Etcd Permissions Management

Kubernetes and business components are mixed in the same etcd cluster, there is a possibility of key conflict, the plan is to control the paths that Client can write through the permission mechanism that comes with etcd. Role-based access control etcd v3 supports RBAC-based user rights management, which is disabled by default. You will need to run the following command to enable etcd privileges after you start etcd. 1 2 3 4 5 6 7 # Create special user and role, and bind etcdctl user add root --new-user-password=Hell0@ETCD etcdctl role add root etcdctl user grant-role root root # Enable permission function etcdctl auth enable etcd requires users to create a special user and role before enabling permissions, where the root user is the superuser of the etcd cluster and has all permissions, and the root role has the same permissions as the root user, which can be bound to any user with the grant-role command.

The gosu and su-exec tools in docker

Permission problems with volume In Docker, file permission issues often arise when you need to mount a host directory to a container for use as a volume. It is common that the container does not have write access to the path, which can lead to all sorts of weird problems with the service. The reason for this type of problem is that the UIDs inside and outside the container are different.

vCenter Server uses ACME certificates

I. Pre-requisites Firstly, you need to have an installed vCenter Server, secondly, if the FQDN(PNID) is not set correctly during installation, then you cannot use ACME certificate directly, you can only use reverse proxy to solve the problem. II. Install is used here as the certificate request tool. Use ssh to log in to the vCenter Server host and follow the official tutorial to install it. 1 curl https://get.

Building your own react hooks

With the new API for hooks added to React in v16.8.0, it is important to understand how to use it and be able to write a few custom hooks to suit our business. 1. Some common hooks Several built-in hooks are officially provided, so let’s take a brief look at their usage. 1.1 useState: state hooks Data that needs to be updated on the page state can be put into the useState hook.

Grpc Web

Overview In the previous research on browser Push, I summarised a number of possible ways to support browsers receiving Server Push, not all of which work, but are still very enlightening. However, one of the ways I didn’t quite understand was how gRPC-Web was implemented, so in this article I’d like to look at how gRPC-Web implements Bidirectional Stream. Features supported by gRPC Web As of today, gRPC Web supports only two types of calls, namely

Debian 11 / Ubuntu 22.04 Installing Caddy

This article applies to both Debian 10 Buster and Ubuntu 20.04 Focal. What is Caddy? Caddy is an open source web server that is simple in design, easy to use and has many powerful features. It can handle TLS (SSL) automatically and can use middleware extensions. Caddy uses a simple configuration syntax to easily configure routing, reverse proxies, redirects, caching and other features. It also supports HTTP/2, QUIC (HTTP/3) and WebSockets protocols to provide fast web performance.

Debian 11 / Ubuntu 22.04 Installing Docker and Docker Compose Tutorial

This article applies to both Debian 10 Buster and Ubuntu 20.04 Focal. What is Docker? Docker is a containerisation technology that allows containers to be built quickly on a server and run software without polluting the host, eliminating the need to install and configure various environments. The open source Docker community is dedicated to improving this type of technology and making it freely available for the benefit of all users.

Introduction to KVM Qemu Libvirt and Hands-on

Introduction to the concept Qemu Qemu is an emulator that simulates the CPU and other hardware to the Guest OS. The Guest OS thinks it is dealing directly with the hardware, but in fact it is dealing with the hardware simulated by Qemu, and Qemu translates these instructions to the real hardware. Since all instructions have to pass through Qemu, performance is poor. KVM KVM is a module for the linux kernel which requires CPU support and uses hardware-assisted virtualization technologies Intel-VT, AMD-V, memory-related such as Intel’s EPT and AMD’s RVI technologies.

Go mod short tutorial

I have recently studied go mod and have compiled it into an article. This article is a systematic look at go mod, not a simple introduction to how to use it. Before go mod came out, the community used a model similar to NodeJS, vendor, which meant that all packages were stored in the vendor directory, but this approach was obviously not elegant enough, and then came go mod, which has become the standard for module management in the Go community until today.

Declarative deployment of Helm Chart using helmfile

When using helmfile, we first need to understand the use of helm and how to develop a helm chart. helm is a package management tool for kubernetes. In real life scenarios we need to deploy multiple charts at the same time, distinguish between different deployment environments, version control, etc. For this purpose, the helmfile tool can be used. helmfile helps users to manage and maintain multiple helm charts by means of helmfile files, which can be used to differentiate environments and implement version control.

