194 Matching Annotations
  1. Apr 2022
    1. T(append([]byte(nil), a[0]...))

    2. What we can do is pass both types.

    3. We can do what we want by introducing a new type parameter.

      类型体操又开始了

    4. builtin 类型可以当作是interface来用?

    5. a union element T1 | T2 | ... restricts to any of the listed elements

      同时满足T1,T2

    6. an approximation element ~T restricts to all types whose underlying type is T

      什么意思?

  2. Mar 2022
  3. Feb 2022
  4. Dec 2021
    1. Any user can set up a service with an ingressIP and have it highly available.

      这不就是[[metalb]]想做的吗?

    2. The service can either use external IPs and a service port or it can use a NodePort.

      如果我用node port的话,我在用vip去访问这个servcie,因为是nodeport,所以所有节点都能通过这个port访问,所以我只要有任意的一个节点上起了ipfailover pod就行了

    3. If application pods are not running on all nodes with IP failover, either some IP failover nodes never service the VIPs or some application pods never receive any traffic.

      没有起ipfailover的pod的node上的pod,不可能通过vip访问到

    4. When using VIPs to access a pod with host networking, the application pod runs on all nodes that are running the IP failover pods.

      当我们想要使用vip去访问主机网络的pod时,这些pod必须运行在起了ipfailover pod的node上。 我们只能通过vip访问到那些起了ipfailover pod的node的pod上

    5. IP failover uses Keepalived

      这里的ipfailover指的难道不就是keepalive的?我的理解是他是类似keepalive包了一层的感觉

    6. if the service that Keepalived is watching does not respond

      the service是什么service

    7. IP failover monitors a port on each VIP to determine whether the port is reachable on the node. If the port is not reachable, the VIP is not assigned to the node

      如果分配了之后这个port无法访问了呢?

    8. The VIPs must be routable from outside the cluster.

      vip不是keepalived创出来的?谁来负责让这个vip routable啊?

    9. There is no way to explicitly distribute the VIPs over the nodes, so there can be nodes with no VIPs and other nodes with many VIPs

      没有办法分配vip到node上?为什么?这应该部署keepalived的限制

  5. Oct 2021
      1. service account 自动mount
      2. service account 自动设置在pod的spec.serviceAccountName
      3. 1.6以上可以通过设置automountServiceAccountToken来disable自动mount的行为
      4. pod默认的service account是自己ns的default account
      5. 对于任意给定的serviceaccount 我们可以手动的给他创建token,方式是创建secret,在annotation中指定service-account,auto-controller会自动在这里更新token
      6. 无法更改已经创建的pod的serviceaccount
  6. Sep 2021
    1. specifying a custom NGINX configuration snippet in the default server {}

      如果我想设置其他的vblock呢?例如http下init_worker 和upstream之类的。

  7. Aug 2021
    1. 要给程序员这样的灵活性,Go必需支持指向分配在堆中对象的指针,我们将这种指针称为内部指针。上文的例子中X.buff字段保存于struct之中,但也可以保留这个内部字段的地址。比如,可以将这个地址传递给I/O子程序。在Java以及许多类似的支持垃圾回收的语音中,不可能构造象这样的内部指针,但在Go中这么做很自然。这样设计的指针会影响可以使用的回收算法,并可能会让算法变得更难写,但经过慎重考虑,我们决定允许内部指针是必要的,因为这对程序员有好处,让大家具有降低对(可能实现起来更困难)回收器的压力的能力。到现在为止,我们的将大致相同的Go和Java程序进行对比的经验表明,使用内部指针能够大大影响arena总计大型、延迟和回收次数。
  8. Jul 2021
    1. helm install happy-panda bitnami/wordpress

      如果你只看这篇文章,执行到这里会报错

    2. helm search repo

      这个应该是list 自己添加的repo repo就像软件仓库地址

  9. Jun 2021
    1. 于是 Nginx 以及 Nginx 背后的应用就无法知道原始请求的真实来源。

      这里的真是ip是什么?tcp的ip?

    2. 而他们自己其实并不期望使用 content 阶段缺省运行的静态资源服务

      能禁止吗?

    1. 所以在 keep alive 的情况下,本次请求的总时间,会把上一次 eof() 之后的时间加上

      下次同一连接 还是要这个worker来处理的.

