Preface There is an interesting data structure in lisp, Cons, which uses function closures to encapsulate a two-tuple data structure and build any other data structure needed on top of that. Before this, although I knew about closures and such, and had written some higher-order functions, I hadn’t thought about the possibility of using functions to build data structures, and I’ll explain how to do that in ts below. lisp cons’s wiki

In k8s administration, resources like secrets are not well maintained. kubeseal provides a relatively simple way to encrypt the original secret resource and decrypt it through the controller as a way to circumvent the risk of secret leakage. install kubeseal 1 2 3 4 $ wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/kubeseal-0.18.0-linux-amd64.tar.gz $ tar -xvf kubeseal-0.18.0-linux-amd64.tar.gz $ cp kubeseal /usr/local/bin/ $ kubeseal --version Install controller. 1 $ kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.0/controller.yaml After executing the above command, a controller Pod will be started under the kube-system namespace.

In Go project development, the team has to keep the development version consistent, how to quickly install and deploy and switch Go environment, here we recommend a tool GVM (Go Version Manager), it can easily switch and customize Go Path, Go Root and other parameters, is a real multi-version installation and management tool. GVM, similar to RVM in ruby, can be used to easily manage Go versions. It has the following main features.

RPC Here is the explanation of RPC from Wikipedia, which can be compared with HTTP protocol, RPC is more suitable for distributed call scenarios in large and medium-sized projects in companies. In distributed computing, Remote Procedure Call (RPC for short) is a computer communication protocol. The protocol allows a program running on one computer to call a subroutine in another address space (usually a computer on an open network) without the programmer having to additionally program this interaction (without attention to detail), just as if it were a local program.

Brew is a package management tool on Mac, just like apt, yum, rpm on Linux, which can provide non-graphical software installation. Yesterday, while building the most powerful IDE in the universe, I used the brew tool to update the packages. Upgraded my Go version to the latest version, and wiped out the previously configured multiple versions of Go. Option 1 brew switch 1. brew install 1 brew install go By default you can install the latest version of go, and then install the specified version, using the brew switch command to switch between them.

Mutex is used to ensure that only one goroutine accesses a shared resource. In a large number of concurrent scenarios, especially read scenarios, a shared resource block can only be accessed serially by a goroutine, which leads to performance impact, and the solution is to distinguish between read and write operations. This turns a serial read into a parallel read, which is used to improve the performance of read operations.

This article describes the main Release Policies for k8s applications. Recreate Stop the old version and deploy the new one. Main Configuration 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 --- kind: Service apiVersion: v1 metadata: name: test-app labels: app: test-app spec: type: NodePort ports:

prometheus installed with kube-prometheus will only monitor default kube-system monitoring (kube-prometheus creates its own ns), but if you want to add other namespaces, you need to do something else. 1. monitor endpoint resources in other namespaces What you need to do Create a role in the new namespace to get the monitoring information. bind the created role to the prometheus-k8s sa in the monitoring namespace. 1 2 3 4 5

Requirements Docker Server Version: 20.10.12 On a server with Docker, I need to restrict external access using iptables as a firewall. Iptables && Docker iptables is divided into three levels: tables, chains and rules. We generally only use the filter table, which contains. INPUT, input chain. Packets sent to this machine pass through this chain. OUTPUT, the output chain. Packets sent from this machine pass through this chain. FORWARD, the

1. Objectives The core goal of this article: Use the full docker cli command on a Mac, including support for basic -v mounts. Support for x86 emulation, with the ability to build or run images for x86. CPU architecture switching where possible, preferably for both arm64 and x86. 2. the choice of tools First of all, we are most familiar with Docker Desktop, the installation package is huge and the

Preface The standard library container of golang provides an implementation of heap. This article briefly analyzes how it is implemented and how to use it. heap Taking minheap minimal binomial heap as an example, the heap has the following properties. Any node is smaller than all its children, and the smallest node is at the root of the heap (heap orderliness) The heap is a complete tree: i.e., all nodes in all layers except the bottom layer are filled with elements, and the bottom layer is filled from left to right as much as possible.

