Add notification configuration to SNS Topic resource "aws_sns_topic" "topic" { name = "s3-event-notification-topic" policy = <<POLICY { "Version":"2012-10-17", "Statement":[{ "Effect": "Allow", "Principal": {"AWS":"*"}, "Action": "SNS:Publish", "Resource": "arn:aws:sns:*:*:s3-event-notification-topic", "Condition":{ "ArnLike":{"aws:SourceArn":"${aws_s3_bucket.bucket.arn}"} } }] } POLICY } resource "aws_s3_bucket" "bucket" { bucket = "your_bucket_name" } resource "aws_s3_bucket_notification" "bucket_notification" { bucket = "${aws_s3_bucket.bucket.id}" topic { topic_arn = "${aws_sns_topic.topic.arn}" events = ["s3:ObjectCreated:*"] filter_suffix = ".log" } } Add notification configuration to Lambda Function resource "aws_iam_role" "iam_for_lambda" { name = "iam_for_lambda" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.

准备

• 搭建测试环境

可以参考从源代码构件K8S开发环境

ML2插件 ML2插件允许openstack网络中同时使用多种二层的网络技术;不同的节点可以使用不同的网络机制 ML2能够与现在所有的代理无缝集成;以前使用的代理无需变更，只要将传统的core plugin替换ML2 ML2使得对新的网络技术支持更为简单;无需重新开发新的core plugin插件;只需开发相应的机制驱动 ML2对二层的网络进行抽象;解锁了neutron所支持的网络类型(type)与访问这些网络类型的虚拟网络实现机制(mechansim);并通过驱动的形式进行扩展 不同的网络类型对应不同的类型驱动(type driver);由类型管理器(type manager)进行管理 不同的网络实现机制对应不同的机制驱动(mechansim);由机制管理器(mechansim manager)进行管理 neutron 支持的每一种网络类型都有一个对应的ML2类型驱动 类型驱动负责维护网络类型的状态;执行验证、创建网络等工作 目前neutron已经实现的网络类型包括：flat、local、vlan、vxlan、gre 目前neutron已经实现的网络机制有三种类型: 基于代理(agent-based): 包括linux bridge、open vswitch 基于控制器(controller-based): 包括open daylight、vmwavre NSX等 基于物理交换: 包括cisco nexus、arista、mellanox等 Mechanism drivers and L2 agents Mechanism Driver L2 agent Open vSwitch Open vSwitch agent Linux bridge Linux bridge agent SRIOV SRIOV nic switch agent MacVTap MacVTap agent linux bridge 代理 linux bridge 是成熟可靠的neutron二层网络虚拟化技术,支持local、flat、vlan、vxlan这四种网络类型,目前不支持gre

删除 systemctl list-unit-files --all | grep yunion systemctl disable yunion-executor systemctl disable yunion-registry systemctl disable kubelet rm -rf /opt/yunion systemctl disable libvirtd.service ip link set virbr0 down brctl delbr virbr0 operator kubectl logs -n onecloud default-region- -c init kubectl edit deployments. -n onecloud onecloud-operator containers: - command: - /bin/onecloud-controller-manager - -sync-user onecloud-operator，加上‘-sync-user’ 会自动修改用户密码， 然后再 kubectl delete deployments -n onecloud default-region 等待重建再试试 WEB 前端代码是很多 git 仓库组成的，需要用 ‘yarn sync release/3.

避开Tiller使用Helm部署K8S应用 Tiller存在的问题 破坏RBAC访问机制 全局的Tiller拥有cluster-admin角色，所以在安装过程中，服务以cluster-admin 角色可以越权访问资源 部署名字不能重复且唯一 部署名字唯一且很多chart中部署名字也添加到服务名中，导致服务名字混乱。 独立使用helm 获取模板 使用配置修改模板 生产yaml文件 git clone https://github.com/istio/istio.git cd istio git checkout 1.0.6 -b 1.0.6 helm template install/kubernetes/helm/istio --name istio --namespace istio-system \ --set security.enabled=false \ --set ingress.enabled=false \ --set gateways.istio-ingressgateway.enabled=false \ --set gateways.istio-egressgateway.enabled=false \ --set galley.enabled=false \ --set sidecarInjectorWebhook.enabled=false \ --set mixer.enabled=false \ --set prometheus.enabled=false \ --set global.proxy.envoyStatsd.enabled=false \ --set pilot.sidecar=false > $HOME/istio-minimal.yaml kubectl create namespace istio-system kubectl apply -f $HOME/istio-minimal.

Container When working with cloud native solutions such as Kubernetes, resources are volatile. Services come and go by design, and that’s fine—as long as the whole system operates in a regular way. Classical monitoring solutions aren’t always able to handle this transience gracefully Graphite Graphite has no direct data collection support. Carbon listens passively for data, but in order to enable data collection, you should include solutions like fluentd, statd, collectd, or others in your time series data pipeline.