    2. 限制连接数

      但我实际上还是成功的建立了tcp链接吧,只是delay了content_by_lua_file的调用而已

    3. 连接数和请求数

      连接数和请求数的区别是什么...

    4. 在有规则变动的时候,刷新下 Nginx 的缓存就行了。

      ?

    1. 注:ngx.location.capture 和 ngx.location.capture_multi 指令无法抓取包含以下指令的 location: add_before_body, add_after_body, auth_request, echo_location, echo_location_async, echo_subrequest, 或 echo_subrequest_async 。

      为什么嘞?

    2. lua_package_path

      syntax source

    1. 日志传输过程完全不落地,没有任何磁盘 IO 消耗

      辣就是存在内存里咯..如果获取这种状态

    2. ngx.print(data)

      nginx是怎么判断是否使用chunk的?

    3. ngx_lua 阶段
    4. 由此可见掌握日志输出是多么重要,下至入门同学,上至 Lua 作者,使用日志输出来确定问题,是很必要的基本手段。

      .... 抱有疑问

    1. 请设置 client_body_buffer_size 和 client_max_body_size 为同样大小

      为什么?假设我的一个请求只有1k buffer_size 10k max_body_size 100k 这两值不等 难道还不存不了了?

    2. 如果你熟悉其他 web 开发框架,估计立刻就觉得 OpenResty 弱爆了

      2333

    3. URI 内容传递过程中是需要调用 ngx.encode_args 进行规则转义。

      我不知道...

    4. 。利用不同 location 的功能组合,我们可以完成内部调用、流水线方式跳转、外部重定向等几大不同方式

      .....恩 使用这种元语进行编程 不觉得很奇怪吗...

    5. internal

      这tm是哪里定义的..

    1. An Operator’s CatalogSourceConfig is used to enable an Operator present in the OperatorSource on the cluster.

      制定这个operator安装在那个命名空间?

  10. May 2021
    1. Nginx

      nginx 的特殊之处在于 他和mysql redis es 之类的一样是有其特殊语义的 在这种语义下 我们可以做一些特殊的处理 do one thing and to the best,这就是其和不同语言库的差异 客制化的空间更大,虽然有些框架也基本上快把语言当dsl用了

    2. cdata

      q: 这是什么鬼?

    3. 这一段的输出结果,就是这么 匪夷所思。不要在 Lua 的 table 中使用 nil 值,如果一个元素要删除,直接 remove,不要用 nil 去代替。

      再次强调吗 23333

    4. 不要在 Lua 的 table 中使用 nil 值,如果一个元素要删除,直接 remove,不要用 nil 去代替。

      有血泪啊

    5. 如果数组有一个“空洞”(就是说,nil 值被夹在非空值之间),那么 #t 可能是指向任何一个是 nil 值的前一个位置的下标(就是说,任何一个 nil 值都有可能被当成数组的结束)。这也就说明对于有“空洞”的情况,table 的长度存在一定的 不可确定性。

      cao

    6. 在 Lua 中,数组下标从 1 开始计数。

      cao

    7. Lua 具有一项与众不同的特性,允许函数返回多个值

      哪里与众不同了 T_T

    8. 值得一提的是,LuaJIT 2 尚不能 JIT 编译这种变长参数的用法,只能解释执行。所以对性能敏感的代码,应当避免使用此种形式。

      那就是不要用可变长度参数..

    9. 由于函数定义等价于变量赋值,我们也可以把函数名替换为某个 Lua 表的某个字段,例如

      花活

    10. 由于全局变量一般会污染全局名字空间,同时也有性能损耗(即查询全局环境表的开销),因此我们应当尽量使用“局部函数”,其记法是类似的,只是开头加上 local 修饰符:

      q: 这里的全局和局部指的是什么

    11. do ... end

      人造scope

    12. 若要写在函数中间,则只能写在一个显式的语句块内

      在同一个scope内 return永远是最后一个

    13. 循环过程中不要改变控制变量的值,那样会带来不可预知的影响

      cao

    14. local

      local是什么

    1. We recommend using the v0.x.y tags for Kubernetes releases >= v1.17.0 and kubernetes-1.x.y tags for Kubernetes releases < v1.17.0.

