Implementing CNI from scratch with Go

For many people who are new to the cloud-native technology stack, container networking and Kubernetes networking has been a “mystery” and a bottleneck in the upward curve of many people’s container technologies, but it is also a topic that we can’t get around when we dive into the cloud-native world. To thoroughly understand container networking and Kubernetes networking, you need to understand many underlying networking concepts, such as the OSI seven-layer model, the Linux networking stack, virtual network devices, and iptables.

Angular unit testing framework migration from karma to Jest practice

1. Why switch from Karma+Jasmine to Jest? The official recommended unit testing framework for Angular is Karma + Jasmine by default. Karma is used to execute unit tests in a real browser environment by launching the Chromium browser. Jest specifies the runtime environment through configuration, usually jsdom, and each test file is executed in a separate runtime environment. The main problems with Karma currently are the following. the need to launch the browser, compile the entire project and execute the unit test cases in the browser The result is unstable due to side effects of test case execution as it is executed in the browser and shared runtime environment.

Kubernetes Network Model

Through some of the previous notes, we have a basic understanding of how various container network models are implemented. However, what really pushes container technology to the climax is the Kubernetes container orchestration platform. Kubernetes forms clusters by integrating massive container instances, which may run in heterogeneous underlying network environments, and how to ensure the interoperability between these containers is one of the primary considerations in real production environments. Kubernetes Network Basic Requirements Kubernetes does more abstraction of container technology, one of the most important points is to propose the concept of pod, which is the basic unit of Kubernetes resource scheduling, we can simply think pod is an extension of container, from a network perspective, a pod must satisfy the following conditions.

In-depth understanding of the virtual keyword in c++

Why am I writing this article? The main reason is that the code in my project uses a lot of classes with the virtual keyword, and I want to talk about it in this article. virtual doesn’t have any superpower to turn corruption into magic, it has its reasons for existence, but abusing it is a very undesirable and wrong behavior. This article will take you step by step through the virtual mechanism and unravel the mystery of virtual for you.

vcluster - Virtual cluster based multi-tenant solution

1. Introduction to vcluster A virtual cluster (vcluster for short) is a fully functional, lightweight, well-isolated Kubernetes cluster running on top of a regular Kubernetes cluster. The core idea of a virtual cluster is to provide an isolated Kubernetes control plane (e.g., API Server) running on top of a “real” Kubernetes cluster. In contrast to a fully independent “real” cluster, a virtual cluster does not have its own worker nodes

Container Network (2)

The bridge network model we introduced in the previous note is mainly used to solve the problem of containers accessing each other between the same host and containers exposing services to the outside world, and does not address how to solve the problem of containers accessing each other across hosts. For the inter-host container access problem, we can think of the most intuitive solution is to use the host network directly, in this case, the container completely reuse reuse the host network equipment and protocol stack, container IP is the host IP, so that, as long as the host host can communicate, the container will naturally be able to communicate.

Container Network (I)

The two core issues that need to be addressed by container networks are as follows. the management of container IP addresses inter-container communication Among them, the management of container IP addresses includes the allocation and recovery of container IP addresses. And the mutual communication between containers includes two scenarios: communication between containers of the same host and communication between containers across hosts. These two issues cannot be viewed completely separately either, as different solutions often have to consider both of these points.

Unveiling IPIP Tunnels

In the previous notes, we briefly saw a way to implement VPN through TUN/TAP devices when introducing Linux network devices, but did not practice how TUN/TAP virtual network devices function exactly in Linux. In this note we’ll take a look at how to implement IPIP tunnels based on TUN devices in the cloud computing space. IPIP Tunneling As we mentioned in our previous notes, the TUN network device can encapsulate a Layer 3 (IP network packet) packet in another Layer 3 packet, so that the packet sent out through the TUN device will look like the following.

From Container to Pod

Many people, like me, should have seen or heard the following phrase when they first encountered the concept of docker. docker technology is lighter and faster than virtual machine technology, and docker containers are essentially processes Even we have more or less implicitly accepted that the container implementation is based on two very important features of the linux kernel, namespace and cgroup. So, how exactly do namespace and cgroup isolate the docker container processes?

Rust Drop's Trap

Rust uses RAII (Resource Acquisition Is Initialization) to manage resources: object initialization results in the initialization of a resource, and object release results in the release of a resource. Take Mutex as an example. 1 2 3 4 5 6 7 8 9 { let guard = m.lock(); // do something } // guard freed out of scope. { // we can acquire this lock again. let guard = m.lock(); } When guard leaves the current scope, rust ensures that drop of guard is called automatically.

