Concept WWW The World Wide Web is a system of many interlinked hypertexts accessible through the Internet. The World Wide Web was invented in 1989 by British scientist Tim Berners-Lee, who wrote the first web browser in 1990 while working at CERN in Switzerland. The Web browser was released outside CERN in 1991, first to other research institutions in January 1991, and made available to the public on the Internet in August 1991.

DNS DNS (Domain Name System) is a global distributed database for storing the mapping relationship between domain names and Internet IP addresses. DNS is divided into two main categories: authoritative DNS, and recursive DNS. Authoritative DNS Authoritative DNS is a DNS server set up at the domain name registrar for a specific domain name record, and is used for the management of the specific domain name itself. It only resolves domain names that it owns, and denies access to domains that are not its own.

In many systems, to decouple, or to handle tasks that take a long time (for example, some network requests may be slow, or some requests are CPU-intensive and need to wait for a while), we usually introduce task queues. A typical task queue consists of the following three parts. The first part is the producer, there are two common ones, one is triggered by the user, for example, in web applications, the user needs to send a request to the mail provider when verifying the mailbox; the other one is triggered by the machine, for example, the timing task, I generally call it scheduler.

The hottest Linux kernel technology in the last two years is none other than eBPF! Since 2019, in addition to the rapid evolution of eBPF technology itself, Observability, Security and Networking projects based on eBPF technology have sprung up. Familiar ones include cilium (bringing eBPF technology to the Kubernetes world), Falco (a de facto standard for Kubernetes threat detection engines when running cloud-native security), Katran (a high-performance four-tier load balancer), pixie (an observability tool for Kubernetes applications), and more.

registry By default istio uses k8s as registry, k8s service, endpoint corresponds to service, instance. For some Spring Cloud services that are not yet connected to the Service Grid, the registry they use may be consul, how to make the Consumer service on the Service Grid to access the non-Service Grid Provider is a problem faced by the application during the Service Grid migration. istio itself provides some mechanisms to bring in external registries of services.

consul introduction CP model. consul deployment on k8s 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 apiVersion: apps/v1 kind: Deployment metadata: labels: app: consul name: consul spec: selector: matchLabels: app: consul template: metadata: labels: app: consul spec: containers: - args: - agent - -enable-script-checks - -dev - -client - 0.0.0.0 image: consul:1.8.4 name: consul Service registration Configuration file method Specify the configuration directory via -config-dir.

The heap container is provided in golang’s container package. What can this container be used for and how does it do it? This article explains the heap, the heap package, the uses of the heap package, and the implementation of the heap package, starting from the source code of golang 1.9.3. 1 What is heap Let’s start by explaining what a heap (Heap) is. According to Wikipedia Heap (Heap) is a generic term for a special class of data structures in computer science.

I recently ran into a problem. Our kube-apiserver is configured with OIDC authentication and the OIDC issuer is added with dns server records, but for some reason I need to override the dns server resolution and use the hostAlias IP address instead, but the actual test found that it always took DNS resolution, although the /etc/hosts file file has been added with custom hosts records. The domain names that are not registered with the dns server can still be resolved by /etc/hosts.

kubernetes supports local volume (local volume) since version 1.10. workloads (not only statefulsets types) can take advantage of local fast SSDs to get better performance than remote volumes (e.g. cephfs, RBD). Before the advent of local volume, statefulsets could also take advantage of local SSDs by configuring hostPath and binding to specific nodes via nodeSelector or nodeAffinity. However, the problem with hostPath is that administrators need to manually manage the directory of each node of the cluster, which is less convenient.

What is PodSecurityPolicy PodSecurityPolicy is a global resource used to control Pod security-related configuration. On a kubernetes cluster with RBAC enabled, if users are allowed to use kubectl, then PodSecurityPolicy must be enabled, otherwise users may use some privileged resources (e.g. privileged, hostNetwork, hostPath, etc.) and affect the stability of the node machine. With PSP turned on, users can only use resources allowed by the administrator. PSP supports the following (see official website for details).