      Q: 为什么 大于1.17.0的要用0.x.y? 那不是永远都得用0.x.y?

    1. CatalogSource

      CatalogSource是个cr,这个cr中指定的东西类似于软件源 目前有三种指定源的方式

      1. iamge,指定了一个image,这个image中存着operator的信息
      2. rpc 指定了一个地址 可以用去访问这个地址
      3. configmap 可以从这个configmap中去找
    1. Index image

      这东西就是bundle format的Catalog image

    2. A cluster service version (CSV) is a YAML manifest created from Operator metadata that assists OLM in running the Operator in a cluster. It is the metadata that accompanies an Operator container image, used to populate user interfaces with information such as its logo, description, and version.

      csv代表着集群中正在运行的operator

    3. A catalog source is a repository of CSVs, CRDs, and packages that define an application.

      Q: 什么叫repository?我存csv的github/gitlab的仓库? A: 应该是原始含义,就是一个有着很多数据的地方

    4. a catalog image is a containerized datastore

      是个数据库?catalog image是个镜像,镜像里面是个数据库,数据库里存折所有的能安装的operator版本

    5. Package Manifest Format,

      那我bundle的format呢?

    1. Additional information that drives the UI, for example its icon and some example custom resources (CRs).

      草,为什么和UI有关系...

    2. which is a non-runnable container image that stores the Kubernetes manifests and Operator metadata.

      草,为什么啊...

    3. legacy

      Q: 那么新的format是什么呢?<br> A: 是Bundle

    1. the event handler will map each event to a reconcile Request for the owner of the Deployment. Which in this case is the Memcached object for which the Deployment was created.

      当看到deployment资源的ad/update/delete 时 因为在这里声明了从属关系 所以这些资源的事件会被map成主资源的reconcile request 发到reconcile loop中

      1. 他是怎么知道一个deployment和我的主资源的关系的?
      2. map是在哪里 如何发生的?
    1. but rather one reconciliation loop (which could be running as part of the same Operator binary) per CRD.

      每个独立的线程逻辑 维护一个crd

    1. Think of an Operator as an extension of the software vendor’s engineering team that watches over your Kubernetes environment and uses its current state to make decisions in milliseconds.

      专家系统的梦想成真

    2. introduction in 2016
    1. Operators should leverage built-in Kubernetes primitives like Services and Replica Sets when possible to leverage well-tested and well-understood code.

      最好还是基于servcie pod 而不要另起炉造

    2. . Instead with the etcd Operator a user can simply increase the etcd cluster size field by 1.

      所以这不就是最正常的crd的controller的作用吗?为什么还非的起个operator的名字呢?

    3. the third party resources mechanism

      aka crd

    1. Nginx 变量名的可见范围虽然是整个配置,但每个请求都有所有变量的独立副本,或者说都有各变量用来存放值的容器的独立副本,彼此互不干扰。

      .....不予置评

    1. If the core dump file size exceeds the value, the core dump file will not be created.

      ..... 没创建 然后呢 不会就没了吧。。。

    1. Zone Size

      ?这是什么鬼东西?

    2. is kept in a memory area shared among all worker processes

      听起来会有并发的问题

    3. each worker process keeps its own copy of the server group configuration and maintains its own set of related counters. The counters include the current number of connections to each server in the group and the number of failed attempts to pass a request to a server.

      那么nginx是如何分配任务到worker中的呢?比如我现在有一个到相同路径的请求,转到某个upstream中 max fail 大概是三,如果我发了两次实际上是发到两个worker中的,那么我是不是有可能失败了大于三次才找到正确的server?

    4. NGINX Plus adds a session cookie to the first response from the upstream group and identifies the server that sent the response. The client’s next request contains the cookie value and NGINX Plus route the request to the upstream server that responded to the first request:

      在server返回的cookie中带上一个自己生成的id,这个id标识着这个server, 下次如果在cookie中看到了这个id,就把他转发到对应的server上

    5. slow‑start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available.

      他是如何做这种是否是recover的判断的?

  11. Apr 2021
    1. The events and http directives reside in the main context, server in http, and location in server.

      main { http { server { location { } } } event {

      } }

    2. If this is a success, the master process starts new worker processes and sends messages to old worker processes, requesting them to shut down.

