [CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)](sources/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md)
@@ -278,29 +295,12 @@
 - [CTP Topic 63 Optimise resource cost using automation](sources/ctp-topic-63-optimise-resource-cost-using-automation.md)
 - [CTP Topic 27 AWS Instance Scheduler](sources/ctp-topic-27-aws-instance-scheduler.md)
 - [CTP Topic 13 Cloud FinOps Micro Focus Policies best practices to optimize the costs](sources/ctp-topic-13-cloud-finops-micro-focus-policies-best-practices-to-optimize-the-co.md)
 - [Public Cloud Learning Sessions - Observability with OpenTelemetry - 20240402](sources/public-cloud-learning-sessions-observability-with-opentelemetry-20240402-160113.md)
 - [Public Cloud Learning Sessions - EKS Optimization Part 3 of 3 - Introduction to EKS Auto Mode](sources/public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks.md)
 - [Public Cloud Learning Sessions - EKS Optimization Part 2 of 3 - Running Containers with Bottlerocket OS](sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md)
 - [Public Cloud Learning Sessions - EKS Optimization Part 1 of 3 - Compute Optimization with Karpenter](sources/public-cloud-learning-sessions-eks-optimization-part-1-of-3-compute-optimization.md)
 - [CTP Topic 8 - Implementation of Cloud Monitoring using Micro Focus Operations Bridge Manager](sources/ctp-topic-8-implementation-of-cloud-monitoring-using-micro-focus-operations-brid.md)
 - [CTP Topic 70 EKS deployment using IAC](sources/ctp-topic-70-eks-deployment-using-iac.md)
 - [CTP Topic 67 Cloud native observability using OpenTelemetry](sources/ctp-topic-67-cloud-native-observability-using-opentelemetry.md)
 - [CTP Topic 64 Scaling out with Amazon EKS](sources/ctp-topic-64-scaling-out-with-amazon-eks.md)
 - [CTP Topic 60 - Monitor AWS using Hyperscale Observability with Grafana](sources/ctp-topic-60-monitor-aws-using-hyperscale-observability-with-grafana.md)
 - [CTP Topic 59 Achieving reliability with Amazon EKS](sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md)
 - [CTP Topic 54 ESM SaaS Log Analytics](sources/ctp-topic-54-esm-saas-log-analytics.md)
 - [CTP Topic 42 Grafana Observability Dashboard](sources/ctp-topic-42-grafana-observability-dashboard.md)
 - [CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone](sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md)
 - [CTP Topic 29 Cloud Monitoring – SaaS LZ accounts](sources/ctp-topic-29-cloud-monitoring-saas-lz-accounts.md)
 - [Learning Sessions ECS Deployment using IAC - 20230808](sources/learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording.md)
 - [Learning Sessions Cloud Transformation Programme-Deploying RDS via Terraform](sources/learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform.md)
 - [Learning Sessions Cloud Transformation Programme-20230808 183322-Meeting Recording](sources/learning-sessions-cloud-transformation-programme-20230808-183322-meeting-recordi.md)
 - [CTP Topic 48 Terraform vs Terragrunt](sources/ctp-topic-48-terraform-vs-terragrunt.md)
 - [CTP Topic 16 Cross-account Terraform modules](sources/ctp-topic-16-cross-account-terraform-modules.md)
 - [CTP Topic 12 Using SES SMTP service terraform module](sources/ctp-topic-12-using-ses-smtp-service-terraform-module.md)
 - [Learning Sessions Identity Governance VSM Replacement - 20231128](sources/learning-sessions-identity-governance-vsm-replacement-20231128-160326-meeting-re.md)
 - [CTP Topic 5 - AWS Identity and Access Management (IAM)](sources/ctp-topic-5-aws-identity-and-access-management-iam.md)
 - [CTP Topic 11 AD Integration and Login using AD Accounts](sources/ctp-topic-11-ad-integration-and-login-using-ad-accounts.md)
 - [n8n调用hermes-agents的工作流架构](sources/n8n调用hermes-agents的工作流架构.md) — (expected: wiki/sources/n8n调用hermes-agents的工作流架构.md — source missing)
 - [n8n-调用openclaw-agents的工作流架构](sources/n8n-调用openclaw-agents的工作流架构.md) — (expected: wiki/sources/n8n-调用openclaw-agents的工作流架构.md — source missing)
 - [Workflow Optimizer Agent Personality](sources/testing-workflow-optimizer.md)
@@ -555,6 +555,7 @@
 - [Amazon-CloudWatch-Logs](entities/Amazon-CloudWatch-Logs.md)
 - [Amazon-DocumentDB](entities/Amazon-DocumentDB.md)
 - [Amazon-DynamoDB](entities/Amazon-DynamoDB.md)
 - [Amazon-EKS](entities/Amazon-EKS.md)
 - [Amazon-ElastiCache](entities/Amazon-ElastiCache.md)
 - [Amazon-EventBridge](entities/Amazon-EventBridge.md)
 - [Amazon-Keyspaces](entities/Amazon-Keyspaces.md)
@@ -562,11 +563,15 @@
 - [Amazon-RDS](entities/Amazon-RDS.md)
 - [Amazon-Redshift](entities/Amazon-Redshift.md)
 - [Amazon-Timestream](entities/Amazon-Timestream.md)
 - [Amazon-Workspaces](entities/Amazon-Workspaces.md)
 - [AmazonAds](entities/AmazonAds.md)
 - [Andrej-Karpathy](entities/Andrej-Karpathy.md)
 - [Anki](entities/Anki.md)
 - [Anthropic](entities/Anthropic.md)
 - [Apache-Superset](entities/Apache-Superset.md)
 - [AppStream-2](entities/AppStream-2.md)
 - [Arnold-Dacan](entities/Arnold-Dacan.md)
 - [Artifactory](entities/Artifactory.md)
 - [Asana](entities/Asana.md)
 - [ASCE-7](entities/ASCE-7.md)
 - [Ashish](entities/Ashish.md)
@@ -585,8 +590,10 @@
 - [Azure](entities/Azure.md)
 - [Backend-Architect](entities/Backend-Architect.md)
 - [BackendArchitect](entities/BackendArchitect.md)
 - [Backstage](entities/Backstage.md)
 - [Baidu](entities/Baidu.md)
 - [baoyu](entities/baoyu.md)
 - [BCS](entities/BCS.md)
 - [BehavioralNudgeEngine](entities/BehavioralNudgeEngine.md)
 - [bitwarden](entities/bitwarden.md)
 - [blackbox-exporter](entities/blackbox-exporter.md)
@@ -597,8 +604,10 @@
 - [bottom](entities/bottom.md)
 - [Brendan-Starnig](entities/Brendan-Starnig.md)
 - [BrianReeves](entities/BrianReeves.md)
 - [BrightCloud](entities/BrightCloud.md)
 - [Brightdata](entities/Brightdata.md)
 - [btop++](entities/btop++.md)
 - [Build-Hub](entities/Build-Hub.md)
 - [Caddy](entities/Caddy.md)
 - [cAdvisor](entities/cAdvisor.md)
 - [Calibre](entities/Calibre.md)
@@ -610,6 +619,7 @@
 - [Checkpoint-Firewall](entities/Checkpoint-Firewall.md)
 - [ChinesePodcastPlatforms](entities/ChinesePodcastPlatforms.md)
 - [Choi-Wontak](entities/Choi-Wontak.md)
 - [Christian-Odonough](entities/Christian-Odonough.md)
 - [ChristianDeckelman](entities/ChristianDeckelman.md)
 - [Claude-Code](entities/Claude-Code.md)
 - [Claude-Desktop](entities/Claude-Desktop.md)
@@ -663,6 +673,7 @@
 - [Duolingo](entities/Duolingo.md)
 - [DXC-VSM](entities/DXC-VSM.md)
 - [DXY](entities/DXY.md)
 - [Ed](entities/Ed.md)
 - [EESJGong](entities/EESJGong.md)
 - [Euler-Finance](entities/Euler-Finance.md)
 - [Eurocode](entities/Eurocode.md)
@@ -677,7 +688,9 @@
 - [Gemini](entities/Gemini.md)
 - [ghproxy](entities/ghproxy.md)
