PKI Systems and CA

In the previous article, we introduced some basic knowledge of digital signature and digital certificate, but we did not mention how to manage digital certificate, such as the file format of digital certificate, application and rotation of digital certificate, etc. This article will introduce the management of digital certificate. Speaking of digital certificate management, we have to mention a proper noun: PKI (Publick Key Infrastructure), which is a key management platform following established standards and can provide cryptographic services such as encryption and digital signature and the necessary key and certificate management system for all network applications.

Digital Signature and Digital Certificate

The previous article focused on understanding the basics of cryptography, including the principles of the two encryption algorithms, and ended with the introduction of the concept of Digital Certificate in asymmetric encryption algorithms. This note will continue to explore what a digital certificate is, but before we can understand it, we must first know what a digital signature is. There is a very classic article that describes the concept of digital signatures and digital certificates in detail, and most of this article is taken from that article.

Cryptography Basics

Cryptography Cryptography is the study of the technical science of cryptography and code-breaking. The study of the objective laws of cryptographic changes, applied to the preparation of passwords to keep the secrets of communication, known as cryptography; applied to deciphering passwords to obtain communication intelligence, known as deciphering, in general, known as cryptography. Cipher is an important means of secrecy for the communication parties to carry out special transformations of information according to the agreed laws.

The history and current development of character encoding

Character encoding issues may seem insignificant and are often ignored, but without a systematic and complete understanding of character encoding knowledge, we will encounter various “traps” in the actual encoding process. Today, we will look at character encoding in detail. The origin of everything Character encoding is mainly a solution to how to use the computer to express specific characters, but those who have basic computer theory knowledge know that

Big Endian and Little Endian

Byte Order When it comes to byte order, there are two major CPU families involved. These are Motorola’s PowerPC series CPUs and Intel’s x86 series CPUs. The PowerPC series uses Big Endian to store data, while the x86 series uses Little Endian to store data. So what exactly is Big Endian and what is Little Endian? In fact, Big Endian means the highest valid byte is stored in the low address, while Little Endian means the lowest valid byte is stored in the low address.

Kubernetes Client Go

In fact, Kubernetes officially provides client-side libraries in various languages, but due to the inherent advantage of golang in the cloud-native domain, client-go is relatively the most used library. However, it is difficult to explain client-go clearly in one article, so it is impossible to cover all the details in this article, and we will try to describe the main framework clearly and explore the common interfaces and usage of client-go with code snippets.

Exploring the source code of the kubernetes API

I guess many people, like me, were confused by the various repositories when they first opened the kubernetes project source code on Github. kuberentes has many repositories under the organization, including kubernetes, client-go, api, apimachinery, etc., where should I start? The kubernetes repository should be the core repository of the kubernetes project, which contains the source code of the core components of the kubernetes control plane; client-go is also the go language client that operates the kubernetes API, as the name suggests; api and apimachinery should be the repositories related to the kubernetes API, but Why are they separated into two different repositories?

Exploring the organization of the Kubernetes API

I’ve been in contact with cloud native for a few years now, but I don’t know enough about kubernetes fundamentals, so I often need to open godoc or kubernetes source code to see the definition of an interface or method when writing code. This fast-food way of consuming code can solve common problems, but sometimes a simple problem will be troubled for a long time. The reason for this is that there is no systematic learning of kubernetes, and in particular no deeper understanding of the design and principles of the kubernetes API, which is a topic that we usually can’t get around to extend the functionality of kubernetes.

React Why re-render

Updating (re-rendering) is an important feature of React – when a user interacts with an application, React needs to re-render and update the UI in response to the user’s input. But why does React re-render? If we don’t know why React re-renders, how can we avoid additional re-rendering? Image From: Render and Commit - React Beta Docs TL; DR State changes are one of the only reasons why updates occur inside the React tree.

The conversion of byte slice and string has changed again in Go 1.20

In Go 1.19 development, string.SliceHeader and string.StringHeader went through a life-or-death struggle, and these two types were once marked as deprecated (deprecated), but these two types are often used in scenarios where slice of byte and string are efficiently interchanged, so if they are marked as deprecated, but there is no alternative, they are removed from the deprecation mark, if nothing else. They will also be marked as deprecated again in Go 1.

