Google engineer Chandler Carruth recently announced at the CppNorth conference in Toronto, officially open-sourcing Google’s internally built programming language: Carbon. He also called Carbon the successor to C++ (which is currently in the experimental stage).
Chandler cites examples of the evolution of today’s popular programming languages, such as Java to Kotlin, Objective-C to Swift, JavaScript to TypeScript, and C++, which is widely used within Google and is seen as somewhat of a successor to C.
Kubernetes Architecture
Kubernetes is just like its original meaning “helmsman” in English, commanding, scheduling… It is such a container orchestration and scheduling infrastructure platform, derived from Google’s internal container cluster management platform Borg, which was released in 2003. Borg was released in 2003, from a small project to an internal cluster management system that supports thousands of applications and tasks within Google, its success speaks for itself.
In 2014, Google released Kubernetes as an open-source version of Borg, which was exciting, and then Microsoft, IBM, and RedHat joined the Kubernetes community to add to it.
Kubernetes Rolling Upgrade
Users expect applications to be available all the time, and developers need to deploy new versions of them multiple times a day. In Kubernetes, this is accomplished with Rolling Updates. Rolling updates allow Pod instances to be updated incrementally by using new instances. Deployment updates are performed with zero downtime.
Kubernetes Rolling Update Basic Concepts Concepts When a service in a cluster needs to be updated, the traditional approach is to take the service to be updated offline, update the version and configuration after the business is stopped, and then restart and provision the service.
Understanding Kubernetes' Resource design concepts
Kubernetes is a completely resource-centric container orchestration platform, which is evident from the design of the REST API exposed by kube-apiserver, and the ecosystem of Kubernetes revolves around the control and maintenance of many component resources, so it can be considered as a “resource control system” in essence.
Group / Version / Resource For the concept of resource, if in a large and complex container orchestration platform designed only such a simple “resource” semantics is obviously a bit thin, or expression is too weak, so for such a concept of resources, in Kubernetes and grouped and versioned words, so there are some terms we usually see in operations and development: Group / Version / Resource / Kind, respectively: Resource Group / Resource Version / Resource / Resource Type.
Getting Started with Zig Programming Language
I’ve written some practice projects when I learned C before, but I haven’t tested them. there are more unit testing frameworks in C, so I don’t know which one to choose, so I might as well just use Zig to do the testing. I just saw this article Testing and building C projects with Zig, and I feel it is a good choice. I’ve heard about Zig for half a year, and I’m interested in the libc-independent, better C interop, and robust features.
Developing eBPF applications with Golang
In the previous article “Developing a Hello World level eBPF program from scratch using C”, we explained in detail how to develop an eBPF program (including its user state part) from scratch based on C and the libbpf library. That article was the basis for subsequent articles on eBPF program development, because until now the kernel state part of an eBPF program running in the kernel state had to be developed in C, no matter what language the user state part of the eBPF program was developed in.
Kubernetes & Docker Networking Principles (III)
kube-proxy operational mechanism To support horizontal scaling and high availability of clusters, Kubernetes abstracts the concept of a Service, which is an abstraction of a set of Pods that are accessed according to an access policy (e.g., load balancing policy). Kubernetes assigns a virtual IP address to the Service when it is created, and clients access the Service by accessing the virtual Clients access the service by accessing the virtual IP address, and the service is responsible for forwarding requests to the back-end Pods.
Kubernetes & Docker Networking Principles (II)
In the previous article, Docker’s network implementation was introduced and discussed. For Docker network, its biggest limitation is the gap in the cross-host container communication scheme, while Kubernetes, as a container orchestration platform suitable for large-scale distributed clusters, mainly solves the following problems at the network implementation level.
inter-container communication. Pod-to-Pod communication. Pod-to-Service communication. Intra-cluster and inter-cluster communication. This blog post focuses on Kubernetes inter-container communication and inter-Pod communication, followed by a separate article on Pod-Service communication, which is related to kube-proxy working principle and service mechanism.
Ceph Cookbook
Concept OSD: the program responsible for operating the hard disk, one hard disk one OSD MON: manage cluster status, more important, can run one on each of multiple nodes MGR: monitoring cluster status RGW(optional): provides object storage API MDS(optional): provides CephFS Ways to use Ceph for storage.
librados: library radosgw: Object Storage HTTP API rbd: block storage cephfs: file system Authentication Ceph client authentication requires a username + key. By default, the username is client.
An in-depth comparison of Python concurrency schemes
Preface This article is an in-depth comparison of Python concurrency scenarios and their advantages and disadvantages, mainly introducing the asyncio solution.