Understanding Go Inline Optimization by Example

In the era of mobile Internet, the scale of business systems that directly face C-user is generally very large, and the machine resources consumed by the system are also very considerable. The number of CPU cores and memory used by the system are consuming the company’s real money. Minimizing the resource consumption of single service instance without decreasing the service level, which is commonly known as “eating less grass and producing more milk”, has always been the goal of the operators of each company, and some companies can save hundreds of thousands of dollars per year by reducing the number of CPU cores used by 1%.

Creating a qemu bridge network on macos

Today I’ll document how to create a bridge network for a qemu virtual machine on macos. The default virtual NIC created by qemu uses user mode. The virtual machine can communicate with the outside world normally, but the host cannot access the virtual machine directly. If you want to give the outside world direct access to the virtual machine, the easiest way is to build a bridged network. Most of what is currently available online utilizes the tap mode.

Vite - more than just a build tool

It’s been two years since vite released its first version (2020-04), and it recently released 3.0, though without many break change changes. Some people may already be using it, but many others see that it’s a tool created by vue authors and walk around it, because tools in the vue ecosystem are traditionally vue-locked and can’t be used in other ecosystems, like vuex/pinia, while redux/mobx can be used in vue. Although vite 1.

Notes on "Effective C++" for Beginners

Recently, I was reading the book “Effective C++” and found that many of the concepts are likely to be forgotten if I just read it once, so I simply organized the excerpts. This article is mainly an excerpt of some of the more simple and easy to operate regulations. Assignment and construction 1 2 3 4 5 6 7 8 9 10 11 12 class Weight { public : Weight(); // defualt constructor Weight(const Weight& rhs); // copy constructor Weight& operator=(const Weight& rhs); // copy assignment operator .

Data Constraint Language CUE Easy Tutorial

CUE is an open source data constraint language designed to handle configurations, structures, data and execute them. Most people start using CUE because they want to do data validation and generate configurations. Then they go on to use CUE for data templates, runtime input validation, code generation, scripting, plumbing, and more. First you need to understand that CUE is not a programming language in the usual sense, it is a Turing non-complete programming language.

Some pitfalls of using SPM and Build Configuration in Xcode

TL;DR Currently, when using Swift Package Manager packages in Xcode, SPM compiles the package with reference to the name of the Build Configuration and automatically selects whether to compile with debug or release, which determines the compilation flag like DEBUG and This determines the architecture of the final binary. This automatic selection may cause problems when using a custom Build Configuration in Xcode other than the default “Debug” and “Release”.

Manage Kubernetes manifest templates using the CUE language

CUE is an open source data validation language and inference engine with its roots in logic programming. To be honest, I didn’t understand the description at first either. Let’s look at a small example. txt 1 2 3 4 5 moscow: { name: "Moscow" pop: 11.92M capital: true } Schema 1 2 3 4 5 municipality: { name: string pop: int capital: bool } CUE 1 2 3 4 5 largeCapital: { name: string pop: >5M capital: true } When defining JSON data, we usually treat Data and Schema separately.

Fork and COW(Copy-On-Write) principles

Usage The fork function is a system call function that is used to create a new process, as follows. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 #include <unistd.h> #include <stdlib.h> #include <stdio.h> int main(int argc, char *argv[]) { printf("hello world (pid:%d)\n", (int) getpid()); int rc = fork(); if (rc < 0) { // fork failed fprintf(stderr, "fork failed\n"); exit(1); } else if (rc == 0) { // child (new process) printf("hello, I am child (pid:%d)\n", (int) getpid()); } else { // parent goes down this path (main) printf("hello, I am parent of %d (pid:%d)\n", rc, (int) getpid()); wait(NULL); } return 0; } Let’s execute it.

Go's several function argument passing modes

1. General passing of arguments The Go language supports calling functions by passing arguments sequentially, as shown in the following example function. 1 2 3 4 // ListApplications Query Application List func ListApplications(limit, offset int) []Application { return allApps[offset : offset+limit] } Calling code. 1 ListApplications(5, 0) When you want to add a new argument, you can just change the function signature. For example, the following code adds a new filter argument owner to ListApplications.

Linux Virtual Network Devices

As containers gradually replace virtual machines as the standard for cloud infrastructure today, the network management modules for these containers are dependent on Linux virtual networking devices. In fact, understanding the common Linux virtual network devices is a great benefit to our understanding of container networking and other container-dependent implementations of the underlying network architecture. For now, let’s take a look at what are the common Linux virtual network devices and their typical usage scenarios.