      如果配置错误的话nginx还会把错误的配置给rollback回去。。。

    1. app.oam.dev/revision-only: "true" annotation, above Application resource won't create any pod instances and leave the real deployment process to AppDeployment.

      这难道不是和rollout重了吗?

    1. A system MAY support a mechanism in which a trait (sslIngress) is opaquely backed by two separate trait implementations (ssl and ingress).

      有trait system那种味了

    1. KubeVela can patch, deploy and rollout Helm packaged application components, and it also leverages Helm to manage the capability dependencies in system level.

      如何能够接管 非kubevela application的东西?

    1. When inserting files into YAML, it's good to understand the multi-line rules above. Often times, the easiest way to insert a static file is to do something like this:myfile: | {{ .Files.Get "myfile.txt" | indent 2 }} Note how we do the indentation above: indent 2 tells the template engine to indent every line in "myfile.txt" with two spaces. Note that we do not indent that template line. That's because if we did, the file content of the first line would be indented twice.

      sb

    1. all the generators get a list of input packages (--input-dirs) which they go through type by type,

      en。。。好吧 我一直认为 crd的code gen的输入是crd定义的yaml文件来着

    1. TLS

      感觉是证书相关啊。。

    2. Name based virtual hosting

      virtual host 指的就是转发吧。

    3. Matching is case sensitive and done on a path element by element basis

      所谓的prfix是path 对象的prefix 而不是字符串对象的prefix

  12. Mar 2021
    1. the kubelet uses the data from the ConfigMap when it launches container(s) for a Pod.

      什么意思?

    1. The PVC can be bound when a 100Gi PV is added to the cluster

      有事件吗? 我能知道当前的系统中有多少pvc没有被满足吗?

    1. By default, kube-proxy in iptables mode chooses a backend at random.

      负载均衡怎么做的?听这个意思一个service之后连到随机挑选出的一个pod中

    2. For each Service it opens a port (randomly chosen) on the local node. Any connections to this "proxy port" are proxied to one of the Service's backend Pods (as reported via Endpoints)

      那岂不是限制了service的上限

  13. kubernetes.io kubernetes.io
    1. . You want existing Pods to keep running, but you want the rest of the Pods it creates to use a different pod template and for the Job to have a new name

      ....好吧 某种兼容性的升级

    2. Kubernetes will not stop you from making a mistake when specifying .spec.selector.

      could it be make?我能检查出这种异常吗?

    3. When a Job completes, no more Pods are created, but the Pods are not deleted either.

      这里讲的pod不会并delete指的是什么? pod应该已经正常的退出才对吧

    1. If a user were to scale the deployed example by patching the StatefulSet such that replicas=1, web-2 would be terminated first. web-1 would not be terminated until web-2 is fully shutdown and deleted. If web-0 were to fail after web-2 has been terminated and is completely shutdown, but prior to web-1's termination, web-1 would not be terminated until web-0 is Running and Ready.

      statefulset响应replicas change的姿势不同 他会强制保证termiate的顺序, 假设由三个pod 设置replicas为1 如果这是pod 0 突然down了 statefulset 会等到pod0正常ready后再把pod2干掉

    1. At this point, the cluster administrator needs to add a node back to the cluster to proceed with the upgrade.

      智障中的智障啊

    2. Because there are not enough resources in the cluster to schedule pod-e the drain will again block. The cluster may end up in this state:

      太sb了吧,当drain的时候如果其必然会导致失败那为什么还要去做呢?

    1. 我实际上更好奇的这些东西要怎么测试

    2. when whenUnsatisfiable equals to "ScheduleAnyway", scheduler gives higher precedence to topologies that would help reduce the skew.

      当whenunstatisfiable是 schduleanyway时 调度器会尽量让pod分布均匀

    3. when whenUnsatisfiable equals to "ScheduleAnyway", scheduler gives higher precedence to topologies that would help reduce the skew.

      当whenunstatisfiable是 schduleanyway时 调度器会尽量让pod分布均匀

    4. labelSelector is used to find matching Pods. Pods that match this label selector are counted to determine the number of Pods in their corresponding topology domain. See Label Selectors for more details.

      被编入拓扑域还需要的一个条件是 其符合labelSelector

    5. ScheduleAnyway tells the scheduler to still schedule it while prioritizing nodes that minimize the skew.

      当我的replica的数量小于拓扑域的数量怎么办?

