• Tags
A10
ACME
AD
AES
AI
Aliyun
Ansible
APP
Application Delivery Controller
Arceus
Argo CD
ASCII
Authentication
Authorization
AWS
BASH
Bayonet
Benchmark
BGP
BIRD
Board Game
Browser
Byte
Cache
CDN
Channel
Chart
Checklist
Chrome
Chrome OS
Chrony
CI
Cilium
Cisco
Claude Code
Cloud-Native
Cloudflare
Cluster
Command Line
Completion
Config
Container
Context
CPU
CURL
Data
Database
Debug
Dehydrated
Design
DevSecOps
Diagrams
Dmg
DNS
DNS-01
Docker
EFF
ElasticSearch
ELK
Emoji
EMQX
Encode
Encrypt
ESXi
Extension
Firewall
Fortigate
Fortinet
FortiOS
Game
GeoIP
GIN
Git
GitBook
Github
Gitlab
GitOps
Gluetun
Go
Go-Mysql-Elasticsearch
Golang
Google
GPG
GraphQL
HA
HAProxy
Hash
HomeLab
Htop
HTTP
Infra
Infrastructure
Input Method
Interview
Introduction
IPhone
Iptables
Iso
Issue
ITerm2
Jenkins
Jsoniter
Juniper
JWT
Kafka
Kibana
Kubernetes
LDAP
Leetcode
Lightweight
Linkerd
Links
Linux
Llamafile
LLM
Log
Lua
Lullaby
LVM
Machinelearning
MacOS
Markdown
Mattermost
Meilisearch
Mermaid
MinIO
Module
MQTT
MSS
MTU
Music
MyDumper
MySQL
NAS
Netcat
Network
Nftables
Nginx
OAuth
OIDC
Ollama
OpenResty
Parquet
Percona
Pinyin
Pip
Plugin
Pokemon
Postgres
PostgreSQL
PowerDNS
PowerShell
Pprof
Principle
Prometheus
Protobuf
Proxy
Push
Python
QRCode
R
RAID
RDP
Redis
Regex
Ringtone
Route
Rust
S3
ScreenShot
Security
Selenium
Sentry
Service Mesh
SFTP
SHELL
Slides
Snow
Software
SonarQube
SQL
SSH
SSL
String
Switch
Sync
Synology
System
Taiwan
Tcpdump
Telegram
Terminal
Terraform
Test
Testing
Time
Timeout
TLS
Tools
Tor
Trace
Traefik
Travel
Tunnel
Typora
Ubuntu
UNIX
URL
UserAgent
V2Ray
Vagrant
Video
Vim
Virtualization
Visualization
VNC
VPN
VSCode
WAF
WASM
Web
WebAssembly
Webp
Windows
WSL
YAML
Youtube
Zabbix
Zero Trust
Zim
ZSH
台語

How Nginx Hides Upstream Errors

How Nginx Hides Upstream Errors Nginx allows enabling next upstream for the following seven retryable error codes 403 Forbidden 404 Not Found 429 Too Many Requests 500 Internal Server Error 502 Bad Gateway 503 Server Unavailable 504 Gateway Timeout When upstream returns 404, return a 200 response with a not-found image You can use proxy_intercept_errors to achieve this.\n> When proxy_intercept_errors is enabled, requests with upstream response codes >= 300 can be further handled via the error_page directive.

Monday, December 27, 2021 Read

Argo CD ApplicationSet Controller: The World Turns for Me!

Argo CD ApplicationSet Controller: The World Turns for Me! Argo CD # Install kind; see the official docs for other platforms # Run a lightweight k8s cluster locally ~$ brew install kind # Install kubectx; see the official docs for other platforms # Use it to switch between k8s contexts ~$ brew install kubectx # Install helm; see the official docs for other platforms # K8s package manager ~$ brew install helm # Install kubectl; see the official docs for other platforms # Communicate with the k8s cluster API server ~$ brew install kubectl # Install argocd cli; see the official docs for other platforms # Communicate with Argo CD ~$ brew install argocd

Monday, December 27, 2021 Read

Go AES Encryption and Decryption in Three Modes (CBC/ECB/CFB)

Go AES Encryption and Decryption in Three Modes (CBC/ECB/CFB) How to encrypt a file using Go

Wednesday, December 22, 2021 Read

Understanding Cilium Series (1): Introduction to Cilium

Understanding Cilium Series (1): Introduction to Cilium Current status of k8s Service load balancing implementations Before Cilium, Services were implemented by kube-proxy in three modes: userspace, iptables, and ipvs. Userspace In this mode, kube-proxy acts as a reverse proxy and listens on random ports. It redirects traffic to the proxy port via iptables rules, and kube-proxy forwards the traffic to backend pods. Service requests go from user space into kernel iptables and then back to user space, which is costly and has poor performance.

