検索 | InterSystems Developer Community

お知らせ

Anastasia Dyubaylo · 2025年10月16日

Hi Community!

We’re excited to announce a brand-new sweepstakes. This time, the theme is:

We want to hear your thoughts on how we can make the very first steps with InterSystems technologies smoother, clearer, and more inspiring. Whether it’s documentation, onboarding, setup, or tutorials, your ideas can make a real difference!

To take part in this sweepstakes, follow these simple steps:

Be a member of the Ideas Portal, just log in using your SSO.
Create a new idea
Select the category Initial Developer Experience.
Describe your suggestion in as much detail as possible, highlighting exactly how this will improve the Developer Experience of new users.
Share the link and the title of your idea in the comments below so others can see it too.

That’s all! At the end of November, we’ll use a randomizer to choose one lucky participant who will receive a special prize 🎁

We’re looking forward to your creative and practical ideas! Good luck ☘️

Notes:

Duplicate ideas will not be accepted. Make sure your submission is unique.
InterSystems employees are welcome to participate.
We reserve the right to moderate the ideas - the moderators' decision is final.
Here's a short guide on how to submit an idea.
Pst, the more ideas you post, the higher your chance of getting a prize 🤗

ディスカッション (0)1

続けるにはログインするか新規登録を行ってください

記事

sween · 2025年10月16日 10m read

#分散データ管理 #Kubernetes #テスト #InterSystems Kubernetes Operator (IKO)

Target Practice for IrisClusters with KWOK

KWOK, Kubernetes WithOut Kubelet, is a lightweight tool that simulates nodes and pods—without running real workloads—so you can quickly test and scale IrisCluster behavior, scheduling, and zone assignment. For those of you wondering what value is in this without the IRIS workload, you will quickly realize it when you play with your Desk Toys awaiting nodes and pods to come up or get the bill for provisioning expensive disk behind the pvc's for no other reason than just to validate your topology.

Here we will use it to simulate an IrisCluster and target a topology across 4 zones, implementing high availability mirroring across zones, disaster recovery to an alternate zone, and horizontal ephemeral compute (ecp) to a zone of its own. All of this done locally, suitable for repeatable testing, and a valuable validation check mark on the road to production.

Goal

The graphic above sums it up, but lets put it in a list for attestation at the end of the exercise.

⬜ HA Mirror Set, Geographically situated > 500 miles as the crow flies (Boston, Chicago)

⬜ DR Async, Geographically situated > 1000 miles as an Archer eVTOL flies (Seattle)

⬜ Horizontal Compute situated across the pond for print (London)

⬜ Pod Counts Match Topology

lesgo...

Setup

We are using Kwok "In-Cluster", though it supports actually creating the clusters themselves, there will be a single control plane and a single initial node with the KWOK and IKO charts included.

Cluster

Lets provision a local Kind cluster, with a single "physical node" and a control plane.

cat <<EOF | kind create cluster --name ikoplus-kwok --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
  - role: worker
networking:
  disableDefaultCNI: false
EOF

Should be a simple cluster with a control plane and a worker node.

Install IKO Chart

Install the Operator under test.

helm install iris-operator . --namespace ikoplus

Install KWOK

In-cluster, per the docs.

helm repo add kwok https://kwok.sigs.k8s.io/charts/
helm upgrade --namespace kube-system --install kwok kwok/kwok
helm upgrade --install kwok kwok/stage-fast
helm upgrade --install kwok kwok/metrics-usage

Charts looking good:

Configure KWOK

KWOK configuration for this distraction is two parts:

Create KWOK Nodes
Tell KWOK which ones to Manage

Data Nodes

Here I create three specific KWOK nodes to hold the data nodes for HA/DR and the mirrormap topology. The nodes are kubernetes nodes, with specific annotations and labels to identify them as "fake", important to note that all the fields are fully configurable, meaning you can also do things with resources such as cpu and memory so you can test requests for the pods and fully configurable phase values.

