投稿時間:2022-09-22 03:21:21 RSSフィード2022-09-22 03:00 分まとめ(22件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
海外TECH	DEV Community	Introduction to Kubernetes extensibility	https://dev.to/nfrankel/introduction-to-kubernetes-extensibility-4bcp	Introduction to Kubernetes extensibilityKubernetes offers a lot of benefits an enormous ecosystem with plenty of actors self healing capabilities etc There s no free lunch though It also comes with downsides chief among them its complexity and operating costs However the more I work with Kubernetes the more I think its most significant asset is extensibility If you need something that the platform doesn t provide by default there s an option to develop it yourself and integrate it In this post I d like to list such extension points Kubernetes A lot of explanations on Kubernetes focus on the architecture I believe they go into too many details and miss the big picture Here I only want to highlight the basic concepts At its most basic level Kubernetes is just a platform able to run container images It stores its configuration in a distributed storage engine etcd The most significant part of this configuration is dedicated to the desired state for objects For example you only update this state when you schedule a pod using the kubectl command line Other components called controllers watch configuration changes and read the desired state Then they try to reconcile the desired state with the actual state It s nothing revolutionary Puppet is based on the same control loop approach and AFAIK Chef Generally a controller manages a single type of object e g the DeploymentController manages deployments The idea behind making a generic tool is to follow Pareto s Law solve of the problems with of the effort Unfortunately the more generic the tool and the wider the user base the more effort to customize the remaining Kubernetes designers saw this issue as the most critical obstacle to widespread adoption Hence Kubernetes offers many extension points Extensible modelIn the section above I mentioned scheduling a pod A pod is one of the many objects available in Kubernetes out of the box Other objects include deployments jobs services etc Some solutions easily fit this model For example one can easily create a deployment of three Hazelcast pods It works out of the box the pods will multicast over the network find each other and form a cluster Other solutions are not so homogenous Before KIP Kafka would rely on Zookeeper At cluster consists of at least three Zookeeper nodes and as many Kafka nodes as desired Kubernetes makes it possible to deploy multiple images on the same pod Yet if all required components are on the same pod and the pod fails it amounts to nothing We should map one regular component to one pod In this case we need a fully featured Kubernetes manifest that describes the architecture Because of different requirements we will need to make it configurable Kubernetes ecosystem offers several alternatives to manage this problem Kustomize and Helm count among the most popular solutions But neither work at the desired level of abstraction the Kafka cluster Therefore Kubernetes allows designing a new Kafka object This kind of custom object is known as a CRD Here s a sample for a simplistic arbitrary Foo object apiVersion apiextensions ks io v kind CustomResourceDefinitionmetadata name foos frankel ch spec group frankel ch names plural foos singular foo kind Foo scope Namespaced versions name valpha served true storage true schema openAPIVSchema type object properties spec type object properties bar type string required bar required spec Required headerMatch the following lt plural gt lt group gt Group name for REST API apis lt group gt lt version gt Plural name for the REST API apis lt group gt lt version gt lt plural gt Singular name to be used on the CLI and for displayUsed in manifestsCan be either Cluster or Namespaced A Cluster resource is declared cluster wide and there can be a single one per cluster Namespaced resources can be multiple and need to be under a namespace by default defaultA version can be enabled disabledThe latest version must be marked as the storage versionOnce you ve applied this manifest you can manage your Foo Let s create a manifest to create a new Foo object apiVersion foos frankel ch valphakind Foometadata name myfoospec bar whatever kubectl apply f foo ymlkubectl get fooThe above commands have updated the data model with a new Foo type and created a Foo object But under the cover we ve only stored data in etcd via the Kubernetes API Nothing will happen until we start a controller that watches for new objects and acts upon them Note that the name for a controller that manages CRDs