This article describes how to create a virtual bridge in centos8 using the nmcli tool and add a physical NIC to the virtual bridge to make it a Layer 2 switch. This operation is not only applicable to physical NIC devices, but also to virtual NIC devices of various virtual machines. The goal is to combine all three NICs in the red box into a Layer 2 switch. First we need to create a bridge device, which is the functional equivalent of the switch we normally use.

1. background introduction Here is an excerpt from the official website, you can visit official website for more information if you are interested. The official website provides multiple language support, which is still quite good in terms of experience. Rocky Linux is a community-based, enterprise-class operating system. It is designed to be 100% bug-compatible with the top U.S. enterprise Linux distributions due to a shift in development by the latter’s downstream partners.

This article introduces the service discovery and traffic exposure mechanism in K8S clusters, including the workload type, service type, DNS resolution principle, and the rules of Layer 4 service exposure and Layer 7 service exposure in K8S. 1. Cloud-native foundation concepts 1.1 K8S Architecture The following diagram is a brief introduction to the K8S architecture design in the official K8S documentation. This architecture diagram focuses on the relationship between the

This article mainly deploys v1.23.6 version of k8s native cluster based on docker and calico components on centos7 system, because the cluster is mainly used for own learning and testing, plus limited resources, not involved in high availability deployment for now. 1. Preparation 1.1 calico-cluster node information The machines are all 8C8G virtual machines with 100G hard disk. IP Hostname 10.31.88.1 tiny-calico-master-88-1.k8s.tcinternal 10.31.88.11 tiny-calico-worker-88-11.k8s.tcinternal 10.31.88.12 tiny-calico-worker-88-12.k8s.tcinternal 10.88.64.0/18 podSubnet 10.88.0.0/18 serviceSubnet

This article mainly deploys v1.23.6 version of k8s native cluster based on docker and flannel components on centos7 system, because the cluster is mainly used for own learning and testing, plus limited resources, not involved in high availability deployment for now. 1. Preparation 1.1 flannel-cluster node information The machines are all 8C8G virtual machines with 100G hard disk. IP Hostname 10.31.8.1 tiny-flannel-master-8-1.k8s.tcinternal 10.31.8.11 tiny-flannel-worker-8-11.k8s.tcinternal 10.31.8.12 tiny-flannel-worker-8-12.k8s.tcinternal 10.8.64.0/18 podSubnet 10.8.0.0/18 serviceSubnet 1.

Kubernetes, a Greek word meaning “helmsman” or “pilot,” is a portable, scalable open source platform that uses declarative configuration to manage orchestration of container services and increase the level of automation and efficiency. At the same time, k8s is supported by a large and still growing ecosystem of available peripheral services, tools and ecological support. The definition given on the official kubernetes website is as follows. Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.

I recently saw an issue: irssi 1.4.1 fails to build on darwin arm64, and it’s phenomenon is that it reports an error when linking. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Undefined symbols for architecture arm64: "_current_theme", referenced from: _format_get_text_theme in libfe_common_core.a(formats.c.o) _format_get_text in libfe_common_core.a(formats.c.o) _strip_codes in libfe_common_core.a(formats.c.o) _format_send_as_gui_flags in libfe_common_core.a(formats.c.o) _window_print_daychange in libfe_common_core.a(fe-windows.c.o) _printformat_module_dest_charargs in libfe_common_core.a(printtext.c.o) _printformat_module_gui_args in libfe_common_core.a(printtext.c.o) ... "_default_formats", referenced from: _format_find_tag in libfe_common_core.

K8s’ cpuManager does the CPU resource allocation and isolation on the node side (core pinning and isolation, how to do isolation). Discovery of CPU topology on the machine Report available resources to K8s tier machines (including kubelet side scheduling) Allocate resources for workload execution Tracking resource allocation for pods This article provides a general introduction to the current state and limitations of CPU management in K8s, and analyzes the current community dynamics in conjunction with community documentation.

I remember reading a report the other day that Kubernetes for internal use in private deployments was delayed by 17 months compared to the community version. So, in many companies, installing an older version of Kubernetes may be a routine operation. However, not only does Kubernetes have versioning issues, but its installation tool, kubeadm, also has versioning requirements, so in order to install a specific version of Kubernetes, you have to install a specific version of kubeadm.

cargo new generates the beginnings of a project, providing the src/main.rs and src/lib.rs files, but as the project grows, the amount of code becomes larger, and it is not appropriate to maintain a large amount of code in one file. This is when files are usually split by “modules”, and rust is no exception. Here we learn how the code is organized in rust, mainly involving the following concepts. package: a concept in Cargo that manages crate crate: a collection of modules, compilation units, both lib and bin, that is, for others to call, or an executable file module: used to organize code within crate workspace: when the project is complex, manage multiple packages package The cargo new command creates a new project, also a package, with a cargo.