 - [Gitea](entities/Gitea.md)
 - [GitHub-Enterprise](entities/GitHub-Enterprise.md)
 - [GitHubCopilot](entities/GitHubCopilot.md)
 - [GitLab](entities/GitLab.md)
 - [Gitmoji](entities/Gitmoji.md)
 - [glances](entities/glances.md)
 - [gog](entities/gog.md)
@@ -705,6 +718,7 @@
 - [HunyuanVideo](entities/HunyuanVideo.md)
 - [IBM](entities/IBM.md)
 - [idea-reality-mcp](entities/idea-reality-mcp.md)
 - [IIBA](entities/IIBA.md)
 - [InsightsLM](entities/InsightsLM.md)
 - [Intelephense](entities/Intelephense.md)
 - [Intsas.local](entities/Intsas.local.md)
@@ -758,6 +772,7 @@
 - [Microsoft-Planner](entities/Microsoft-Planner.md)
 - [MicrosoftAdvertising](entities/MicrosoftAdvertising.md)
 - [Midjourney](entities/Midjourney.md)
 - [Mike](entities/Mike.md)
 - [MikeArmstrong](entities/MikeArmstrong.md)
 - [MikeOReily](entities/MikeOReily.md)
 - [Milvus](entities/Milvus.md)
@@ -788,6 +803,7 @@
 - [Obsidian](entities/Obsidian.md)
 - [ObsidianTasksPlugin](entities/ObsidianTasksPlugin.md)
 - [OceanEngine](entities/OceanEngine.md)
 - [Octane](entities/Octane.md)
 - [Octane-Hub](entities/Octane-Hub.md)
 - [Ollama](entities/Ollama.md)
 - [Open-Alliance-for-Cloud-Adoption](entities/Open-Alliance-for-Cloud-Adoption.md)
@@ -807,6 +823,7 @@
 - [Peloton](entities/Peloton.md)
 - [Perplexica](entities/Perplexica.md)
 - [Phenops-Team](entities/Phenops-Team.md)
 - [PHT-Product-Hub-Platform](entities/PHT-Product-Hub-Platform.md)
 - [PingMe](entities/PingMe.md)
 - [Playwright](entities/Playwright.md)
 - [Podcastfy](entities/Podcastfy.md)
@@ -893,6 +910,7 @@
 - [Twilio](entities/Twilio.md)
 - [TypeScript-Language-Server](entities/TypeScript-Language-Server.md)
 - [Ubuntu-Server](entities/Ubuntu-Server.md)
 - [UCMDB](entities/UCMDB.md)
 - [UI-Designer](entities/UI-Designer.md)
 - [UnityGamingServices](entities/UnityGamingServices.md)
 - [UnityMultiplayerEngineer](entities/UnityMultiplayerEngineer.md)
@@ -917,6 +935,8 @@
 - [Weibo](entities/Weibo.md)
 - [WildCard](entities/WildCard.md)
 - [Windsurf](entities/Windsurf.md)
 - [Workspace-Core](entities/Workspace-Core.md)
 - [Workspace-Web](entities/Workspace-Web.md)
 - [WSL2](entities/WSL2.md)
 - [Xiaohongshu](entities/Xiaohongshu.md)
 - [XiaohongshuPlatform](entities/XiaohongshuPlatform.md)
@@ -1011,6 +1031,7 @@
 - [AI开源平替](concepts/AI开源平替.md)
 - [AI文生视频](concepts/AI文生视频.md)
 - [AI簡報工作流](concepts/AI簡報工作流.md)
 - [ALB-Ingress-Controller](concepts/ALB-Ingress-Controller.md)
 - [Alerting](concepts/Alerting.md)
 - [AlertManagement](concepts/AlertManagement.md)
 - [Algorithm-Agility](concepts/Algorithm-Agility.md)
@@ -1023,10 +1044,13 @@
 - [Annales-School](concepts/Annales-School.md)
 - [Answer-Engine-Optimization](concepts/Answer-Engine-Optimization.md)
 - [AntiCheatArchitecture](concepts/AntiCheatArchitecture.md)
 - [API-Server-Priority-and-Fairness](concepts/API-Server-Priority-and-Fairness.md)
 - [Appearance-Anxiety](concepts/Appearance-Anxiety.md)
 - [APT-仓库配置](concepts/APT-仓库配置.md)
 - [Architectural-Empathy](concepts/Architectural-Empathy.md)
 - [Architecture-Roadmap](concepts/Architecture-Roadmap.md)
 - [ARM-AMI](concepts/ARM-AMI.md)
 - [Artifact-Repo](concepts/Artifact-Repo.md)
 - [arXiv-API](concepts/arXiv-API.md)
 - [Asset-Management](concepts/Asset-Management.md)
 - [Asset-Pipeline](concepts/Asset-Pipeline.md)
@@ -1043,8 +1067,11 @@
 - [Availability](concepts/Availability.md)
 - [Availability-Zone-ID](concepts/Availability-Zone-ID.md)
 - [AWS-Backup-Concepts](concepts/AWS-Backup-Concepts.md)
 - [AWS-End-User-Computing](concepts/AWS-End-User-Computing.md)
 - [AWS-Identity-Center](concepts/AWS-Identity-Center.md)
 - [AWS-Inspector](concepts/AWS-Inspector.md)
 - [AWS-Secrets-Manager](concepts/AWS-Secrets-Manager.md)
 - [AWS-Service-Catalog](concepts/AWS-Service-Catalog.md)
 - [AWS-Source-Identity](concepts/AWS-Source-Identity.md)
 - [AWS-Tagging-Standards](concepts/AWS-Tagging-Standards.md)
 - [AWS-Tags](concepts/AWS-Tags.md)
@@ -1067,6 +1094,7 @@
 - [Blue-Hat-Logo](concepts/Blue-Hat-Logo.md)
 - [BONDING-Strategy](concepts/BONDING-Strategy.md)
 - [BOOTSTRAP.md](concepts/BOOTSTRAP.md.md)
 - [BOSCARD](concepts/BOSCARD.md)
 - [Brain-Dump](concepts/Brain-Dump.md)
 - [Branch-Strategy](concepts/Branch-Strategy.md)
 - [Branching-Narrative](concepts/Branching-Narrative.md)
@@ -1076,8 +1104,10 @@
 - [Build-Mode](concepts/Build-Mode.md)
 - [Build-Your-Own-X](concepts/Build-Your-Own-X.md)
 - [BuildInPublic](concepts/BuildInPublic.md)
 - [Business-Analysis](concepts/Business-Analysis.md)
 - [Business-Impact-Analysis](concepts/Business-Impact-Analysis.md)
 - [Business-Knowledge-Base](concepts/Business-Knowledge-Base.md)
 - [BYOD](concepts/BYOD.md)
 - [CACandLTV](concepts/CACandLTV.md)
 - [Caddy](concepts/Caddy.md)
 - [caffeinate](concepts/caffeinate.md)
@@ -1116,6 +1146,7 @@
 - [Cloud-Computing](concepts/Cloud-Computing.md)
 - [Cloud-Cost-Optimization](concepts/Cloud-Cost-Optimization.md)
 - [Cloud-DevOps-Maturity-Model](concepts/Cloud-DevOps-Maturity-Model.md)
 - [Cloud-First-Policy](concepts/Cloud-First-Policy.md)
 - [Cloud-Governance](concepts/Cloud-Governance.md)
 - [Cloud-Maturity-Levels](concepts/Cloud-Maturity-Levels.md)
 - [cloud-migration](concepts/cloud-migration.md)
@@ -1126,9 +1157,11 @@
 - [cloud-security](concepts/cloud-security.md)
 - [Cloud-Security-Maturity-Model](concepts/Cloud-Security-Maturity-Model.md)
 - [Cloud-Service-Delivery](concepts/Cloud-Service-Delivery.md)
 - [CloudWatch-Agent](concepts/CloudWatch-Agent.md)
 - [Cluster-Autoscaler](concepts/Cluster-Autoscaler.md)
 - [CMDB](concepts/CMDB.md)
 - [Cockpit-Ergonomics](concepts/Cockpit-Ergonomics.md)
 - [Code-Signing](concepts/Code-Signing.md)
 - [CodeWeaver](concepts/CodeWeaver.md)
 - [Cognitive-Distortions](concepts/Cognitive-Distortions.md)
 - [Cognitive-Load-Reduction](concepts/Cognitive-Load-Reduction.md)
@@ -1146,6 +1179,7 @@
 - [Consensus-Voting-Pattern](concepts/Consensus-Voting-Pattern.md)
 - [Constraint-Driven-Control-Mechanics](concepts/Constraint-Driven-Control-Mechanics.md)
 - [Container-Image-Tagging](concepts/Container-Image-Tagging.md)
 - [Container-Insights](concepts/Container-Insights.md)
 - [Container-Lifecycle-Hardening](concepts/Container-Lifecycle-Hardening.md)
 - [Content Automation](concepts/Content Automation.md)
 - [Content-60-30-10-Rule](concepts/Content-60-30-10-Rule.md)
@@ -1170,6 +1204,7 @@
 - [Conversational-Interface](concepts/Conversational-Interface.md)
 - [Conversions-API](concepts/Conversions-API.md)
 - [Core-Gameplay-Loop](concepts/Core-Gameplay-Loop.md)
 - [CoreDNS-Scaling](concepts/CoreDNS-Scaling.md)
 - [cost-of-delay](concepts/cost-of-delay.md)
 - [Cost-Optimization](concepts/Cost-Optimization.md)