is operator Extensible validationA common concern with a platform that can run third party workloads is allowing only vetted ones Some workloads may consume too many resources others may be malicious Here are two concrete scenarios As the cluster operator you want to manage your cluster s limited physical resources CPU memory and share them among all pods For this you want to enforce that each pod describes its resources requirements Developers achieve this by setting the request and limits attributes You want to disallow pods that don t have them As a security minded operator you want to prevent privilege escalation It shouldn t change the final behavior of the pod You want to add the allowPrivilegeEscalation false to every pod While one can manage both cases through a build pipeline Kubernetes provides a solution out of the box As I explained above Kubernetes stores configuration is etcd while controllers watch changes and act upon them To prevent unwanted behavior the safest way is to validate payloads that change configuration it s the role of admission controllers An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object but after the request is authenticated and authorized The controllers consist of the list below are compiled into the kube apiserver binary and may only be configured by the cluster administrator In that list there are two special controllers MutatingAdmissionWebhook and ValidatingAdmissionWebhook These execute the mutating and validating respectively admission control webhooks which are configured in the API Using Admission ControllersIn short two kinds of admission controllers are available The validating admission webhook allows prevents a request from changing the stateThe mutating admission webhook changes the requestThey run in turn as per the following diagram From A Guide to Kubernetes Admission ControllersEach can solve the scenarios highlighted above Extensible client capabilitiesAt its most basic level the kubectl command line is a high level abstraction over a REST client You can verify it by setting the verbose option kubectl get pods v loader go Config loaded from file Users nico kube configround trippers go GET api v namespaces default pods limit round trippers go Request Headers round trippers go Accept application json as Table v v g meta ks io application json as Table v vbeta g meta ks io application jsonround trippers go User Agent kubectl v darwin arm kubernetes ffround trippers go Response Status OK in millisecondsround trippers go Response Headers round trippers go Cache Control no cache privateround trippers go Content Type application jsonround trippers go X Kubernetes Pf Flowschema Uid ed bf ec fca ccfbround trippers go X Kubernetes Pf Prioritylevel Uid d ed a ebbacround trippers go Date Sun Sep GMTround trippers go Audit Id ffd fbd ba ecfaarequest go Response Body kind Table apiVersion meta ks io v metadata resourceVersion columnDefinitions name Name type string format name description Name must be unique within a namespace Is required when creating resources although some resources may allow a client to request the generation of an appropriate name automatically Name is primarily intended for creation idempotence and configuration definition Cannot be updated More info names priority name Ready type string format description The aggregate readiness state of this pod for accepting traffic priority name Status type string format description The aggregate status of the containers in this pod priority name Restarts type string format description The number of times the containers in this pod have been restarted and when the last container in this pod has restarted priority name Age type st truncated chars Kubernetes REST API is mostly based on CRUD operations Sometimes you need to run several commands to achieve the desired results For example we would like to query which subjects can execute an action kubectl includes a mechanism to write code to orchestrate these calls The mechanism is pretty similar to Git s You write your code according to a specific format a pluginYou set it in your PATH variableFrom this point kubectl can discover it You can manage your plugins on your machine but this approach is not scalable to a whole organization The solution is a plugin manager Meet Krew Krew is the plugin manager for kubectl command line tool Krew helps you discover kubectl plugins install them on your machine and keep the installed plugins up to date What is Krew Regarding which subjects can execute an action here s how to do it brew install krew kubectl krew completion follow instructions to update your shellkubectl krew update kubectl krew install who can k who can watch pod Install brew on MacDisplay