In Go language, how to handle string summing efficiently? Since strings are immutable, stitching many strings together is like declaring a new variable to store. Here we can use strings.Builder or bytes.Buffer to solve the string summing performance problem. In addition to performance issues, it is important to note that bytes.Buffer handles the conversion between []byte and string. Here are some of the errors written in the actual project for your reference.

Background I’ve been experimenting with NixOS and running Nix on macOS, and I’ve been documenting some of the problems and solutions I’ve encountered in the process. NixOS Global configuration Global configuration paths for NixOS: /etc/nixos/configuration.nix and /etc/nixos/hardware-configuration.nix. Apply the updated global configuration. 1 2 3 nixos-rebuild switch # or nixos-rebuild switch --upgrade Updating major releases If you want to update NixOS 21.11 to 22.05: 1 2 3 nix-channel --list nix-channel --add https://nixos.

The IETF (Internet Engineering Task Force) has announced the HTTP/3 standard, number RFC 9114. The RFC Editor page indicates that RFC 9114 is currently in PROPOSED STANDARD status and has not yet become a formal standard. HTTP/3, HTTP-over-QUIC, is a new HTTP protocol that uses QUIC for transport. QUIC (Quick UDP Internet Connections) was originally developed by Google, and when the IETF began standardizing QUIC, it was split into two layers: transport and HTTP.

Linux, there are several tools are related to time, recently work encountered them, so I intend to write a few articles related to Linux time. Today, I’d like to talk about hwclock, a tool that is probably used by those who play with the Internet of Things, because it is often used to keep the time of hardware devices, but most of the former devices are often networked, that is, they use NTP.

coroutine A long time ago I knew this thing, but Java did not, so I did not know much about it, recently in learning Python see coroutine, make a record. Concepts Speaking of coroutine is generally associated with processes and threads, usually please compare the three as follows. Process: an instance of program execution, a process contains at least one thread, and switching between different processes is costly. Thread: the basic unit of CPU scheduling, an entity of a process, the context switching cost of threads is smaller than that of processes.

If you’re searching for an explanation of how argparse is used, then you’re usually confused as to what exactly this code does, like the one below. What problem does it solve? Why do you need such code? 1 2 3 4 5 6 7 8 9 10 11 import argparse parser = argparse.ArgumentParser(description='Process some integers.') parser.add_argument('integers', metavar='N', type=int, nargs='+', help='an integer for the accumulator') parser.add_argument('--sum', dest='accumulate', action='store_const', const=sum, default=max, help='sum the integers (default: find the max)') args = parser.

firewalld in CentOS is built on iptables and some other programs. firewalld uses some more friendly configuration methods to implement iptables operations. It also extends some features that are not supported by iptables itself, such as timed firewall rules. The full program and library dependencies are available on the firewalld website at https://firewalld.org/. iptables processes network packets by manipulating the Linux kernel netfilter module. Please temporarily disable the firewalld firewall on your machine before operating the command, and make sure you have access to the physical machine (or a physical terminal in a virtual machine), as some rules will block access to SSH port 22 and prevent subsequent operations.

Most Linux distributions come with the command tc for traffic control. You can read more about tc’s qdisc in the article at the end of this article. The command to simulate a weak network is given here directly. It works directly on the specified physical NIC. 1 2 # 200m Latency 30ms Jitter + 10% packet loss + 10% repetition + 10% disorder tc qdisc add dev ens256 root netem delay 200ms 30ms loss 10% duplicate 10% reorder 10% Works on the specified port under the NIC, here is an example of port 2000.

Regarding the singleton pattern in Java programming, the author most often uses the internal static class implementation, or the enumeration implementation. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 // 内部静态类的实现 public class Singleton1 { private static class SingletonHolder { private static final Singleton1 INSTANCE = new Singleton1(); } private Singleton1() {