发表于 | 分类于

获取域名IP

1
ping -c1 www.baidu.com | sed -nE 's/^PING[^(]+\(([^)]+)\).*/\1/p'

发表于 | 分类于

prvate cluster access to Internet

  1. 创建一台有External IP的机器,系统建议使用ubuntu
  1. 执行以下初始化命令
1
2
3
4
5
6
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo apt update
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf > /dev/null
sudo apt-get install -y iptables-persistent
  1. 添加Firewal rules

souce: gke-node
Targets: gke-nat-proxy-6a6fec9d-node
Protocols and ports:tcp:1-65535,udp:1-65535,icmp

  1. 添加routes

destination:0.0.0.0/0
Priority:900
Instance tags:gke-node
Next hop:gke-nat-proxy-6a6fec9d-node

https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent

发表于 | 分类于

modify column

1
ALTER TABLE table_name MODIFY COLUMN column_name decimal(36,18) NOT NULL;

发表于 | 分类于

credentials

User and Password

1
kubectl create secret generic prod-db-secret --from-literal=key=xxx --from-literal=value=xxx

SSH Keys

1
kubectl create secret generic ssh-key-secret --from-file=ssh-privatekey=/path/to/.ssh/id_rsa --from-file=ssh-publickey=/path/to/.ssh/id_rsa.pub

EncryptionConfig

发表于 | 分类于

连接MySQL

gcloud方式

1
gcloud sql connect cloud-sql-name -u root
1
./cloud_sql_proxy -instances=project-ID:zone:name=tcp:9000 -credential_file=key.json

cloud sql proxy

  1. 启用 Cloud SQL API

  2. Create a Service Account -> Role:Cloud SQL Client

  3. Create a Secrets,主要用于gce-proxy Docker

1
kubectl create secret generic cloudsql-credentials --from-file=credentials.json=[PROXY_KEY_FILE_PATH]
  1. Create a User/Password
1
kubectl create secret generic cloudsql-custom-credentials --from-literal=username=proxyuser --from-literal=password=[PASSWORD]

docker proxy

创建用户

1
gcloud sql users create [USER_NAME] [HOST] --instance=[INSTANCE_NAME] --password=[PASSWORD]

Permission

SUPER privilege

发表于 | 分类于

关键参数

Max Conection

最大连接数 = worker num * worker_connections, 默认worker_connections是1024

keepalive

Http协议从 1.1 版本开始,在未特殊声明的情况下,都默认建立持久连接(长连接),所以我们需要确认服务端是否正确配置支持持久化连接了。尤其Nginx向后台web服务器转发请求时,因为频繁的创建销毁连接不仅消耗 CPU,也增加延迟,如果Https协议,那成本就尤为明显。

Nginx配置方式

1
2
3
4
5
6
7
8
9
10
11
12
13
14
upstream http_backend {
    server 127.0.0.1:8080;
    keepalive 16;
}

server {
    ...
    location /http/ {
        proxy_pass http://http_backend;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        ...
    }
}

proxy_pass 需搭配“proxy_http_version 1.1”,“proxy_set_header Connection”两个配置项。

表示在代理外部请求到上游服务器时,忽略原始请求的关于Connection头的设置,且重新以 Http 1.1协议版本(因为该版本是默认支持Keep-Alive的)转发给应用服务器端。

  • 参考链接

https://luyiisme.github.io/2017/02/12/reverseproxy/

发表于 | 分类于

Transaction

1
2
3
4
5
6
7
8
9
10
@Autowired
private EntityManager entityManager;

try{
    entityManager.transaction.begin()
    //  do something
    entityManager.transaction.commit()
} catch (e:Exception) {
    entityManager.transaction.rollback()
}

发表于 | 分类于

定义计算执行时间

1
2
3
4
5
6
7
8
9
10
11
12
13
14
@Aspect
@Component
class ExecutedTimeAop {
    private val logger = LoggerFactory.getLogger(ExecutedTimeAop::class.java)
    @Around("execution(* com.six.god..create(..))")
    @Throws(Throwable::class)
    fun run(joinPoint: ProceedingJoinPoint): Any? {
        var result: Any? = null
        val timeMillis = measureTimeMillis {
            result = joinPoint.proceed()
        }
        return result
    }
}

作用于com.six.god下所有名字为create()的方法

配合注解使用

定义注解

1
2
3
4
5
@Target(AnnotationTarget.FUNCTION)
@Retention(AnnotationRetention.RUNTIME)
@Inherited
@MustBeDocumented
annotation class ExecutedTime

定义AOP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
@Aspect
@Component
class ExecutedTimeAop {
    private val logger = LoggerFactory.getLogger(ExecutedTimeAop::class.java)
    @Around(value = "@annotation(ExecutedTime)")
    @Throws(Throwable::class)
    fun run(joinPoint: ProceedingJoinPoint): Any? {
        var result: Any? = null
        val timeMillis = measureTimeMillis {
            result = joinPoint.proceed()
        }
        return result
    }
}