 Good morning and thank you for coming and for listening about the internalized exploration road in city banks and some of our world's successful practices. So first actually in banks currently we are at great importance on FinTech and this is also a future trend and in city bank China city bank actually the same with other banks we have two requirements first is our business mode it needs to be innovated and the second is the technological transformation and that is because in banks we are now facing with changing market and it's mainly targeted at some certain groups of users or clients for example the young people generation and for this young generation they are live and they were born in the era of internet so that is why they certain go to the bank actually for our generation I was not born before I was not born after 1990 but actually I also seldom go to the banks to have some businesses or transactions you can use your iPhone or your apps applications to have some payment to have some financial activities for banks it is also the same case because previously banks they compete with each other through call banking and who can deal with address with the transactions rapidly and who can shorten the time for the clients for the customers to wait but currently actually we seldom go to those physical banks and for banks their businesses and their financial services it's actually a power to drive the technological development and it also immersed into every aspect of our life for example the scenario of payment or when you are sailing something or where you are paying for something and all those payment system they will they can provide some services from the backup system from the bank for example to evaluate your capability and evaluate the risk of financial risk so these are some forefront and and for from terminal that matched with the back terminal of the bank so for such kind of financial services after it has been immersed in all aspect of our life it also needs to keep pace with the future trend and the current development to adaptive to the newest financial scenarios technologically speaking actually the driven power comes from for example the waterfall process of development and it's architecture application architecture for example the SOA and microservices like the suppliers from the bottom to the top this kind of system and for the consultation and the services scenarios after they have been changed they also requires us we need to have a fast-changing technologies the past culture they are not bad we do not say they're not good we're saying that they needs to be adaptive to the new trend so based on Kubernetes based on the container technology also to combine and integrate the agile development process so that we can come up with some flexible agile process to adapt to the scenarios that I've just mentioned and for some traditional scenarios we can use some traditional ways of development so I think we need to have both pathways to deal with the current situation but actually the digital transformation of the banks are not like the transformation of others it is not destructive because it needs to base on the traditional ways like the to balance between the waterfalls and the agile development like the SLA the microservices so all of them are existing co-existing together so for banks they need to know how to address together with all these scenarios the traditional one and the newest one and in our banks we already have S but actually S system mainly solve some historical burden for banks because in all days the banks maybe they have various kinds of servers of different brands and they have different configurations so for every application they need to test or they need to calculate on what kind of server what kind of configuration and what type of brand can we realize so they need to have such kind of testing for the performance and for banks for every testing to evaluate the capacity or the capability it is quite troublesome but after we have the container technology they can do this work on based on certain specific specification for example Java application it is a part container capability and it can have such kind of evaluation and estimation also it is scalable and it can predict how many access how many visitor access and how many replicas do we need and if they are state for all non-state for if it is sensitive and transactional and state for if we need to use some readiness that key value database to have some catch of the state so for banks how to balance between the stable system all and the agile system I think this is a problem that we will face for a long time in the future. It establishes especially the construction of the S system and these are some issues that we need to address with and in Citic Bank we provide this platform they allow the cloud it has four layers so for the bottom layer it is helping the existing infrastructure to integrate with each other for example the physical host the virtual machine and the thing that I just mentioned based on different as platforms those virtual machines and some public cloud and collocated cloud as resources so this platform should be able to integrate all these resources into a pool so that it can deploy like the clusters like a Kubernetes and the second layer is the container platform actually it is quite challenging for banks because in banking industry it has different regions for example from the dimension of business it has external connection the e-bank business and for its production it can be divided into the development cluster testing production so it is has been divided into different regions and different departments so that is why when we deploy the Kubernetes we will encounter the problem of the security access also the remote etcd and some database problem so for in banking industry normally it needs a multi-cubanets cluster environment and this management platform the past platform it is also the same case because it needs it needs to have permission or use a system to support all kinds of scenarios and in this multi-environment and multi-cubanets cluster on this platform it needs to have support for those scenarios for example for the application delivery and this is the capability of the Kubernetes also for DevOps from the source code to the image and to the put into operation put into practice and lastly is the microservices so for every part there will be some challenges for the banking industry for example take the application delivery as an example actually Kubernetes provides a lot of functions but for banking industry for our banks for some business platforms actually they cooperate with some suppliers of the payment system but if we use the Kubernetes cloud technology you may encounter that between different services it may be four layers and maybe different ways of the telecommunication but if we use not part in terms of the security access or limit it will all you also encounter the problem so it is based on nix or f5 we have some customized things so that it can support the gated launch and the four layers gated launch to ensure that it's service can be accessed by four layers the biggest problem is that the bank is just at the beginning of embracing the open source software so for the internal the family we can find some existing to H&M for example the continuous integration cold coglation and they have their respective or separate supply chain for communication that without pressures in this environment we recommend like a gate like registry harbor or some solutions and applications with the best practices well for the banking industry you sell them to replace this so they will add to duck the devil's fiction to docking with their current supply chain or to imply the Dow Chen and besides in the front-end you must achieve the consistency user experience so this is a challenge well for the top level or the top