give the wireless network higher priority than the wired WIRELESS CONNECTION > "Internet Protocol Version 4 (TCP/IPv4) Properties" > advanced TCP/IP setting > Automatic metric Uncheck it. That will enable a text box named “Interface metric”. Fill in a number. It needs to be larger than 1 (reserved for loopback) and the number(30) you choose for the wired network. WIRED CONNECTION > "Internet Protocol Version 4 (TCP/IPv4) Properties" > advanced TCP/IP setting > Automatic metric Again Uncheck “Automatic metric”, and fill in a number in the “Interface metric” box.

AppInfo 启动类型必须是自动或手动, 否则,msinstaller, services.msc, regedit 等都会报错: The Service command cannot be started, either because it is disabled or because it has no enabled devices associated with it AppInfo svchost.exe Facilitates the running of interactive applications with additional administrative privileges. Users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. These tools include regedit. Although safe to disable, this is not recommended since you need to boot into safe mode to enable again.

之前一直用pycharm,今天把code升级到1.3.2的时候, 突然提示我安装python扩展,决定试试。 结果发现python的解释器设置有问题, 总是设置为系统的解释器, 而虚拟环境的解释器不起作用。

apt remove --purge python3.5

结果ubuntu桌面启动不了。好多应用程序例如chrome,virtualbox都消失了, 造成了很大的麻烦。


apt install python3.5
apt install ubuntu-desktop


cd /etc/apt/sources.list.d
sudo mv google-chrome.list
apt update
apt install google-chrome-stable





K8S POD Command Override OCR docker Entrypoint vs k8s command docker k8s entry ENTRYPOINT command arguments CMD args k8s command and args override the default OCR Entrypoint and Cmd Dockerfile FROM alpine:3.8 RUN apk add --no-cache curl ethtool && rm -rf /var/cache/apk/* CMD ["--version"] ENTRYPOINT ["curl"] cmd-override-pod.yaml apiVersion: v1 kind: Pod metadata: name: command-override labels: purpose: override-command spec: containers: - name: command-override-container image: bigo/curl:v1 command: ["curl"] args: ["--help"] restartPolicy: Never docker run -it bigo/curl:v1 curl 7.

Node-level Logging System component logs RUN IN CONTAINER(Y/N) Systemd(W/WO) LOGGER LOCATION kubelet and container runtime W/O /var/log kubelet and container runtime W journald scheduler Y /var/log kube-proxy Y /var/log /var/lib/kubelet/pods/<PodUID>/ /var/log/pods/<PodUID>/<container_name> ls -l /var/log/pods/<PodUID>/<container_name>/ lrwxrwxrwx 1 root root 165 3月 30 06:52 0.log -> /var/lib/docker/containers/e74eafc4b3f0cfe2e4e0462c93101244414eb3048732f409c29cc54527b4a021/e74eafc4b3f0cfe2e4e0462c93101244414eb3048732f409c29cc54527b4a021-json.log Cluster-level logging Use a node-level logging agent that runs on every node.

git clone
git remote add upstream
git fetch --all
git checkout tags/v1.13.3 -b v1.13.3 
git branch -av|grep 1.13
* fix-1.13                            4807084f79 Add/Update for v1.13.2.
  remotes/origin/release-1.13         4807084f79 Add/Update for v1.13.2.


func (kl *Kubelet) syncPod(o syncPodOptions) error {

基于腾讯云Go SDK开发


go get -u


从本地开发集群K8S读取安全凭证secretId和secretKey配置信息, 然后把安全凭证传送给SDK客户端

secretId, secretKey:= K8SClient.Secrets("namespace=tencent").Get("cloud-pass")
credential := CloudCommon.NewCredential("secretId", "secretKey")
client, _ := cvm.NewClient(credential, regions.Beijing)
request := cvm.NewAllocateHostsRequest()
response, err := client.AllocateHosts(request)




准备 创建角色和授权 kubectl create clusterrolebinding "cluster-admin-faas" \ --clusterrole=cluster-admin \ --user="cluster-admin-faas" 分别为FAAS核心服务和函数创建名字空间 kubectl apply -f 创建凭证 # generate a random password PASSWORD=$(head -c 12 /dev/urandom | shasum| cut -d' ' -f1) kubectl -n openfaas create secret generic basic-auth \ --from-literal=basic-auth-user=admin \ --from-literal=basic-auth-password="$PASSWORD" 在本地helm仓库增加openfaas helm repo add openfaas "openfaas" has been added to your repositories 开始安装 helm repo update \ && helm upgrade openfaas --install openfaas/openfaas \ --namespace openfaas \ --set basic_auth=true \ --set functionNamespace=openfaas-fn 默认通过NodePorts方式访问openfaas控制台


mozilla crowdsources the largest dataset of human voices available for use, including 18 different languages, adding up to almost 1,400 hours of recorded voice data from more than 42,000 contributors


CNI是K8S的网络插件实现规范,与docker的CNM并不兼容,在K8S和docker的博弈过程中, K8S把docker作为默认的runtime并没有换来docker对K8S的支持。K8S决定支持CNI规范。 许多网络厂商的产品都提供同时都支持CNM和CNI的产品。

