1. Technical background 1.1 Dynamic linking technology for programs In the actual development process, we often need to dynamically update the functions of the program, or add or update the program modules without changing the main program files. 1.1.1 Dynamic Link Library The first and most common is the Dynamic Link Library (DLL) supported by the Windows platform, usually with the suffix .dll. Its advantages are very obvious: multiple programs can share code and data.

1 Preface Some time ago, I was looking at the code of an old product, which was a mixed C/C++ code, and the code was full of global variables and used extern references to external global variables. The problem was that since there were dependencies between classes, if all dependencies were passed in through the constructor method, it would lead to a complex construction of the whole object dependency graph. For older code, using global variables + extern references can be a simple and brutal way to insert new call relationships to be added, but it also brings code corruption.

When using git on a daily basis, there is usually a global configuration file .gitconfig that all repo’s will use by default. If you need to configure a particular repo, you just need to modify the .git/config file in the repo. However, if you need to change more repo’s, it’s easy to forget and commit the wrong author’s commit. Demo For example, if you want to use different user.name and user.

There are many articles on the web about k8s flattening network construction, mostly for large-scale clusters. But now there are many people also use Docker deployment service in NAS or home server. This article focuses on how to use Docker to build a flat network and provide cross-host interoperability of containers. With the release of Docker in 2013, container technology started to come into major Internet companies. Container technology not only serves the online business of Internet companies, but also provides great convenience for developers to build test environments and three-party dependency services.

1 Pre-requisite knowledge 1.1 Introduction to Cilium Cilium is a Kubernetes CNI plug-in based on eBPF technology, which Cilium positions on its official website as being dedicated to providing a range of eBPF-based networking, observability, and security solutions for container workloads. Cilium implements networking, observability and security related features by using eBPF technology to dynamically insert control logic inside Linux that can be applied and updated without modifying application code or container configuration.

What is a resource? All the content in K8s is abstracted as resources, and after resources are instantiated, they are called objects. List of resource types Workload Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet, Job, CronJob (ReplicationController is deprecated in v1.11) Service Discovery and Load Balancing Service, Ingress … Storage Volume, CSI Configuration ConfigMap, Secret, DownwardAPI Cluster Namespace, Node, Role, ClusterRole, RoleBinding, ClusterRoleBinding Metadata HPA, PodTemplate, LimitRange List of resources What is a resource manifest?

HTTP/2 has two concepts, stream and frame, where frame is the smallest transmission unit of communication in HTTP/2, usually a request or response is divided into one or more frames for transmission, and stream represents a virtual channel with established connection, which can transmit multiple requests or responses. Each frame contains a Stream Identifier that identifies the stream to which it belongs. HTTP/2 achieves multiplexing through streams and frames, and

In Web services, in addition to the actual business code, often need to achieve a unified record of request logs, rights management or exception handling and other functions, these in the web framework Gin or Django can be achieved through middleware, while gRPC can use interceptor, rpc request or response to intercept processing. gRPC server and client can implement their own interceptor, according to the two types of rpc requests

1. Output location is different Looking at the source code of fmt.Println, it is obvious in the comments and the code: writes to standard output, the content is output to os.Stdout, which is the standard output. 1 2 3 4 5 6 // Println formats using the default formats for its operands and writes to standard output. // Spaces are always added between operands and a newline is appended. // It returns the number of bytes written and any write error encountered.

I’ve heard of Duff’s device, an optimization of serial replication, for a long time. Recently, I found that Go language also uses the idea of Duff’s device when initializing zero values. So I took a closer look at it and share it with you today. If you need to copy a certain length of data to another address starting from a certain address, the simplest code is as follows. 1 2 3 4 5 6 send(short *to, short *from, int count) { do { *to++ = *from++; } while (--count > 0) } Because only one byte is copied in each loop, a total of count conditional branch judgments are performed.