 - [Cowork-UI](concepts/Cowork-UI.md)
@@ -1241,6 +1276,7 @@
 - [DRY原则](concepts/DRY原则.md)
 - [DuckDB](concepts/DuckDB.md)
 - [Dynamic-Dashboard](concepts/Dynamic-Dashboard.md)
 - [EA-SA-TA-Framework](concepts/EA-SA-TA-Framework.md)
 - [Early-Live-Support](concepts/Early-Live-Support.md)
 - [Earnings-Beat-Miss](concepts/Earnings-Beat-Miss.md)
 - [Earnings-Calendar](concepts/Earnings-Calendar.md)
@@ -1249,10 +1285,12 @@
 - [efibootmgr](concepts/efibootmgr.md)
 - [EFS-vs-EBS](concepts/EFS-vs-EBS.md)
 - [EKS-Auto-Mode](concepts/EKS-Auto-Mode.md)
 - [EKS-Custom-Networking](concepts/EKS-Custom-Networking.md)
 - [ELK-Stack](concepts/ELK-Stack.md)
 - [Email-Triage](concepts/Email-Triage.md)
 - [Embedding](concepts/Embedding.md)
 - [Emergency-Change](concepts/Emergency-Change.md)
 - [EMI-Elastic-Network-Interface](concepts/EMI-Elastic-Network-Interface.md)
 - [Employee-Advocacy](concepts/Employee-Advocacy.md)
 - [emptyDir-Volume](concepts/emptyDir-Volume.md)
 - [Encounter-Design](concepts/Encounter-Design.md)
@@ -1281,6 +1319,7 @@
 - [Feature-Flag](concepts/Feature-Flag.md)
 - [FeatureList](concepts/FeatureList.md)
 - [Federated-Access](concepts/Federated-Access.md)
 - [FedRAMP](concepts/FedRAMP.md)
 - [Feedback-Loop](concepts/Feedback-Loop.md)
 - [FIA-Framework](concepts/FIA-Framework.md)
 - [File-System-First-UI](concepts/File-System-First-UI.md)
@@ -1290,6 +1329,7 @@
 - [Fix-Pack](concepts/Fix-Pack.md)
 - [Fixed-Point-Semantics](concepts/Fixed-Point-Semantics.md)
 - [Flow-And-Readability](concepts/Flow-And-Readability.md)
 - [FluentBit](concepts/FluentBit.md)
 - [Food-Sensitivity-Tracking](concepts/Food-Sensitivity-Tracking.md)
 - [Foundation-AMI](concepts/Foundation-AMI.md)
 - [frp](concepts/frp.md)
@@ -1314,9 +1354,12 @@
 - [Geographic-Coherence](concepts/Geographic-Coherence.md)
 - [GitAsAuditLog](concepts/GitAsAuditLog.md)
 - [GitHub-Release-Monitoring](concepts/GitHub-Release-Monitoring.md)
 - [GitLab-Geo](concepts/GitLab-Geo.md)
 - [GitLab-Proxy](concepts/GitLab-Proxy.md)
 - [Gitmoji-Commit](concepts/Gitmoji-Commit.md)
 - [GitOps](concepts/GitOps.md)
 - [Global-First-Architecture](concepts/Global-First-Architecture.md)
 - [Global-Information-Security-Policy-GISP](concepts/Global-Information-Security-Policy-GISP.md)
 - [Golden-3-Second-Hook](concepts/Golden-3-Second-Hook.md)
 - [GP3-EBS-Storage](concepts/GP3-EBS-Storage.md)
 - [GPG-密钥验证](concepts/GPG-密钥验证.md)
@@ -1337,8 +1380,10 @@
 - [high-availability](concepts/high-availability.md)
 - [Holistic-Admissions](concepts/Holistic-Admissions.md)
 - [HookBodyCTA](concepts/HookBodyCTA.md)
 - [Horizontal-Pod-Autoscaler](concepts/Horizontal-Pod-Autoscaler.md)
 - [Hosmer-Lemeshow-Test](concepts/Hosmer-Lemeshow-Test.md)
 - [Host-Incubation-System](concepts/Host-Incubation-System.md)
 - [Host-Network-Mode](concepts/Host-Network-Mode.md)
 - [HouseholdInventoryTracking](concepts/HouseholdInventoryTracking.md)
 - [HTTPS自动化证书](concepts/HTTPS自动化证书.md)
 - [Hub-and-Spoke](concepts/Hub-and-Spoke.md)
@@ -1357,6 +1402,7 @@
 - [Identity-Governance](concepts/Identity-Governance.md)
 - [Identity-Resolution](concepts/Identity-Resolution.md)
 - [IDENTITY.md](concepts/IDENTITY.md.md)
 - [IGA](concepts/IGA.md)
 - [Ikigai框架](concepts/Ikigai框架.md)
 - [ImageToVideo](concepts/ImageToVideo.md)
 - [Immutable-Infrastructure](concepts/Immutable-Infrastructure.md)
@@ -1377,9 +1423,12 @@
 - [IntentDrivenRouting](concepts/IntentDrivenRouting.md)
 - [Intentional-Cloud-Strategy](concepts/Intentional-Cloud-Strategy.md)
 - [Inversion](concepts/Inversion.md)
 - [INVEST](concepts/INVEST.md)
 - [Invisible-Exclusion](concepts/Invisible-Exclusion.md)
 - [IPAM](concepts/IPAM.md)
 - [IPv6-in-EKS](concepts/IPv6-in-EKS.md)
 - [IP纯净度](concepts/IP纯净度.md)
 - [ISO-27001](concepts/ISO-27001.md)
 - [ISOHybrid镜像](concepts/ISOHybrid镜像.md)
 - [ITSM](concepts/ITSM.md)
 - [ITSM-2.0](concepts/ITSM-2.0.md)
@@ -1389,7 +1438,9 @@
 - [Jira-Git-Traceability](concepts/Jira-Git-Traceability.md)
 - [Kaizen](concepts/Kaizen.md)
 - [Kanban](concepts/Kanban.md)
 - [Karpenter](concepts/Karpenter.md)
 - [Karpman-Drama-Triangle](concepts/Karpman-Drama-Triangle.md)
 - [KEDA](concepts/KEDA.md)
 - [Keyword-Based-Monitoring](concepts/Keyword-Based-Monitoring.md)
 - [KFactor](concepts/KFactor.md)
 - [Kill-Switch](concepts/Kill-Switch.md)
@@ -1450,6 +1501,7 @@
 - [Merge-Point](concepts/Merge-Point.md)
 - [Mermaid](concepts/Mermaid.md)
 - [MessageMatch](concepts/MessageMatch.md)
 - [Metrics-Server](concepts/Metrics-Server.md)
 - [Micro-Recovery](concepts/Micro-Recovery.md)
 - [MicroInfluencerPartnership](concepts/MicroInfluencerPartnership.md)
 - [Miping](concepts/Miping.md)
@@ -1509,6 +1561,7 @@
 - [ObsidianRecurringTasks](concepts/ObsidianRecurringTasks.md)
 - [OpenClaw-Deployment-Expert](concepts/OpenClaw-Deployment-Expert.md)
 - [OpenTelemetry](concepts/OpenTelemetry.md)
 - [OpenText-Tagging-Standard](concepts/OpenText-Tagging-Standard.md)
 - [Oracle-Manipulation](concepts/Oracle-Manipulation.md)
 - [Ordered-Layer](concepts/Ordered-Layer.md)
 - [Organic-Traffic-Amplification](concepts/Organic-Traffic-Amplification.md)
@@ -1571,9 +1624,11 @@
 - [Problem-Management](concepts/Problem-Management.md)
 - [Procedural-Level-Design](concepts/Procedural-Level-Design.md)
 - [process-management](concepts/process-management.md)
 - [Product-Hierarchy](concepts/Product-Hierarchy.md)
 - [ProductLedGrowth](concepts/ProductLedGrowth.md)
 - [Program-Demand-Process](concepts/Program-Demand-Process.md)
 - [Progressive-Rollout](concepts/Progressive-Rollout.md)
 - [Project-Thor](concepts/Project-Thor.md)
 - [ProjectState](concepts/ProjectState.md)
 - [Prometheus告警规则](concepts/Prometheus告警规则.md)
 - [Prompt](concepts/Prompt.md)
@@ -1593,6 +1648,7 @@
 - [QualitySwitch](concepts/QualitySwitch.md)
 - [QueryLanguage](concepts/QueryLanguage.md)
 - [Quick-Capture](concepts/Quick-Capture.md)
 - [RACI](concepts/RACI.md)
 - [RAG](concepts/RAG.md)
 - [Reality-Signal](concepts/Reality-Signal.md)
 - [RealityKit-SwiftUI-Integration](concepts/RealityKit-SwiftUI-Integration.md)
@@ -1617,6 +1673,8 @@
 - [RemoteRescuePattern](concepts/RemoteRescuePattern.md)
 - [Renovate-Bot](concepts/Renovate-Bot.md)
 - [Replication-Graph](concepts/Replication-Graph.md)
 - [Repo-Mirroring](concepts/Repo-Mirroring.md)
 - [Requirements-Gathering](concepts/Requirements-Gathering.md)
 - [Resolver-Rules](concepts/Resolver-Rules.md)
 - [Resource-Allocation](concepts/Resource-Allocation.md)
 - [Resource-Tagging](concepts/Resource-Tagging.md)
@@ -1638,7 +1696,9 @@
 - [RTO](concepts/RTO.md)
 - [RuntimeVirtualTexturing](concepts/RuntimeVirtualTexturing.md)
 - [S3-兼容对象存储](concepts/S3-兼容对象存储.md)
 - [SAFe](concepts/SAFe.md)
