Adding Basic Authentication to Kubernetes Services

1. Deploy Ingress Controller View Kubernetes version 1 2 3 4 kubectl version --short Client Version: v1.21.4 Server Version: v1.21.4 Find a compatible version of Nginx Ingress Helm Chart version Helm Chart Highest Available Version K8s Adaptor Version 3.x.x 3.36.0 1.16+ 4.x.x 4.4.2 1.19+ Reference: Installing Nginx Ingress Controller 1 2 3 helm upgrade --install ingress-nginx ingress-nginx \ --repo \ --namespace ingress-nginx --create-namespace --version v4.4.2 Check out the services

Pulsar load balancing principle and optimization

Preface Some time ago when we upgraded the Pulsar version, we found that the last node never had any traffic after the upgrade. Although there is no impact on business usage, uneven load can lead to wasted resources. After talking to my colleague, I learned that this happened with the previous upgrade, and eventually the load balancing was done manually by calling Pulsar’s admin API. I didn’t find any similar problem in Google or Pulsar community, so I don’t know if we didn’t encounter it or rarely upgrade the cluster.

Mastering the Git cherry-pick

Everything in this article will be based on the following (carefully constructed) example, which covers most of the Git log patterns that tend to occur on projects. The example scenario that runs through this article is this example’s chronological Git commit history. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 $ git --no-pager log --oneline --graph --date-order * f2c1619 (HEAD -> red) R6 * e6899ea R5 merge branch 'blue' into 'red' |\ * \ 0979d45 R4 merge branch 'green' into 'red' |\ \ | | * 186da41 (blue) B3 | * | c950910 (green) G3 * | | 17e2629 R3 | | * 69edfc9 B2 | * | 059425a G2 | * | 05719c8 G1 | | * ebb218d B1 | |/ * / 8c6595b R2 |/ * 6581ff8 R1 * 2787f8f (master) init commit Quickly create the example.

Configuring dynamic link libraries via the systemd service

Among the methods of setting up dynamic links, rpath has its own problems, and is an OS global configuration that may affect other services because of the dynamic library version of a single service, which is not an elegant method. So how can we make the target service find the corresponding dynamic library without affecting other services, without using rpath and LD_LIBRARY_PATH For dynamic link library path configuration, in addition to rpath and ld.

Introduction to the Merkle Tree

Merkle trees are widely used in distributed systems. I first learned about this data structure when I was studying blockchain technology. But because it has hardly ever been used in my work, I have been plausible about the related concepts and features. Today, while studying the browser certificate transparency log, I read an article by Cloudflare, which also talked about the Merkle tree. The article is concise and clear, and immediately grasp the characteristics of the data structure and the problem to be solved.

Using rollup.js as a webpack replacement to package front-end projects

In the previous tutorial, we introduced the use of webpack and how to build our projects using webpack. This article will describe how to use rollup.js as an alternative to webpack to package a front-end project. The functionality to be achieved is simple. The project can be packaged with rollup support for typescript syntax The ability to start a local service to launch the project and listen (watch) for changes to the project and update the page in real time At the time of writing this article, I am using the latest version of nodejs.

Several ways to get the current working directory in Golang

Preface It is often necessary to get the current working directory in go language development, such as when you need to load configuration files, write debugging, error logs, etc. The current working directory of a go program is usually different in development, production, and test environments, which makes it troublesome to get the current working directory of the program under different circumstances. Next, we will introduce several common methods of getting the current working directory in go language, and introduce their related features.

Ping and ICMP Protocol

Overview The ping command is a very common networking tool that uses the ICMP protocol to probe the connectivity, latency, stability, and other performance metrics of a network from a local to a remote address. However, most people don’t know much about the implementation of the ping command because we rarely deal with the ICMP protocol in our daily development work. Recently I’ve been developing and the goal is to implement most of the network tools through a single binary.

Electron code signing on Windows

Code signing is a digital signature of the software by the developer, which allows users to confirm the identity of the developer and ensure that the version they download is from a trusted source and has not been tampered with by a third party. Electron developed applications can also be code-signed, where macOS is relatively simple, Windows has some trouble, I also took some detours to succeed, here is a record.

