Status and Limitations of CPU Scheduling Management in Kubernetes

K8s’ cpuManager does the CPU resource allocation and isolation on the node side (core pinning and isolation, how to do isolation). Discovery of CPU topology on the machine Report available resources to K8s tier machines (including kubelet side scheduling) Allocate resources for workload execution Tracking resource allocation for pods This article provides a general introduction to the current state and limitations of CPU management in K8s, and analyzes the current community dynamics in conjunction with community documentation.

Installing an older version of Kubernetes

I remember reading a report the other day that Kubernetes for internal use in private deployments was delayed by 17 months compared to the community version. So, in many companies, installing an older version of Kubernetes may be a routine operation. However, not only does Kubernetes have versioning issues, but its installation tool, kubeadm, also has versioning requirements, so in order to install a specific version of Kubernetes, you have to install a specific version of kubeadm.

Rust Learning Notes: package/crate/module

cargo new generates the beginnings of a project, providing the src/main.rs and src/lib.rs files, but as the project grows, the amount of code becomes larger, and it is not appropriate to maintain a large amount of code in one file. This is when files are usually split by “modules”, and rust is no exception. Here we learn how the code is organized in rust, mainly involving the following concepts. package: a concept in Cargo that manages crate crate: a collection of modules, compilation units, both lib and bin, that is, for others to call, or an executable file module: used to organize code within crate workspace: when the project is complex, manage multiple packages package The cargo new command creates a new project, also a package, with a cargo.

K8s Mutating Webhook

I recently wrote another Mutating Webhook for K8s and read the official documentation. Some special points to remember are summarized below. Although it is mainly for Mutating type webhooks, it should work for Validating type webhooks as well. Versioning One of the most troublesome things about programming in K8s is the issue of versioning and the resulting dependencies on go mod. So the first thing you need to do before writing code, and before referring to other people’s code, is to check which API versions you need to support and use.

Go 1.18 things - workspace, fuzzy tests, generics

On March 15, 2022, Google released the much-anticipated Golang 1.18, which brings several major new features. a workspace to solve some of the problems associated with developing multiple repositories locally at the same time a Fuzzing Test that automatically detects code branches, generates random input, and checks to see if the code panics generic support that many developers have been waiting for. This article will briefly describe these three features.

PostgreSQL14's Continuous Archive Backup Feature

Continuous Archival Backups pg has three basic backup methods. sql dump using pg_dump, which is a logical backup that cannot be restored to a specified state. File system based backup, requires file system to provide snapshot function to ensure consistency, otherwise must be shut down first and then backed up. Continuous archiving, the preferred high-reliability backup technology. Continuous archiving of WAL logs is the key to implementing archived backups, combining a file system level backup with an archived WAL file, so that when recovery is required, the file system backup is restored first, and then the archived WAL file is replayed to restore the system to its current (or specified point in time) state.

Hello Rust async/await

Rust’s support for async/await is becoming more and more mature, and in some scenarios it can be significantly more efficient than models such as threads. Here’s a brief look at how to get started with asynchronous programming in Rust the fastest way possible. Hello world async/await In Rust, asynchronous programming is abstracted as a Future trait, similar to a Promise in JavaScript. In recent Rust, Future objects can be created

About the K8s Secret is not secure

K8s provides a Secret resource to store and set sensitive information such as API endpoint addresses, various user passwords or tokens, and so on. When you are not using K8s, this information may be set at deployment time through a configuration file or environment variable. However, Secret is not really secure, as anyone who has looked at Secret with kubectl knows, we can easily see the original text of Secret,

How Rust async/await is implemented internally

A colleague asked how Rust aysnc/await is implemented, stopping at the await place and then resuming the execution (of the current thread/coroutine) when it continues, also using something like yield/generator? I’ve tried it briefly, and I guess it’s probably like this. The following code. 1 2 3 4 5 6 7 8 9 10 11 async fn say_world() { println!("hello world"); } #[tokio::main] async fn main() { let op = say_world(); op.