 - [Safeguard-Steps](concepts/Safeguard-Steps.md)
 - [SAML-Authentication](concepts/SAML-Authentication.md)
 - [Sandboxed-Persona](concepts/Sandboxed-Persona.md)
 - [SAST](concepts/SAST.md)
 - [Savings-Plans](concepts/Savings-Plans.md)
@@ -1657,6 +1717,7 @@
 - [Second-Renaissance](concepts/Second-Renaissance.md)
 - [Secrets-Management](concepts/Secrets-Management.md)
 - [Secure-Dynamic-Updates](concepts/Secure-Dynamic-Updates.md)
 - [Security Awareness Training](concepts/Security Awareness Training.md)
 - [Security-and-Compliance](concepts/Security-and-Compliance.md)
 - [Self-Education](concepts/Self-Education.md)
 - [Self-Healing](concepts/Self-Healing.md)
@@ -1665,6 +1726,7 @@
 - [Self-Improving-Skill](concepts/Self-Improving-Skill.md)
 - [Self-Interest](concepts/Self-Interest.md)
 - [Self-Referential-Computation](concepts/Self-Referential-Computation.md)
 - [Self-Serve-Product-Request](concepts/Self-Serve-Product-Request.md)
 - [Self-Sufficiency](concepts/Self-Sufficiency.md)
 - [Semantic-Deduplication](concepts/Semantic-Deduplication.md)
 - [Semantic-Index-Infrastructure](concepts/Semantic-Index-Infrastructure.md)
@@ -1679,6 +1741,7 @@
 - [ServerAuthority](concepts/ServerAuthority.md)
 - [Serverless-Computing](concepts/Serverless-Computing.md)
 - [Service-Control-Policies-SCPs](concepts/Service-Control-Policies-SCPs.md)
 - [Service-Control-Policy](concepts/Service-Control-Policy.md)
 - [serviceable-obtainable-market](concepts/serviceable-obtainable-market.md)
 - [SES-Sandbox-Mode](concepts/SES-Sandbox-Mode.md)
 - [Shader](concepts/Shader.md)
@@ -1688,6 +1751,7 @@
 - [Shared-Responsibility-Model](concepts/Shared-Responsibility-Model.md)
 - [SharedMemory](concepts/SharedMemory.md)
 - [SharedStateCoordination](concepts/SharedStateCoordination.md)
 - [Shift-and-Lift](concepts/Shift-and-Lift.md)
 - [Shift-Left-Security](concepts/Shift-Left-Security.md)
 - [Shift-Right-Security](concepts/Shift-Right-Security.md)
 - [Signal-Based-Selling-Framework](concepts/Signal-Based-Selling-Framework.md)
@@ -1726,6 +1790,7 @@
 - [SSM-Patching](concepts/SSM-Patching.md)
 - [StackSets-Deployment-Visibility](concepts/StackSets-Deployment-Visibility.md)
 - [Stakeholder-Alignment](concepts/Stakeholder-Alignment.md)
 - [Stakeholder-Wheel](concepts/Stakeholder-Wheel.md)
 - [Standard-Change](concepts/Standard-Change.md)
 - [STARFramework](concepts/STARFramework.md)
 - [Startup-MVP-Pipeline](concepts/Startup-MVP-Pipeline.md)
@@ -1741,6 +1806,7 @@
 - [Sub-Agent-Race-Condition](concepts/Sub-Agent-Race-Condition.md)
 - [SubagentDelegation](concepts/SubagentDelegation.md)
 - [Substrate](concepts/Substrate.md)
 - [Supply-Chain-Security](concepts/Supply-Chain-Security.md)
 - [SwiftUI-Volumetric-APIs](concepts/SwiftUI-Volumetric-APIs.md)
 - [symbolic-link](concepts/symbolic-link.md)
 - [SymbolicLink](concepts/SymbolicLink.md)
@@ -1748,6 +1814,7 @@
 - [System-Economy](concepts/System-Economy.md)
 - [system-monitoring](concepts/system-monitoring.md)
 - [systemd](concepts/systemd.md)
 - [T-Shaped-Skills](concepts/T-Shaped-Skills.md)
 - [Tag-Validation-Tool](concepts/Tag-Validation-Tool.md)
 - [TagBasedIndexing](concepts/TagBasedIndexing.md)
 - [TAIL-Strategy](concepts/TAIL-Strategy.md)
@@ -1760,6 +1827,7 @@
 - [TCO](concepts/TCO.md)
 - [TCP隧道](concepts/TCP隧道.md)
 - [Technical-Architecture](concepts/Technical-Architecture.md)
 - [Technical-Architecture-Domains](concepts/Technical-Architecture-Domains.md)
 - [Technical-Objection-Handling](concepts/Technical-Objection-Handling.md)
 - [Telegram-Trigger](concepts/Telegram-Trigger.md)
 - [Telephony-Integration](concepts/Telephony-Integration.md)
@@ -1772,7 +1840,9 @@
 - [TextToSpeech](concepts/TextToSpeech.md)
 - [TextToVideo](concepts/TextToVideo.md)
 - [TGW-Peering](concepts/TGW-Peering.md)
 - [Third Party Penetration Testing](concepts/Third Party Penetration Testing.md)
 - [Thought-Leadership](concepts/Thought-Leadership.md)
 - [Threat-Intelligence](concepts/Threat-Intelligence.md)
 - [Threat-Modeling](concepts/Threat-Modeling.md)
 - [Three-Tier-Review-Mechanism](concepts/Three-Tier-Review-Mechanism.md)
 - [ThreeActProposalNarrative](concepts/ThreeActProposalNarrative.md)
@@ -1810,6 +1880,7 @@
 - [Unified-Inbox](concepts/Unified-Inbox.md)
 - [UnityLobby](concepts/UnityLobby.md)
 - [UnityRelay](concepts/UnityRelay.md)
 - [Urban-Sprawl](concepts/Urban-Sprawl.md)
 - [USER.md](concepts/USER.md.md)
 - [value-stream](concepts/value-stream.md)
 - [Value-Stream-Mapping](concepts/Value-Stream-Mapping.md)
@@ -1821,6 +1892,7 @@
 - [Vibe-Coding](concepts/Vibe-Coding.md)
 - [Video-Hook](concepts/Video-Hook.md)
 - [ViralLoop](concepts/ViralLoop.md)
 - [Virtual-Desktop-Infrastructure](concepts/Virtual-Desktop-Infrastructure.md)
 - [Visual-Coherence-Engine](concepts/Visual-Coherence-Engine.md)
 - [Visual-Debugging](concepts/Visual-Debugging.md)
 - [vLLM](concepts/vLLM.md)
@@ -1850,6 +1922,7 @@
 - [Workflow-Tree-Spec](concepts/Workflow-Tree-Spec.md)
 - [Workspace](concepts/Workspace.md)
 - [WorldPartition](concepts/WorldPartition.md)
 - [WSP-Protocol](concepts/WSP-Protocol.md)
 - [X-Twitter-API-Automation](concepts/X-Twitter-API-Automation.md)
 - [X11](concepts/X11.md)
 - [Xinchuang](concepts/Xinchuang.md)
--- a/wiki/log.md
+++ b/wiki/log.md
@@ -6057,3 +6057,57 @@
 - Source page: wiki/sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md
 - Notes: 步骤3完成：新建 source page；步骤4完成：index.md 条目已存在（第242行），无需更新；步骤5完成：overview.md 中已有标签相关内容，本次无需修订；步骤6完成：新建1个 Entity 页面（Martin Rosler.md），更新 Phenops-Team.md 的 sources 和 last_updated；步骤7完成：新建2个 Concept 页面（Kubernetes-Tagging.md、Container-Image-Tagging.md）；步骤8完成：无冲突（V2 在 V1 基础上扩展，保持向前兼容）；步骤9完成：log.md 追加记录
 ## [2026-04-28] ingest | CTP Topic 70 EKS deployment using IAC
 - Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac.md
 - Status: ✅ 成功摄入
 - Summary: 通过 IaC（Terraform/Service Catalog）部署 Amazon EKS 集群的完整方法论——容器与 VM 对比、EKS 核心特性（完全托管控制平面/零停机滚动更新/IAM RBAC）、两种部署路径、自定义 EMI 网络解决 CIDR 限制、Cluster Autoscaler 自动扩缩容、监控栈（CloudWatch Agent + FluentBit + Container Insights + Grafana）。属 [[Amazon-EKS]] 部署方法的完整入口。
 - Concepts touched: [[Kubernetes]], [[Amazon-EKS]], [[Infrastructure-as-Code]], [[Terraform]], [[Cluster-Autoscaler]], [[OpenTelemetry]], [[Grafana]]
 - Concepts created: [[Karpenter]], [[AWS-Service-Catalog]], [[ALB-Ingress-Controller]], [[EMI-Elastic-Network-Interface]], [[CloudWatch-Agent]], [[FluentBit]], [[Container-Insights]]
 - Entities touched: [[AWS]], [[HashiCorp]]
 - Entities created: 无（AWS.md、HashiCorp.md 均已存在）
 - Source page: wiki/sources/ctp-topic-70-eks-deployment-using-iac.md