I recently wrote another Mutating Webhook for K8s and read the official documentation. Some special points to remember are summarized below. Although it is mainly for Mutating type webhooks, it should work for Validating type webhooks as well. Versioning One of the most troublesome things about programming in K8s is the issue of versioning and the resulting dependencies on go mod. So the first thing you need to do before writing code, and before referring to other people’s code, is to check which API versions you need to support and use.

On March 15, 2022, Google released the much-anticipated Golang 1.18, which brings several major new features. a workspace to solve some of the problems associated with developing multiple repositories locally at the same time a Fuzzing Test that automatically detects code branches, generates random input, and checks to see if the code panics generic support that many developers have been waiting for. This article will briefly describe these three features.

Continuous Archival Backups pg has three basic backup methods. sql dump using pg_dump, which is a logical backup that cannot be restored to a specified state. File system based backup, requires file system to provide snapshot function to ensure consistency, otherwise must be shut down first and then backed up. Continuous archiving, the preferred high-reliability backup technology. Continuous archiving of WAL logs is the key to implementing archived backups, combining a file system level backup with an archived WAL file, so that when recovery is required, the file system backup is restored first, and then the archived WAL file is replayed to restore the system to its current (or specified point in time) state.

Rust’s support for async/await is becoming more and more mature, and in some scenarios it can be significantly more efficient than models such as threads. Here’s a brief look at how to get started with asynchronous programming in Rust the fastest way possible. Hello world async/await In Rust, asynchronous programming is abstracted as a Future trait, similar to a Promise in JavaScript. In recent Rust, Future objects can be created

K8s provides a Secret resource to store and set sensitive information such as API endpoint addresses, various user passwords or tokens, and so on. When you are not using K8s, this information may be set at deployment time through a configuration file or environment variable. However, Secret is not really secure, as anyone who has looked at Secret with kubectl knows, we can easily see the original text of Secret,

A colleague asked how Rust aysnc/await is implemented, stopping at the await place and then resuming the execution (of the current thread/coroutine) when it continues, also using something like yield/generator? I’ve tried it briefly, and I guess it’s probably like this. The following code. 1 2 3 4 5 6 7 8 9 10 11 async fn say_world() { println!("hello world"); } #[tokio::main] async fn main() { let op = say_world(); op.

Regardless of the programming language, the most common data types are numeric, string, and array. Here array is a general term, generally refers to a collection that can hold multiple elements, but of course the collection here is not strictly mathematical definition. Array Let’s look at arrays first. An array is a collection of data of the same type, located in contiguous blocks of memory, and stored on the stack

No one who uses K8s will be unaware of CNI, but probably most people, most of the time, only care about the installation. Put the binary in /opt/cni/bin, create the configuration file under /etc/cni/net.d/, and leave the rest to K8s or containerd, we don’t care and don’t understand the implementation. CNI, known as Container Network Interface, is a specification used to define container networks. containerernetworking/cni is a CNCF CNI implementation project, including basic bridge, macvlan and other basic network plugins.

There are two types of strings in Rust, String and &str, where String can be dynamically allocated, modified, and the internal implementation can be understood as Vec<u8>, and &str is a slice of type &[u8]. Both of these strings can only hold legal UTF-8 characters. For non-naturally recognizable UTF-8 characters, consider using the following types. File paths have dedicated Path and PathBuf classes available. Use Vec<u8> and &[u8] Use OSString and &OSStr to interact with the operating system Use CString and &CStr to interact with C libraries The second method above is the common way to handle non-UTF-8 byte streams, which is to use Vec<u8> and &[u8], where we can also use literal values for both types of data, which we call byte string literals of type &[u8].

Homebrew is a package management tool for MacOS, similar to Ubuntu’s apt and Arch Linux’s pacman, with many useful functions such as install, uninstall, update, view, search, etc. Many useful functions. It is very convenient and quick to implement package management with a simple command, without you caring about various dependencies and file paths. Installation and use of Homebrew Homebrew installation Homebrew is installed by simply typing a command in the command line.