When using Kubernetes, users often need to share the use of Kubernetes clusters (multi-tenancy) to simplify operations and reduce costs while meeting the needs of multiple teams and customers. While Kubernetes itself does not directly provide multi-tenancy capabilities, it provides a set of features that can be used to support the implementation of multi-tenancy. Based on these features, a number of projects have emerged in the Kubernetes community to implement multi-tenancy.

In recent years, the Rust language has gained a lot of developer attention for its memory safety, high reliability, and zero abstraction capabilities, which happen to be needed in kernel programming, so let’s try out how to write Linux kernel modules in rust. Rust and kernel modules Although Rust support has been merged into the mainline in Linux Kernel version 6.1, so in theory, developers can use Rust to write kernel modules for Linux 6.

To speed up CI execution, caching is a very effective tool. Ensuring the highest utilization of the cache is the most important concern when using caching. For example, after caching the entire target directory, when do you update the cache? The best way to do this is when there is a dependency change, which is Cargo.lock for Rust and package.lock for Node. Let’s see how to use the cache component to achieve the above effect, with three main parameters.

Set reasonable Req and Limit If you don’t set Req and Limit, when the CPU and MEM of the application skyrocket, it will endanger other Pods on the same node, and even cause the cluster nodes to be crushed one by one. There are four values of Req and Limit, if only some of them are set, Kubelet will expel Pods when the node resource usage reaches Kubelet’s preset value, the order of expulsion is Guaranteed > Burstable > Best-Effort Where:

HTTP is known as Hypertext Transfer Protocol, and there is a wide variety of information available on the Internet about the HTTP protocol, but most of them are listing the specific provisions of the HTTP protocol, and few of them are talking about the reasons why the HTTP protocol is designed this way. Today I will try to analyze the main features of the HTTP protocol from the perspective of problem solving, hoping to help you quickly understand the HTTP protocol.

Since its inception, Go has had the log package built into its standard library as a standard component of Go source output logging, and this package is widely used in the Go standard library itself and in Go community projects. However, for the Go standard library log package, the Go community has always demanded improvements, and the mainstream voice focuses on the following points. log packages are designed to be easily human readable and do not support structured logs that are easy to parse by machine such as outputting logs in json format like zap.

This article is about the maintainability of unit test code. I don’t know if you’ve ever written a spaghetti-style unit test, which is structured like this. Frankly, I’ve written quite a few. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 func TestFoo(t *testing.T) { // test get resp, err := GET(blabalbal) assert.Nil(err) ... // test post resp, err = POST(blabalbal) assert.Nil(err) ... // test update resp, err = PUT(blabalbal) assert.

The essence of a container is a special process, special in that it creates a NameSpace isolated runtime environment and uses Cgroups to control resource overhead for it. With these two underlying technologies, we can successfully implement application containerization, but how to make multiple containers in the network environment without interfering with each other can still communicate with each other, so that containers can access the external network, so that

Docker announced the first technical preview of its integration with WebAssembly (Docker+Wasm) and said the company has joined the Bytecode Alliance as a voting member. The Bytecode Alliance, founded by Mozilla, Fastly, Intel and Red Hat, is an organization that promotes WebAssembly standardization and aims to improve the WebAssembly ecosystem beyond the browser by collaboratively implementing standards and proposing new ones. It is currently actively promoting WASI (WebAssembly System Interface) to enable WebAssembly to securely access system resources such as files, networks, and memory.

What is eBPF eBPF, known as Extended Berkeley Packet Filter, is derived from BPF (Berkeley Packet Filter), which is a functional module for network message filtering. However, eBPF has evolved into a general-purpose execution engine, essentially a virtual machine-like function module in the kernel. eBPF allows developers to write custom code that runs in the kernel and is dynamically loaded into the kernel, attached to a kernel event that handles the execution of the eBPF program, without the need to recompile a new kernel module, and can dynamically load and unload eBPF programs as needed.

Preface This article explains the important new features of Python 3.11, but there are still many small changes, so I won’t mention them one by one, so if you’re interested, you should read the official changelog to understand them. Speed improvements This is the most exciting news ever. The official website says : CPython 3.11 is on average 25% faster than CPython 3.10 when measured with the pyperformance benchmark suite, and compiled with GCC on Ubuntu Linux.