在容器网络环境,经常看到docker看不到K8S POD的IP网络配置, DOCKER容器有时候和POD无法通信。

CNI相对CNM是一个轻量级的规范。网络配置是基于JSON格式, 网络插件支持创建和删除指令。POD启动的时候发送创建指令。

POD运行时首先为分配一个网络命名空间,并把该网络命名空间制定给容器ID, 然后把CNI配置文件传送给CNI网络驱动。网络驱动连接容器到自己的网络, 并把分配的IP地址通过JSON文件报告给POD运行时POD终止的时候发送删除指令。

当前CNI指令负责处理IPAM, L2和L3, POD运行时处理端口映射(L4)






  • Flannel

  • Kube-router


  • OpenVSwitch

  • Calico



  • Weave Net

  • 网桥

    CNI 网桥

Decide to gave hugo a shot after many years of being jekyll

version notes some only works on 1.13 kubeadm version: &version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-16T15:29:34Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"} Starting with Kubernetes 1.12, the${ARCH}, and images don’t require an -${ARCH} suffix get all Pending pods kubectl get pods --field-selector=status.phase=Pending images list kubeadm config images list -v 4 I0217 07:28:13.305268 14495 interface.go:384] Looking for default routes with IPv4 addresses I0217 07:28:13.307275 14495 interface.

track http redirection -> -> curl -IL HTTP/1.1 301 Moved Permanently Location: Via: 1.1 varnish X-Cache: HIT X-Cache-Hits: 1 HTTP/1.1 200 OK Content-Length: 0 HTTP/1.1 301 Moved Permanently Strict-Transport-Security: max-age=31556952 Location: Access-Control-Allow-Origin: * X-Cache: HIT X-Cache-Hits: 1 HTTP/1.1 301 Moved Permanently Location: X-Cache: HIT X-Cache-Hits: 1 HTTP/1.1 200 OK Access-Control-Allow-Origin: * Cache-Control: max-age=600 X-Cache: HIT X-Cache-Hits: 1 main goal HTTP/2’s multiplexed connections, allowing multiple streams of data to reach all the endpoints independently.


  • 通信链路加密
  • 灵活的服务访问控制,包括细粒度访问策略
  • 访问日志审计
  • 服务提供方可替代性(batteries included)和可集成性


  • 安全标识

在K8S,安全标识(service account)代表一个用户,一个服务或一组服务。

  • 安全命名



  • 传输层认证
  • 终端用户认证

每一个终端请求通过JWT(JSON Web Token)校验, 支持Auth0, Firebase。

Normally, ${SNAP_DATA} points to /var/snap/microK8S/current. snap.microK8S.daemon-docker, is the docker daemon started using the arguments in ${SNAP_DATA}/args/dockerd

$snap start microK8S
$microK8S.docker pull
$microK8S.docker tag

for resource under namespace kube-system all-namespaces don’t include kube-system

$microK8S.kubectl describe po calico-node-4sq5r --namespace=kube-system

generate configuration file $jupyter notebook --generate-config Writing default config to: /home/bigo/.jupyter/ $ diff c.NotebookApp.allow_remote_access = True c.NotebookApp.ip = '' c.NotebookApp.open_browser = False set or reset password $jupyter notebook password Enter password: Verify password: [NotebookPasswordApp] Wrote hashed password to /home/bigo/.jupyter/jupyter_notebook_config.json then restart notebook server Sharing notebooks When people talk of sharing their notebooks, there are generally two paradigms they may be considering. Most often, individuals share the end-result of their work which means sharing non-interactive, pre-rendered versions of their notebooks; however, it is also possible to collaborate on notebooks with the aid version control systems such as Git

The Container Network Interface (CNI) is a library definition, and a set of tools under the umbrella of the Cloud Native Computing Foundation project. For more information visit their GitHub project. Kubernetes uses CNI as an interface between network providers and Kubernetes networking. Why Use CNI Kubernetes default networking provider, kubenet, is a simple network plugin that works with various cloud providers. Kubenet is a very basic network provider, and basic is good, but does not have very many features.

Note: Starting with TensorFlow 1.6, binaries use AVX instructions which may not run on older CPUs Have to build 1.6 or higher from source to run on older CPU Bazel 0.19.0 doesn’t read tools/bazel.rc anymore WARNING: The following rc files are no longer being read, please transfer their contents or import their path into one of the standard rc files: tensorflow-1.12.0/tools/bazel.rc $bazel build --config=opt //tensorflow/tools/pip_package:build_pip_package --cxxopt="-D_GLIBCXX_USE_CXX11_ABI=0" --sandbox_debug > build.

putting /tmp on tmpfs Interrupt Coalescence ubuntu 16 default Interrupt Coalescence (IC) $ethtool -c enp0s25 Coalesce parameters for enp0s25: Adaptive RX: off TX: off Pause frames $ethtool -a enp0s25 Pause parameters for enp0s25: Autonegotiate: on RX: on TX: on network Tuning the network adapter (NIC) use Jumbo frames ifconfig eth0 mtu 9000 ip result for a healthy system with no packet drops ip -s link show eth0 stop irqbalance for home user