    6. describes the degree to which Pods may be unevenly distributed. It's the maximum permitted difference between the number of matching Pods in any two topology domains of a given topology type. It must be greater than zero. Its semantics differs according to the value of whenUnsatisfiable:

      理论上说每个拓扑域中的pod数量应当是尽量相等的,但是有时我们根本无所谓这种相等性,那么问题就是我们能所能容忍的最大程度的不均等是多少?这个数量就由maxSkew来指定

    1. if you wanted to run a group of Pods for your application but stop work unless all the Pods are available (perhaps for some high-throughput distributed task), then you can implement or install an extension that does provide that feature.

      注意unless的使用

    2. StatefulSet lets you run one or more related Pods that do track state somehow. For example, if your workload records data persistently, you can run a StatefulSet that matches each Pod with a PersistentVolume. Your code, running in the Pods for that StatefulSet, can replicate data to other Pods in the same StatefulSet to improve overall resilience.

      看起来的意思是说statefulset 允许我们在多个pod上绑定一个持久化卷 看起来想是把某种磁盘挂给多个pod 或者把网盘挂给多个pod

    1. If you want pods belonging to a DaemonSet to run only if there are sufficient resources, specify a lower or default priorityClass.

      所以当我什么都不写时,daemonset的pod在资源不足时会被干掉?

  14. kubernetes.io kubernetes.io
    1. even if it is being drained of workload applications.

      Q: 那岂不是会出问题? 有什么事件会被触发吗?

    2. Pods that are part of a DaemonSet tolerate being run on an unschedulable Node.

      Q: 标记node为不可调度本来就不会驱逐正在运行的node吧 A: daemonset中的pod是可以在后面动态添加的

    3. Path to credentials to authenticate itself to the API server.

      那为为什么叫 kubeconfig?而不是kube-credentials-path? 参见 https://github.com/zecke/Kubernetes/blob/master/docs/user-guide/kubeconfig-file.md kubeconfig 就是存鉴权信息地方

    4. Kubernetes keeps the object for the invalid Node and continues checking to see whether it becomes healthy.You, or a controller, must explicitly delete the Node object to stop that health checking.

      有没有某种机制是用来检查这个异常状态的?

  15. Feb 2021
    1. Arguments

      what the fuck, why a field could have a argument? arguemt就是参数。。

      type Query { tracksForHome: [Track!]! } tracksForHome 是方法名 后面的类型是返回值的类型,arguemt就是参数。。。

    2. In the example above, we see that the business logic layer requires the caller to provide a user object. If you are using GraphQL.js, the User object should be populated on the context argument or rootValue in the fourth argument of the resolver.

      总感觉和还是和我想象中的有所不同。这样来看的话 graphql 果然还是更像一个数据层的filter。

    3. In the diagram above, all entry points (REST, GraphQL, and RPC) into the system will be processed with the same validation, authorization, and error handling rules.

      在这种模型下 rest/graphql/rpc 三者是共存的?在真实的代码中,我该怎么去实现呢?

    4. While there's nothing that prevents a GraphQL service from being versioned just like any other REST API, GraphQL takes a strong opinion on avoiding versioning by providing the tools for the continuous evolution of a GraphQL schema.

      那么怎在删除东西呢?

    5. So we can access the documentation about the type system using introspection, and create documentation browsers, or rich IDE experiences.

      holy fuck,where the description from? is there just a normal field or some special keyword?

    6. We designed the type system, so we know what types are available, but if we didn't, we can ask GraphQL, by querying the __schema field, always available on the root type of a Query. Let's do so now, and ask what types are available.

      2333,meta table

    7. GraphQL cannot execute a query without a type system, let's use an example type system to illustrate executing a query. This is a part of the same type system used throughout the examples in these articles:

      草,到这里你才跟我讲这个。

    8. A fragment cannot refer to itself or create a cycle, as this could result in an unbounded result! Here's the same query above but without the explicit three levels of nesting:

      这个报错是编译时还是开发时?

    9. Like many type systems, GraphQL supports interfaces. An Interface is an abstract type that includes a certain set of fields that a type must include to implement the interface.