Array/Slice/Vector in Rust

Regardless of the programming language, the most common data types are numeric, string, and array. Here array is a general term, generally refers to a collection that can hold multiple elements, but of course the collection here is not strictly mathematical definition. Array Let’s look at arrays first. An array is a collection of data of the same type, located in contiguous blocks of memory, and stored on the stack

How CNI works

No one who uses K8s will be unaware of CNI, but probably most people, most of the time, only care about the installation. Put the binary in /opt/cni/bin, create the configuration file under /etc/cni/net.d/, and leave the rest to K8s or containerd, we don’t care and don’t understand the implementation. CNI, known as Container Network Interface, is a specification used to define container networks. containerernetworking/cni is a CNCF CNI implementation project, including basic bridge, macvlan and other basic network plugins.

Some summaries on Rust string literals

There are two types of strings in Rust, String and &str, where String can be dynamically allocated, modified, and the internal implementation can be understood as Vec<u8>, and &str is a slice of type &[u8]. Both of these strings can only hold legal UTF-8 characters. For non-naturally recognizable UTF-8 characters, consider using the following types. File paths have dedicated Path and PathBuf classes available. Use Vec<u8> and &[u8] Use OSString and &OSStr to interact with the operating system Use CString and &CStr to interact with C libraries The second method above is the common way to handle non-UTF-8 byte streams, which is to use Vec<u8> and &[u8], where we can also use literal values for both types of data, which we call byte string literals of type &[u8].

MacOS installation and configuration of Homebrew

Homebrew is a package management tool for MacOS, similar to Ubuntu’s apt and Arch Linux’s pacman, with many useful functions such as install, uninstall, update, view, search, etc. Many useful functions. It is very convenient and quick to implement package management with a simple command, without you caring about various dependencies and file paths. Installation and use of Homebrew Homebrew installation Homebrew is installed by simply typing a command in the command line.

Summary of eviction strategy for k8s standalone

Process eviction: When there is resource pressure on a machine, it may be due to a malicious program that is consuming system resources, or due to overcommit. The system reduces the overall impact of a single program on the system by controlling the survival of processes on the machine. The most critical aspect of the eviction phase is to select the right process to ensure system stability by minimizing the cost.

Containerd Docking Private Image Repository Harbor

Harbor is a CNCF Foundation-hosted open source trusted cloud-native docker registry project that can be used to store, sign, and scan image content. Harbor extends the docker registry project by adding some common features such as security, identity rights management, etc. In addition, it also supports copying images between registries and provides more advanced security features such as user management, access control, and activity auditing, etc. Support for Helm repository

Error [ERR_REQUIRE_ESM]: require() of ES Module Error Problem and Solution

In the Node.js Cli tools project developed with TypeScript, the output of tsconfig.json is set to CommonJS. When importing external dependencies such as chalk, boxen, etc., the latest versions of these packages are pure ES Module packages, resulting in an error like the following and not available. 1 2 3 4 5 6 Error [ERR_REQUIRE_ESM]: require() of ES Module xxx\node_modules\boxen\index.js from abc.ts not supported. Instead change the require of index.js in xxx.

How to use Docker in Alpine Linux Docker images

Docker in Docker actually makes a lot of sense, like the following scenario I encountered. I need to use the CIDI service provided by the public cloud to trigger one-click build+test+deployment in the cloud, so I need an environment to build and release, but the build node in the cloud does not necessarily meet my criteria. In the case of cloud build nodes we have no way to control (i.e. we can’t SSH directly to them).

Load balancing problem for Keep-Alive connections

In a distributed system, if Service A has to invoke Service B and multiple instances of both services are deployed, the problem of load balancing has to be solved. That is, we want the QPS reaching B to be balanced across all instances of B. In previous HTTP/1.1-like implementations, Service A needs to establish a TCP connection with B for each request. So the load balancing implementation is generally based on the number of connections.

Using Prometheus Pushgateway to push monitoring metrics

We know that Prometheus uses the pull mode, but in some network scenarios (such as not on a subnet or firewall), Prometheus cannot directly pull the monitoring metrics data, so we may need a mode that can actively push. Pushgateway is one of the tools in the Prometheus ecosystem to solve this problem. However, Pushgateway is not a panacea and has some drawbacks. Aggregating data from multiple nodes to pushgateway,

How to customize linter (static checking tool) in Go

Usually we use static code checking tools to ensure code quality in our business projects, through static code checking tools we can find some problems in advance, such as undefined variables, type mismatches, variable scope problems, array subscript overruns, memory leaks, etc. The tools will classify the severity of the problem according to their own rules, giving different signs and hints, static code checking The static code checker helps us