Chaos Mesh

1. Chaos Mesh Chaos Mesh is a cloud-native chaos engineering platform that orchestrates chaos in a Kubernetes environment, allowing users to simulate real-world anomalies in development testing and production environments, helping them to identify potential system problems. Chaos Mesh is open-sourced by PingCAP and originated as the core testing platform of TiDB, inheriting a lot of TiDB’s existing testing experience at the beginning of the release. At the same time, Chaos Mesh is designed mainly for Kubernetes scenarios, and can be quickly deployed in the Kubernetes cluster under test without modifying the deployment logic of the system under test (SUT).

systemd common commands

1. Get information about units The systemctl list-units can be used to quickly get information about all units. 1 2 3 4 5 6 7 8 9 10 # List running Units systemctl list-units # List all Units, including those for which no configuration file was found or failed to start systemctl list-units --all # List all units that are not running systemctl list-units --all --state=inactive # List all units that failed to load systemctl list-units --failed # List all running units of type service systemctl list-units --type=service The systemctl list-dependencies allows you to get the dependency information of the units.

Systemd and Cgroup

The cgroup presented in this article is based on the v1 version. systemd For an operating system, just getting the kernel up and running is useless; the init system must initialize the operating system into an operational state, and the familiar systemd acts as the init system in most Linux distributions today. systemd is the newest init system in linux, and its main design goal is to overcome the inherent shortcomings of its predecessor, sysvinit, and increase the speed of the system boot.

centos 7 uppgradera systemd

This article documents my attempts to upgrade systemd and switch cgroupv2 on a Centos 7 system. Background In linux 4.5, cgroup v2 has been added to the kernel code as a new feature. After upgrading the kernel, users can check if cgroup v2 is supported by the following command. 1 2 3 4 5 grep cgroup /proc/filesystems # OUTPUT nodev cgroup nodev cgroup2 The kubernetes 1.25.0 release has full support for cgroup v2, and the official documentation recommends that you configure cgroupDriver to systemd.

Kubernetes Ops: Taints and Tolerations

Taints and Tolerations in Kubernetes are one of the important mechanisms of the scheduling system, which manages services to ensure that Pods are not scheduled to inappropriate nodes. In this article, we will briefly introduce the Taints and Tolerations mechanism of Kubernetes. Taints Taints are labels defined on Node objects in Kubernetes. Unlike Labels and Annotations mechanisms that record information using key=values, Taints add an effect attribute that is described using the key=value:effect format, where the Key and Value can be user-defined strings, and the effect indicates how the Taints affects the Kubernetes scheduling pod, which currently supports the following three types.

A thread-safe map library with generic support

orcaman/concurrent-map is a very efficient thread-safe map library. As its documentation says, the standard library sync.Map is more suitable for append-only scenarios or a scenario where there is a lot less writing and a lot more reading. For more reads and more writes, concurrent-map may be more advantageous. It is a way to reduce the granularity of locks by slicing, thus improving performance. Earlier this year, this library was revamped and started supporting generic types, but unfortunately, it only supports Value value generic, its key can only be of type string, which limits its application scenarios.

Kubernetes Service

Service Overview In kubernetes, a pod is a carrier for an application and the application can be accessed through the ip of the pod. However, the ip address of the pod is not fixed, which means it is not convenient to directly adopt the ip of the pod to access the service. To solve this problem, kubernetes provides Service resources, which aggregate multiple pods providing the same service and provide a unified entry address.

Using Linkerd in Production

So far, we have been using Linkerd in its most basic form without focusing on production-level related issues. In this section we will look at some of the key considerations for use in a production environment, including High Availability (HA) mode, Helm Chart, cross-cluster communication, and external Prometheus. High Availability High Availability describes a system with a redundant architecture that will continue to operate if some part of the system fails.

Magical Google Binary Codec Technology: Protobuf

A very basic problem in computer network programming: how to represent the data interacted between client and server, think about this problem before reading on. Consensus and Protocols The problem is not as simple as it seems, because the client process and the server process are running on different machines, which may run on different processor platforms, may run on different operating systems, may be written in different programming languages, how does the server recognize what data the client is sending?

File System in Golang: io.FS

There is an amazing thing about Go in the file IO scenario. When opening a file, instead of an interface, it returns a pointer to an os.File structure. 1 2 3 func Open(name string) (*File, error) { return OpenFile(name, O_RDONLY, 0) } This means that the concept of Go’s filesystem is directly related to the concept of the OS’s filesystem. You have to pass in a file path, and you have to actually go and open an OS file.