Group items tagged

Kubernetes is fully controlled through this API

the main job of kubectl is to carry out HTTP requests to the Kubernetes API

Kubernetes maintains an internal state of resources, and all Kubernetes operations are CRUD operations on these resources.

Kubernetes is a fully resource-centred system

Kubernetes API reference is organised as a list of resource types with their associated operations.

This is how kubectl works for all commands that interact with the Kubernetes cluster.

kubectl simply makes HTTP requests to the appropriate Kubernetes API endpoints.

it's totally possible to control Kubernetes with a tool like curl by manually issuing HTTP requests to the Kubernetes API.

Kubernetes consists of a set of independent components that run as separate processes on the nodes of a cluster.

components on the master nodes

Storage backend: stores resource definitions (usually etcd is used)

API server: provides Kubernetes API and manages storage backend

Controller manager: ensures resource statuses match specifications

Scheduler: schedules Pods to worker nodes

component on the worker nodes

Kubelet: manages execution of containers on a worker node

triggers the ReplicaSet controller, which is a sub-process of the controller manager.

the scheduler, who watches for Pod definitions that are not yet scheduled to a worker node.

creating and updating resources in the storage backend on the master node.

However, these components do not access the storage backend directly, but only through the Kubernetes API.

All other Kubernetes components and users read, watch, and manipulate the state (i.e. resources) of Kubernetes through the Kubernetes API

The storage backend stores the state (i.e. resources) of Kubernetes.

command completion is a shell feature that works by the means of a completion script.

A completion script is a shell script that defines the completion behaviour for a specific command. Sourcing a completion script enables completion for the corresponding command.

kubectl completion zsh

/etc/bash_completion.d directory (create it, if it doesn't exist)

source <(kubectl completion bash)

source <(kubectl completion zsh)

autoload -Uz compinit compinit

the API reference, which contains the full specifications of all resources.

kubectl api-resources

displays the resource names in their plural form (e.g. deployments instead of deployment). It also displays the shortname (e.g. deploy) for those resources that have one. Don't worry about these differences. All of these name variants are equivalent for kubectl.

.spec

custom columns output format comes in. It lets you freely define the columns and the data to display in them. You can choose any field of a resource to be displayed as a separate column in the output

kubectl get pods -o custom-columns='NAME:metadata.name,NODE:spec.nodeName'

kubectl explain pod.spec.

kubectl explain pod.metadata.

browse the resource specifications and try it out with any fields you like!

with kubectl explain, only a subset of the JSONPath capabilities is supported

Many fields of Kubernetes resources are lists, and this operator allows you to select items of these lists. It is often used with a wildcard as [*] to select all items of the list.

kubectl get pods -o custom-columns='NAME:metadata.name,IMAGES:spec.containers[*].image'

a Pod may contain more than one container.

The availability zones for each node are obtained through the special failure-domain.beta.kubernetes.io/zone label.

kubectl get nodes -o yaml kubectl get nodes -o json

The default kubeconfig file is ~/.kube/config

with multiple clusters, then you have connection parameters for multiple clusters configured in your kubeconfig file.

overwrite the default kubeconfig file with the --kubeconfig option for every kubectl command.

Namespace: the namespace to use when connecting to the cluster

a one-to-one mapping between clusters and contexts.

When kubectl reads a kubeconfig file, it always uses the information from the current context.

just change the current context in the kubeconfig file

kubectl also provides the --cluster, --user, --namespace, and --context options that allow you to overwrite individual elements and the current context itself, regardless of what is set in the kubeconfig file.

for switching between clusters and namespaces is kubectx.

kubectl config get-contexts

just have to download the shell scripts named kubectl-ctx and kubectl-ns to any directory in your PATH and make them executable (for example, with chmod +x)

kubectl proxy

kubectl get roles

kubectl get pod

Kubectl plugins are distributed as simple executable files with a name of the form kubectl-x. The prefix kubectl- is mandatory,