datanodes.yaml

 apiVersion: v1
 kind: Node
 metadata:
   annotations:
     node.alpha.kubernetes.io/ttl: "0"
     kwok.x-k8s.io/node: fake
   labels:
     beta.kubernetes.io/arch: amd64
     beta.kubernetes.io/os: linux
     kubernetes.io/arch: amd64
     kubernetes.io/hostname: ikoplus-kwok-data-node-0
     kubernetes.io/os: linux
     kubernetes.io/role: worker
     topology.kubernetes.io/zone: boston    # zone in iko
     type: kwok
   name: ikoplus-kwok-data-node-0
 #spec:
 status:
   allocatable:
     cpu: 32
     nvidia.com/gpu: 32
     memory: 256Gi
     pods: 110
   capacity:
     cpu: 32
     nvidia.com/gpu: 32
     memory: 256Gi
     pods: 110
   nodeInfo:
     architecture: amd64
     bootID: ""
     containerRuntimeVersion: ""
     kernelVersion: ""
     kubeProxyVersion: fake
     kubeletVersion: fake
     machineID: ""
     operatingSystem: linux
     osImage: ""
     systemUUID: ""
   phase: Running
---
 apiVersion: v1
 kind: Node
 metadata:
   annotations:
     node.alpha.kubernetes.io/ttl: "0"
     kwok.x-k8s.io/node: fake
   labels:
     beta.kubernetes.io/arch: amd64
     beta.kubernetes.io/os: linux
     kubernetes.io/arch: amd64
     kubernetes.io/hostname: ikoplus-kwok-data-node-1
     kubernetes.io/os: linux
     kubernetes.io/role: worker
     topology.kubernetes.io/zone: chicago    # zone in iko
     type: kwok
   name: ikoplus-kwok-data-node-1
 status:
   allocatable:
     cpu: 32
     nvidia.com/gpu: 32
     memory: 256Gi
     pods: 110
   capacity:
     cpu: 32
     nvidia.com/gpu: 32
     memory: 256Gi
     pods: 110
   nodeInfo:
     architecture: amd64
     bootID: ""
     containerRuntimeVersion: ""
     kernelVersion: ""
     kubeProxyVersion: fake
     kubeletVersion: fake
     machineID: ""
     operatingSystem: linux
     osImage: ""
     systemUUID: ""
   phase: Running
---
 apiVersion: v1
 kind: Node
 metadata:
   annotations:
     node.alpha.kubernetes.io/ttl: "0"
     kwok.x-k8s.io/node: fake
   labels:
     beta.kubernetes.io/arch: amd64
     beta.kubernetes.io/os: linux
     kubernetes.io/arch: amd64
     kubernetes.io/hostname: ikoplus-kwok-data-node-2
     kubernetes.io/os: linux
     kubernetes.io/role: worker
     topology.kubernetes.io/zone: seattle    # zone in iko
     type: kwok
   name: ikoplus-kwok-data-node-2
 status:
   allocatable:
     cpu: 32
     nvidia.com/gpu: 32
     memory: 256Gi
     pods: 110
   capacity:
     cpu: 32
     nvidia.com/gpu: 32
     memory: 256Gi
     pods: 110
   nodeInfo:
     architecture: amd64
     bootID: ""
     containerRuntimeVersion: ""
     kernelVersion: ""
     kubeProxyVersion: fake
     kubeletVersion: fake
     machineID: ""
     operatingSystem: linux
     osImage: ""
     systemUUID: ""
   phase: Running

Full yaml in the spoiler above, but here are the annotations and label that are important to call out:

kwok annotation
iko zone
type: kwok

Apply the nodes to the cluster and take a peak, you should see your 3 fake data nodes:

Compute Nodes

Now, lets provision many compute nodes because we can, for this, you can use the script below to prompt and loop over the creation.

computenodes.sh

 #!/bin/bash
 SCRIPT_DIR=$(readlink -f `dirname "${BASH_SOURCE[0]}"`)

 function help() {
     echo "usage: nodes.sh [-h]"
     echo
     echo "Description: Creates simulated KWOK worker nodes for performance testing"
     echo
     echo "Preconditions: "
     echo "   - The script assumes you've logged into your cluster already. If not, it will tell you to login."
     echo "   - The script checks that you have the kwok-controller installed, otherwise it'll tell you to install it first."
     echo
     echo "Options:"
     echo "  -h       Print this help message"
     echo
 }

 function check_kubectl_login_status() {
     set +e
     kubectl get ns default &> /dev/null
     res="$?"
     set -e
     OCP="$res"
       if [ $OCP == 1 ]
       then
         echo "You need to login to your Kubernetes Cluster"
         exit 1
       else
         echo
         echo "Nice, looks like you're logged in"
         echo ""
       fi
 }

 function check_kwok_installed_status() {
     set +e
     kubectl get pod -A |grep kwok-controller &> /dev/null
     res2="$?"
     set -e
     KWOK="$res2"
       if [[ $KWOK == 1 ]]
       then
         echo "You need Install the KWOK Controller first before running this script"
         exit 1
       else
         echo "Nice, the KWOK Controller is installed"
     fi
 }

 while getopts hf: option; do
     case $option in
         h)
             help
             exit 0
             ;;
         *)
             ;;
     esac
 done
 shift $((OPTIND-1))

