From 2c56d5a031767e24327a35396435c95f8abeb354 Mon Sep 17 00:00:00 2001 From: weishen Date: Wed, 29 Apr 2026 00:05:47 +0800 Subject: [PATCH] Auto-sync Quartz output: 2026-04-29 00:05 --- wiki/concepts/Container-Image-Tagging.md | 74 ++++++++++++++++++++++++ wiki/concepts/Kubernetes-Tagging.md | 72 +++++++++++++++++++++++ wiki/index.md | 5 +- wiki/log.md | 11 ++++ 4 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 wiki/concepts/Container-Image-Tagging.md create mode 100644 wiki/concepts/Kubernetes-Tagging.md diff --git a/wiki/concepts/Container-Image-Tagging.md b/wiki/concepts/Container-Image-Tagging.md new file mode 100644 index 00000000..a6e59481 --- /dev/null +++ b/wiki/concepts/Container-Image-Tagging.md @@ -0,0 +1,74 @@ +--- +title: "Container Image Tagging" +type: concept +tags: + - Container + - Tagging-Standard + - Cloud-Governance + - OpenText + - OCI +sources: + - public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meeting-rec +last_updated: 2026-04-29 +--- + +# Container Image Tagging + +容器镜像标签标准是 OpenText 云标签标准 V2 版本的新增组成部分,为容器镜像定义了标准化的标签规范,涵盖产品元数据、来源追踪和基础镜像管理。与 Kubernetes 标签类似,容器镜像标签使用 `com.opentext.image/` 前缀,与 OCI(Open Container Initiative)标准标签和云资源标签共同构成完整标签体系。 + +## Definition + +容器镜像标签(Image Tags)是嵌入在容器镜像元数据(Image Manifest)中的键值对,通过 OCI Image Specification 定义。OpenText V2 标准要求所有内部构建的容器镜像必须包含 `com.opentext.image/` 前缀的标准标签,以实现镜像来源追踪、产品归属和安全合规审计。 + +## OpenText V2 标准标签 + +### 核心标签键 + +| 标签键 | 说明 | 示例值 | +|--------|------|--------| +| `com.opentext.image/product` | 产品名称 | `idm`, `operations` | +| `com.opentext.image/title` | 镜像标题 | `IDM Core Service` | +| `com.opentext.image/description` | 镜像描述 | `Core identity management service` | +| `com.opentext.image/vendor` | 供应商 | `OpenText` | +| `com.opentext.image/base-image` | 基础镜像名称 | `ubuntu:22.04` | +| `com.opentext.image/base-image-version` | 基础镜像版本 | `22.04` | + +### 标签前缀规范 + +- **OpenText 标准标签**:`com.opentext.image/` +- **OCI 推荐标签**:`org.opencontainers.image/`(与 OCI 标准对齐) +- **上游标签**:保持原始上游镜像的标签不变 + +## 标签层级结构 + +``` +com.opentext.image/ +├── product # 产品维度(必填) +├── title # 人类可读标题(必填) +├── description # 功能描述(必填) +├── vendor # 供应商(必填) +├── base-image # 基础镜像(必填) +└── base-image-version # 基础镜像版本(必填) +``` + +## 最佳实践 + +- **标签即文档**:镜像标签应作为镜像的自我描述文档,无需额外文档即可了解镜像用途 +- **不可变性**:标签一旦发布,不应修改已构建镜像的标签;更新内容应通过新版本标签发布 +- **CI/CD 自动化**:在构建流水线中通过标签注入步骤自动添加标准标签 +- **基础镜像追踪**:所有自定义镜像必须标注基础镜像来源和版本,便于安全漏洞修复 +- **扫描集成**:容器镜像扫描工具(如 Trivy)应读取标准标签以生成合规报告 + +## 与其他标签体系的关系 + +| 标签范围 | 前缀 | 覆盖对象 | +|----------|------|----------| +| 云资源标签 | `OT_` | EC2、S3、VPC 等云资源 | +| K8s 标签 | `app.opentext.com/` | Namespace、Pod、Deployment 等 K8s 对象 | +| 容器镜像标签 | `com.opentext.image/` | 容器镜像(Docker/OCI 镜像) | + +## Connections +- [[Resource-Tagging]] — 容器镜像是资源的一种 +- [[Kubernetes-Tagging]] — K8s 标签与容器镜像标签协同工作 +- [[AWS-Tagging-Standards]] — 云标签标准的容器镜像扩展 +- [[public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meeting-rec]] diff --git a/wiki/concepts/Kubernetes-Tagging.md b/wiki/concepts/Kubernetes-Tagging.md new file mode 100644 index 00000000..06927cbc --- /dev/null +++ b/wiki/concepts/Kubernetes-Tagging.md @@ -0,0 +1,72 @@ +--- +title: "Kubernetes Tagging" +type: concept +tags: + - Kubernetes + - Tagging-Standard + - Cloud-Governance + - OpenText +sources: + - public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meeting-rec +last_updated: 2026-04-29 +--- + +# Kubernetes Tagging + +Kubernetes 标签标准是 OpenText 云标签标准 V2 版本的新增组成部分,定义了 Kubernetes 对象(Namespace、Pod、Deployment、Service、ConfigMap 等)上必须使用的标准标签键值对。