This article focuses on how to enable eBPF on a calico cluster to accelerate network data forwarding, and will also provide an introduction to eBPF and some of its advantageous features in calico. 1. eBPF 1.1 About eBPF eBPF is a revolutionary technology, originating from the Linux kernel, that allows running sandboxed programs in the operating system kernel. It is used to safely and efficiently extend the functionality of the kernel without changing the kernel source code or loading kernel modules.

I have recently been learning about BPF, which is one of the more popular dynamic tracing techniques available today. Simply put, it allows us to insert a piece of code that executes along with the program without interrupting the program that is currently running. For example, if you want to know the value of each return of a function, you can write a BPF program that prints out the value of each return; then hook the function to the function call, so that the program will execute our BPF program every time the function is called.

In Go, if the function argument is interface{}, it can be called with any argument, and then converted by type assertion. As an example. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 package main import "fmt" func foo(v interface{}) { if v1, ok1 := v.(string); ok1 { fmt.Println(v1) } else if v2, ok2 := v.(int); ok2 { fmt.Println(v2) } } func main() { foo(233) foo("666") } It doesn’t matter if you pass int or string, you will end up with the correct result.

Meta Keywords like <meta keywords="sobyte, sobyte.net"> are a type of Meta tags that exist only in HTML code and are not displayed in the browser. In the past, Meta Keywords tags were used to tell search engine crawlers information about a web page. But do search engines still respect Meta Keywords, and are they still a best practice for SEO? History of Meta Keywords The history of Meta Keywords dates back to 1995, when the HTML standard setters thought that Meta Keywords would help search engines get information about a page.

I’m sure typename and typedef are not new to anyone who has used C++, but I still couldn’t understand the following code when I saw it. 1 typedef typename std::vector<T>::size_type size_type; It stands to reason that typedef is not generally used to define an alias for a type, as follows. 1 typedef int SpeedType; Having defined an int with the alias SpeedType, I can then use it like this. 1 2 3 4 5 6 int main(void) { SpeedType s = 10; printf("speed is %d m/s",s); return 0; } But what does typedef followed by typename mean, and isn’t typename used to define template parameters?

Installation Create user 1 [root@liqiang.io]# adduser node_exporter Installing the node exporter 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@liqiang.io]# cd /home/node_exporter [root@liqiang.io]# wget https://github.com/prometheus/node_exporter/releases/download/v1.5.0/node_exporter-1.5.0.linux-amd64.tar.gz [root@liqiang.io]# tar zxf node_exporter-1.5.0.linux-amd64.tar.gz && \ ln -s node_exporter-1.5.0.linux-amd64 node_exporter && \ chown -R node_exporter:node_exporter node_exporter && \ chown -R node_exporter:node_exporter node_exporter-1.5.0.linux-amd64 && \ cd node_exporter [root@liqiang.io]# touch /etc/sysconfig/node_exporter && echo 'OPTIONS="--collector.

Type assertion type assertion doesn’t really convert the interface type to another definite type, it just provides access to the value of the interface type, which is usually a common requirement. The type assertion is made via the syntax x.(T), which will determine if the value stored in the x variable is of type T. There are two general scenarios. if T is not an interface type but a concrete type, then this assertion will assert whether the dynamic type of x is the same as T If T is an interface type, this assertion asserts whether the dynamic type of x implements T 1 2 3 4 5 6 7 8 9 10 11 12 var x interface{} = "foo" var s string = x.

Ring Buffer Queue is a fixed size memory FIFO (first in, first out) data structure that is used to handle data exchange before different processes. It works by using two pins (head/tail) to determine where to put the data now in a continuous fixed size interval of memory. This article will take you through a quick implementation of the Ring Buffer data structure in Go. Usage Timing Since Queue is a fixed size, it is very useful in the embedded system field.

When I was using C++ const, I was dizzy when I saw the usage of const, such as const int*, const int * const, int const *. And after C++ 11 added constexpr, I don’t know what the difference between it and const is. This article is mainly to organize the knowledge of this area. const The general use of const is to modify variables, references, and pointers, after which they become constants.