 - Notes: 步骤3完成：新建 source page；步骤4完成：index.md 条目已存在（第290行），无需更新；步骤5完成：overview.md 条目已存在（第281行），内容一致无需修订；步骤6完成：无新增 Entity（AWS.md、HashiCorp.md 均已存在）；步骤7完成：新建7个 Concept 页面（Karpenter、AWS-Service-Catalog、ALB-Ingress-Controller、EMI-Elastic-Network-Interface、CloudWatch-Agent、FluentBit、Container-Insights）；步骤8完成：无冲突；步骤9完成：log.md 追加记录
 ## [2026-04-28] ingest | CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone
 - Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md
 - Status: ✅ 成功摄入
 - Summary: 在受限 AWS Lab Landing Zone 网络环境中实施 EKS 的技术方案——Spencer 和 Guy 分享。核心问题：Micro Focus 网络 IP 地址池不足，无法满足 Octane（IP 密集型 SaaS 应用）的 EKS Pod 需求。解决方案：创建独立私有子网（非主 VPC 子网）、启用 EKS 模块自定义网络标志、Pod 规范设置 `hostNetwork: true`、Terraform/Terragrunt 模块封装。Atlantis 当前不支持 EKS 部署，需通过 Jenkins + Terragrunt 模块替代。属 [[Amazon-EKS]] 在受限网络场景下的技术实践。
 - Concepts touched: [[Amazon-EKS]], [[AWS-Landing-Zone]], [[EKS-Custom-Networking]], [[Host-Network-Mode]], [[Terraform-Terragrunt]], [[Kubernetes-Pod-Networking]]
 - Concepts created: [[EKS-Custom-Networking]], [[Host-Network-Mode]]
 - Entities touched: [[AWS]], [[Amazon-EKS]], [[Octane]], [[Jenkins]]
 - Entities created: [[Amazon-EKS]], [[Octane]]
 - Source page: wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md
 - Notes: 步骤3完成：新建 source page；步骤4完成：index.md 条目已存在（第296行），无需更新；步骤5完成：overview.md 条目已存在（第279行），内容一致无需修订；步骤6完成：新建2个 Entity 页面（Amazon-EKS.md、Octane.md）；步骤7完成：新建2个 Concept 页面（EKS-Custom-Networking.md、Host-Network-Mode.md）；步骤8完成：无冲突（与 ctp-topic-70/ctp-topic-59 互补而非矛盾）；步骤9完成：log.md 追加记录
 ## [2026-04-28] ingest | Public Cloud Learning Sessions - EKS Optimization Part 2 of 3 - Running Containers with Bottlerocket OS
 - Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md
 - Status: ✅ 成功摄入
 - Summary: Bottlerocket OS（火箭瓶）深度解析——AWS 专为容器工作负载优化的最小化开源 Linux 发行版。核心设计理念：最小化（去除包管理器/Shell/SSH，仅打包必要内核组件）、安全更新（分区镜像 A/B 切换确保原子性）、安全加固（dm-verity 根文件系统加密验证 + SE Linux enforcing 模式 + 根文件系统默认只读）。Variant 机制通过平台+架构+工作负载组件组合在构建时定制功能，支持自管理节点组、托管节点组和 Carpenter 节点池三种 EKS 集成方式。与 Part 1（Karpenter）和 Part 3（EKS Auto Mode）构成 EKS 优化完整链路。
 - Concepts touched: [[Immutable-Root-Filesystem]], [[dm-verity]], [[SE-Linux-Enforcing]], [[Partition-Updates]], [[CIS-Benchmark]], [[Karpenter]]
 - Entities touched: [[Bottlerocket]], [[Amazon-EKS]], [[AWS]]
 - Concepts created: 无（均已存在）
 - Entities created: 无（均已存在）
 - Source page: wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md
 - Notes: 步骤3完成：source page 已存在，日期更新为 2026-04-14；步骤4完成：index.md 条目日期更新；步骤5完成：overview.md 条目已存在（第271行），内容一致无需修订；步骤6完成：Entity 页面均已存在（Bottlerocket.md、Amazon-EKS.md、AWS.md）；步骤7完成：Concept 页面均已存在（Immutable-Root-Filesystem.md、dm-verity.md、SE-Linux-Enforcing.md、Partition-Updates.md、CIS-Benchmark.md、Karpenter.md）；步骤8完成：无冲突（source page 已记录与相关页面的关系）；步骤9完成：log.md 追加记录
 ## [2026-04-28] update | CTP Topic 64 - 补充缺失 Entity 和 Concept 页面
 - Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-64-scaling-out-with-amazon-eks.md
 - Status: ✅ 补充完成
 - Summary: 发现 Source Page ctp-topic-64-scaling-out-with-amazon-eks 引用了多个尚未建立独立页面的 Entity 和 Concept，补充创建以完善知识图谱
 - Entities created: [[Suravpul]]（AWS 高级解决方案架构师，EKS 可靠性/扩缩容/可观测性专题讲师）
 - Concepts created: [[Horizontal Pod Autoscaler (HPA)]], [[KEDA]], [[Cluster Autoscaler]], [[IPv6-in-EKS]], [[CoreDNS-Scaling]], [[Metrics-Server]], [[API-Server-Priority-and-Fairness]]
 - Concepts existing: [[Karpenter]]（已存在于 wiki/concepts/Karpenter.md）
 - Source page: wiki/sources/ctp-topic-64-scaling-out-with-amazon-eks.md
 - Notes: Suravpul Entity 补充创建后，该 Entity 页面覆盖 CTP Topic 59/64/67 三个关联 Source；HPA Concept 已在 ctp-topic-59 Source page 中引用，本次更新同步建立独立页面；Cluster Autoscaler Concept 已在 ctp-topic-70 Source page 中引用，本次同步更新 sources 字段
 ## [2026-04-29] ingest | Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015
 - Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md
 - Status: ✅ 成功摄入
 - Summary: OpenText 全球信息安全团队（GIS）安全策略全景——Mike & Ed 主持。内容涵盖：GIS 分层组织架构（运营、合规、治理、隐私）；ISO 27001 姿态框架（2022版，11个新增控制方面）；FedRAMP 等多项行业/政府认证；年度第三方测试+红队演练；月处理 2250 亿条日志，350 案例/月；GISP 最高纲领性政策季度审查；安全意识培训（月度通讯+钓鱼演练）；BrightCloud 威胁情报工具。
 - Concepts touched: [[Global Information Security Policy (GISP)]], [[ISO-27001]], [[Security Awareness Training]], [[Third Party Penetration Testing]], [[Threat Intelligence]], [[FedRAMP]]
 - Entities touched: [[Mike]], [[Ed]], [[OpenText]], [[BrightCloud]]
 - Concepts created: [[Global Information Security Policy (GISP)]], [[ISO-27001]], [[Security Awareness Training]], [[Third Party Penetration Testing]], [[Threat Intelligence]], [[FedRAMP]]
 - Entities created: [[Mike]], [[Ed]], [[BrightCloud]]
 - Source page: wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md
 - Notes: 步骤3完成：source page 已存在，内容确认/更新；步骤4完成：index.md 条目已存在（第274行），无需更新；步骤5完成：overview.md 无需修订（OpenText 安全专题系列，overview 已覆盖）；步骤6完成：新建3个 Entity 页面（Mike.md、Ed.md、BrightCloud.md）；步骤7完成：新建6个 Concept 页面（GISP、ISO-27001、Security Awareness Training、Third Party Penetration Testing、Threat Intelligence、FedRAMP）；步骤8完成：与 CTP-Topic-10 和 CTP-Topic-52 互补而非冲突；步骤9完成：log.md 追加记录
--- a/wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md
+++ b/wiki/sources/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md
@@ -6,61 +6,63 @@ tags:
  - EKS
  - Kubernetes
  - Landing-Zone
  - Terraform
  - Terragrunt
  - CTP
-date: 2026-04-24
+date: 2026-04-14
 sources: []
 last_updated: 2026-04-28
 ---
 ## Source File
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone.md]]
+- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
 ## Summary（用中文描述）
- 核心主题：在 AWS Lab Landing Zone 中通过 Terraform/Terragrunt 自动化部署 EKS 集群，解决 Octane（Micro Focus SaaS 应用）IP 地址池不足的难题
+- 核心主题：在 AWS Lab Landing Zone 中实现 EKS（Elastic Kubernetes Service），解决 Microfocus Octane SaaS 应用的 IP 地址不足问题
- 问题域：Micro Focus 网络环境下的 AWS Lab Landing Zone 网络地址空间受限，无法满足 EKS Pod 大量 IP 地址需求
+- 问题域：AWS Lab 网络环境中 IP 地址池受限，无法满足 EKS 集群中 Pod 的 IP 分配需求
 - 方法/机制：
-  - 在独立私有子网（非主 VPC 子网）中部署 EKS，由 EKS 模块自定义网络标志控制 IP 分配
+  - 在独立私网子网（非主 subnet）内创建 EKS 集群，提供大量可用 IP
-  - 通过 Terraform/Terragrunt 模块调用 EKS 模块，指定子网和联邦账户/角色映射
+  - 使用 Terraform + Terragrunt 模块化部署 EKS
-  - Pod 规范中设置 `hostNetwork: true` 使 Pod 直接使用宿主机网络
+  - 通过 EKS 模块的自定义网络配置标志（flag）控制 IP 分配
-  - IAM 角色映射实现集群访问和 AWS Console 可视化
+  - 在 Pod spec 中设置 `hostNetwork: true`，使 Pod 使用宿主机网络
- 结论/价值：即使在受限网络环境下，通过 EKS 自定义网络功能 + IaC 自动化仍可成功部署 EKS，无需 Atlantis（Jenkins + Terragrunt 模块替代方案）
+  - 通过角色映射（role mapping）实现跨账户连接集群和 AWS Console 可视化
 - 结论/价值：成功在受限网络环境中部署 EKS，支持访问内部 Microfocus 网络资源和外部资源；Atlantis 当前无法部署 EKS，改用 Jenkins + Terragrunt 模块替代
 ## Key Claims（用中文描述）
- EKS 模块提供自定义网络配置标志，可控制 Pod IP 地址分配策略
+- Spencer 和 Guy 在 AWS Lab Landing Zone 中为 Microfocus Octane SaaS 应用（IP 密集型）成功部署了 EKS
- 在受限 Lab 网络环境下，创建独立私有子网（非主 VPC 子网）为 EKS Pod 提供充足 IP 地址池
+- 标准 EKS 部署方案不支持在独立私网子网中分配大量 IP，需启用 EKS 模块的自定义网络配置标志
- Terraform/Terragrunt 模块可封装 EKS 集群的完整部署逻辑，支持跨账户角色映射