 # Track whether we have a valid kubectl login
 echo "Checking whether we have a valid cluster login or not..."
 check_kubectl_login_status

 # Track whether you have the KWOK controller installed
 echo "Checking KWOK Controller installation status"
 echo
 check_kwok_installed_status

 echo
 read -p "How many simulated KWOK nodes do you want?" NODES

 echo "Nodes number is $NODES"
 echo " "

 COUNTER=1
 while [ $COUNTER -le $NODES ]
 do
     ORIG_COUNTER=$(($COUNTER - 1))
     echo "Submitting node $COUNTER"
 # Had to do this OSTYPE because sed acts differently on Linux versus Mac
     case "$OSTYPE" in
       linux-gnu*)
         sed -i "s/ikoplus-kwok-node-$ORIG_COUNTER/ikoplus-kwok-node-$COUNTER/g" ${SCRIPT_DIR}/printnodes.yaml;;
       darwin*)
         sed -i '' "s/ikoplus-kwok-node-$ORIG_COUNTER/ikoplus-kwok-node-$COUNTER/g" ${SCRIPT_DIR}/printnodes.yaml${SCRIPT_DIR}/printnodes.yaml;;
       *)
         sed -i "/ikoplus-kwok-node-$ORIG_COUNTER/ikoplus-kwok-node-$COUNTER/g" ${SCRIPT_DIR}/printnodes.yaml;;
     esac
     kubectl apply -f ${SCRIPT_DIR}/printnodes.yaml
 COUNTER=$[$COUNTER +1]
 done

     # Let's reset the original printnodes.yamlfile back to original value 
     case "$OSTYPE" in
       linux-gnu*)
         sed -i "s/ikoplus-kwok-node-$NODES/ikoplus-kwok-node-0/g" ${SCRIPT_DIR}/printnodes.yaml;;
       darwin*) 
         sed -i '' "s/ikoplus-kwok-node-$NODES/ikoplus-kwok-node-0/g" ${SCRIPT_DIR}/printnodes.yaml;;
       *) 
         sed -i "s/ikoplus-kwok-node-$NODES/ikoplus-kwok-node-0/g" ${SCRIPT_DIR}/printnodes.yaml;;
     esac

 # Check for all nodes to report complete
 echo "Waiting until all the simualted pods become ready:"
 kubectl wait --for=condition=Ready nodes --selector type=kwok --timeout=600s
 echo " "
 echo "Total amount of simulated nodes requested is: $NODES"
 echo "Total number of created nodes is: "`kubectl get nodes --selector type=kwok -o name |wc -l`
 kubectl get nodes --selector type=kwok

 echo " "
 echo "FYI, to clean up the kwow nodes, issue this:"
 echo "kubectl get nodes --selector type=kwok -o name | xargs kubectl delete"

Lets create 128 compute nodes, which gets us close to a reasonable ecp limit.

The cluster should now be at 133 nodes, 1 control plane, 1 worker, 3 data nodes, and 128 compute.

Now hang this kwok command in another terminal to perpetually annotate.

sween@pop-os-cosmic:~$ kwok --manage-nodes-with-annotation-selector=kwok.x-k8s.io/node=fake

The result should be a pretty busy loop.

Apply IrisCluster SUT

Here is our system under test, the IrisCluster itself.

# full IKO documentation:
# https://docs.intersystems.com/irislatest/csp/docbook/Doc.View.cls?KEY=PAGE_deployment_iko
apiVersion: intersystems.com/v1alpha1
kind: IrisCluster
metadata:
  name: ikoplus-kwok
  namespace: ikoplus
  labels:
      type: kwok
spec:
  volumes:
    - name: foo
      emptyDir: {}
  topology:
    data:
      image: containers.intersystems.com/intersystems/iris-community:2025.1
      mirrorMap: primary,backup,drasync
      mirrored: true
      podTemplate:
        spec:
      preferredZones:
        - boston
        - chicago
        - seattle
      webgateway:
         replicas: 1
         alternativeServers: LoadBalancing
         applicationPaths:
         - /*
         ephemeral: true
         image: containers.intersystems.com/intersystems/webgateway-lockeddown:2025.1
         loginSecret:
           name: webgateway-secret
         type: apache-lockeddown
      volumeMounts:
       - name: foo
         mountPath: "/irissys/foo/"
      storageDB:
       mountPath: "/irissys/foo/data/"
      storageJournal1:
       mountPath: "/irissys/foo/journal1/"
      storageJournal2:
       mountPath: "/irissys/foo/journal2/"
      storageWIJ:
       mountPath: "/irissys/foo/wij/"
    arbiter:
      image: containers.intersystems.com/intersystems/arbiter:2025.1
    compute:
      image: containers.intersystems.com/intersystems/irishealth:2025.1
      ephemeral: true
      replicas: 128
      preferredZones:
        - london