Do you know what your K8s cluster is doing when you’re not using it? Who established TCP communication with him? Who is he calling? Using k8spacket and Grafana, we can visualize the TCP traffic in the cluster so we can understand how workloads are communicating with each other. Check how many connections were established, how many bytes were exchanged, and how long those connections were active. Introduction k8spacket is a tool written in Golang that uses the gopacket third-party library to sniff TCP packets (incoming and outgoing) on workloads, and it creates TCP listeners on the running container network interface.

PEP 646 - Variadic Generics Before introducing this PEP, we need to make up some knowledge, so let’s go deeper and deeper to understand the Generics first. A generic type is a feature that does not specify a specific type in advance when defining a function or class, but specifies the type at the time of use. For dynamic languages like Python, since everything is an object reference, you can determine the type directly at the time of use.

Document a fix for a cluster failure caused by an IP change. There are two clusters, one is a single node (allinone) and the other is a four node (3 master 1 node) cluster. 1. Update Etcd certificate Backup Etcd certificate at each Etcd node. 1 cp -R /etc/ssl/etcd/ssl /etc/ssl/etcd/ssl-bak View the domain in the Etcd certificate 1 2 3 openssl x509 -in /etc/ssl/etcd/ssl/node-node1.pem -noout -text|grep DNS DNS:etcd, DNS:etcd.kube-system, DNS:etcd.kube-system.svc, DNS:etcd.

kubectl is a command line tool (CLI) for Kubernetes, mainly used to help you manage Kubernetes clusters, deploy applications, view and manage resources and records in various clusters. When we want to create resources, we often use kubectl create or kubectl apply to create resources. Is it really the literal meaning (create/apply)? In this article, we will explore this question. Imperative vs. Declarative When we built the Kubernetes resource, we basically split it into two strategies, and understanding the difference between the two is critical to the future implementation of GitOps or IaC, and should be thoroughly understood.

A programmer’s code repository always needs to be hosted on a server to be safe and easy to use. Today we’re going to talk about Git servers. 1. Code Hosting Services In general, it’s not recommended to build your own Git server, but rather to use an off-the-shelf service, known as a code hosting service. They are free. GitHub Gitlab Bitbucket Codeberg sourcehut These are external services, so I won’t go into much detail.

Overview Because there are many projects to maintain, and because these projects have different histories, some may have been written by myself, some have been taken over from others, one of the problems we are facing is that Go versions may not be consistent, but you don’t dare to take the risk of upgrading to a consistent version, after all, the test coverage is not enough to give me confidence to do so.

For many people who are new to the cloud-native technology stack, container networking and Kubernetes networking has been a “mystery” and a bottleneck in the upward curve of many people’s container technologies, but it is also a topic that we can’t get around when we dive into the cloud-native world. To thoroughly understand container networking and Kubernetes networking, you need to understand many underlying networking concepts, such as the OSI seven-layer model, the Linux networking stack, virtual network devices, and iptables.

1. Why switch from Karma+Jasmine to Jest? The official recommended unit testing framework for Angular is Karma + Jasmine by default. Karma is used to execute unit tests in a real browser environment by launching the Chromium browser. Jest specifies the runtime environment through configuration, usually jsdom, and each test file is executed in a separate runtime environment. The main problems with Karma currently are the following. the need to launch the browser, compile the entire project and execute the unit test cases in the browser The result is unstable due to side effects of test case execution as it is executed in the browser and shared runtime environment.

Through some of the previous notes, we have a basic understanding of how various container network models are implemented. However, what really pushes container technology to the climax is the Kubernetes container orchestration platform. Kubernetes forms clusters by integrating massive container instances, which may run in heterogeneous underlying network environments, and how to ensure the interoperability between these containers is one of the primary considerations in real production environments. Kubernetes Network Basic Requirements Kubernetes does more abstraction of container technology, one of the most important points is to propose the concept of pod, which is the basic unit of Kubernetes resource scheduling, we can simply think pod is an extension of container, from a network perspective, a pod must satisfy the following conditions.