+- 在 Pod spec 中配置 `hostNetwork: true` 后，Pod 可直接使用宿主机网络 IP，实现与内部 Microfocus 网络的通信
- Atlantis 目前无法部署 EKS 集群，需通过 Jenkins + Terragrunt 模块替代
+- Atlantis 当前无法部署 EKS 集群，改用 Jenkins 上的 Terragrunt 模块实现自动化部署
- Pod 网络规范设置 `hostNetwork: true` 后，Pod 可同时访问内部 Micro Focus 网络和外部资源
+- 通过角色映射（federated account/role mapping）实现跨账户连接 EKS 集群并在 AWS Console 中查看 EKS 组件
- IAM 角色映射使用户可连接集群并在 AWS Console 中查看 EKS 组件
+- Node group 数量目前硬编码，未来版本将支持可配置化
- 节点组数量当前硬编码，未来版本将支持可配置参数
+- 容器安全加固已与安全团队讨论并实施
 ## Key Quotes
-> "The problem was that this wasn't supported in the EKS sort of solution that was given to us." — Spencer，描述 IP 池不足问题在标准 EKS 方案中不受支持的困境
+> "The problem was was that this wasn't supported in the EKS sort of solution that was given to us." — Spencer，描述标准 EKS 方案在独立私网环境中的限制
-
+> "Within the spec configuration, we basically have to put host network equals true." — Guy，描述 Pod 如何使用宿主机网络实现 IP 访问
-> "Within the spec configuration, we basically have to put host network equals true." — Guy，描述让 Pod 访问内部网络的关键配置
+> "Atlantis cannot currently deploy EKS clusters; a Terragrunt module on Jenkins is used instead." — 关于 EKS 部署工具链的说明
 ## Key Concepts
- [[Amazon EKS]]：AWS 托管 Kubernetes 服务，完全托管控制平面，支持 IAM RBAC 最小权限
+- [[AWS Landing Zone]]：AWS 多账户基础设施架构框架，提供基础网络、安全、合规框架
- [[Kubernetes Custom Networking]]：EKS 自定义网络功能，允许控制 Pod IP 分配策略，解决 VPC CIDR 限制
+- [[EKS Custom Networking]]：EKS 提供的自定义网络配置，允许控制 Pod IP 分配，不依赖 VPC CNI 默认行为
- [[Terraform-Terragrunt Module]]：封装 EKS 部署逻辑的基础设施即代码模块，支持跨账户部署
+- [[Host Network Mode]]：Kubernetes Pod 配置项（hostNetwork: true），使 Pod 共享宿主机的网络命名空间
- [[IAM Role Mapping (EKS)]]：通过 AWS IAM 角色映射实现集群访问控制和 AWS Console 可视化
+- [[Terraform Terragrunt]]：Terragrunt 作为 Terraform 的 wrapper，支持模块化和跨账户基础设施部署
- [[Host Network Mode (Pod)]]：Pod 使用宿主机网络栈，`hostNetwork: true` 使 Pod 可访问底层网络资源
+- [[Kubernetes Pod Networking]]：Pod 网络模型，决定 Pod 如何获取 IP 及与集群内外通信
 - [[Container Hardening]]：容器安全加固标准，与安全团队协作实施的容器安全措施
 ## Key Entities
- [[Octane-Hub]]：Software Factory 团队，Micro Focus 云转型计划一部分，主导 SaaS 应用容器化迁移，CTO 为 Holger Rode；本文档中 Octane 作为 EKS 部署的实际业务驱动方（IP 密集型 SaaS 应用）
+- [[Spencer]]：OpenText/Micro Focus SRE，负责 AWS Lab Landing Zone 架构设计
- [[Spencer]]：AWS Lab Landing Zone EKS 实施分享人
+- [[Guy]]：OpenText/Micro Focus 技术专家，参与 EKS 部署实现
- [[Guy]]：AWS Lab Landing Zone EKS 实施技术细节讲解人
+- [[Octane]]：Micro Focus SaaS 应用，IP 地址密集型 workload，是本次 EKS 部署的驱动用例
- [[Terragrunt]]：Terraform 的 wrapper 工具，用于管理跨账户基础设施部署
+- [[Micro Focus]]：公司名称，现为 OpenText 旗下
- [[Atlantis]]：Terraform GitOps 工具，当前不支持 EKS 集群部署
+- [[Atlantis]]：基于 Terraform 的 Pull Request 自动化工具，当前不支持 EKS 部署
 - [[Jenkins]]：CI/CD 平台，用于执行 Terragrunt 模块部署 EKS 集群
 ## Connections
- [[ctp-topic-70-eks-deployment-using-iac]] ← depends_on ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
+- [[CTP Topic 10 AWS Landing Zone LZ Data Collection Tagging Related Security]] ← relates_to ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]]
-  - Topic 39 解决了 EKS 在受限网络环境下的 IP 分配技术难题，为 Topic 70 的 IaC 部署实践提供底层支撑
+- [[CTP Topic 70 EKS Deployment Using IAC]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]]
- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] ← related ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
+- [[Public Cloud Learning Sessions EKS Optimization Part 1 of 3 Compute Optimization with Karpenter]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]]
-  - 两者均讨论 EKS 可靠性，两者互补：Topic 39 侧重网络架构，Topic 59 侧重 SLA/SLO 保障
+- [[CTP Topic 64 Scaling Out with Amazon EKS]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]]
- [[ctp-topic-25-labs-landing-zone-overview-itom-teams]] ← depends_on ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
+- [[CTP Topic 59 Achieving Reliability with Amazon EKS]] ← extends ← [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]]
  - Labs LZ 的多账户架构和 Terraform/Terragrunt 管理模式是 Topic 39 EKS 部署的基础设施上下文
 - [[ctp-topic-14-octane-hub-on-aws]] ← related ← [[ctp-topic-39-implementing-eks-in-the-aws-lab-landing-zone]]
  - 两者均涉及 Octane 的 AWS 迁移，但 Topic 14 聚焦 Octane Hub 整体迁移，Topic 39 聚焦 EKS 网络解决方案
 ## Contradictions
- 无发现与现有 Wiki 页面的直接冲突
+- （暂无已知冲突内容）
--- a/wiki/sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md
+++ b/wiki/sources/ctp-topic-59-achieving-reliability-with-amazon-eks.md
@@ -1,67 +1,84 @@
 ---
 title: "CTP Topic 59 Achieving reliability with Amazon EKS"
 type: source
-tags:
+tags: [AWS, EKS, Kubernetes, Reliability, CTP]
  - AWS
  - EKS
  - Kubernetes
  - Reliability
  - CTP
 date: 2026-04-14
 sources: []
 last_updated: 2026-04-28
 ---
 ## Source File
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks.md]]
+- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-59-achieving-reliability-with-amazon-eks]]
-## Summary（用中文描述）
+## Summary
 - 核心主题：Amazon EKS（Elastic Kubernetes Service）的可靠性最佳实践，涵盖容器服务选型、应用层可靠性、控制平面可靠性和数据平面可靠性四个维度。
 - 问题域：Kubernetes 在 AWS 上的生产级可靠性保障，涉及 shared responsibility model 下 AWS 与客户的责任边界划分。
 - 方法/机制：通过 Pod 反亲和性、拓扑分布约束、HPA/VPA 扩缩容、探针配置、PodDisruptionBudget 等机制实现故障检测、优雅降级、自愈和按需扩缩；控制平面通过监控、认证加固、准入 Webhook 管理、集群升级策略保障；数据平面通过节点问题检测、资源预留、QoS、资源配额和 Pod 优先级机制保障。
 - 结论/价值：EKS 可靠性需要在应用、控制平面、数据平面三个层面综合设计，结合 AWS shared responsibility model 明确责任边界，并通过多样性部署策略（Rolling/Blue-Green/Canary）实现安全升级。
-## Key Claims（用中文描述）
+- **核心主题**：Amazon EKS 的可靠性最佳实践，涵盖应用层、控制平面和数据平面的可靠性设计
- ECS 推荐给容器化初学者，提供简单界面和原生 AWS 集成；EKS 适合熟悉 Kubernetes 生态的用户，提供开放社区灵活性。
+- **问题域**：容器化工作负载在 AWS EKS 上的生产级可靠性保障
- 系统可靠性意味着即使发生故障也能提供可预测行为，核心关注点包括：故障检测、优雅服务降级、确定性故障模式、自愈能力和按需扩缩。
+- **方法/机制**：
- AWS shared responsibility model 下，AWS 负责控制平面组件（state store、scheduler、controller manager、API servers），客户负责工作节点、操作系统和应用配置。
+  - 应用层：Pod 分布策略（anti-affinity / topology spread constraints）、弹性伸缩（HPA/VPA）、健康探针、部署策略
- Fargate 模式下客户无需管理节点、补丁或升级工作。
+  - 控制平面：监控指标、安全认证、准入 webhook、集群升级策略
- 应用可靠性需避免单例 Pod，使用 Pod 反亲和性或拓扑分布约束将应用 Pod 分散到多个可用区；HPA 默认基于 CPU 和内存扩缩容，VPA 可正确调整 Pod 大小但会导致运行时重启。
+  - 数据平面：节点问题检测、资源预留、QoS、Pod 优先级
- 部署策略包括滚动升级、蓝绿部署和金丝雀部署，各有不同控制复杂度和安全保障级别；存活探针、就绪探针和启动探针是 Pod 健康监控的关键；PodDisruptionBudget 确保维护期间的最小服务水平。
+- **结论/价值**：EKS 可靠性需从应用、控制平面、数据平面三个维度系统性设计；AWS 与客户遵循共享责任模型，各自承担不同职责
- 控制平面可靠性需监控 API server 请求和 HCT state store 大小；必须创建具有超级管理员角色的安全用户；准入 Webhook 需仔细配置以避免阻塞控制平面；EKS 平台版本自动处理补丁版本，Minor 版本有 14 个月支持周期后自动升级。
+
- 数据平面可靠性需使用节点问题检测器、预留系统资源、实现 QoS、配置资源配额和限制范围；Pod 优先级控制抢占。
+## Key Claims
 - **Surav Paul（AWS 高级解决方案架构师）** 通过展示 EKS 容器服务选项和可靠性实践，系统性讲解了三个可靠性维度的设计原则
 - **容器服务选型**：ECS 适合容器化入门者（AWS 原生集成）；EKS 适合熟悉 Kubernetes 生态的用户（开放社区灵活性）
 - **可靠性定义**：系统在发生故障时仍能提供可预测行为，包括故障检测、优雅降级、确定性故障模式、自愈能力和按需扩展
 - **共享责任模型**：AWS 负责控制平面组件（状态存储、调度器、控制器管理器、API 服务器）；客户负责工作节点、操作系统和应用配置
 - **Fargate 优势**：使用 Fargate 时无需管理节点或担忧节点补丁和升级
 - **应用层可靠性**：避免单例 Pod，通过 pod anti-affinity 或 topology spread constraints 跨可用区分布应用 Pod
 - **弹性伸缩**：HPA 默认基于 CPU 和内存，可使用自定义/外部指标；VPA 可调整 Pod 大小，但运行时调整会导致重启