Explanations

The emptyDir {} volume maneuver is pretty clutch to this test with IKO. The opinionated workflow of a data node would be to use external storage through a CSI or whatever, but is counter intuitive for this test. Thank you to @Steve Lubars from ISC for the hint on this, was pretty stuck for a bit making the IrisCluster all ephemeral.

The mirrorMap and preferred zones specify the topology for the data and compute to target the location of the clusters and declare the roles.

Set the ephemeral flag on the compute to enforce the same thing as the emptyDir{} for the data nodes, and the number of nodes of 128 specifies the replica count which matches the number of nodes we provisioned.

lesgo...

The apply...

Attestation

One command to check them all.

kubectl get pods -A -l 'intersystems.com/role=iris' -o json \
| jq -r --argjson zmap "$(kubectl get nodes -o json \
  | jq -c 'reduce .items[] as $n ({}; .[$n.metadata.name] = (
      $n.metadata.labels["topology.kubernetes.io/zone"]
  [ .items[] | {zone: ($zmap[.spec.nodeName] // "unknown")} ]
  | group_by(.zone)
  | map({zone: .[0].zone, total: length})
  | (["ZONE","TOTAL"], (.[] | [ .zone, ( .total|tostring ) ]))
  | @tsv' | column -t
ZONE     TOTAL
boston   1
chicago  1
london   19
seattle  1

Results

✅ HA Mirror Set, Geographically situated > 500 miles as the crow flies (Boston, Chicago)

✅ DR Async, Geographically situated > 1000 miles as an Archer eVTOL flies (Seattle)

✅ Horizontal Compute situated across the pond for print (London)

❌ Pod Counts Match Topology

So after launching this over and over, it never got to schedule 128 pods to the available compute nodes, and it is due to the KWOK nodes going into NotReady at a random point around 20-50 nodes in. I think this is due to the fact that the ECP nodes rely on a healthy cluster to connect to to continue to provision by IKO... so I have some work to do to see if IKO readiness checks can be faked as well. The other thing I did was cordon the other "worker" to speed things up so the arbiter went to a fake node, I was able to get more compute nodes in with this arrangement. I guess too I could have targetted the topology for the arbiter too, but it seems that those are basically anywhere these days and can be out of cluster.

Fun and useful for 3/4 use cases above at this point for sure.

ディスカッション (0)1

続けるにはログインするか新規登録を行ってください

質問

Dmitrij Vladimirov · 2025年10月16日

#分析 #SQL #InterSystems IRIS BI (DeepSee)

Hi community.

I have a query:

SELECT
nameField,
dateField,
anotherDateField
FROM
(      
SELECT
MIN(someDate) as dateField,       
nameField,
anotherDateField
FROM $$$SOURCE
WHERE $$$RESTRICT               
GROUP by someOtherField    
)
WHERE dateField >= anotherDateField

This query should filter the data by the minimum value of the somDate field, but it doesn't. It displays all values together, regardless of the external filter. The exact same query (without the $$$ tokens, of course) works fine in a regular SQL runtime.

My guess is that the $$$RESTRICT does this

WHERE source.%ID IN (SELECT _DSsourceId FROM MyTable.Listing WHERE _DSqueryKey = 'en3460403753')

And outer WHERE is just left unseen

Is there a way to fix this?

2件の新着コメント

ディスカッション (2)2

続けるにはログインするか新規登録を行ってください

質問

Rozen Berg · 2025年10月16日

#ビジネスサービス #ダッシュボード #その他

The security environment has drastically evolved, with crime prevention moving beyond traditional passive surveillance to proactive, real-time strategies. Pioneer Security Services is at the forefront of this evolution, offering advanced video guard monitor solutions combined with live video monitoring services. This system uniquely pairs sophisticated AI-powered video surveillance technology with skilled security professionals. These trained guards provide continuous real-time supervision, enabling rapid detection and intervention of suspicious activities. By integrating human judgment with cutting-edge technology, Pioneer Security Services ensures powerful deterrence against crime and faster response times, safeguarding properties more effectively and reducing security risks significantly.