Debian / Ubuntu Adding Swap partitions manually

This article will guide you on how to add Swap partitions manually under Debian 11 and Ubuntu 22.04. Preparation First, check that your system already has a Swap partition. 1 swapon -s or 1 free -m If no result is returned or the Swap column in free -m has a value of 0, then your system does not have a swap partition. Creating a SWAP partition We can use the fallocate command to create a 1GB swap partition.

Golang Type System

Go is a strongly typed, static programming language. Almost every line of code we program in Go is inextricably linked to a type. Therefore, to learn Go in depth, we must first have a comprehensive and in-depth understanding of the Go type system, which gives us a holistic view of the specific type-related aspects of the Go language. 1. What is the type system As a Gopher with some Go programming experience, you have some knowledge of types in the Go language, for example: Go has built-in native integer types, floating point types, complex types, string types, function types, and provides composite types such as arrays, slices, maps, structs, channels, and interface types that represent behavioural abstractions.

Building a visual distributed monitoring system with OpenTelemetry

OpenTelemetry is a data collection middleware that can be used to generate, collect and export monitoring data (Metrics, Logs and Traces) that can be stored, queried and displayed by OpenTelemetry-enabled middleware for data observation, performance analysis, system monitoring, service alerting and other capabilities. The opentelemetry project starts in 2019 and aims to provide a standardised solution for observability software for cloud-based environments. It provides a monitoring service system that is independent of the three parties.

OCI containers with Wasm

WebAssembly (Wasm) has a complete set of semantics and is designed to be version-free, feature-testable and backwards compatible on the web, but of course WebAssembly can run not only on browsers but also in non-web environments. In fact wasm is a small and fast loading binary format whose goal is to make full use of the hardware capabilities to achieve native execution efficiency, and in this article we will present a scenario of running a Wasm workload as a container image.

JVM troubleshooting tips in Kubernetes

In our daily work, usually applications are deployed containerized using Kubernetes, but there are always problems, for example, the JVM heap is smaller than the memory size set in the Docker container and the memory size of Kubernetes, but it is still OOMKilled. Exit Code 137 indicates that the container has received a SIGKILL signal and the process has been killed, corresponding to kill -9. The SIGKILL is triggered by a docker kill, which can be initiated by the user or by the docker daemon, executed manually: docker kill.

Python uses Logging to record program logs

This article will start with the basics and teach you how to use Logging to record program logs with simple examples. 1. logging Quick start 1.1. Why not use Print? Logging is an extremely important part of deploying a program to a production environment, and logging is useful for programs in three ways Status logging: for each point in time, it is important to record the status of the business operation at that time, and often you need to rely on this information to determine business problems Bug reproduction: Production environments are not equipped for single-step debugging, and bugs in production environments are extremely difficult to reproduce, so logging is the only and most effective means of reproducing bugs.

Pod QoS

QoS Levels QoS is closely related to resource limits and, as shown under, is the configuration of the resource limits section of a Pod. 1 2 3 4 5 6 7 resources: limits: cpu: 200m memory: 1G requests: cpu: 500m memory: 1G Kubernetes classifies Pod QoS into three levels of QoS based on CPU and memory configurations. Guaranteed: guaranteed, set only limits or if requests is the same as limits Burstable: burstable, only if requests or requests is lower than limits Best-effort: default, or this level if not set Why you should care about Pod QoS levels In Kubernetes, resources are divided into two categories: compressible resources “CPU” and incompressible resources “memory”.

Understanding the Kubernetes eviction mechanism

Eviction is the termination of a Pod running on a Node to ensure the availability of the workload. For using Kubernetes, it is necessary to understand the eviction mechanism because usually, Pods are evicted because they need to solve the problems caused behind the eviction, and to quickly locate them you need to have an understanding of the eviction mechanism. Reasons for Pod eviction Kubernetes officially gives the reasons for the eviction of subordinate Pods as follows.

How to develop kernel modules with rust

In recent years, the Rust language has gained a lot of developer attention for its memory safety, high reliability, zero abstraction, and other capabilities that happen to be needed in kernel programming, so let’s look at how to write Linux kernel modules in rust. Rust and Kernel Modules Although Rust support has been merged into the mainline in Linux Kernel version 6.1, so theoretically developers can use Rust to write kernel modules for Linux 6.

Running Python code with GPU

Introduction The other day I was tinkering with Ubuntu and wanted to use the NVIDIA graphics card on my old computer to run code on the GPU and experience the joy of multi-core. Luckily, my computer also supports Cuda. 1 2 3 4 5 6 7 8 9 10 11 12 13 $ sudo lshw -C display *-display description: 3D controller product: GK208M [GeForce GT 740M] vendor: NVIDIA Corporation physical id: 0 bus info: pci@0000:01:00.