801 Matching Annotations
  1. Jan 2021
    1. Understand how CMD and ENTRYPOINT interact


    1. This will make GitOps more natural as data sources and dashboards can be defined via files that can be version controlled. We hope to extend this system to later add support for users, orgs and alerts as well.


      • data source
      • dashboards

      not support yet:

      • users
      • orgs
      • alerts
    1. labelmap: Match regex against all label names. Then copy the values of the matching labels to label names given by replacement with match group references (${1}, ${2}, …) in replacement substituted by their value.
        - action: labelmap
          regex: __meta_kubernetes_service_label_(.+)
          // all __meta_kubernetes_service_label_(.+) will be changed to the (.+)
          // e.g. 
          //        __meta_kubernetes_service_label_app='armada-api'        
          // to
          //        app='armada-api'

      from https://gist.github.com/reachlin/a98b90afcbff4604c90c183a0169474f#file-prometheus-yml-L43-L46

    2. role types

      roles types for kubernetes_sd_config:

      • node
      • service
      • pod
      • endpoints
      • ingress
    1. Auth Proxy Authentication

      seems related to Kalm integrating PLG (Promtail Loki Grafana)

    1. Finally, to jump up to a full blown audit node, we recommend the following specs:A solid state drive (SSD) of 8 TBAt least 32 GB of RAMIntel i7 or equivalent

      8TB 的 SSD,有点儿夸张。。。

  2. Dec 2020
    1. KubeSail.com can also forward kube-api and Ingress traffic to your cluster! This allows you to host internet-facing applications on your cluster, even if it does not have a reliable static IP address, and without having to forward ports. HTTPS traffic is kept secure and encrypted from the internet all the way to your cluster's applications - it's never decrypted by KubeSail (or the KubeSail agent).


    1. 哈哈哈,就从评价和标记都没了这点,就知道这部电影可以一看

    1. p.eft is the effect for a policy, it can be allow or deny

      eft == effect


    1. 设置 networkservice DHCP


      sudo networksetup -setdhcp Wi-Fi
      networksetup -setdnsservers Wi-Fi


      networksetup -setmanual Wi-Fi 255.255
      networksetup -setdnsservers Wi-Fi
    1. You can change default privileges only for objects that will be created by yourself or by roles that you are a member of.


      # ERROR: must be member of role "bfd"
    1. Sometimes, applications are temporarily unable to serve traffic. For example, an application might need to load large data or configuration files during startup, or depend on external services after startup. In such cases, you don't want to kill the application, but you don't want to send it requests either. Kubernetes provides readiness probes to detect and mitigate these situations. A pod with containers reporting that they are not ready does not receive traffic through Kubernetes Services.

      alive but not ready for requests

    1. All DNS servers fall into one of four categories: Recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers.

      4 types of DNS Server:

      • Recursive Solver
      • root NS
      • TLD NS
      • authoritative nameservers
    1. time-to-live (TTL)

      TTL for cache

    2. the .com Top-Level Domain (TLD)

      TLD: Top Level Domain

    3. recursive resolver

      recursive resolver, 这是个什么鬼?

    1. The authoritative name servers that serve the DNS root zone, commonly known as the “root servers”, are a network of hundreds of servers in many countries around the world. They are configured in the DNS root zone as 13 named authorities


      13 个 root servers

    1. DeferredDiscoveryRESTMapper

      There are multiple different implementations of the RESTMapper interface. The most important one for client applications is the discovery-based DeferredDiscoveryRESTMapper in the package k8s.io/client-go/restmapper: it uses discovery information from the Kubernetes API server to dynamically build up the REST mapping. It will also work with non-core resources like custom resources.

      From: programming kubernetes

    1. v2ray config


    1. probers point to a new endpoint at port 15020, this is expected. As the name indicates, "prober rewrites" means the actual podspec container prober configuration is configured to different path and port.

      Istio re-write probe port to 15020

    1. controller-runtime is doing this

      not sure how this works but yes, it works

    1. Sharding the network in a proof-of-work system would simply lower the power needed to compromise a portion of the network

      如果是挖矿的模式下(PoW),多条链的 sharding 模式意味着算力的分散,51% 攻击某条链的成本更低了

    2. and more nodes doesn't mean increased % returns


    3. Crosslinks


    4. After each epoch, the committee is disbanded and reformed with different, random participants.


    5. seems a good place to start learning of PoS

    1. The Eth2 upgrades


      1. The Beacon Chain (live)
      2. Shard chains
      3. The docking
    2. How the upgrades fit together


      beacon chain 和 mainnet 现在以及将来的关系非常直观

    3. ETH2 home page

    1. But it won't be like the Ethereum mainnet of today. It can't handle accounts or smart contracts.