Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
This article demonstrates how to install a managed Kubernetes cluster in Alibaba Cloud with ARC CLI and deploy a private container registry using Harbor and Helm.
Harbor is an open-source registry that stores artifacts with role-based access control and policies and ensures images are scanned and free from vulnerabilities.
In this article, I'm going to show you how to deploy Concourse CI in the Alibaba Cloud-managed Kubernetes service with a Helm chart. After that, we will set up a simple pipeline in Concourse CI with Fly CLI. Concourse CI is a nice automation tool that brings YAML native CI/CD pipelines to your Kubernetes cluster.
High-level overview:
In this article, we will explore the step-by-step installation of private S3-compatible storage server MinIO on Alibaba Cloud Container Service Kubernetes. We will expose MinIO web UI to the internet and make MinIO API available for MC CLI in the Cloud Shell.
MinIO is an open-source, high-performance, S3-compatible object storage. It allows building AWS S3 compatible data infrastructure.
With the rapid development of the Flutter framework, more and more businesses begin to use Flutter to refactor or build new products. However, in practice, we have found that, on the one hand, Flutter has a high development efficiency, excellent performance, and good cross-platform performance. On the other hand, Flutter also faces problems, such as missing or imperfect plug-ins, basic capabilities, and the underlying framework.
For example, in the process of implementing an automated recording and playback, we have found that the code of the Flutter framework (Dart level) needs to be modified to meet the requirements during automatic recording playback. This leads to the risk of the framework becoming vulnerable to intrusion. To solve this problem and reduce the maintenance cost in the iteration process, the first solution we consider is Aspect-Oriented Programming.
Distributed Denial of Service (DDoS) uses a large number of valid requests to consume network resources and make services unresponsive and unavailable to legitimate users. Currently, DDoS attacks are one of the most powerful cyber-attacks to defend against.
DDoS has been around the cybersecurity world for a long time and is an old attack method. DDoS prevention has also undergone different stages.
The Performance Challenge Championship (PCC) is an event organized by ArchNotes. After learning about the rules of the competition, I found PostgreSQL is very suitable for this scenario. The scenario is reproduced as it is, implemented with PG, but how does it perform?
The competition is described as follows (page in Chinese, but Chrome can translate): https://github.com/archnotes/PCC
Independent event correlation analysis is very interesting. For example, the "Passing By" function points of some apps can indicate that you've been in a similar location with a different person at a different time. Independent event correlation analysis can also be used for public opinion analysis, sales portfolio for commodities, and user-car fitting.
User-car fitting in the safety system processes spatio-temporal data for fitting drivers, passengers, and vehicles.
Jenkins X has just added initial support to install in Alibaba Container Service, its Kubernetes offering.
The following instructions allow installation in a managed Kubernetes cluster in any region outside of mainland China, where more configuration is needed to avoid using Google services blocked by Chinese authorities (Docker images in GCR). There is a pending issue for that.
From a DevOps point of view, the importance of a well-architected solution, with proper separation of responsibilities, is fundamental for the long-term success of any application. This case we are presenting today is a very simplified example made to showcase the concept and to be easily understood, but it sets the base to scale it on your own as you gain confidence on this topic. We will make use of Elastic Compute Service (ECS), Server Load Balancer (SLB) and Virtual Private Cloud (VPC), all very common Alibaba Cloud services that you should be familiar with.
When using Docker, like in our case today, one should never run more than one function per container. Running more than one defeats the whole purpose of using containers, as adding them doesn't cost much in terms of resources. In my experience, as DevOps lead engineer, I saw too many projects made by others with supervisord managing multiple functions in a single container. This is considered an anti-pattern as makes it very hard to track, debug and scale them horizontally. Please notice that I'm using the word function, not process. The official Docker documentation has moved away from saying one "process" to instead recommending one "concern" or "function" per container.
Throttling is one of the three effective methods for protecting a high concurrency system. The other two are respectively caching and downgrading. Throttling is used in many scenarios to limit the concurrency and the number of requests. For example, in the event of flash sales, throttling protects your own system and the downstream system from being overwhelmed by tremendous amounts of traffic.
The purpose of throttling is to protect the system by restricting concurrent access or requests or restricting requests of a specified time window. After the threshold is exceeded, denial of service or traffic shaping is triggered.
Istio Gateway supports multiple custom ingress gateways. It opens a series of ports to host incoming connections at the edge of the grid and can use different load balancers to isolate different ingress traffic flows. Cert-manager can be used to obtain certificates by using any signature key pair stored in the Kubernetes Secret resource. This article provides instructions on the steps for manually creating a custom ingress gateway and how to use cert-manager to automatically configure certificates in the gateway.
CA Issuer does not automatically create and manage signature key pairs. The key pairs are either provided by the user or a new signature key pair for a self-signed CA is generated by a tool, such as OpenSSL. For example, you can generate keys and certificates of type x509 by using the following command:
Alibaba Cloud offers a hassle-free on-demand computing service, Elastic Compute Service (ECS), which can be deployed with just a few clicks and install a Linux distribution of your choice.
With each instance configured, you can run highly scalable database servers such as MySQL. On top of these, you can take advantage of their fast memory and latest CPUs to create a redundant environment for your MySQL server.
MySQL is one of the most popular Relational Database Management Systems (RDBMS). The open-source database server is widely adopted in a production environment for data storage especially with Content Management Systems like WordPress and Magento.
One of the key features of MySQL is its support for transactions and explicit locks that make it the best when it comes to ACID compliance. We will explain this later in the guide.
Traffic mirroring, also known as traffic shadowing, provides a powerful way to bring changes to production at the lowest possible risk. The mirror sends a copy of real-time traffic to the mirroring service. Mirrored traffic goes outside of the critical request path of the main services.
In non-production or test environments, trying to access all possible combinations of test cases for a service is unrealistic. In some cases, the work of writing these test cases may not match actual production needs. In the ideal case, you can use real-time production use and traffic to help improve the functional regions you miss in the test environment.
In the process of project iteration, you will inevitably need to go online. Going online means deploying or re-deploying; deploying means modifying; and modifying means risk.
Gray is between black and white. Grayscale release refers to a release process involving a smooth transition. Grayscale release can ensure overall system stability. You can find problems and make adjustments at the initial gray scale to minimize the degree of impact. What we often call AB testing or canary release are other forms of grayscale release.
MySQL Relational Database Management System (RDBMS) is widely used by developers because of its advanced features. These include dozens of built-in functions and transactions support. MySQL is also scalable, flexible, and secure to ensure round-the-clock uptime.
The RDBMS standard library functions are a specific set of routines that perform a specific task and return results very quickly. Hence, they eliminate the need to write a lot of code for handling database manipulation.
The Istio traffic management model basically allows for the decoupling of traffic from infrastructure scaling, allowing operations personnel to specify the rules to apply to traffic using Pilot instead of specifying which pods/VMS should receive traffic. Decoupling traffic from infrastructure scaling allows Istio to provide a variety of traffic management functions independent of application code. The Envoy sidecar proxy implements these functions.
In a typical mesh, you often have one or more finalizing external TLS connections at the end to guide traffic into the mesh's load balancer (known as a gateway); the traffic then flows through internal services after the sidecar gateway. The following figure illustrates the use of gateways in a mesh:
Apache is the cornerstone of modern web servers and is a powerful software solution for a large percentage of today's internet economy.
According to a July 2018 research published by w3techs, Apache has a market share of around 45.9 percent. That being said, Apache web server is targeted by most hackers. The software is secure out-of-the-box, but you can still harden it with some additional modules.