To install a plugin, you just have to copy the kubectl-x file to any directory in your PATH and make it executable (for example, with chmod +x)

krew itself is a kubectl plugin

check out the kubectl-plugins GitHub topic

The executable can be of any type, a Bash script, a compiled Go program, a Python script, it really doesn't matter. The only requirement is that it can be directly executed by the operating system.

kubectl plugins can be written in any programming or scripting language.

you can write more sophisticated plugins with real programming languages, for example, using a Kubernetes client library. If you use Go, you can also use the cli-runtime library, which exists specifically for writing kubectl plugins.

a kubeconfig file consists of a set of contexts

changing the current context means changing the cluster, if you have only a single context per cluster.

view templates are written in a language called ERB (Embedded Ruby) which is converted by the request cycle in Rails before being sent to the user.

Each action's purpose is to collect information to provide it to a view.

A view's purpose is to display this information in a human readable format.

routing file which holds entries in a special DSL (domain-specific language) that tells Rails how to connect incoming requests to controllers and actions.

You can create, read, update and destroy items for a resource and these operations are referred to as CRUD operations

A controller is simply a class that is defined to inherit from ApplicationController.

If not found, then it will attempt to load a template called application/new. It looks for one here because the PostsController inherits from ApplicationController

:formats specifies the format of template to be served in response. The default format is :html, and so Rails is looking for an HTML template.

:handlers, is telling us what template handlers could be used to render our template.

When you call form_for, you pass it an identifying object for this form. In this case, it's the symbol :post. This tells the form_for helper what this form is for.

that the action attribute for the form is pointing at /posts/new

When a form is submitted, the fields of the form are sent to Rails as parameters.

parameters can then be referenced inside the controller actions, typically to perform a particular task

params method is the object which represents the parameters (or fields) coming in from the form.

Active Record is smart enough to automatically map column names to model attributes,

Rails uses rake commands to run migrations, and it's possible to undo a migration after it's been applied to your database

every Rails model can be initialized with its respective attributes, which are automatically mapped to the respective database columns.

migration creates a method named change which will be called when you run this migration.

The action defined in this method is also reversible, which means Rails knows how to reverse the change made by this migration, in case you want to reverse it later

Migration filenames include a timestamp to ensure that they're processed in the order that they were created.

@post.save returns a boolean indicating whether the model was saved or not.

prevents an attacker from setting the model's attributes by manipulating the hash passed to the model.

If you want to link to an action in the same controller, you don't need to specify the :controller option, as Rails will use the current controller by default.

inherits from ActiveRecord::Base

Rails includes methods to help you validate the data that you send to models

Rails can validate a variety of conditions in a model, including the presence or uniqueness of columns, their format, and the existence of associated objects.

redirect_to will tell the browser to issue another request.

rendering is done within the same request as the form submission

Each request for a comment has to keep track of the post to which the comment is attached, thus the initial call to the find method of the Post model to get the post in question.

pluralize is a rails helper that takes a number and a string as its arguments. If the number is greater than one, the string will be automatically pluralized.

The render method is used so that the @post object is passed back to the new template when it is rendered.

it accepts a hash containing the attributes that you want to update.

field_with_errors. You can define a css rule to make them standout

belongs_to :post, which sets up an Active Record association

creates comments as a nested resource within posts

call destroy on Active Record objects when you want to delete them from the database.

Rails allows you to use the dependent option of an association to achieve this.

store all external data as UTF-8

you're better off ensuring that all external data is UTF-8

use UTF-8 as the internal storage of your database

Rails defaults to converting data from your database into UTF-8 at the boundary.

:patch

By default forms built with the form_for helper are sent via POST

The :method and :'data-confirm' options are used as HTML5 attributes so that when the link is clicked, Rails will first show a confirm dialog to the user, and then submit the link with method delete. This is done via the JavaScript file jquery_ujs which is automatically included into your application's layout (app/views/layouts/application.html.erb) when you generated the application.

Without this file, the confirmation dialog box wouldn't appear.

just defines the partial template we want to render

As the render method iterates over the @post.comments collection, it assigns each comment to

use the authentication system

require and permit

the method is often made private to make sure it can't be called outside its intended context.