Tuesday, December 21, 2021 Read

Kubernetes Without kube-proxy

Kubernetes Without kube-proxy Quick-Start kubeadm init --skip-phases=addon/kube-proxy # Setup Helm repository helm repo add cilium https://helm.cilium.io/ helm install cilium cilium/cilium --version 1.9.18 \ --namespace kube-system \ --set kubeProxyReplacement=strict \ --set k8sServiceHost=REPLACE_WITH_API_SERVER_IP \ --set k8sServicePort=REPLACE_WITH_API_SERVER_PORT

Monday, December 20, 2021 Read

Zsh tab-completion not working

Zsh tab-completion not working Question Although I’ve used Oh-My-Zsh in the past, I decided this time around (i.e. setting up a new computer) I’d try to avoid installing it to keep things a bit leaner. Right now I’m trying to cherry-pick Oh-My-Zsh’s insensitive tab-completion feature. Digging around its source repo, I found the following line: zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|=*' 'l:|=* r:|=*' I’m fairly confident this is the line Oh-My-Zsh executes to do what I want, so I tried adding it to my .zshrc. Restarted my terminal. Typed cd desk, then hit [tab]. No dice – I didn’t get cd Desktop/.

Friday, December 10, 2021 Read

Linkerd 2.8 - Build a Simple and Secure Multi-Cluster Kubernetes Architecture

Linkerd 2.8 - Build a Simple and Secure Multi-Cluster Kubernetes Architecture

Thursday, December 9, 2021 Read

Best Practices for Writing Bash Scripts

Best Practices for Writing Bash Scripts Shell Scripting - Best Practices #!/usr/bin/env bash # Bash3 Boilerplate. Copyright (c) 2014, kvz.io set -o errexit set -o pipefail set -o nounset # set -o xtrace # Set magic variables for current file & dir __dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" __file="${__dir}/$(basename "${BASH_SOURCE[0]}")" __base="$(basename ${__file} .sh)" __root="$(cd "$(dirname "${__dir}")" && pwd)" # <-- change this as it depends on your app arg1="${1:-}" Use shift to read function arguments This makes it easier to reorder arguments, if you change your mind later.

Monday, December 6, 2021 Read

Day 28 - Introduction to Useful Third-Party Kubernetes Tools

Day 28 - Introduction to Useful Third-Party Kubernetes Tools $ kubectl get pods NAME READY STATUS RESTARTS AGE ithome-6564f65698-947rv 1/1 Running 0 84s ithome-6564f65698-fglr9 1/1 Running 0 84s ithome-6564f65698-k5wtg 1/1 Running 0 84s ithome-6564f65698-rrvk4 1/1 Running 0 84s ithome-6564f65698-zhwlj 1/1 Running 0 84s Stern/Kail The names of created pods often contain some unreadable random strings. If you use kubectl to observe logs for individual pods, you need to switch between different pods. There are many tools for this, such as Stern, Kube-tail, and Kail.

Thursday, December 2, 2021 Read

5 DevSecOps open source projects to know

5 DevSecOps open source projects to know Clair Sigstore KubeLinter Open Policy Agent and Gatekeeper Falco

Tuesday, November 30, 2021 Read

[Kubernetes] Service Overview

[Kubernetes] Service Overview Define Service With selector Since you need Pods before you define a Service, assume there are Pods in the cluster (exposing TCP port 9376) with the label app=MyApp. You can define a Service as an abstraction layer in front of those pods and provide the service through a domain name. kind: Service apiVersion: v1 metadata: name: my-service spec: # type has four options (ClusterIP, NodePort, LoadBalancer, ExternalName) # default is ClusterIP type: ClusterIP # select pods with "app=MyApp" selector: app: MyApp # Service port configuration ports: - protocol: TCP port: 80 # This is the port number exposed by the Pod targetPort: 9376 Pod <---> Endpoint(tcp:9376) <---> Service(tcp:80, with VIP)

Wednesday, November 24, 2021 Read

How Go Reads a 16GB File in 25 Seconds

How Go Reads a 16GB File in 25 Seconds Reading 16GB File in Seconds, Golang After opening the file, we have two options: Read the file line by line, which reduces memory pressure but takes more time. Read the entire file into memory and process it, which uses more memory but significantly reduces time. Because the file is too large (16 GB), we cannot load the entire file into memory. But the first option is also not feasible for us because we want to process the file within seconds.

Monday, November 22, 2021 Read

• ««
• «
• 12
• 13
• 14
• 15
• 16
• »
• »»