the auto completion instructionsUpdate the cached list of pluginsInstall the who can Krew pluginEnjoy No subjects found with permissions to watch pod assigned through RoleBindingsCLUSTERROLEBINDING SUBJECT TYPE SA NAMESPACEapisix clusterrolebinding apisix ingress controller ServiceAccount ingress apisixcluster admin system masters Grouplocal path provisioner bind local path provisioner service account ServiceAccount local path storagesystem controller attachdetach controller attachdetach controller ServiceAccount kube systemsystem controller daemon set controller daemon set controller ServiceAccount kube systemsystem controller deployment controller deployment controller ServiceAccount kube systemsystem controller endpoint controller endpoint controller ServiceAccount kube systemsystem controller endpointslice controller endpointslice controller ServiceAccount kube systemsystem controller ephemeral volume controller ephemeral volume controller ServiceAccount kube systemsystem controller generic garbage collector generic garbage collector ServiceAccount kube systemsystem controller job controller job controller ServiceAccount kube systemsystem controller persistent volume binder persistent volume binder ServiceAccount kube systemsystem controller pod garbage collector pod garbage collector ServiceAccount kube systemsystem controller pvc protection controller pvc protection controller ServiceAccount kube systemsystem controller replicaset controller replicaset controller ServiceAccount kube systemsystem controller replication controller replication controller ServiceAccount kube systemsystem controller resourcequota controller resourcequota controller ServiceAccount kube systemsystem controller statefulset controller statefulset controller ServiceAccount kube systemsystem coredns coredns ServiceAccount kube systemsystem kube controller manager system kube controller manager Usersystem kube scheduler system kube scheduler User ConclusionIn this post we browsed through several extension points in Kubernetes the data model admission controllers and client side It was a very brief introduction both in width and depth Yet I hope that it gives a good entry point into further research Extend the Kubernetes API with CustomResourceDefinitionsVersions in CustomResourceDefinitionsUsing Admission ControllersExtend kubectl with pluginsKrew pluginsOriginally published at A Java Geek on September th	2022-09-21 17:54:54
海外TECH	DEV Community	Render: Awesome alternative for Heroku	https://dev.to/maklut/render-awesome-alternative-for-heroku-mf2	Render Awesome alternative for HerokuHeroku will stop offering its free tiers this November leaving developers to choose other alternatives that don t quite match up according to industry experts But in this article we will discuss something that is similar to our previous favourite cloud application platform ーRender and I will provide to you a little guide with Node but you can use as many as listed on their docs As on their website said it is a unified cloud to build and run all your apps and websites with free TLS sertificates a global CDN DDoS protection private networks and auto deploys from Git Their docs have guides on some popular programming languages such as Python Ruby Go Node etc There are very easy cause to run your code with this tool in production is easy too Here is all the list from their quickstarts page It is beautiful that you can host not just your web services or background workers but also static sites like Create React App or Gatsby But the main advantage of Render that you can use it for free Of course there are also paid plans starting from to upper it depends on which category of service you want to use with difference in RAM CPU SSD and Connection Limit Static Sites are absolutely freeAlso about how much bandwidth can service use they are writing Each service is allowed up to GB month in egress bandwidth network traffic sent by your code Usage above that is charged at GB Ingress bandwidth network traffic received by your code is always free If you want to add custom domains Render is also can bring them to you It handle TLS certificate creation and renewal automatic HTTP to HTTPS redirects About topic what is better ー Heroku or Render ーyou can read this article provided by Render In my honest opinion Render is more flexible that Heroku and cheaper but from another side if Heroku didn t cease offering its free tiers I think I might not know what is Render at all Share your opinions about it in the comments Fast guide of deploying simple web service to Render with Node amp ExpressSo there five small steps that you need to do if you want to deploy any web service to render not just with Node it