WaitGroup is a concurrency primitive often used in Go concurrent programming to do task scheduling. It looks like it has only a few simple methods and is relatively easy to use. In fact, the internal implementation of WaitGroup has been changed several times, mainly to optimize the atomic operations of its fields. The original implementation of WaitGroup The earliest implementation of WaitGroup is as follows. 1 2 3 4 5

Security is a top priority for cloud-native applications, and while security is a very broad topic, Linkerd still has an important role to play: its two-way TLS (mTLS) feature is designed to enable a zero-trust approach to security in Kubernetes. Zero-trust security is an IT security model that requires strict authentication for every person and every device that attempts to access resources on a private network, whether located inside or outside the network boundary.

When a service requests a resource, if it encounters a network exception or other situation that causes the request to fail, it needs a retry mechanism to continue the request. A common practice is to retry 3 times and sleep randomly for a few seconds. For business development scaffolding, the HTTP Client basically encapsulates the retry method and automatically retries when the request fails according to the configuration. Here is an example of a common HTTP Client to see how it implements request retry.

Problem Background Suppose this business scenario: after posting an article, if the article contains a video link, the user needs to download the video and transcode it. There is some subsequent business logic after the transcoding is done. 1 2 3 4 5 6 7 8 9 10 11 12 @RestController class ArticleController { @PostMapping("/article") fun createArticle(article: Article) { if (article.videos.isNotEmpty()) { val urls = videoTranscodeService.transcode(articles.videos) article.setVideoUrls(urls) } // Continue other business logic after video transcoding is complete processArticle(article) } } If this code is written in the article publishing service, and videoTranscodeService is another remote service that provides an asynchronous interface, then we can’t simply write a synchronous method, wait for the method to return and continue executing the business logic later.

Development environment build Development based on Ubuntu 18.04. Basic Tools Download Install Bazel 1 2 sudo wget -O /usr/local/bin/bazel https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64 sudo chmod +x /usr/local/bin/bazel Install base dependencies 1 sudo apt-get install libtool cmake automake autoconf make ninja-build curl unzip virtualenv Clang build environment (optional) Download and install from llvm, version 9.0 is more compatible. 1 2 bazel/setup_clang.sh <PATH_TO_EXTRACTED_CLANG_LLVM> echo "build --config=clang" >> user.bazelrc Building DEBUG versions with bazel 1 bazel

Istio is known to have health checks for the VMs it accesses, and for services on k8s, the health check section is included in the Pod. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 apiVersion: v1 kind: Pod metadata: name: goproxy labels: app: goproxy spec: containers: - name: goproxy image: k8s.gcr.io/goproxy:0.1 ports: - containerPort: 8080 readinessProbe: tcpSocket: port: 8080 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: tcpSocket: port: 8080 initialDelaySeconds: 15 periodSeconds: 20 And for VM-accessed Workload, istio provides a similar capability.

One of the most important problems that Linkerd Service Mesh solves is observability: providing a detailed view of service behavior, Linkerd’s value proposition for observability is that it can provide golden metrics for your HTTP and gRPC services that are executed automatically, without code changes or developer involvement. Out of the box, Linkerd provides these metrics on a per-service basis: all requests across services, regardless of what those requests are.

1 Preface Java/Go languages have built-in reflection mechanism to support getting information about classes/methods/properties at runtime. Reflection mechanism has many application scenarios, such as the most common data serialization, if there is no reflection mechanism, either based on code generation, such as protobuf; or is a line of hand-written code that is pure manual work. C++ does not have a built-in set of reflection mechanisms, and implementing reflection mechanisms is

Resource Quotas are defined through the ResourceQuota object, which provides an overall resource limit for each namespace: it can limit the total number of objects of a certain type in the namespace, or it can set the total limit of computational resources that can be used by Pods in the namespace. When using resource quotas, there are two things to keep in mind. If the total available resources in the cluster are less than the sum of the resource quotas in each namespace, then this may lead to resource contention.

The cluster configuration is adjusted according to the number of cluster users to achieve the purpose of controlling the amount of resources used in a specific namespace and ultimately achieving fair usage and cost control of the cluster. The functions to be implemented are as follows. Limit the amount of compute resources used by Pods in the running state. Limit the number of persistent volumes to control access to storage. Limit the number of load balancers to control costs.