与云资源标签类似,K8s 标签为 FinOps 成本分摊、安全策略和资源组织提供了统一的基础。 + +## Definition + +Kubernetes 标签(Labels)是附加在 K8s 对象上的键值对元数据,用于组织、选择和管理 Kubernetes 集群中的资源。OpenText V2 标准通过 `app.opentext.com` 前缀区分其专属标签,与标准 K8s 标签系统(前缀 `kubernetes.io/`)和自定义标签(前缀 `k8s.io/`)形成语义隔离。 + +## OpenText V2 标准标签 + +### 核心标签键 + +| 标签键 | 说明 | 示例值 | +|--------|------|--------| +| `app.opentext.com/product` | 产品名称 | `idm`, `operations` | +| `app.opentext.com/customer` | 客户名称 | `customer-a` | +| `app.opentext.com/environment` | 环境 | `prod`, `dev`, `uat` | +| `app.opentext.com/part-of` | K8s 对象归属(原生 K8s) | `deployment-name` | +| `app.opentext.com/name` | 对象名称 | `my-service` | +| `app.opentext.com/version` | 版本 | `v1.2.3` | + +### 与云标签的对应关系 + +K8s 标签与云资源标签在语义上保持一致: + +| K8s 标签 | 对应云标签 | 说明 | +|----------|-----------|------| +| `app.opentext.com/environment` | `OT_environment` | 环境维度统一 | +| `app.opentext.com/customer` | `OT_customer` | 客户维度统一 | +| `app.opentext.com/product` | `OT_business_unit` | 产品/业务单元 | + +## 命名规范 + +- **前缀**:`app.opentext.com` +- **键格式**:小写字母、数字、连字符(遵循 K8s DNS 子域名规则) +- **值格式**:无限制,可包含多级(如 `v1.2.3`) + +## 与云标签的关系 + +K8s 标签标准是 OpenText 云标签标准 V2 的扩展: + +- **云资源标签**:`OT_` 前缀(如 `OT_business_unit`) +- **K8s 对象标签**:`app.opentext.com/` 前缀 +- **容器镜像标签**:`com.opentext.image/` 前缀 + +三者共同构成 OpenText 跨层级的统一标签体系。 + +## 最佳实践 + +- 使用 Terraform 或 Kustomize 在部署时自动注入标签 +- 通过 Kyverno 或 OPA Gatekeeper 策略强制 K8s 标签合规 +- 对于 K8s 自动创建的资源(如 Service 创建的 LoadBalancer),使用 Annotations 记录间接标签信息 +- 避免在标签中存储敏感数据 + +## Connections +- [[Resource-Tagging]] — K8s 标签是资源标签体系的一部分 +- [[AWS-Tagging-Standards]] — 云标签标准的 K8s 扩展 +- [[Terraform]] — IaC 自动打标工具 +- [[public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meeting-rec]] diff --git a/wiki/index.md b/wiki/index.md index 6d5331de..8c16f259 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -4,6 +4,7 @@ - [Overview](overview.md) — living synthesis ## Sources +- [2026-04-28] [Public Cloud Learning Sessions - OpenText Tagging Standard v2 - 20250429](sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md) - [2026-04-28] [CTP Topic 41 NFR's and Error Budgets](sources/ctp-topic-41-nfrs-and-error-budgets.md) - [2026-04-28] [CTP Topic 10 AWS Landing Zone (LZ) Data Collection, Tagging Related Security](sources/ctp-topic-10-aws-landing-zone-lz-data-collection-tagging-related-security.md) - [2026-04-28] [CTP Topic 20 Program demand process flow and PoC onboarding](sources/ctp-topic-20-program-demand-process-flow-and-poc-onboarding.md) @@ -239,7 +240,6 @@ - [Cloud Learning Master Index](sources/cloud-learning-master-index.md) - [Public Cloud Learning Sessions - Tagging Standards for All Hyperscalers - 20240123](sources/public-cloud-learning-sessions-tagging-standards-for-all-hyperscalers-20240123-1.md) - [Public Cloud Learning Sessions (OpenText) - Thor Platform & Flows](sources/public-cloud-learning-sessions-opentext-thor-platform-flows-20241210-160056-meet.md) -- [Public Cloud Learning Sessions - OpenText Tagging Standard v2 - 