 - **部署策略**：滚动升级、蓝绿部署、灰度部署，复杂度和控制力逐级递增
 - **控制平面可靠性**：监控 API 服务器请求和 etcd 状态存储大小；创建安全用户并分配超级管理员角色；谨慎配置和测试准入 webhook
 - **集群升级**：控制平面和数据平面分阶段升级；EKS 平台版本透明处理补丁版本；次版本有 14 个月支持周期后自动升级
 - **数据平面可靠性**：使用节点问题检测器、预留系统资源、实现 QoS、配置资源配额和限制范围；Pod 优先级控制抢占
 ## Key Quotes
-> "ECS is a more AWS opinionated way of running containers." — ECS 与 EKS 的核心区别概述
+
-> "Reliability in a system means it offers predictable behavior even when failures occur." — 可靠性的本质定义
+> "Reliability in a system means it offers predictable behavior even when failures occur." — Surav Paul, AWS
-> "With Fargate, you don't have to worry about managing the nodes or worrying about patching or upgrading the nodes." — Fargate 对 shared responsibility model 的影响
+
 > "ECS is a more AWS opinionated way of running containers." — Surav Paul, AWS
 > "With Fargate, you don't have to worry about managing the nodes or worrying about patching or upgrading the nodes." — Surav Paul, AWS
 ## Key Concepts
- [[Reliability（系统可靠性）]]：系统在发生故障时仍能提供可预测行为的能力，包含故障检测、优雅降级、确定性故障模式、自愈和按需扩缩五个核心关注点。
+
- [[Application Reliability（应用可靠性）]]：通过避免单例 Pod、AZ 分散、HPA/VPA 扩缩容、部署策略（Rolling/Blue-Green/Canary）、健康探针和 PodDisruptionBudget 实现。
+- [[Reliability-Engineering]]：系统在故障时仍提供可预测行为的工程学科
- [[Control Plane Reliability（控制平面可靠性）]]：通过监控控制平面指标、安全认证加固、准入 Webhook 管理和集群升级策略保障。
+- [[Kubernetes]]：开源容器编排平台，EKS 为其托管服务
- [[Data Plane Reliability（数据平面可靠性）]]：通过节点问题检测、资源预留、QoS、资源配额、LimitRange 和 Pod 优先级机制保障。
+- [[Amazon-EKS]]：AWS 托管的 Kubernetes 服务
- [[Shared Responsibility Model（EKS）]]：AWS 负责控制平面（API server、scheduler 等），客户负责工作节点、操作系统和应用配置；Fargate 模式下进一步减少客户运维负担。
+- [[HPA]]：Horizontal Pod Autoscaler，根据 CPU/内存自动调整 Pod 副本数
- [[Pod Anti-Affinity]]：通过反亲和性规则将 Pod 分散到不同节点或可用区，避免单点故障。
+- [[VPA]]：Vertical Pod Autoscaler，根据资源使用情况调整 Pod 资源请求
- [[Topology Spread Constraints]]：提供比 Pod 反亲和性更细粒度的工作负载分布控制。
+- [[Pod-Anti-Affinity]]：Pod 反亲和性，确保 Pod 分布在不同节点或可用区
- [[Horizontal Pod Autoscaler (HPA)]]：基于 CPU 利用率和内存消耗的默认扩缩容机制，支持自定义/外部指标。
+- [[Topology-Spread-Constraints]]：拓扑分布约束，实现细粒度的工作负载分布控制
- [[Vertical Pod Autoscaler (VPA)]]：根据实际资源使用情况自动调整 Pod 的大小配置，但运行时调整会导致 Pod 重启。
+- [[Liveness-Probe]]：存活探针，检测 Pod 是否存活并决定是否重启
- [[Liveness/Readiness/Startup Probes]]：三类 Kubernetes 探针，用于监控 Pod 健康状态和就绪情况。
+- [[Readiness-Probe]]：就绪探针，检测 Pod 是否准备好接收流量
- [[PodDisruptionBudget]]：在自愿中断（如节点维护）期间保证最小数量或比例的 Pod 持续运行。
+- [[Startup-Probe]]：启动探针，检测应用启动完成前给予更长启动时间
- [[Rolling/Blue-Green/Canary Deployment]]：三种部署策略，滚动升级自动化程度高但回滚控制有限，蓝绿和金丝雀提供更精细的控制和快速回滚能力。
+- [[Pod-Disruption-Budget]]：Pod 中断预算，确保维护期间最小服务级别
 - [[Admission-Webhook]]：准入控制器，在 API 请求到达对象存储前进行拦截和修改
 - [[Node-Problem-Detector]]：节点问题检测器，检测节点级硬件和系统问题
 - [[Quality-of-Service-QoS]]：服务质量等级，根据资源请求/限制划分 Pod 优先级
 - [[Shared-Responsibility-Model]]：AWS 与客户各自承担不同可靠性职责的模型
 ## Key Entities
- [[Surav Paul]]：AWS 高级解决方案架构师（Senior Solutions Architect），本场演讲的主讲人。
+
- [[Amazon EKS]]：AWS 托管的 Kubernetes 服务，适合熟悉 Kubernetes 生态的用户，提供开放社区灵活性。
+- [[AWS]]：Amazon Web Services，云服务提供商，负责 EKS 控制平面
- [[Amazon ECS]]：AWS 原生容器服务，推荐给容器化初学者，提供简单界面和原生 AWS 集成。
+- [[Amazon-ECS]]：Elastic Container Service，AWS 容器服务之一，与 EKS 对比
- [[AWS Fargate]]：无服务器容器运行平台，使用 Fargate 时客户无需管理节点、补丁或升级工作。
+- [[AWS-Fargate]]：无服务器计算引擎，EKS 可选计算选项，无需管理节点
 - [[Surav-Paul]]：AWS 高级解决方案架构师，本次演讲讲师
 ## Connections
- [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] ← topic_overlap ← [[CTP Topic 59 Achieving reliability with Amazon EKS]]（均涉及 EKS 部署实践，本 Topic 聚焦可靠性设计，Topic 39 聚焦网络/IP 问题解决）
+
- [[CTP Topic 64 Scaling out with Amazon EKS]] ← topic_overlap ← [[CTP Topic 59 Achieving reliability with Amazon EKS]]（均涉及 EKS 扩缩容，Topic 64 聚焦扩缩机制，Topic 59 聚焦可靠性全栈设计）
+- [[Amazon-EKS]] ← extends ← [[Kubernetes]]
- [[CTP Topic 60 Monitor AWS using Hyperscale Observability with Grafana]] ← complements ← [[CTP Topic 59 Achieving reliability with Amazon EKS]]（Grafana 监控可用于 Topic 59 中的控制平面和数据平面指标监控）
+- [[Amazon-EKS]] ← supports ← [[AWS-Fargate]]
- [[Public Cloud Learning Sessions EKS Optimization Part 3 of 3 Introduction to EKS Auto Mode]] ← extends ← [[CTP Topic 59 Achieving reliability with Amazon EKS]]（Auto Mode 是 EKS 可靠性自动化的进一步演进，涵盖 Fargate 集成和自动扩缩容）
+- [[Amazon-ECS]] ← competes_with ← [[Amazon-EKS]]
 - [[HPA]] ← scales ← [[Kubernetes]]
 - [[VPA]] ← scales ← [[Kubernetes]]
 - [[Reliability-Engineering]] ← applies_to ← [[Amazon-EKS]]
 ## Contradictions
- 与 [[CTP Topic 39 Implementing EKS in the AWS Lab Landing Zone]] 的潜在视角差异：
+
-  - 冲突点：Topic 39 描述 EKS 部署中的 IP 资源挑战，强调自定义网络配置（hostNetwork）和独立私有子网；Topic 59 侧重标准 EKS 可靠性机制，较少涉及网络约束场景。
+- 与 [[ReliabilityBaseline]] 潜在交叉：
-  - 当前观点：两者面向不同场景——Topic 39 针对受限网络环境下的实际部署挑战，Topic 59 提供通用的 EKS 可靠性最佳实践，互为补充而非冲突。
+  - 冲突点：可靠性基线的具体量化指标（如 SLO/SLI 数值）本文档未涉及
-  - 对方观点：Topic 39 认为在某些受限环境下标准 EKS 配置（如 CNI 插件默认 IP 分配）无法直接适用，需要自定义网络方案；Topic 59 的通用建议可能需要针对特殊环境调整。
+  - 当前观点：聚焦工程实践和机制设计层面
  - 对方观点：可能包含可靠性指标的量化定义
--- a/wiki/sources/ctp-topic-70-eks-deployment-using-iac.md
+++ b/wiki/sources/ctp-topic-70-eks-deployment-using-iac.md
@@ -1,68 +1,81 @@
 ---
 title: "CTP Topic 70 EKS deployment using IAC"
 type: source
-tags: [AWS, EKS, IaC, Kubernetes, CTP]
+tags:
-sources: [raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac]
+  - AWS
-last_updated: 2026-04-24
+  - EKS
  - IaC
  - Kubernetes
  - CTP
 last_updated: 2026-04-28
 ---
 ## Source File
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac.md]]
+- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/04_EKS/ctp-topic-70-eks-deployment-using-iac.md]]
 ## Summary（用中文描述）
- 核心主题：EKS（Amazon Elastic Kubernetes Service）集群通过 IaC（基础设施即代码）方式部署，涵盖容器与 VM 的对比、EKS 特性详解、Terraform 和 Service Catalog 两种部署方式，以及 EKS 集群与容器监控方案。
+- 核心主题：通过基础设施即代码（IaC）部署 Amazon EKS 集群，涵盖容器与虚拟机对比、EKS 特性、Terraform/Service Catalog 两种部署方式、自定义网络与自动扩缩容、以及监控体系。
- 问题域：如何在企业 AWS Landing Zone 中通过标准化 IaC 流程部署和管理 EKS 集群，实现容器化工作负载的统一治理。
+- 问题域：企业如何在 AWS 云中使用 IaC 工具标准化、可重复地部署和管理 Kubernetes 集群。
 - 方法/机制：
-  - **两种部署方式**：Terraform（使用 `tera-grant.scl` 文件定义集群参数）+ AWS Service Catalog（通过产品组合模块化部署）
+  - **Terraform 部署**：通过 `tera-grant.scl` 文件定义环境变量、EKS 版本和工作节点类型（CPU/GPU/default），集成 AWS Secrets Manager 发送通知。
-  - **自定义网络**：EMI（ENI Multi-IP）解决 Pod IP 分配 CIDR 限制问题
+  - **Service Catalog 部署**：提供版本选择和工作节点类型配置，对安全与权限有更多控制。
-  - **自动扩缩容**：Kubernetes Cluster Autoscaler 根据资源需求自动扩缩 Worker Node
+  - **自定义网络（EMI）**：为 Pod 分配弹性网络接口以解决 CIDR 限制。
-  - **监控栈**：CloudWatch Agent + FluentBit（DaemonSet）+ Container Insights + AWS OpenTelemetry + Grafana
+  - **集群自动扩缩容**：Kubernetes Cluster Autoscaler 根据资源需求自动扩缩工作节点。
- 结论/价值：通过 SRE EKS 模块集成 Terraform/Service Catalog 两种 IaC 路径，实现 EKS 集群的标准化、可审计、可重复部署；配合 CloudWatch + Grafana 实现全栈可观测性。
+  - **监控体系**：CloudWatch Agent + FluentBit（DaemonSet）+ Container Insights + Grafana 集中可视化。
 - 结论/价值：SRE EKS 模块提供企业级 Kubernetes 部署方案，通过 IaC 实现标准化，通过 ALB Ingress Controller 实现流量管理，通过自定义 EMI 解决网络限制，通过集中监控实现主动告警。