Terraform reads data resources during the planning phase when possible, but announces in the plan when it must defer reading resources until the apply phase to preserve the order of operations.

local-only data sources exist for rendering templates, reading local files, and rendering AWS IAM policies.

As with managed resources, when count or for_each is present it is important to distinguish the resource itself from the multiple resource instances it creates. Each instance will separately read from its data source with its own variant of the constraint arguments, producing an indexed result.

Data instance arguments may refer to computed values, in which case the attributes of the instance itself cannot be resolved until all of its arguments are defined. I

The Terraform Registry is the main directory of publicly available Terraform providers, and hosts providers for most major infrastructure platforms.

Dependency Lock File documents an additional HCL file that can be included with a configuration, which tells Terraform to always use a specific set of provider versions.

Terraform CLI finds and installs providers when initializing a working directory. It can automatically download providers from a Terraform registry, or load them from a local mirror or cache.

To save time and bandwidth, Terraform CLI supports an optional plugin cache. You can enable the cache using the plugin_cache_dir setting in the CLI configuration file.

you can use Terraform CLI to create a dependency lock file and commit it to version control along with your configuration.

凡是使用 JSX 的地方，都要加上 type="text/babel"

Browser.js 的作用是将 JSX 语法转为 JavaScript 语法，这一步很消耗时间，实际上线的时候，应该将它放到服务器完成。

HTML 语言直接写在 JavaScript 语言之中，不加任何引号，这就是 JSX 的语法，它允许 HTML 与 JavaScript 的混写

JSX 的基本语法规则：遇到 HTML 标签（以 < 开头），就用 HTML 规则解析；遇到代码块（以 { 开头），就用 JavaScript 规则解析。

JSX 允许直接在模板插入 JavaScript 变量。如果这个变量是一个数组，则会展开这个数组的所有成员

所有组件类都必须有自己的 render 方法，用于输出组件

组件类的第一个字母必须大写，否则会报错

组件类只能包含一个顶层标签

添加组件属性，有一个地方需要注意，就是 class 属性需要写成 className ，for 属性需要写成 htmlFor ，这是因为 class 和 for 是 JavaScript 的保留字。

convert an existing Rails helper to a decorator method

That method is presentation-centric, and thus does not belong in a model.

Where does that come from? It's a method of the source Article, whose methods have been made available on the decorator by the delegate_all call above.

a great way to replace procedural helpers like the one above with "real" object-oriented programming

format complex data for user display

Name servers host a domain’s DNS information in a text file called the zone file

Start of Authority (SOA) records

You’ll want to specify at least two name servers. That way, if one of them is down, the next one can continue to serve your DNS information.

Every domain’s zone file contains the admin’s email address, the name servers, and the DNS records.

a zone file, which lists domains and their corresponding IP addresses (and a few other things)

TLD nameserver

ISPs cache a lot of DNS information after they’ve looked it up the first time

Usually caching is a good thing, but it can be a problem if you’ve recently made a change to your DNS information

An A record matches up a domain (or subdomain) to an IP address

point different subdomains to different IP addresses

An AAAA record is just like an A record, but for IPv6 IP addresses.

An AXFR record is a type of DNS record used for DNS replication

used on a slave DNS server to replicate the zone file from a master DNS server

DNS Certification Authority Authorization uses DNS to allow the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.

A CNAME record or Canonical Name record matches up a domain (or subdomain) to a different domain.

You should not use a CNAME record for a domain that gets email, because some mail servers handle mail oddly for domains with CNAME records

the target domain for a CNAME record should have a normal A-record resolution

a CNAME record does not function the same way as a URL redirect

A DKIM record or domain keys identified mail record displays the public key for authenticating messages that have been signed with the DKIM protocol

An MX record or mail exchange record sets the mail delivery destination for a domain (or subdomain).

Ideally, an MX record should point to a domain that is also the hostname for its server.

Lower numbers have a higher priority

NS records or name server records set the nameservers for a domain (or subdomain).

You can also set up different nameservers for any of your subdomains.

The order of NS records does not matter; DNS requests are sent randomly to the different servers, and if one host fails to respond, another one will be queried.