is the level is an IT governance layer this is a not to the service permission but also the permission but the multi-cuberance cluster management we want to have the multi-role management and we want to have multi-tools and select a different to get to lab roles projects for different objects and all of this must be interpreted management on your platform so for the banks it's hardly for them to have a current to product or finish the product for their environment more or less the ones that customer nation so this is a problem posed for banks of questions or challenges who delivers open source projects to users we may come to many problems for example the network plans of the images synchronized and production for provision management on x to the container or ESTC whether the permission should be high or low level and all the banks banking clients the talk of this problems quite often they want to explain all the supply all the solutions that in the community and they want to know the botnet tools they might encounter in the future usually the discussion main comes to dozens of times in the division for the production team or maintenance of different teams they want to be engaged in this discussion because it's decided or rather whether the production will be put into practice it's quite important to well for the image to synchronize the to the production because banks have a quite strong supervision which is different from other companies for other companies the R&D platform just to launch the code and directly launch it but for banking industry it is prohibitively restricted well for our bank we have a quite aggressive approach so for the banking industry how can we solve the images synchronization and how can we just to transmissions the images to different units and departments which is quite troublesome or the problems is just to go beyond these aspects for example the operating audits internal the containers for example I want to have some commands in the container whether this command have been pre-audited because banks have been quite a high level of high requirement on the safety auditing when we do the online commands and all the parameters they have to be pre-audited and pre-approved it's different that when we encounter in online fill out and we just apply for an account for an account and just to do the modification on that this is not work this does not work and will we just tap in the command that this commander will simultaneously appear on the other devices and that operator will show or will decide whether to approve or reject this commander only if they approve the command that this commander will be truly implemented so this is operating audits internal the containers and besides we have application tolerance actually in banking industry we have ABCD for levels and we now just introduce a plus level this shows the importance of different business or for some high level advanced applications we want to have the two two levels centers or other guaranteed mirrors and we want to have the cluster and the management platform to based on the Kubernetes or whether we need to introduce another mechanism to multi-manage this cluster or the copies of these applications at different places we need to have some design and implementation plans for that but beside we have the platform hard upgrade which is quite common for the banking industry since we know that the Kubernetes version upgrade is quite it's quite regular common how to update the Kubernetes nodes for the clients whether they have some risks for that and besides we have the transition monitoring which is a focus for the banking industry since if we want some production happening in the internal or continental we want to employ some previous methods for example for our company we just introduced a package selection strategy and we need to ensure that this is business selection of business interaction operation with when this business just interacts with each other we want to show which size of which parameter of this and we need to upload this information and analyze these parameters and we want to schedule in the business from A to D and how many times we just returned and how many times we updated this information and what about the success or failure rate and I want this parameter fail to meet the expected value what kind of or what kind of level of the money should be issued and when a significant failure appeared if that cannot be resolved within half an hour that we want to report it to the heavy unit and all these problems may come to the quite irregularly and when we encounter a financial client we may encounter different problems and when we just comparing the cubanets with swarms and one of the advantages of the cubanets platform actually operators in the banking industry they are already familiar with that they're not focused on this part they concerns about when the upgrading cubanets is put into the production and when it has a class applications what would happen I will show it to you when we encounter such problems so these problems actually should be taken into consideration if we want to apply the cubanets in the banking industry we should have a pre-solution and with that we can communicate with the clients just to classify this question or challenges into different levels like L0 L1 L2 and actually all these problems are involved in many business or many units for example we take the network as an example we usually talk to clients we classify the network model as underlay overlay and for the open-sheet FDN and we also have some commercial solutions but for overlay and routing it may be a hybrid the system for a content that may have the overlay network but a model is overlay networks they have a routine approach maybe the banking industry require you classify this different models so we want to show what is a MacLillian what is the the ternal of the overlay or underlay what is a flannel for the routine and when we just explain this actually the clients will be lost to choose which network and to implement the container platform well for each model actually it directly influence effects the application that they will be used or actually many double or zero cost applications developed in the banking industry this application is quite large-scale maybe they will share the same provision center or when I'm loading the cloud or some modules already ready they can perform the CISD and it's a non-state performance and they're ready to have a container but for other services they might not ready for uploaded services for example the face and print thank recognition services they're quite related to the external equipment to work on these applications in a short time they are not impossible to be containerized so I have to make a choice whether of these applications or services should be clustered inside or outside the cubanets if it should be inside the cubanets all this information should be registered inside the container both for the made where outside the container maybe they should be registered into the same paper with other approaches of all these services outside the container they can file each other and when this IP address of these applications can be communicated or can be communicated we should address the issues whether the house outside their terminal can be integrated into inside the container according to the previous practice all the banking industry clients think the overlay approach is quite good they think they have not a faculty a business but actually for the application level the overlay approach may not enough or maybe in the future all this approaches shifting to the routine model well for the service discovery when the pause inside a cluster over the services they have different approaches like not part like cute prophecy like you can buy some ingress controller and then you can double the self-framework service