The Shift From Reactive to Proactive Security

Traditional CCTV cameras primarily record footage for post-incident review, limiting their utility in preventing crime. In contrast, Pioneer’s video guard monitor system transforms surveillance into an active defense tool. Through live video security monitoring, suspicious activity is detected and addressed immediately, enabling remote video guard services to communicate directly with potential intruders or dispatch physical guards swiftly. This immediate response capability significantly reduces crime rates by interrupting criminal acts in progress.

Key Components of an Effective Live Video Monitoring System

Pioneer Security Services deploys a comprehensive live video monitoring system featuring high-resolution cameras, two-way audio, and a central AI PoE hub that supports up to 15 cameras. The AI analyzes video feeds to identify threats, minimizing false alarms and prioritizing genuine risks for human guards. This seamless integration of technology and personnel enhances situational awareness and accelerates decision-making, ultimately preventing incidents before escalation.

Crime Deterrence Through Active Surveillance

Visible video guard monitors and signs alert potential offenders that a property is under constant watch. Real-time human interaction, such as verbal warnings through two-way audio, is a proven deterrent against trespassing and vandalism. Criminals are less likely to target areas employing remote video guard services since they understand their actions could be promptly challenged, recorded, and reported.

Benefits Beyond Immediate Crime Prevention

The impact of live video monitoring extends to long-term community safety and operational savings. Pioneer’s system reduces reliance on onsite human guards, lowering security costs while maintaining robust coverage. Additionally, high-quality footage from the video surveillance security guard system assists law enforcement investigations and can reduce insurance premiums. The presence of a live video monitoring system fosters a sense of security among residents, employees, and business owners.

Why Pioneer Security Services Excels in Crime Prevention

Pioneer Security Services combines cutting-edge technology with experienced security staff to create one of the most effective video guard monitor systems available today. Their proactive video monitoring stops crimes before they happen by delivering live intervention and leveraging AI detection. Through remote monitoring, mobile app access, and instant escalation, clients receive unmatched protection tailored to their unique security needs.

Conclusion

Live video monitoring services offered by Pioneer Security Services transform crime prevention through active real-time engagement instead of passive observation. Their smart live video monitoring system unites advanced AI technology with live human oversight, enabling properties to respond more quickly to incidents and reduce safety risks. Video guard monitors provide continuous, vigilant surveillance that not only protects assets but also deters criminal behavior before it occurs. This combination of technology and human intervention enhances overall security effectiveness, making Pioneer’s services a vital part of modern safety strategies.

FAQs

What is a video guard monitor system?

A video guard monitor system combines high-quality video surveillance cameras with live human monitoring to provide real-time security and crime prevention. It integrates AI technology and trained security professionals to detect and respond to threats immediately.

How do live video monitoring services prevent crime?

Live video monitoring services deter crime by actively watching camera footage in real time. Security personnel can intervene through two-way audio to warn intruders, and verified threats are escalated swiftly to law enforcement.

What are the benefits of using Pioneer Security Services’ live video monitoring?

Pioneer provides proactive crime deterrence, 24/7 surveillance coverage, cost savings compared to onsite guards, instant response, and high-resolution video for accurate incident verification.

Can video guard monitors replace traditional security guards?

They complement and enhance security by covering larger areas with AI-assisted technology while providing immediate intervention. Pioneer’s system reduces reliance on physical guards but keeps expert humans monitoring remotely.

Is remote video guard service reliable for all property types?

Yes, it is customizable for commercial, residential, and industrial properties, ensuring tailored security solutions for each client’s needs.

How is false alarm reduction managed?

Advanced AI analytics assess video feeds to minimize false alarms, ensuring that human monitors focus on genuine security risks.

ディスカッション (0)1

続けるにはログインするか新規登録を行ってください

お知らせ

Sergio Farago · 2025年10月16日

#ビデオ #開発者コミュニティ公式

Hola y bienvenidos al resumen de YouTube de la Comunidad de Desarrolladores de septiembre de 2025

InterSystems Ready 2025

Ecosistema de desarrolladores de InterSystems: nuevos recursos y herramientas que debes conocer