This chapter briefly describes the principles related to kubernetes authentication, and ends with an experiment to illustrate the idea of implementing the kubernetes user system. The main content is as follows. Understanding the principles of various kubernetes authentication mechanisms Understanding the concept of kubernetes users Understanding kubernetes authentication webhook Complete experiments with an idea of how to get other user systems into kubernetes Kubernetes Authentication As described in the Kubernetes

Apple released Swift language and SwiftUI framework in 2014, 2019 respectively. For iOS developers, the trend of technology update is inescapable, and they should actively learn the application. Swift is the language of choice I started working with Swift around Swift version 3.0, and I have refactored or developed some new projects through Swift one after another. I still remember clearly that because the ABI of Swift was not yet stable and many syntax features were still changing frequently, I had to spend some time dealing with the business code changes brought about by the syntax changes after each upgrade of Xcode, along with the upgrade of the Swift compiler version.

This time let’s talk about a recent problem: how to speed up the connection building speed of massive connections based on TLS secure communication? Below the TLS (Transport Layer Security) layer is the TCP layer, and the first thing we might think of is optimizing the kernel parameters related to the TCP handshake to quickly establish a TCP connection, for example. 1 2 3 4 5 6 net.ipv4.tcp_max_syn_backlog net.ipv4.tcp_syncookies net.

Image lazy loading can be simply understood as: when the user browses the web page, only when the page is about to scroll to the location of the image, then the required image is loaded. Instead of loading all the images one by one once the page is opened, even though the user hasn’t scrolled to where the images are at all. This can significantly improve the speed of page load completion when there are more images on a page.

A while ago, Revue, the newsletter service we were using, announced that it was shutting down. We had to look for other alternatives. I tried using Wordpress, but it’s true that this ancient system hasn’t evolved particularly much over the years, and then my editorial partner at Newsletter suggested Ghost, which looked really good. The Ghost project was started by John O'Nolan, the former head of the Wordpress UI team, after he left the project, and in 2012 he said on the Blog that started the project:

Preface Storage is one of the core components of a computer. In a completely ideal state, memory should have the following three characteristics at the same time: first, fast enough: memory should be accessed faster than the CPU can execute an instruction so that the CPU’s efficiency is not limited by the memory; second, large enough: the capacity can store all the data the computer needs; third, cheap enough: it is inexpensive The memory should be cheap enough for all types of computers to be equipped.

1. What is a Gauge? Those of you who are familiar with Prometheus will know that Prometheus offers four main metric types. Counter Gauge Histogram Summary Histogram and Summary are in the same category, but are a little more complex to understand, so we’ll leave that aside for now; Counter only provides an Add method, which is an increasing value, while Gauge, which is also a value, but unlike Counter, provides not only an Add method but also a Sub method.

Kubernetes provides ways to extend its built-in functionality, probably most commonly with custom resource types and custom controllers, but in addition, Kubernetes has some other very interesting features. For example, admission webhooks can be used to extend the API for modifying the basic behaviour of certain Kubernetes resources. Admission Controllers are snippets of code used to intercept requests to the Kubernetes API Server before the object is persisted, and to let them through after they have been authenticated and authorized.

Write a Java HTTP application that starts listening on port 8000 and returns hello world after executing curl localhost:8000/hello, which can be packaged into an executable jar and then imaged using the following Dockerfile. 1 2 3 4 FROM openjdk:8-jdk-alpine WORKDIR / COPY app.jar . ENTRYPOINT ["java","-jar","app.jar"] Place app.jar and Dockerfile in a separate folder and execute the docker image build command. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 $ docker build -t oci-demo-app:v0 .

When using GitHub’s SSH method to check out projects, it is necessary to set up an SSH key. This article explains how to generate an SSH key and how to configure it to Github. Problem Background On a new computer, when trying to check out a GitHub project, the following alert is displayed “Permission denied (publickey)”. 1 2 3 4 5 6 7 D:\workspace\github>git clone git@github.com:waylau/waylau.github.io.git Cloning into 'waylau.github.io'... git@github.com: Permission denied (publickey).

This article focuses on how to upgrade a K8S cluster using kubeadm. 1. Overview The upgrade of a K8S cluster can be divided into three main steps. upgrade a primary control-plane node upgrade the rest of the control plane nodes upgrade the remaining worker nodes The cluster to be upgraded is a three-master-three-slave combination, using cilium and containerd. The K8S cluster version is 1.25.4 and is scheduled to be upgraded