Jan 01, 0001

layout: “post” title: “Kubernetes network policy” date: “2016-02-17 18:53”

Kubernetes network policy

Kubernetes社区(确切的说是Kubernetes Network SIG [1])正在讨论Network Policy Proposal,以实现SDN、网络隔离、IP Overlapping等[2]复杂的网络需求。

...
Jan 01, 0001

layout: “post” title: “Google’s Transition From Single Datacenter, To Failover, To A Native Multihomed Architecture” date: “2016-02-24 10:33” category: cluster tags: [highscalability, google]

The main idea of the paper is that the typical failover architecture used when moving from a single datacenter to multiple datacenters doesn’t work well in practice. What does work, where work means using fewer resources while providing high availability and consistency, is a natively multihomed architecture:

Our current approach is to build natively multihomed systems. Such systems run hot in multiple datacenters all the time, and adaptively move load between datacenters, with the ability to handle outages of any scale completely transparently. Additionally, planned datacenter outages and maintenance events are completely transparent, causing minimal disruption to the operational systems. In the past, such events required labor-intensive efforts to move operational systems from one datacenter to another

...
Jan 01, 0001

layout: “post” title: “Docker Datacenter” date: “2016-02-26 17:38” category: docker tags: [docker, cluster]

Docker annonced Docker Datacenter (DDC) at Februrary 23. It is an integrated, end-to-end platform for agile application development and management from the datacenter to the cloud.

With Docker Datacenter, organizations are empowered to deploy a Containers as a Services (CaaS) on-premises or in your virtual private cloud. A CaaS provides an IT managed and secured application environment of content and infrastructure where developers can build and deploy applications in a self service manner.

...
Jan 01, 0001

layout: “post” title: “Alpine Linux” date: “2016-03-26 14:27”

Alpine Linux

随着Alpine Linux被越来越多的官方镜像使用,我们有必要了解一下Alpine Linux到底是个什么鬼。

Alpine Linux 是一个面向安全应用的轻量级 Linux 发行版。它采用了musl libc和busybox以减小系统的体积和运行时资源消耗,同时还提供了自己的包管理工具apk。Alpine Linux的内核都打了grsecurity/PaX补丁,并且所有的程序都编译为Position Independent Executables (PIE) 以增强系统的安全性。

...
Jan 01, 0001

layout: “post” title: “Hello world to Docker Mac” date: “2016-04-15 16:34”

终于等到了Docker for Mac。如之前期待的,体验真的很棒:

  • 安装简单了,标准的Mac Application
  • VPN无障碍
  • 原生的(osxfs)文件系统共享(其实还支持9p方式)
  • Docker Application管理 xhyve VM,更改配置后会自动重启
  • 速度快,在使用体验上跟在Linux上面已经差别不大
  • 可以与docker toolbox共存:Docker for Mac也会像Linux上面一样监听一个/var/run/docker.sock,这样客户端默认情况下就会走它的API;但也可以通过环境变量告诉docker CLI调用其他Docker Daemon的API(比如docker-machine管理的vm等)

...
Jan 01, 0001

layout: post title: Software Engineering at Google date: 2017-02-13 19:36:09 tags: [Google]

Google的Fergus Henderson在Software Engineering at Google中介绍了Google的软件工程实践。

软件开发

源码仓库

  • 单一源代码仓库,除了核心配置和安全相关代码,任何工程师都可以访问任何代码,并可以根据需要修改
  • 所有开发都基于master分支,发布的时候才创建发布分枝
  • 代码的每个子树都有owner,任何修改都需要owner批准

Blaze分布式构建系统

...
Jan 01, 0001

layout: post title: AWS S3故障回顾和总结 date: 2017-03-03 22:27:50 tags: [aws]

S3故障回顾

2月28日,AWS工程师在排查Northern Virginia (US-EAST-1) Region的一个S3计费问题时,因敲错了一条playbook的参数而误删了大量的s3控制服务引发了4小时的故障。这个误操作影响了两个S3的核心系统:

...
Jan 01, 0001

layout: post title: Gitlab故障回顾和总结 date: 2017-03-03 22:27:37 tags: []

Gitlab故障回顾

1月31日,Giblab在修复一个PostgreSQL数据同步问题(DB Replication lagged too far behind)时,误将生产环境的数据删除(本来是计划删除db1上的数据,结果发现在错误的db2上操作了)。进而寻求从备份数据恢复,结果发现没有实时备份:

...
Jan 01, 0001

layout: post title: Kubernetes HA date: 2017-03-15 18:12:47 tags: [kubernetes]

Kubernetes从1.5开始,通过kops或者kube-up.sh部署的集群会自动部署一个高可用的系统,包括

  • etcd集群模式
  • apiserver负载均衡
  • controller manager、scheduler和cluster autoscaler自动选主(有且仅有一个运行实例)

如下图所示

...
Jan 01, 0001

layout: post title: LinuxKit date: 2017-04-19 11:09:53 tags: [docker]

LinuxKit是Docker最新发布的一个用于为容器构建安全、便携、可移植操作系统的工具包。它根据用户编写的yaml(指定kernel和基于docker image的一些列服务)自动构建一个常见虚拟化平台或云平台的虚拟机镜像,并自动运行起来。主要特性包括

  • 增强安全性
  • 易用、可扩展
    • 所有服务均可定制,且用户服务和系统服务都是基于docker image
    • 构建过程基于docker
    • 基于Infrakit方便部署生成的镜像

安装

git clone https://github.com/linuxkit/linuxkit $GOPATH/src/github.com/linuxkit/linuxkit
make && make install

原理

编写yaml

LinuxKit需要编写一个yaml文件,来配置所需要的服务。可选的配置包括

...