A PTR record or pointer record matches up an IP address to a domain (or subdomain), allowing reverse DNS queries to function.

PTR records are usually set with your hosting provider. They are not part of your domain’s zone file.

An SOA record or Start of Authority record labels a zone file with the name of the host where it was originally created.

The administrative email address is written with a period (.) instead of an at symbol (<@>).

The single nameserver mentioned in the SOA record is considered the primary master for the purposes of Dynamic DNS and is the server where zone file changes get made before they are propagated to all other nameservers.

An SPF record or Sender Policy Framework record lists the designated mail servers for a domain (or subdomain).

An SPF record for your domain tells other receiving mail servers which outgoing server(s) are valid sources of email, so they can reject spoofed email from your domain that has originated from unauthorized servers.

Your SPF record will have a domain or subdomain, type (which is TXT, or SPF if your name server supports it), and text (which starts with “v=spf1” and contains the SPF record settings).

An SRV record or service record matches up a specific service that runs on your domain (or subdomain) to a target domain.

A TXT record or text record provides information about the domain in question to other resources on the Internet.

One common use of the TXT record is to create an SPF record on nameservers that don’t natively support SPF.

In most cases, the eligible DOM elements are identified by HTML5 data attributes.

using JavaScript to progressively enhance the user experience for capable browsers without negatively impacting clients that do not support or do not enable JavaScript.

jquery-ujs attaches a handler to links with the data-method attribute

jquery-ujs attaches a handler to links or forms with the data-confirm attribute that displays a JavaScript confirmation dialog

Users double click links and buttons all the time.

Links and buttons that have a data-disable-with attribute get a click handler that disables the element and updates the text of the button to that which was provided in the data attribute and disables the button.

Thanks to jquery-ujs and Rails’ respond_with, setting remote: true is likely the quickest way to get your Rails application making AJAX requests.

Cross-Site Request Forgery (CSRF) is an attack wherein the attacker tricks the user into submitting a request to an application the user is likely already authenticated to.

Name servers host a domain’s DNS information in a text file called a zone file.

Start of Authority (SOA) records

specifying DNS records, which match domain names to IP addresses.

Every domain’s zone file contains the domain administrator’s email address, the name servers, and the DNS records.

Your ISP’s DNS resolver queries a root nameserver for the proper TLD nameserver. In other words, it asks the root nameserver, *Where can I find the nameserver for .com domains?*

In actuality, ISPs cache a lot of DNS information after they’ve looked it up the first time.

An A record points your domain or subdomain to your Linode’s IP address,

use an asterisk (*) as your subdomain

An AAAA record is just like an A record, but for IPv6 IP addresses.

An AXFR record is a type of DNS record used for DNS replication

DNS Certification Authority Authorization uses DNS to allow the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.

A CNAME record or Canonical Name record matches a domain or subdomain to a different domain.

Some mail servers handle mail oddly for domains with CNAME records, so you should not use a CNAME record for a domain that gets email.

MX records cannot reference CNAME-defined hostnames.

A DKIM record or DomainKeys Identified Mail record displays the public key for authenticating messages that have been signed with the DKIM protocol

DKIM records are implemented as text records.

An MX record or mail exchanger record sets the mail delivery destination for a domain or subdomain.

An MX record should ideally point to a domain that is also the hostname for its server.

Priority allows you to designate a fallback server (or servers) for mail for a particular domain. Lower numbers have a higher priority.

NS records or name server records set the nameservers for a domain or subdomain.

You can also set up different nameservers for any of your subdomains

Primary nameservers get configured at your registrar and secondary subdomain nameservers get configured in the primary domain’s zone file.

A PTR record or pointer record matches up an IP address to a domain or subdomain, allowing reverse DNS queries to function.

opposite service an A record does

PTR records are usually set with your hosting provider. They are not part of your domain’s zone file.

An SOA record or Start of Authority record labels a zone file with the name of the host where it was originally created.

Minimum TTL: The minimum amount of time other servers should keep data cached from this zone file.

