· ☕ 4 分钟
https://tenzir.com/blog/production-debugging-bpftrace-uprobes/ https://shaharmike.com/cpp/vtable-part1/ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #include <iostream> class Parent { public: virtual void Foo() {} virtual void FooNotOverridden() {} }; class Derived : public Parent { public: void Foo() override {} }; int main() { Parent p1, p2; Derived d1, d2; std::cout << "done" << std::endl; } $ # compile our code with debug symbols and start debugging using gdb $ clang++ -std=c++14 -stdlib=libc++ -g main.

· ☕ 1 分钟
https://netflixtechblog.com/predictive-cpu-isolation-of-containers-at-netflix-91f014d856c7

· ☕ 1 分钟
ctr -n k8s.io c create --with-ns "pid:/proc/48850/ns/pid" ctr -n k8s.io c ls

· ☕ 4 分钟
Introducing Container Runtime Interface (CRI) in Kubernetes https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/ In the Kubernetes 1.5 release, we are proud to introduce the Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes, without the need to recompile. CRI consists of a protocol buffers and gRPC API, and libraries, with additional specifications and tools under active development. CRI is being released as Alpha in Kubernetes 1.

· ☕ 1 分钟
https://www.youtube.com/watch?v=spzfupads2o#fromHistory Envoy Internals Deep Dive - Matt Klein, Lyft

· ☕ 5 分钟
Terminology Cluster: a logical service with a set of endpoints that Envoy forwards requests to. Downstream: an entity connecting to Envoy. This may be a local application (in a sidecar model) or a network node. In non-sidecar models, this is a remote client. Endpoints: network nodes that implement a logical service. They are grouped into clusters. Endpoints in a cluster are upstream of an Envoy proxy.

· ☕ 0 分钟

· ☕ 1 分钟
tcmalloc,通过-define tcmalloc=disabled禁用 https://blog.gmem.cc/envoy-study-note

· ☕ 1 分钟
https://istio.cn/t/topic/299 Envoy源码分析之Dispatcher:https://developer.aliyun.com/article/659277 线程相关 Misc: Envoy进程由一个Main Thread和多个Worker Thread 组成 每个Main和Worker包含一个eventloop,所有的处理都是由eventloop触发开始 Main负责xDS等功能,Worker负责处理连接和请求 当一个client向Envoy建立连接的时候,因为所有Worker的EventLoop都注册了listening fd(启用SO_PORTREUSE除外),会由内核决定分配给哪个Worker 当一个下游client连接到了Envoy,在保持连接不断的情况下,会和同一个Worker进行通讯

· ☕ 1 分钟
HTTP/1.1 Header Casing https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/header_casing#config-http-conn-man-header-casing When handling HTTP/1.1, Envoy will normalize the header keys to be all lowercase. While this is compliant with the HTTP/1.1 spec, in practice this can result in issues when migrating existing systems that might rely on specific header casing. To support these use cases, Envoy allows configuring a formatting scheme for the headers, which will have Envoy transform the header keys during serialization. To configure this formatting on response headers, specify the format in the http_protocol_options.

· ☕ 2 分钟
config.core.v3.Http1ProtocolOptions https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-http1protocoloptions [config.core.v3.Http1ProtocolOptions proto] 1 2 3 4 5 6 7 8 9 { "allow_absolute_url": "{...}", "accept_http_10": "...", "default_host_for_http_10": "...", "header_key_format": "{...}", "enable_trailers": "...", "allow_chunked_length": "...", "override_stream_error_on_invalid_http_message": "{...}" } allow_absolute_url (BoolValue) Handle HTTP requests with absolute URLs in the requests. These requests are generally sent by clients to forward/explicit proxies. This allows clients to configure envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the http_proxy environment variable.

· ☕ 1 分钟
Enable debug log by command line https://projectcontour.io/docs/v1.10.0/troubleshooting/envoy-debug-log/ The envoy command has a --log-level flag that can be useful for debugging. By default, it’s set to info. To change it to debug, edit the envoy DaemonSet in the projectcontour namespace and replace the --log-level info flag with --log-level debug. Setting the Envoy log level to debug can be particilarly useful for debugging TLS connection failures. Enable debug log by API 列出 logger 名字:

· ☕ 3 分钟
https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#config-secret-discovery-service Secret discovery service (SDS) TLS certificates, the secrets, can be specified in the bootstrap.static_resource secrets. But they can also be fetched remotely by secret discovery service (SDS). The most important benefit of SDS is to simplify the certificate management. Without this feature, in k8s deployment, certificates must be created as secrets and mounted into the proxy containers. If certificates are expired, the secrets need to be updated and the proxy containers need to be re-deployed.