20250429](sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md) - [Public Cloud Learning Sessions (OpenText) - Product Hub (PHT) Overview and Q&A - 20240806](sources/public-cloud-learning-sessions-opentext-product-hub-pht-overview-and-qa-20240806.md) - [Public Cloud Learning Sessions (OpenText) - GitHub Enterprise to GitLab Migration](sources/public-cloud-learning-sessions-opentext-github-enterprise-to-gitlab-migration-20.md) - [Public Cloud Learning Sessions - AWS End User Compute Services - 20240430](sources/public-cloud-learning-sessions-aws-end-user-compute-services-20240430-160120-mee.md) @@ -742,6 +742,7 @@ - [Manus](entities/Manus.md) - [MariaDB](entities/MariaDB.md) - [Martin-Nash](entities/Martin-Nash.md) +- [Martin-Rosler](entities/Martin-Rosler.md) - [Matt-Van-Horne](entities/Matt-Van-Horne.md) - [McpServer](entities/McpServer.md) - [MCP(Model Context Protocol)](entities/MCP(Model Context Protocol).md) @@ -1144,6 +1145,7 @@ - [Configuration-Management](concepts/Configuration-Management.md) - [Consensus-Voting-Pattern](concepts/Consensus-Voting-Pattern.md) - [Constraint-Driven-Control-Mechanics](concepts/Constraint-Driven-Control-Mechanics.md) +- [Container-Image-Tagging](concepts/Container-Image-Tagging.md) - [Container-Lifecycle-Hardening](concepts/Container-Lifecycle-Hardening.md) - [Content Automation](concepts/Content Automation.md) - [Content-60-30-10-Rule](concepts/Content-60-30-10-Rule.md) @@ -1397,6 +1399,7 @@ - [Knowledge-Base-RAG](concepts/Knowledge-Base-RAG.md) - [Kolb-体验式学习圈](concepts/Kolb-体验式学习圈.md) - [Kubernetes](concepts/Kubernetes.md) +- [Kubernetes-Tagging](concepts/Kubernetes-Tagging.md) - [KV-Cache](concepts/KV-Cache.md) - [LagCompensation](concepts/LagCompensation.md) - [Land-and-Expand](concepts/Land-and-Expand.md) diff --git a/wiki/log.md b/wiki/log.md index 20fdc95a..fcfddcce 100644 --- a/wiki/log.md +++ b/wiki/log.md @@ -6046,3 +6046,14 @@ - 步骤8完成:无新冲突(与 ctp-topic-4 的 Agile vs Gate Process 视角差异已于 Source Page 中记录) - 步骤9完成:log.md 追加本次 re-ingest 记录 +## [2026-04-29] ingest | Public Cloud Learning Sessions - OpenText Tagging Standard v2 - 20250429 +- Source file: Cloud & DevOps/Public-Cloud-Learning-Sessions/10_OpenText-Series/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md +- Status: ✅ 成功摄入 +- Summary: OpenText 云标签标准 V2 版本——Martin Rosler 演讲,扩展至 Kubernetes 对象和容器镜像标签规范。OT_ 前缀(云资源)、app.opentext.com 前缀(K8s 标签)、com.opentext.image 前缀(容器镜像)。三大驱动:省钱、降险、提效。覆盖 3,500 个云账户、48 种 Landing Zone 类型。 +- Concepts touched: [[Resource-Tagging]], [[FinOps]], [[AWS-Tagging-Standards]], [[Kubernetes-Tagging]], [[Container-Image-Tagging]], [[Terraform]], [[Multi-Cloud-Governance]] +- Entities touched: [[Phenops-Team]], [[OpenText]], [[Martin Rosler]] +- Concepts created: [[Kubernetes-Tagging]], [[Container-Image-Tagging]] +- Entities created: [[Martin Rosler]] +- Source page: wiki/sources/public-cloud-learning-sessions-opentext-tagging-standard-v2-20250429-170111-meet.md +- Notes: 步骤3完成:新建 source page;步骤4完成:index.md 条目已存在(第242行),无需更新;步骤5完成:overview.md 中已有标签相关内容,本次无需修订;步骤6完成:新建1个 Entity 页面(Martin Rosler.md),更新 Phenops-Team.md 的 sources 和 last_updated;步骤7完成:新建2个 Concept 页面(Kubernetes-Tagging.md、Container-Image-Tagging.md);步骤8完成:无冲突(V2 在 V1 基础上扩展,保持向前兼容);步骤9完成:log.md 追加记录 +