is just my caseSign up on RenderVerify your email and create a Github RepositoryGo to your dashboard and click on Web Service or any service type that you wantImport your repository or paste public url of repositoryBuild it filling with build command yarn if you also use Node branch and root directoryAnd that s it After that you will have to wait for some minutes if you are using free plan but it is not such important thing You should get something like that Now when you will push any changes to your repository which you imported to Render it will be updated Don t forget to change your environment like on heroku with your variables Share your alternatives for Heroku if you are also going to leave it	2022-09-21 17:09:18
Apple	AppleInsider - Frontpage News	PITAKA's MagSafe cases for iPhone 14 are world's thinnest, lightest	https://appleinsider.com/articles/22/09/20/pitakas-magez-case-3-line-offers-a-near-case-less-feel-for-your-iphone-14?utm_medium=rss	PITAKA x s MagSafe cases for iPhone are world x s thinnest lightestAccessory producer PITAKA has launched its MagEZ Case and MagEZ Case Pro for iPhone the world s thinnest and lightest MagSafe compatible protective case for Apple s newest iPhone models Pitaka s MagEZ Case for iPhone seriesCoinciding with Apple s launch of its flagship smartphone line the PITAKA MagEZ Case for iPhone series follows on from the company s MagEZ Case in creating an incredibly protective case that s as minimal in size and weight as possible even beating cases made by Apple itself Read more	2022-09-21 18:00:16
海外TECH	Engadget	NTSB calls for all new vehicles to include alcohol monitoring tech	https://www.engadget.com/ntsb-anti-alcohol-tech-recommendation-174024958.html?src=rss	NTSB calls for all new vehicles to include alcohol monitoring techThe National Transportation Safety Board is calling on its sister agency to implement regulation requiring all vehicles sold in the US to include blood alcohol monitoring systems The NTSB sent the recommendation to the National Highway Traffic Safety Administration on Tuesday after completing an investigation into a horrific collision last year that involved drunk driving and the death of two adults and seven children “Technology could ve prevented this heartbreaking crash ーjust as it can prevent the tens of thousands of fatalities from impaired driving and speeding related crashes we see in the US annually said NTSB Chair Jennifer Homendy “We need to implement the technologies we have right here right now to save lives ​According to statistics published by the NHTSA nearly people died on US roads last year marking the highest that number had been in years While traffic deaths fell slightly between April and June Ann Carlson the agency s acting administrator said a “crisis was still underway on the country s roads “We need NHTSA to act We see the numbers Homendy told The Associated Press “We need to make sure that we re doing all we can to save lives The NTSB says all new cars sold in the US should include an integrated system that passively detects if the driver is under the influence of alcohol It notes that such a system could be combined with advanced driver monitoring technologies to prevent accidents Separately the agency recommends that the NHTSA incentivize automakers to include tech that prevents speeding related collisions The NTSB does not have the authority to regulate or enforce any safety measures it suggests It has been calling on the NHTSA to explore alcohol monitoring technologies since The NHTSA also faces pressure from Congress to mandate such systems Under last year s Bipartisan Infrastructure Law the agency has three years to study the feasibility of various alcohol monitoring technologies and establish a final set of rules It can seek an extension however And in the past it has been slow to implement such requirements	2022-09-21 17:40:24
海外TECH	Engadget	Microsoft will host its next Surface event on October 12th	https://www.engadget.com/microsoft-surface-event-date-time-173943420.html?src=rss	Microsoft will host its next Surface event on October thMicrosoft isn t going to be left off the fall hardware event calendar The company will hold a Surface event on October th at AM ET While it s not completely clear what Microsoft plans to show off beyond quot devices quot we may get our first official look at the Surface Pro and Surface Laptop in a few weeks Some details about the upcoming products emerged this week via retailer leaks According to WinFuture the devices will likely use th gen Intel CPUs though the Surface Pro may have an ARM based processor option with G support Microsoft may offer up to TB of storage and GB of RAM in both devices It seems there are new color options too Microsoft is adding its name to a busy event schedule Amazon will hold a hardware showcase on September th while Google has set a Pixel event for October th Apple is also expected to run a Mac and iPad focused event in October	2022-09-21 17:39:43
