When using a image repository in an enterprise, you usually need to enable authentication, and the authentication credentials may be a common account for users in the enterprise. However, after docker login, the username and password after base64 will be saved in .docker/config.json, so that on some servers used by many people, there will be a problem of account leakage.
Is there a solution for this?
docker provides credentials store, which means that passwords are stored in an external credentials store.
A problem caused by a Go upgrade :" http2: no cached connection was available"
Direct phenomenon: I compiled kube-controller-manager with Go 1.13, and after running it for a while, I found that the controller did not work, and when I checked the logs, I found that it printed “http2: no cached connection was available “.
1 2 3 4 5 6 7 I0328 09:48:59.925056 1 round_trippers.go:383] GET https://10.220.14.10:8443/api/v1/namespaces/kube-system/endpoints/kube-controller-manager I0328 09:48:59.925085 1 round_trippers.go:390] Request Headers: I0328 09:48:59.925094 1 round_trippers.go:393] User-Agent: kube-controller-manager/v1.11.1 (linux/amd64) kubernetes/b1b2997/leader-election I0328 09:48:59.925102 1 round_trippers.
Find and delete large files that have been opened but deleted
In the daily operation and maintenance process, we often need to deal with disk space issues, when we receive alarms, the first time we will go to find those large files, generally such as centos, the large file may be /var/log/messages.
But sometimes, there is a situation where you can’t find the big files, and when you look for them by du, the size of the statistics doesn’t correspond to the space occupied by df.
How to set up a Pod to run on a specific node
1. Specify the Node by nodeSelector when creating the load Add a label to the node
1 kubectl label node node2 project=A Specify the nodeSelector to create the workload
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 cat <<EOF | kubectl apply -f - apiVersion: apps/v1 kind: Deployment metadata: name: nginx-nodeselector spec: replicas: 1 selector: matchLabels: app: nginx-nodeselector template: metadata: labels: app: nginx-nodeselector spec: nodeSelector: project: A containers: - name: nginx image: nginx EOF View Workload
cgroup cpu subsystem
Overview cgroups are control groups, which are responsible for controlling a range of resources for processes on linux, such as CPU, Memory, Huge Pages, and so on. CPU, Memory, Huge Pages, etc. cgroups are divided into modules by subsystems, and each resource is implemented by a subsystem. The cgroup provides calls to the outside world by means of a file system, and can be combined in a hierarchical way. This
Hardware knowledge: how to choose a monitor?
When buying a laptop, usually only focus on CPU and memory, SSD, appearance and what not, usually less attention to the monitor. Also some of the terms in the propaganda about the monitor also unknown feeling, but is it true? So took the time to do some collection and collation. The size of the monitor The general laptop screen size is more fixed several mainstream sizes, generally 13.3 inches, 14
Linux Basics: Display Manager
Display Manager (DM) is a program that provides graphical login capabilities for Linux distributions. It controls user sessions and manages user authentication. Display Manager will start the display server and load the desktop environment as soon as you enter your username and password.
The display manager is usually synonymous with the login screen. It is, after all, the visible part. However, the visible login screen, also called the welcome page (greeter), is only part of the display manager.
Installing Deepin Desktop on Manjaro
Deepin desktop version of the Manjaro community is no longer maintained, want to use deepin desktop also need to install their own, the installation process encountered more problems, recorded. Step 1: Install Manjaro I downloaded the Plasma Desktop version of Manjaro, which is the KDE version, and other versions should be similar. Update your system after the installation is complete. Step 2: Install xorg Xorg is an open source implementation
Most commonly used WebAssembly languages: Rust and JavaScript
A new “The State of WebAssembly 2022” survey is out, “It’s been a pretty good year for WebAssembly, it’s been a pretty good year”. Some highlights of the report include.
Rust usage and desire continues to climb Python usage has increased significantly JavaScript has become a viable WebAssembly language Blazor has also seen a significant increase in usage and desirability Wasmtime is the most widely used runtime Use of WebAssembly for serverless, containerization, and as a plugin host has climbed significantly Respondents say they are already using WebAssembly more frequently Non-browser APIs are most needed for WebAssembly Specifically, when asked about “languages used, or whether they have tried to develop in WebAssembly,” 45 percent of respondents said they often or sometimes use Rust; in last year’s survey, Rust topped the list.