An SPF record or Sender Policy Framework record lists the designated mail servers for a domain or subdomain.

An SPF record for your domain tells other receiving mail servers which outgoing server(s) are valid sources of email so they can reject spoofed mail from your domain that has originated from unauthorized servers.

Make sure your SPF records are not too strict.

An SRV record or service record matches up a specific service that runs on your domain or subdomain to a target domain.

Service: The name of the service must be preceded by an underscore (_) and followed by a period (.)

Protocol: The name of the protocol must be proceeded by an underscore (_) and followed by a period (.)

Port: The TCP or UDP port on which the service runs.

Target: The target domain or subdomain. This domain must have an A or AAAA record that resolves to an IP address.

A TXT record or text record provides information about the domain in question to other resources on the internet.

After the block type keyword and any labels, the block body is delimited by the { and } characters

Identifiers can contain letters, digits, underscores (_), and hyphens (-). The first character of an identifier must not be a digit, to avoid ambiguity with literal numbers.

The # single-line comment style is the default comment style and should be used in most cases.

he idiomatic style is to use the Unix convention

Indent two spaces for each nesting level.

align their equals signs

Use empty lines to separate logical groups of arguments within a block.

Use one blank line to separate the arguments from the blocks.

"meta-arguments" (as defined by the Terraform language semantics)

Avoid separating multiple blocks of the same type with other blocks of a different type, unless the block types are defined by semantics to form a family.

Resource names must start with a letter or underscore, and may contain only letters, digits, underscores, and dashes.

By convention, resource type names start with their provider's preferred local name.

Most publicly available providers are distributed on the Terraform Registry, which also hosts their documentation.

The Terraform language defines several meta-arguments, which can be used with any resource type to change the behavior of resources.

use precondition and postcondition blocks to specify assumptions and guarantees about how the resource operates.

Some resource types provide a special timeouts nested block argument that allows you to customize how long certain operations are allowed to take before being considered to have failed.

Timeouts are handled entirely by the resource type implementation in the provider

Most resource types do not support the timeouts block at all.

A resource block declares that you want a particular infrastructure object to exist with the given settings.

Destroy resources that exist in the state but no longer exist in the configuration.

Destroy and re-create resources whose arguments have changed but which cannot be updated in-place due to remote API limitations.

Expressions within a Terraform module can access information about resources in the same module, and you can use that information to help configure other resources. Use the <RESOURCE TYPE>.<NAME>.<ATTRIBUTE> syntax to reference a resource attribute in an expression.

resources often provide read-only attributes with information obtained from the remote API; this often includes things that can't be known until the resource is created, like the resource's unique random ID.

data sources, which are a special type of resource used only for looking up information.

some dependencies cannot be recognized implicitly in configuration.

local-only resource types exist for generating private keys, issuing self-signed TLS certificates, and even generating random ids.

The count meta-argument accepts a whole number, and creates that many instances of the resource or module.

the count value must be known before Terraform performs any remote resource actions. This means count can't refer to any resource attributes that aren't known until after a configuration is applied

Within nested provisioner or connection blocks, the special self object refers to the current resource instance, not the resource block as a whole.

each.value — The map value corresponding to this instance. (If a set was provided, this is the same as each.key.)

for_each keys cannot be the result (or rely on the result of) of impure functions, including uuid, bcrypt, or timestamp, as their evaluation is deferred during the main evaluation step.

The value used in for_each is used to identify the resource instance and will always be disclosed in UI output, which is why sensitive values are not allowed.

if you would like to call keys(local.map), where local.map is an object with sensitive values (but non-sensitive keys), you can create a value to pass to for_each with toset([for k,v in local.map : k]).

for_each can't refer to any resource attributes that aren't known until after a configuration is applied (such as a unique ID generated by the remote API when an object is created).

he for_each argument does not implicitly convert lists or tuples to sets.

Transform a multi-level nested structure into a flat list by using nested for expressions with the flatten function.

Instances are identified by a map key (or set member) from the value provided to for_each

Within nested provisioner or connection blocks, the special self object refers to the current resource instance, not the resource block as a whole.