discovery all this kind of service discovery you need to be you need to take into consideration but for the cubanets service discovery and the cube cloud service discovery what are the differences or the similarities between that you need to also that to your clients since previously the bank industry has not touched the orchestration framework face to the applications previously they just are familiar with the physical servers physical machines of the VM but for now they are more focused on the application orchestration and all of the design must be better integrated into their services so the banking industry I need to make more efforts on that and we need to do more explanation to our clients actually we can analyze the problems and many more small points we want to say that whether the client or the cluster can cross the v-line when we choose different a most network most it affects the transmission performance for example the overlay can cross the v-line but it need to compressing or decompressing well for the large or small packages of the banking packages inside the banking industry does it have any influences and what if a large number of files inside the same package will the overlay affect the transmission performance we need to provide this specific solution to our clients well for the size we know that the Kubernetes support 5,000 nodes and 15,000 ports but whether the network most support that take the Flano as an example I give you a B a SLR and for the node it's actually assigned it to a C level and we can calculate it that's about to 16 nodes worth assigning this cluster so our clients might want to consider how many nodes can actually be deployed in a cluster and when it's the best recommended the pods are operated on the same container and one of these ports are better operated in one or two containers well for the containers and I don't care what which network models you chose they just to focus on what the internal or external nodes IP address were selected service the service discovery and the gated launch the load for security previously my service was based on the IP and IP address so I know that I know about his service and what it can success what it cannot so within the container within the cluster how can I change those dynamic rules as you know the Kubernetes principles so we will use labels to realize it but within Kubernetes you can use labels or based on the OS and some organ flow regulations or principles but in banks we can control but we also want to monitor the traffic so how can you support the as or how can you import the traffic and how can you make the traffic visible or come out from the virtual machines so these are the problems that we need to consider and another is about address the address pool for specific address applications maybe we need to have the fixed IP address and currently all the banks they targeted and the IP address based on the IP address as a label for the identification in order to identify what kind of business is it is conducting and fixed IP address so is of great help and the address pool if it is elastic and after this galing if it can be restricted if it can be based on the phase to have traffic analysis so all of these problems we also we need to consider so based on these considerations we consider all the network plans within the community actually no one is completely perfect well but I think Calico is comparatively perfect but actually it cannot have provide network for multi tenants but it can identify the IP address and in banks in the multi-questor system it needs to have multi-tenant because there are many resources resources spaces and at the same time they are output their capabilities for example for their branch banks or for the subsidies for the third party they need to develop the system they need to have multi tenants and the relevant strategies so if they can support this kind of process and to have their own network well at present I think this is not feasible and we do not consider the schemes of plans provided for the mortis are multi tenants I also want to promote the cube of the end and this is quickly changed and upgraded and it mainly solves the several solved several problems and I think it is complimentary for example first base on the namespace it has a subnet and the second for example between the subnets the isolation between the subnets and the third is fixed IP address no matter on which notes and also Q&S currently Q&S is a prioritized project that we're working on because for banks for single notes you have different businesses of different levels and within the limited resources you need to guarantee those businesses of higher priority so this is also what we need to consider another thing is the inserted not balance and some distributed networks and namespace the entrances so these are the key points and you can also join us to cooperate with each other next is the topology the topology one is development testing and the production environment and you can see we have different sets of management system to manage the cuban and they have their own assignments and in development you can see this cluster this is a very featured cluster that is construction cluster so actually for banks only this cluster can access the code repositories so that means not all the clusters can access the repositories and for the production cluster it has a feature that you can support the multi clusters and it can also have some functions of image image functions so all of them have such deployment and in the middle part it has this this cluster has the automated testing and only this can access the production part for platform it should also be available because the platforms are what level of businesses does it suffer you need to have the corresponding level of the security for example like the a business showed on the slide so the key points is your monitoring and your database so these platforms they need to have the long-term data and the synchronization between different databases actually there is a big change here because this will be based on the cloud native technology to use the cabinets ETCD for some and to use Kubernetes container as our framework for development so this is our future objective and this is the DevOps CI CD for banks they are touching on the demands we have a CD DevOps and how to use the code but most of us want to know how we conduct the project so it is not about engineering it is about project management and you can see in China Citibank there are systems like this they have internet system for the project management and for the project design program design the environment and the project plan the reports with repositories of codes and also the code check the approval the testing the automated testing platform so for production it is also the same case this is the DevOps the process so basically we have the developing center development center and the data center so only it needs to be approved for one time so that the R&D can execute or implement it for those stable businesses you also need to have the NPM the automated and the approval so within the system all of them all of the processes are not manually automated and on this project still some space for improvement for example the planning for the scaling and it is not treated as a project it is treated as a platform right now about its scaling of the resources and phenomenon normalization previously every project they have their own open source platform but now it has been changed and they have the businesses organization for every project they can organize the businesses and finally this is our vision we want to have the state of the art technology to have the most professional services and to keep a long-term partnership together with our work customers and the banks so this is our slogan as well as our vision so thank you thank you for listening