iptables 15-Minute Tutorial & Common Commands Summary
iptables is a very classic firewall tool for Linux, but the learning curve is very high due to its complex structure, long official documentation, many parameters, and awkward configuration (default does not support persistence, commands added to take effect, etc.), and risky configuration (accidentally lose connection with the server). It is extremely unfriendly to Linux newbies or people with poor memory (I have a very poor memory). The purpose of
How to use the shell (3/3) - Configuring zsh
Lightweight, clean, simple. This is what I’m looking for in a zsh configuration Starting the shell First, let’s review the shell login and interaction Interaction The shell may or may not interact. Normal startup requires interaction if you type a command and wait for it to return, but no interaction is required if you run the script directly echo $- determines if there is an interaction, each letter represents an
How to use the shell (2/3) - The new era of the shell
Fish (Friendly Interactive shell) This is a groundbreaking shell that creates a new shell user interaction experience. Syntax highlighting, auto-completion based on manpage, auto-suggestions are all its firsts! 2B youth with bash, ordinary youth with zsh, literary youth with fish. The default configuration of fish is really good, the configuration file is: ~/.config/fish/config.fish fish uses functions to set behavior: fish fully uses functions to customize behavior, you can customize fish’s
How to use the shell (1/3) - shell compatibility and history
The name and concept of the shell evolved from its Unix predecessor, Multics. Applications are invoked and executed by the system through the shell. The general term sh refers to bsh (Bourne shell), but Bourne shell is not bash. bash is Bourne Again Shell. Thompson shell The Thompson shell (or V6 shell) was the first Unix shell in history, written by Ken Thompson and added to UNIX in 1971. It
Memory Order in C++
C++11 includes multithreading as a standard. Once multi-threading is involved, there are issues such as concurrency, data race, thread synchronization, etc. C++ provides standard libraries such as std::mutex and std::atomic for this purpose. One important concept for manipulating atomic variables is memory order, which involves many concepts and can be difficult to understand. In this article, we will talk about this topic. This article may be a bit long and
Testing Network Connectivity with Blackbox Exporter
If you need to monitor the network status between two hosts, hosts and external services, then try the Blackbox Exporter mentioned in this article.
1. Install Blackbox Download the binary package
1 2 3 4 5 wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.21.0/blackbox_exporter-0.21.0.linux-amd64.tar.gz tar -xzvf blackbox_exporter-0.21.0.linux-amd64.tar.gz mv blackbox_exporter-0.21.0.linux-amd64/blackbox_exporter /usr/bin/ mkdir /etc/prometheus mv blackbox_exporter-0.21.0.linux-amd64/blackbox.yml /etc/prometheus/ Clean up the installation package
1 rm -rf blackbox_exporter-0.21.0.linux-amd64* Create a new Systemd service
1 vim /usr/lib/systemd/system/blackbox_exporter.service Add the following content:
A question about stack allocation
I was writing a new project a while ago, and I didn’t use a large library like Qt in order to improve some speed. When I was doing process management, I encountered a strange crash problem.
Since I seldom write such code, I thought it was normal to have problems, but after a long time of troubleshooting, I couldn’t find the problem.
After revisiting how the OS manages processes, I found the problem.
Implementing Grafana Loki-based Log Alerts
For a production environment and an aspiring ops person, even millisecond level downtime is not tolerated. Proper logging and monitoring of infrastructure and applications is very helpful in solving problems, and can also help optimize costs and resources, as well as help detect some problems that may occur later. Earlier we learned to use Prometheus for monitoring alerts, but if we use Loki to collect logs can alerts be made
The Docker service mapped to 127.0.0.1 can be accessed directly from outside the host
One of the postings on Hacker News that caught attention over the last couple of days was an email sent to the Docker security team that focused on a very outrageous security concern with Docker. Even if you expose the port to a loopback address with a parameter like -p 127.0.0.1:80:80, the service can still be accessed externally, what happened?
The reason for this is simple: Docker has added this Iptables rule.
Advantages of WebAssembly and use scenarios
WebAssembly (Wasm) is a binary instruction format for stack-based virtual machines, a low-level assembly language designed to be very close to compiled machine code and very close to native performance. This article will introduce its advantages and usage scenarios, and experience the process of WebAssembly project development through code.
Simply put, Wasm is a compilation target that allows code written in about 30 languages to be compiled into .wasm files using WebAssembly-specific tools.
Rust 1.63 will support Scoped Thread
Members of the Rust development team introduced an important new feature to be added to the Rust 1.63 standard library: scoped thread. This is described as a system-level thread, and unlike thread::spawn(), scoped thread supports the use of local variables by threads, not just static variables.
Official example.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 use std::thread; let mut a = vec!