Headless services Without POD selectors This creates a service, but it doesn’t know where to send the traffic. This allows you to manually create an Endpoints object that will receive traffic from this service. kind: Endpoints apiVersion: v1 metadata: name: mongo subsets: - addresses: - ip: 10.240.0.4 ports: - port: 2701 CNAME records for ExternalName This service does a simple CNAME redirection at the kernel level, so there is very minimal impact on performance.

INSTALL docker docker run -d --name=netdata \ -p 19999:19999 \ -v /etc/passwd:/host/etc/passwd:ro \ -v /etc/group:/host/etc/group:ro \ -v /proc:/host/proc:ro \ -v /sys:/host/sys:ro \ -v /etc/os-release:/host/etc/os-release:ro \ --cap-add SYS_PTRACE \ --security-opt apparmor=unconfined \ netdata/netdata script bash <(curl -Ss https://my-netdata.io/kickstart.sh) --stable-channel --disable-telemetry Attempting another netdata start using command 'systemctl start netdata' [/tmp/netdata-kickstart-uytL3g/netdata-v1.21.1]# systemctl start netdata OK OK netdata started! Downloading default configuration from netdata... [/tmp/netdata-kickstart-uytL3g/netdata-v1.21.1]# curl -sSL --connect-timeout 10 --retry 3 http://localhost:19999/netdata.

物联网架构

An IoT Architecture consists of the following: - Peripherals, which we call “things”. - Sensors attached to these things to gauge and transmit their data and information. - Network connection through which data is transmitted (wireless or wired). - Remote Cloud to which data is transmitted by the system.

物联网核心构件

Sensors

Microcontrollers

Gateways

Applications

物联网分层架构

The most important conversation you ever have is the one with yourself

典型无服务器架构应用场景

• 应用后台

• 数据处理

• 实时分析

• 遗留应用API代理

• 调度服务

• RPA

最新实现参考

• 基于S3和SES邮件服务器

https://www.freecodecamp.org/news/rest-is-the-new-soap-97ff6c09896d/

https://stackoverflow.com/questions/44547574/create-api-gateway-in-localstack/48682628

https://github.com/localstack/localstack/issues/632

AWS SAM is an extension for the AWS CloudFormation template language that lets you define serverless applications at a higher level

localstack default regrion

us-east-1

create stack

file path has to be in file URL format(file:///home/user/…)

func.yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: Simple CloudFormation Test Template
Resources:
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      BucketName: test-bucket-1

aws cloudformation create-stack --stack-name funstack --template-body file:///data/func.yaml --endpoint-url=http://localhost:4581 --region us-east-1

aws cloudformation describe-stacks  --endpoint-url=http://localhost:4581 --region us-east-1

设计目标

• 存取（入库和分析）高效

• 节省存储空间

评估单台设备基于采集评率的每年存储成本

http://mysql.rjweb.org/doc.php/datawarehouse

docker proxy

run cmd as administrator
cmd>cd $GIT_HOME
cmd>echo > .bash_profile
export HTTP_PROXY=http://127.0.0.1:1080
export HTTPS_PROXY=http://127.0.0.1:1080
export no_proxy=localhost,127.0.0.1,192.168.99.100

execution environment Creates an execution environment that represents the context in which the program is currently executed. If the program is invoked standalone, this method returns a local execution environment. If the program is invoked from within the command line client to be submitted to a cluster, this method returns the execution environment of this cluster. REST instead of akka in 1.5 changing the client to communicate via REST instead of akka.

https://kubernetes.io/blog/2018/11/07/grpc-load-balancing-on-kubernetes-without-tears/

Allow more ways of creating objects using literals Introduce new datatypes together with their operators and expressions. Closure simple abbreviated syntax of closures: after a method call, put code in braces with parameters delimited from the closure body by an arrow. log = '' (1..10).each{ log += it } assert log == '12345678910' log = '' (1..10).each{ counter -> log += counter } assert log == '12345678910' A second way of declaring a closure is to directly assign it to a variable:

install client pip install shadowsocks client.json { "server":"server-ip", "server_port":8000, "local_port":3050, "password":"your-password", "timeout":600, "method":"aes-256-cfb" } { "server":"your_server_ip", #ss服务器IP "server_port":your_server_port, #端口 "local_address": "127.0.0.1", #本地ip "local_port":1080, #本地端口 "password":"your_server_passwd",#连接ss密码 "timeout":300, #等待超时 "method":"rc4-md5", #加密方式 "fast_open": false, # true 或 false。如果你的服务器 Linux 内核在3.7+，可以开启 fast_open 以降低延迟。开启方法： echo 3 > /proc/sys/net/ipv4/tcp_fastopen 开启之后，将 fast_open 的配置设置为 true 即可 "workers": 1 # 工作线程数 } sudo apt-get install privoxy /etc/privoxy/config listen-address 127.0.0.1:8118 forward-socks5 / 127.0.0.1:1080 . systemctl restart privoxy.

setup <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> enable web client all endpoints are exposed to JMX and WEB clents By default, all endpoints except for shutdown are enabled. enable all endpoings enable all endpoints accessed by web management: endpoints: enabled-by-default: true web: exposure: include: "*" https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html WebApplicationType spring: main: web-application-type: reactive NONE The application should not run as a web application and should not start an embedded web server.