海外TECH	Engadget	Volvo will unveil the electric EX90 SUV on November 9th	https://www.engadget.com/volvo-ex90-electric-suv-reveal-date-173217624.html?src=rss	Volvo will unveil the electric EX SUV on November thVolvo s EV range to date has been limited to smaller vehicles like the C Recharge but it s now ready to tackle the high end The company has announced that it will reveal the quot flagship quot EX electric SUV on November th While the brand is unsurprisingly shy on details it claims the new model will offer the best standard safety features of any Volvo to date The trick is an improved quot understanding quot of both the driver and the environment The EX will supposedly include a cutting edge sensor array that includes cameras radar and LiDAR on the outside In the cabin more cameras and capacitive steering wheel sensors will detect inattentiveness and take gradually more drastic actions to protect you including stopping the car at the side of the road and calling for help Some of these safety concepts aren t new Systems like GM s Super Cruise check that your eyes are on the road while Tesla cars will disable Autopilot and come to a stop if you don t put your hands on the wheel Volvo is clearly hoping it offers the best safeguards of the bunch though and LiDAR might provide an advantage over rivals like Tesla which doesn t use LiDAR and Lucid still a relatively small brand It s safe to say the EX will represent a change of tack Instead of competing with the Tesla Model Y and other entry luxury SUVs or crossovers Volvo is more likely to aim squarely at the high end This vehicle could serve as a halo product that draws EV buyers to the brand even if they ultimately buy something more affordable	2022-09-21 17:32:17
金融	RSS FILE - 日本証券業協会	証券投資の日メッセージ動画特設サイト遷移用	https://www.jsda.or.jp/shinchaku/toushimessage2022.html	特設サイト	2022-09-21 18:00:00
ニュース	BBC News - Home	Donald Trump sued for fraud over family business	https://www.bbc.co.uk/news/world-us-canada-62986812?at_medium=RSS&at_campaign=KARANGA	trump	2022-09-21 17:20:21
ニュース	BBC News - Home	Chris Kaba family views police body-cam footage	https://www.bbc.co.uk/news/uk-england-london-62983769?at_medium=RSS&at_campaign=KARANGA	chris	2022-09-21 17:46:43
ビジネス	ダイヤモンド・オンライン - 新着記事	「うちの子は話をよく聞く」という親ほど心配すべき「家族の会話」 - ひとりっ子の学力の伸ばし方	https://diamond.jp/articles/-/308823	自己肯定感	2022-09-22 02:55:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【中田敦彦のYouTube大学で話題】 多くの会社員が気づいていない 「やりたい仕事」を続けられる人とそうでない人のたった1つの大きな違い - 佐久間宣行のずるい仕事術	https://diamond.jp/articles/-/309716	youtube	2022-09-22 02:45:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【精神科医が教える】結婚がうまくいかなくなる人の共通点 - こころの葛藤はすべて私の味方だ。	https://diamond.jp/articles/-/310123	精神科医	2022-09-22 02:40:00
ビジネス	ダイヤモンド・オンライン - 新着記事	「人から言われたこと」を気にして眠れない…。グルグル思考を止める「魔法のフレーズ」とは？【書籍オンライン編集部セレクション】 - 大丈夫じゃないのに大丈夫なふりをした	https://diamond.jp/articles/-/309819	大嶋信頼	2022-09-22 02:35:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【悩みや苦しみが消えていく】 「どうしたらいいかわからないこと」を1秒で決断する方法 - ありがとうの神様――神様が味方をする習慣	https://diamond.jp/articles/-/309724	【悩みや苦しみが消えていく】「どうしたらいいかわからないこと」を秒で決断する方法ありがとうの神様ー神様が味方をする習慣年の発売以降、今でも多くの人に読まれ続けている『ありがとうの神様』。	2022-09-22 02:30:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【精神科医が教える】 1ミリもそんなこと言ってないのに… 突然、“ヘンな返し”をしてくる人の驚きの正体 - 精神科医Tomyが教える 心の荷物の手放し方	https://diamond.jp/articles/-/309915	【精神科医が教える】ミリもそんなこと言ってないのに…突然、“ヘンな返しをしてくる人の驚きの正体精神科医Tomyが教える心の荷物の手放し方不安や悩みが尽きない。	2022-09-22 02:25:00
ビジネス	ダイヤモンド・オンライン - 新着記事	つみたてNISAで積立てている投資信託を変更する時に失敗しないワザ - 一番売れてる月刊マネー誌ザイが作った 投資信託のワナ50＆真実50	https://diamond.jp/articles/-/308648	低リスク	2022-09-22 02:20:00
ビジネス	ダイヤモンド・オンライン - 新着記事	好かれたいなら、気をつけておきたい3つのこと - メンタリズム日本一が教える「8秒」で人の心をつかむ技術	https://diamond.jp/articles/-/310147	それを可能にしたのが、大久保雅士著『メンタリズム日本一が教える「秒」で人の心をつかむ技術』だ。	2022-09-22 02:15:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【ギリシャ元財務大臣が解説する】 「借金をチャラにする」のが経済にとても役立つワケ - 良書発見	https://diamond.jp/articles/-/309325	【ギリシャ元財務大臣が解説する】「借金をチャラにする」のが経済にとても役立つワケ良書発見混沌を極める世界情勢のなかで、将来に不安を感じている人が多いのではないだろうか。	2022-09-22 02:10:00
IT	週刊アスキー	ロジクールGが“リアルさ”と“没入感”を徹底的に追及！ 「TRUEFORCE」採用のレースゲーム向けホイール「G PRO Racing Wheel」登場	https://weekly.ascii.jp/elem/000/004/106/4106291/	gproracingpedals	2022-09-22 02:01:00
海外TECH	reddit	What song annoys you every time you hear it?	https://www.reddit.com/r/AskReddit/comments/xkajgk/what_song_annoys_you_every_time_you_hear_it/	What song annoys you every time you hear it submitted by u themoonisgoneforever to r AskReddit link comments	2022-09-21 17:01:35