Note: The code in this article requires Python 3.10 and above to run properly.
Python Concurrency and Parallelism Schemes There are three concurrency and parallelism schemes in the Python world, as follows:
multi-threading multiprocessing asynchronous IO (asyncio) Note: The difference between concurrency and parallelism will not be mentioned first, and will be better explained with examples at the end, and concurrent.
NoCopy in Golang
There is no native way to disable copying in Go. So if you have a structure that you want the user to not be able to copy, but only pointer pass to ensure global uniqueness, you can do that by defining a structure called noCopy and implementing the sync.Locker interface.
1 2 3 4 5 6 7 8 9 10 // noCopy may be embedded into structs which must not be copied // after the first use.
How to view hardware and system information in Linux
Linux often needs to check the system resources or hardware resources, and there are many command lines corresponding to it.
In this article, we will summarize and list the common query methods based on our experience for reference.
The following commands use Ubuntu 1804 and CentOS7 as the test platform.
1. System resources 1.1. Linux distributions and kernels The uname -r command outputs the distribution and kernel information. Most distributions basically come with this command, but the output may not contain the full name of the distribution.
Kubernetes & Docker Networking Principles (I)
When you are developing and maintaining Kubernetes, the most common concepts you come across are the networking concepts of Docker and Kubernetes. Especially for Kubernetes, there are various IPs, ports, and sometimes confusion. Therefore, it is necessary to learn the underlying network implementation of Docker and Kubernetes. In this article, we will first analyze and introduce the network implementation of Docker.
Docker Networking Basics Docker’s networking implementation mainly makes use of Linux networking related technologies such as Network Namespace, Veth device pairs, bridges, iptables, routing.
Linux Netfilter/iptables
The Linux network stack is very efficient and at the same time complex. If we want to do something with the data we care about during the processing of the data, how can we do it?Linux provides a mechanism to implement custom packet processing for the user.
There is a set of callback function hooks in the Linux network stack, through which hooks can be attached to the Linux network stack to perform some operations on the packet during processing, such as filtering, modifying, dropping, etc.
client-go Getting Started
client-go is the programmatic interactive client library used by the Kubernetes project. The core source code related to resource interaction is separated out as a project, client-go. That is to say, the Kubernetes used now is integrated with client-go, so the coding quality of this library should be assured.
client-go is a programmatic interactive client library that allows you to add, delete, modify, and query resource objects in a kubernetes cluster by writing Go code.
What Is Cloud Native
Exploration of the definition of cloud-native The concept of “cloud native” is mentioned, but how many people really understand this concept? Whenever I browse some communities (not least some professional technical communities) and see some friends discussing cloud-native related topics, I sometimes feel that there is still a little bit of a problem with their understanding of cloud-native.
Many people directly think that applications deployed in the cloud are called cloud-native applications.
Istio Sidecar's interception mechanism for traffic
The basic process of flowing traffic through a host Inbound traffic passes through the NIC and enters the host’s network stack. the protocol stack checks the messages against pre-customized network rules (iptables/netfilter). after the stack rules check, compliant Inbound traffic enters from kernel space to user space and enters the process that specifies the listening port. the user process in the user state receives the network traffic message for processing and returns the processed result to the network protocol stack in kernel space via user space.
Istio Sidecar injection mechanism
Service Mesh and Sidecar Concepts Before understanding the injection mechanism of Sidecar, it’s important to clarify the what and why questions.
First, what is a Service Mesh?
Service Mesh, or translated as “Service Mesh”, is a configurable low-latency infrastructure layer designed to handle a large amount of network-based inter-process communication between application services through APIs (Application Programming Interfaces). The Service Grid ensures fast, reliable and secure communication between infrastructure services of containerized transient presence applications.
A Brief Analysis of Concurrency Models: Shared Memory/Actor/CSP
In Golang programming, when it comes to concurrency problems, there are usually two solutions. Adopt the shared memory model and use sync.Mutex / sync.RWMutex etc. to add locks and set critical zones to solve the data concurrent access problem. Adopt the message communication model and use channel for inter-goroutine communication to avoid memory sharing to solve the problem. The official recommendation is to use the second option, so what is
Permission model (RBAC/ABAC)
I recently researched the permission model, and after reading AWS IAM, I feel that AWS IAM is very well designed. In my personal opinion, RBAC is still not enough for some scenarios, mainly because the control granularity is not enough. For example, I want to control a role can only operate the resources of a certain cluster, RBAC can not express, but ABAC can express, but ABAC is much more complex, AWS IAM is ABAC, but ease of use is very good.