 ## Key Claims（用中文描述）
- Kubernetes 相比 VM 具有更快的启动速度、更高的内存效率和更强的可移植性
+- 容器相比虚拟机：启动时间更短、内存效率更高、更易于跨环境迁移。
- EKS 提供完全托管的控制平面，实现 Worker Node 的零停机滚动部署
+- Kubernetes 提供分布式系统运行框架，具备零停机滚动部署、负载均衡和水平 Pod 扩缩容能力。
- IAM RBAC Mapping 通过最小权限原则控制 EKS 集群访问
+- EKS 提供完全托管的控制平面和工作节点自动扩缩，支持零停机滚动更新和 IAM RBAC 最小权限映射。
- SRE EKS 模块集成 ALB Ingress Controller 实现流量管理
+- SRE EKS 模块通过 Terraform 或 Service Catalog 两种方式部署，Service Catalog 提供更细粒度的安全控制。
- EMI 自定义网络通过虚拟 ENI 为 Pod 分配 IP 地址，解决 VPC CIDR 限制
+- 自定义 EMI 网络为 Pod 分配 IP 地址，解决 VPC CIDR 限制问题。
- Kubernetes Cluster Autoscaler 根据资源需求自动扩缩 Worker Node
+- Kubernetes Cluster Autoscaler 自动根据资源需求扩缩工作节点。
- CloudWatch Agent + FluentBit 以 DaemonSet 方式部署，负责日志和指标收集
+- 监控方案：CloudWatch Agent + FluentBit（DaemonSet）+ Container Insights 发布指标至 CloudWatch，配合集中式 Grafana 仪表板可视化。
 ## Key Quotes
-> "Kubernetes is a framework for running distributed systems resiliently, automating rollouts/rollbacks, load balancing, and horizontal pod scaling." — 核心定义
+> "EKS, a managed Kubernetes service by Amazon, offers features like fully managed control planes and autoscaling worker nodes." — EKS 托管服务核心价值
-> "EKS offers fully managed control planes and autoscaling worker nodes." — EKS 核心价值
+
-> "Zero downtime rolling deployments for worker node updates" — EKS 高可用特性
+> "Zero downtime rolling deployments for worker node updates and IAM RBAC mapping for least privilege access are implemented." — SRE EKS 模块核心安全实践
-> "IAM RBAC mapping for least privilege access" — EKS 安全模型
+
-> "Service Catalog allows creating, organizing, and governing AWS resources with permission control." — Service Catalog 定位
+> "Service Catalog allows creating, organizing, and governing AWS resources with permission control." — Service Catalog 在 EKS 部署中的角色
 > "Custom networking for pods addresses CIDR limitations by adding a virtual EMI to assign IP addresses to pods." — EMI 自定义网络机制
 > "Monitoring is achieved using CloudWatch agent and FluentBit deployed as daemon sets." — EKS 监控架构
 ## Key Concepts
- [[Kubernetes]]：容器编排框架，用于分布式系统的弹性运行，支持自动化部署/回滚、负载均衡和 Pod 水平扩缩容
+- [[Container]]：轻量级虚拟化技术，相比虚拟机具有更快的启动速度、更高的内存效率和更好的可移植性。
- [[Amazon EKS]]（Amazon Elastic Kubernetes Service）：AWS 托管的 Kubernetes 服务，提供完全托管的控制平面和自动扩缩的 Worker Node
+- [[Kubernetes]]：分布式系统运行框架，提供自动化部署、扩缩容、负载均衡和滚动更新能力。
- [[Infrastructure as Code]]（IaC）：通过代码定义和管理基础设施，实现标准化、可审计、可重复的部署
+- [[Amazon-EKS]]：AWS 托管的 Kubernetes 服务，提供完全托管的控制平面和工作节点自动扩缩。
- [[AWS Service Catalog]]：AWS 服务，允许组织创建、管理和组织云资源产品，并进行权限控制
+- [[Infrastructure-as-Code-IaC]]：通过声明式配置管理云基础设施，实现标准化、可重复的部署流程。
- [[IAM RBAC]]：基于角色的访问控制，通过最小权限原则管理 EKS 集群访问
+- [[Terraform]]：HashiCorp 出品的云无关 IaC 工具，用于定义和部署 EKS 集群。
- [[Cluster Autoscaler]]：Kubernetes 组件，根据资源需求自动扩缩 Worker Node
+- [[AWS-Service-Catalog]]：AWS 服务目录，允许用户通过预定义产品创建 EKS 集群，具备权限控制能力。
- [[EMI]]（ENI Multi-IP）：EKS 自定义网络方案，通过虚拟弹性网络接口为 Pod 分配额外 IP 地址，解决 VPC CIDR 限制
+- [[ALB-Ingress-Controller]]：AWS 负载均衡器入口控制器，用于 EKS 集群的流量管理。
- [[ALB Ingress Controller]]：AWS Load Balancer Controller，负责管理 ALB Ingress 资源，实现 Kubernetes 服务的七层负载均衡
+- [[EMI-Elastic-Network-Interface]]：弹性网络接口，用于为 EKS Pod 分配 IP 地址以解决 VPC CIDR 限制。
- [[CloudWatch Container Insights]]：AWS 监控服务，收集容器级别的指标和日志并发布到 CloudWatch
+- [[Cluster-Autoscaler]]：Kubernetes 组件，根据资源需求自动扩缩工作节点。
- [[FluentBit]]：开源日志处理器，以 DaemonSet 方式部署于每个节点，负责收集容器日志
+- [[Karpenter]]：AWS 开源的 Kubernetes 节点自动配置工具，基于 Pod 需求动态创建最佳实例类型（未来替代 Cluster Autoscaler 的方案）。
- [[AWS OpenTelemetry]]：AWS 的可观测性数据收集方案，支持指标、日志和追踪的统一采集
+- [[CloudWatch-Agent]]：AWS 监控代理，用于收集 EKS 集群和容器的日志与指标。
 - [[FluentBit]]：开源日志处理器，作为 DaemonSet 部署在每个节点上收集容器日志。
 - [[Container-Insights]]：EKS 监控功能，发布容器指标至 CloudWatch。
 - [[AWS-Open-Telemetry]]：可观测性框架，可用于 EKS 监控数据采集。
 - [[Grafana]]：开源可视化平台，通过模板化仪表板展示 EKS 集群和容器指标。
 ## Key Entities
- [[Kubernetes]]（entity）：容器编排框架，EKS 的底层技术，Google 开源，CNCF 托管
+- [[AWS]]：Amazon Web Services，提供 EKS 托管 Kubernetes 服务。
- [[Amazon]]（entity）：AWS/EKS 的提供商
+- [[HashiCorp]]：Terraform 开发商，提供云无关 IaC 工具。
 - [[SRE]]：Site Reliability Engineering 团队，负责 EKS 模块的设计和维护。
 ## Connections
- [[Amazon EKS]] ← 基于 ← [[Kubernetes]]
+- [[Amazon-EKS]] ← uses ← [[Infrastructure-as-Code-IaC]]
- [[Terraform]] ← 用于 ← [[Infrastructure as Code]]
+- [[Amazon-EKS]] ← deployed_by ← [[Terraform]]
- [[AWS Service Catalog]] ← 用于 ← [[Infrastructure as Code]]
+- [[Amazon-EKS]] ← deployed_by ← [[AWS-Service-Catalog]]
- [[ctp-topic-59-achieving-reliability-with-amazon-eks]] ← 相关 ← [[Amazon EKS]]
+- [[Amazon-EKS]] ← manages_traffic_with ← [[ALB-Ingress-Controller]]
- [[ctp-topic-64-scaling-out-with-amazon-eks]] ← 相关 ← [[Cluster Autoscaler]]
+- [[Amazon-EKS]] ← networking_extended_by ← [[EMI-Elastic-Network-Interface]]
- [[public-cloud-learning-sessions-eks-optimization-part-3-of-3-introduction-to-eks]] ← 相关 ← [[Amazon EKS]]
+- [[Amazon-EKS]] ← scales_with ← [[Cluster-Autoscaler]]
- [[ctp-topic-67-cloud-native-observability-using-opentelemetry]] ← 相关 ← [[AWS OpenTelemetry]]
+- [[Amazon-EKS]] ← monitors_with ← [[CloudWatch-Agent]] + [[FluentBit]] + [[Container-Insights]]
 - [[Grafana]] ← visualizes ← [[Amazon-EKS]] monitoring data
 - [[Amazon-EKS]] ← extends ← [[Kubernetes]]
 ## Contradictions
- 与 [[ctp-topic-59-achieving-reliability-with-amazon-eks]] 可能存在内容重叠：
+- （本主题未发现与其他 Wiki 页面的直接冲突，与相关 EKS 主题形成互补关系）
  - 冲突点：两篇均涉及 EKS 特性，但侧重点不同
  - 当前观点：Topic 70 侧重 IaC 部署方法和网络/监控机制
  - 对方观点：Topic 59 侧重 EKS 可靠性保证和最佳实践
--- a/wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md
+++ b/wiki/sources/public-cloud-learning-sessions-eks-optimization-part-2-of-3-running-containers-w.md
@@ -7,7 +7,7 @@ tags:
  - Bottlerocket
  - Container OS
  - Cloud-Native
-date: 2026-04-24
+date: 2026-04-14
 ---
 ## Source File
--- a/wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md
+++ b/wiki/sources/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md
@@ -34,9 +34,9 @@ date: 2026-04-14
 ## Key Concepts
 - [[Global Information Security Policy (GISP)]]：最高纲领性政策，季度审查
 - [[ISO-27001]]：姿态框架基础，2022 年更新，新增 11 个控制方面
- [[Security-Awareness-Training]]：月度安全通讯 + 网络钓鱼演练
+- [[Security Awareness Training]]：月度安全通讯 + 网络钓鱼演练
- [[Third-Party-Penetration-Testing]]：年度桌面演练 + 红队演练
+- [[Third Party Penetration Testing]]：年度桌面演练 + 红队演练
- [[Threat-Intelligence]]：结合 BrightCloud 等工具的威胁情报体系
+- [[Threat Intelligence]]：结合 BrightCloud 等工具的威胁情报体系
 - [[FedRAMP]]：政府级云安全认证
 ## Key Entities
@@ -51,5 +51,5 @@ date: 2026-04-14
 ## Contradictions
 - 与 [[CTP-Topic-10-AWS-Landing-Zone-LZ-Data-Collection-Tagging-Related-Security]] 存在视角互补而非冲突：
-  - 冲突点：两者均涉及安全治理，但 Topic 10 聚焦于 AWS 层面的标签化安全策略（SCP/Checkpoint），Topic 41 聚焦于企业级安全政策框架（ISO 27001/GISP）
+  - 冲突点：两者均涉及安全治理，但 Topic 10 聚焦于 AWS 层面的标签化安全策略（SCP/Checkpoint），本主题聚焦于企业级安全政策框架（ISO 27001/GISP）
  - 当前观点：两者互补——GISP 定义全局政策纲领，AWS Landing Zone 层面通过标签和 SCP 实现技术落地