Archiving, compressing, and decompressing files is a frequently used function, and we can do this with tools like tar and gzip. In Go, the standard libraries archive and compress provide us with these capabilities, and with this example, you will see that it is very easy to generate and handle compressed archives in a Go programming style. Archiving and Compression Before we start the code, we need to clarify the concepts of archiving and compression.

When buying a computer hard drive, there are still many pitfalls, collated some of the content previously seen, combined with their own buying experience to do some sorting. There are two main options for picking a storage device: SDD (solid state drive) and HDD (mechanical hard drive), and for some people who don’t know much about them, the difference between the two may be that SSDs are more expensive with higher performance.

1. Relationship between AOP and IOC AOP (Aspect Oriented Programming) is a programming design idea that aims to reduce the coupling between business logics by intercepting business process tangents and implementing specific modularization capabilities. This idea has been practiced in many well-known projects. For example, Spring’s PointCut, gRPC’s Interceptor, and Dubbo’s Filter. aOP is just a concept that has been applied in different scenarios, resulting in different implementations. Let’s start by discussing more specific RPC scenarios, using gRPC as an example.

GitOps was first introduced by Weaveworks, a Kubernetes management company, in 2017. Now that five years have passed, I’m sure you’ve heard of the concept, but you may not know what it is or what it has to do with DevOps. In this article, we’ll help you figure it out one by one. Infrastructure as Code Before we can understand GitOps, we need to understand what Infrastructure as Code is.

Since v1.11, kubernetes has enabled the resize feature and PersistentVolumeClaimResize admission controller by default, so that if the storage volume created by the user is not large enough, it can be expanded without losing the original data. Currently supported storage volumes for resize are AWS-EBS, GCE-PD, Azure Disk, Azure File, Glusterfs, Cinder, Portworx, and Ceph RBD. Block file systems such as GCE-PD, AWS-EBS, Azure Disk, Cinder, and Ceph RBD require file system expansion.

Introduction As a provider of the kubernetes platform, it is important to put some restrictions on certain “rogue” applications to prevent them from abusing the platform’s CPU, memory, disk, network, and other resources. For example, kubernetes provides limits on CPU and memory to prevent applications from using system resources without limits; kubernetes provides PVCs, such as cephfs and RBD, which also support capacity limits. However, earlier versions of kubernetes did not limit the capacity of the container’s rootfs.

Background Recently, I was configuring a network for the server room and came across a requirement to use ConnectX-4 as an Ethernet card, which supports both Infiniband and Ethernet, but the default is Infiniband mode, so I need to use the mlxconfig tool to do this switch. How to switch In the Using mlxconfig documentation, it is written how to switch the NIC to Infiniband mode. 1 2 3 4 5 6 7 8 9 10 11 12 13 $ mlxconfig -d /dev/mst/mt4103_pci_cr0 set LINK_TYPE_P1=1 LINK_TYPE_P2=1 Device #1: ---------- Device type: ConnectX3Pro PCI device: /dev/mst/mt4103_pci_cr0 Configurations: Next Boot New LINK_TYPE_P1 ETH(2) IB(1) LINK_TYPE_P2 ETH(2) IB(1) Apply new Configuration?

Background Recently, while running maintenance, I discovered that network devices (such as switches) have a feature to send logs remotely, i.e. they can send logs to a specified server via the syslog udp protocol. To do this, you can run rsyslog on the server and collect the logs. rsyslog configuration The default rsyslog configuration collects the system local configuration, so we need to write an rsyslog configuration for collecting remote logs.

This article describes how to configure easy A/B testing in Nginx. Background Prerequisites Sometimes we need to do simple A/B tests that don’t require complex conditions, so we can use Nginx’s ngx_http_split_clients_module module. Install the ngx_http_split_clients_module module Generally this module already comes with it, if not it is recommended to install our packaged N.WTF Configuring Nginx For example, we want 20% of our users to be forwarded to the URL https://example.

Cond in Golang’s sync package implements a conditional variable that can be used in scenarios where multiple Readers are waiting for a shared resource ready (if there is only one read and one write, a lock or channel takes care of it). Cond pooling point: multiple goroutines waiting, 1 goroutine notification event occurs. Each Cond is associated with a Lock (*sync.Mutex or *sync.RWMutex), which must be added when modifying conditions or calling Wait methods, protecting the condition.