Why do Objective-C properties still need atomic

Anyone who has used Objective-C will know that declaring an attribute as atomic does not solve the multi-threading problem for mutable objects. If this is the case, then what is the point of this property? In this article, we’ll compare several programming languages that support reference counting and talk about the “underlying logic” of this age-old topic. As we know, atomic and nonatomic are mainly for properties of object types and have no effect on primitive types.

Golang Memory Model

I recently worked on a project that required loading a large amount of data into memory and then making it available for external query use. At the same time, the data needs to be updated according to a certain policy, but the update frequency is very low. In principle, concurrent reads and writes need to be synchronized by locks. However, considering that the frequency of writes is much lower than that of reads, locking for this is really wasteful, so we want to investigate whether there is a lock-free solution.

OpenWrt Cloudflare DDNS

I’ve recently updated my router system, and I’ve broken DDNS. The router system is OpenWrt, DDNS service using Cloudflare. last time the configuration is tossed for a long time, I forgot to record. This time again tossed again. Take this opportunity to organize into a text, share it with you. The first thing we need to do is to create an interface token (token) for calling the Cloudflare API. this step needs to be done in the Cloudflare management backend.

A short tutorial on Kubernetes

Objective This article is intended for developers who usually use Kubernetes in their work but don’t know much about it. This article is only a brief introduction to the common concepts that you will encounter in using Kubernetes, and will not elaborate too much on the architecture principles. I hope that after reading this article, you will have an understanding of kubernetes concepts and some simple operations and maintenance operations. What is Kubernetes?

Slow disk IO during image building

1. Problems encountered Project Description: File size 5.6 GB Number of files 529352 Dockerfile 1 2 FROM golang:1.13 COPY ./ /go/src/code The build commands and inputs are as follows. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 time DOCKER_BUILDKIT=1 docker build --no-cache -t test:v3 -f Dockerfile .

Use of ServiceAccount Token in different versions of K8s

ServiceAccount provides an identity for processes running in a Pod, and processes within the Pod can use the identity of their associated service account to authenticate to the APIServer in the cluster. When the Pod is created, there is a spec.serviceAccount property under the specification that specifies which ServiceAccount the Pod uses, or the default sa if it is not specified, and then by projecting the volume, there is a token token file under the Pod’s directory /run/secrets/ kubernetes.

Nginx causes a large number of TIME_WAIT connections to the Upstream server

Network Topology 1 [JMeter] -> [ Nginx ] ----> [ Web Server ] Phenomenon During the stress test, there were a large number of TIME_WAIT connections on the Web Server, coming from Nginx. 1 2 3 $ netstat -antpl | awk '{print $5, $6}' | sed 's/:[[:print:]]* /\t/g' | sort | uniq -c | sort -rn 30020 TIME_WAIT <nginx-ip> ... TIME_WAIT is an intermediate state during the 4 waves of the TCP protocol, which all disappear after a while.

Serialize Roaring Bitmap to JSON

Recently, a bitmap index was used in the implementation of a data structure, and this article will talk about the bitmap in a rough way. I. What is a bitmap? Bitmap indexing is implemented using a bit array (also called a bitset, often referred to as a bitmap, the name bitmap is used hereafter). A bitmap is a mapping from a domain (usually a range of integers) to the values in the set {0, 1}.

Debian 11 / Ubuntu 22.04 Custom Compilation of Caddy with xcaddy

This article applies to both Debian 10 Buster and Ubuntu 20.04 Focal. xcaddy is the official Caddy tool for custom compiling Caddy, it can help us compile Caddy to meet our needs quickly. Install xcaddy Let’s follow the official installation method and first, install some necessary packages. 1 2 3 apt update apt upgrade -y apt install curl vim wget gnupg dpkg apt-transport-https lsb-release ca-certificates Then follow the official tutorial to install Go.

The complex but interesting SFINAE technique in C++

SFINAE is actually overloaded function template matching, where the compiler finds all applicable functions and function templates based on their names, and then has to replace the template formal parameters according to the actual situation, in the process of compiling to find a best match. For example, the following example. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 struct Test { typedef

Behavior changes of ServiceAccount Token in k8s 1.24

Cause There is a CNI component running as a DaemonSet on all nodes. This CNI Pod converts its Service Account Token into a kubeconfig and stores it in the host’s directory. When the kubelet calls the cni plugin, the cni plugin uses this kubeconfig to get some information about the cluster pod. There is a problem on k8s 1.24, when CNI Pod restarts, using the generated kubeconfig returns Unauthorized error, i.