      类型体操,类型体操

    10. For example, you could specify that the Date type should always be serialized into an integer timestamp, and your client should know to expect that format for any date fields.

      what the fuck of that mean?

    11. That means that the GraphQL service needs to have a Query type with hero and droid fields:

      这种类型 制约了 用户真正能够在客户端与之交互的能力?

    12. In this query, the hero field returns the type Character, which might be either a Human or a Droid depending on the episode argument. In the direct selection, you can only ask for fields that exist on the Character interface, such as name.To ask for a field on the concrete type, you need to use an inline fragment with a type condition. Because the first fragment is labeled as ... on Droid, the primaryFunction field will only be executed if the Character returned from hero is of the Droid type. Similarly for the height field for the Human type.

      没看懂

    13. While query fields are executed in parallel, mutation fields run in series, one after the other.

      CQRS

    14. createReview

      这个东西 本质上只是一个查询?

    15. 有vue/angular 那味了

    16. query, mutation, or subscription

      与restful类似的,graphql 提供的原语是 查/改/听 很明显更好了

    17. Using variables inside fragments#

      不喜欢这种类似闭包的东西。

  16. Jan 2021
  17. Dec 2020
    1. injects the Docker binary in the image

      third

    2. that /var/lib/docker should be a volume

      second

    3. it installs a few packages: lxc and iptables (because Docker needs them), and ca-certificates

      first

    1. 感觉还是不够in depth,打破所有的抽象直到机器码才叫in depth

    2. Proxies ♥ WeakMaps. In our readOnlyView example, we create a new proxy every time an object is accessed. It could save a lot of memory to cache every proxy we create in a WeakMap, so that however many times an object is passed to readOnlyView, only a single proxy is created for it. This is one of the motivating use cases for WeakMap.

      有些不是很明确

    3. An Object is a collection of properties

      我有些不知道我在想什么,但某种分布式的编程语言?TiDB的底层是KV,mongo的底层也是KV

    1. individuals believe the diagnosis is somehow mistaken, and cling to a false, preferable reality.

      and cling to a false, preferable reality. cling 坚持 false, preferable 虚假的更好的现实 逗号在这里是false和preferable的并列

    1. Bert Hubert, the founder of PowerDNS and author of RFC 5452, shares his views on forces influencing DNS protocol development.

      forces 不是我熟悉的武力获取 那种偏向动词的意思 而是代表"力"这个概念. forces influencing DNS protocol development 影响DNS协议开发的因素。

    1. That's all! We have the stack and BSS, so we can jump to the main() C function

      一头雾水 总的来讲.是为了初始化C语言运行环境设置的一坨东西

    2. it calls the 0x10 interrupt

      who?

    3. But it only has 16-bit registers, which have a maximum address of 2^16 - 1 or 0xffff (64 kilobytes). Memory segmentation is used to make use of all the address space available. All memory is divided into small, fixed-size segments of 65536 bytes (64 KB). Since we cannot address memory above 64 KB with 16-bit registers, an alternate method was devised. An address consists of two parts: a segment selector, which has a base address; and an offset from this base address. In real mode, the associated base address of a segment selector is Segment Selector * 16. Thus, to get a physical address in memory, we need to multiply the segment selector part by 16 and add the offset to it: PhysicalAddress = Segment Selector * 16 + Offset For example, if CS:IP is 0x2000:0x0010, then the corresponding physical address will be: >>> hex((0x2000 << 4) + 0x0010) '0x20010' But, if we take the largest segment selector and offset, 0xffff:0xffff, then the resulting address will be: >>> hex((0xffff << 4) + 0xffff) '0x10ffef' which is 65520 bytes past the first megabyte. Since only one megabyte is accessible in real mode, 0x10ffef becomes 0x00ffef with the A20 line disabled.

      虽然8086 CPU总线宽度是20bit(能够索引1MB空间)但是寄存器宽度只有16bit 因此发明出了一种解决方法就是 使用两个寄存器组合起来索引,计算的规则是 PhysicalAddress = Segment Selector * 16 + Offset

      x86处理器中的CS与IP寄存器

    1. Real mode is characterized by a 20-bit segmented memory address space (giving exactly 1 MiB of addressable memory) and unlimited direct software access to all addressable memory, I/O addresses and peripheral hardware