Cloud native enthusiast weekly: the evolution of Prometheus architecture

Kubernetes The official document finally added about Best practices for multi tenancy ^[1], although Kubernetes There is no end user or tenant concept , But it provides a variety of functions to meet different tenant needs , Interested partners can refer to .

Open source project recommendation

Prometheus The way of architecture evolution ^[2]

This PPT The use of exquisite illustrations shows Prometheus The development of the project .

Pulsar^[3]

Pulsar Is based on eBPF A highly modular security agent framework for the operation of the Internet of things . The name and Apache Pulsar Knock your shirt ~~

Epimetheus^[4]

Prometheus Of Fork edition , Use FrostDB As a temporal database .FrostDB It is a relatively new columnar database .

tproxy^[5]

This tool can be used to analyze MySQL Connection pooling and regular gRPC, Of course, it can also be used to analyze any TCP Connect .

pg_timetable^[6]

pg_timetable yes PostgreSQL Advanced job scheduler , Different from the traditional job scheduling system , It is completely database driven , And provides some relatively new concepts , Support execution PostgreSQL Commands and system application commands . for example ：

-- Run public.my_func() at 00:05 every day in August:
SELECT timetable.add_job('execute-func', '5 0 * 8 *', 'SELECT public.my_func()');

-- Run VACUUM at minute 23 past every 2nd hour from 0 through 20 every day:
SELECT timetable.add_job('run-vacuum', '23 0-20/2 * * *', 'VACUUM');

-- Refresh materialized view every 2 hours:
SELECT timetable.add_job('refresh-matview', '@every 2 hours', 
  'REFRESH MATERIALIZED VIEW public.mat_view');

-- Clear log table after pg_timetable restart:
SELECT timetable.add_job('clear-log', '@reboot', 'TRUNCATE public.log');

-- Reindex at midnight on Sundays with reindexdb utility:

--  using default database under default user (no command line arguments)
SELECT timetable.add_job('reindex-job', '0 0 * * 7', 'reindexdb', job_kind := 'PROGRAM');

--  specifying target database and tables, and be verbose
SELECT timetable.add_job('reindex-job', '0 0 * * 7', 'reindexdb',
          '["--table=foo", "--dbname=postgres", "--verbose"]'::jsonb, 'PROGRAM');

--  passing password using environment variable through bash shell
SELECT timetable.add_job('reindex-job', '0 0 * * 7', 'bash',
    '["-c", "PGPASSWORD=5m3R7K4754p4m reindexdb -U postgres -h 192.168.0.221 -v'::jsonb,
    'PROGRAM');    

Article recommendation

Use Vcluster To reduce Kubernetes The decentralization of clusters ^[7]

I believe everyone will encounter such distress , With the increasing number of projects , There will be more and more development and testing environments ,Kubernetes There will also be more and more clusters , And each cluster version is inconsistent , The component versions of the supported open source ecosystem are also inconsistent , It will eventually lead to low utilization of cluster resources , It greatly increases the complexity of the cluster . This article attempts to use Vcluster To solve this problem .

take NestJS The error information of is exposed as Prometheus Of Metrics^[8]

This article is about how to collect NestJS Report error information and expose it as Prometheus The indicators have been studied very deeply .

be based on CoreDNS and K8s Build an enterprise level in the cloud native scenario DNS

CoreDNS Is an excellent cloud native open source DNS The server , Provide K8s Service discovery and DNS Server function .KubeSphere Is an open source container cloud management platform , Provide full life cycle K8s Container application management . combination KubeSphere and CoreDNS, You can build a cloud native enterprise DNS System , Achieve unified configuration , Monitoring operation and maintenance 、 Stretch and stretch .

Privatization based on cloud Nativity PaaS Platform delivery practice

This article will explain how to use cloud native to solve the problems in privatization delivery , And then build a PaaS platform , Improve the reusability of the business platform .

Cloud native dynamics

Cloud native Meetup Guangzhou station registration opens

The first stop in the second half of this year Meetup,KubeSphere The community will enter Guangzhou , And SOFAStack Community united organizations .

Activity time ：2022 year 8 month 6 Japan 14:00——18:00

Place of activity ： Yuejiang West Road, Haizhu District, Guangzhou City, Guangdong Province 88 Ali Center （ Guangzhou ） North Tower 4F Wansong Academy

Cilium 1.12 Release ^[9]

recently ,Cilium 1.12 Official release . The main changes in this version are as follows ：

• Optional Sidecar Of Kubernetes Native service grid
• Fully compatible entry controller
• ClusterMesh Enhancements include service affinity
• Egress Gateway And additional support for external workloads
• Cilium Tetragon Release
• Other enhancements —— Additional network visibility control 、 take Cilium The ability to run as a non privileged container 、 pod CIDR Dynamic allocation of 、IPv4/IPv6 NAT、AWS ENI Prefix delegation, etc .

Kubernetes Cluster API Integrated continuous fuzzy testing ^[10]

In the past few months ,Ada Logics Our team has been committed to integrating continuous fuzzy testing into Kubernetes colony API In the project . This is a focus on improvement Cluster API And ensure Cluster API The efforts of users to continuously obtain a good experience . Fuzzy test integration involves OSS-Fuzz Register in project Cluster API And develop a set of Fuzzers , Improve code coverage to a mature level .

API platform Kreya take REST Support added to gRPC For the central solution ^[11]

API platform Kreya Now supports REST, And in 7 month 11 The latest 1.8 New professional and enterprise products are available in version . The tool was originally designed to support gRPC And developed .

REST Operations include directory settings 、 Environment and template , And support for authentication .

In addition to the introduction of REST In addition to the support of ,Kreya The team also launched its first paid function ： Scripts and tests .

OSTIF Yes Argo The review of has been completed ^[12]

The open source technology improvement fund is pleased to report the results of another security audit , This time it is Argo project .Argo A project is a set of uses Kubernetes Tools to complete the work . Audited Argo The main components of ：

• Argo Workflows  – Container native workflow engine
• Argo CD  – declarative GitOps Continuous delivery
• Argo Events  – Event based dependency manager

The results of the study led to 26 Security issues , Include 1 A serious mistake and 4 Highly critical errors have been fixed . The most important discovery is ArgoCD Medium XSS Injection allows attackers to UI In the implementation of javascript Code , May allow attackers to Kubernetes The cluster is under administrator control .

Reference link