~xdavidwu/xdavidwu.link

499967de5e1e2adfaf28311caf3f6e1571b5fdec — xdavidwu 4 years ago 330f97d
posts: mark syntax languages
M _posts/2018-09-27-gitlab-pages-without-domain.md => _posts/2018-09-27-gitlab-pages-without-domain.md +2 -2
@@ 20,7 20,7 @@ reverse proxy 內部將 uri 的 /pages/<user> 刪除

實作 nginx config:

```
```nginx
location ~ /pages/(?<user>[^/]+)/ {
    rewrite ^/pages/([^/]+)/(.*)    /$2 break;
    proxy_pass  http://<gitlab ip>;


@@ 35,4 35,4 @@ location ~ /pages/(?<user>[^/]+)/ {

不過美中不足的是 GitLab 設定裡的連結還是 &lt;user&gt;.gitlab.domain 的格式

要直接放在 /pages/&lt;user&gt; 而非 /pages/&lt;user&gt;/&lt;repo&gt; 的 repo 還是得命名成 &lt;user&gt;.gitlab.domain
\ No newline at end of file
要直接放在 /pages/&lt;user&gt; 而非 /pages/&lt;user&gt;/&lt;repo&gt; 的 repo 還是得命名成 &lt;user&gt;.gitlab.domain

M _posts/2019-01-06-tensorflow-cpp.md => _posts/2019-01-06-tensorflow-cpp.md +9 -9
@@ 12,14 12,14 @@ tags:

需要的 Bazel targets:

* //tensorflow:install_headers
* //tensorflow:libtensorflow_cc.so
* //tensorflow:install\_headers
* //tensorflow:libtensorflow\_cc.so

headers 的部份比較麻煩

install_headers target build 完後
install\_headers target build 完後

```
```shell
sudo cp bazel-genfiles/tensorflow/include/. /usr/local/include/ -r
```



@@ 27,24 27,24 @@ sudo cp bazel-genfiles/tensorflow/include/. /usr/local/include/ -r

八成還會有 absl 和 protobuf 的路徑要修

```
```shell
sudo ln /usr/local/include/external/com_google_absl/absl /usr/local/include/absl -s
sudo ln /usr/local/include/external/protobuf_archive/src/google /usr/local/include/google -s
```

libraries 的部份:

```
```shell
sudo cp bazel-bin/tensorflow/libtensorflow_cc.so /usr/local/lib/
sudo cp bazel-bin/tensorflow/libtensorflow_framework.so /usr/local/lib/
```

編譯:

```
```shell
g++ foo.cpp -ltensorflow_framework -ltensorflow_cc
```

absl 的 header 貌似在 C++17 下會把 absl::string_view 用 std::basic_string_view 實做
absl 的 header 貌似在 C++17 下會把 absl::string\_view 用 std::basic\_string\_view 實做

可能會造成 link 時有用字串當參數的函式找不到 例如 Conv2D 的 constructor
\ No newline at end of file
可能會造成 link 時有用字串當參數的函式找不到 例如 Conv2D 的 constructor

M _posts/2020-07-29-healthy-k8s.md => _posts/2020-07-29-healthy-k8s.md +17 -17
@@ 41,19 41,19 @@ tags:

修改預設 runtime

```
```toml
default_runtime = "crun"
```

因為 hosts 用了 ubuntu, 設 apparmor

```
```toml
apparmor_profile = "crio-default-1.17.4"
```

drop 掉一堆可能不用的預設 capabilities

```
```toml
default_capabilities = [
	#"CHOWN", 
	#"DAC_OVERRIDE", 


@@ 73,13 73,13 @@ default_capabilities = [

PID limit 先壓小不夠再改就好

```
```toml
pids_limit = 128
```

設 UID/GID mappings 啟用 user namespacing

```
```toml
uid_mappings = "0:10000000:65536"
gid_mappings = "0:10000000:65536"
```


@@ 92,7 92,7 @@ gid_mappings = "0:10000000:65536"

定義 crun runtime

```
```toml
  [crio.runtime.runtimes.crun]
```



@@ 106,7 106,7 @@ cri-o 用的 storage

設定 UID/GID mappings

```
```toml
remap-uids = "0:10000000:65536"
remap-gids = "0:10000000:65536"
```


@@ 164,7 164,7 @@ k8s 的 resource 控管都假設沒有 swap, 擔心控管較差的話可以把 s

#### bootstrap master

```
```shell
sudo kubeadm init --apiserver-advertise-address=10.0.3.1 --ignore-preflight-errors=swap
```



@@ 174,7 174,7 @@ sudo kubeadm init --apiserver-advertise-address=10.0.3.1 --ignore-preflight-erro

這裡我先創 UID 10000000/GID 10000000 的 passwd/groups entry, 比較好看

```
```shell
sudo useradd -u 10000000 -U k8s
sudo groupmod -g 10000000 k8s
```


@@ 183,7 183,7 @@ sudo groupmod -g 10000000 k8s

開始用 group 修權限

```
```shell
sudo chown root:k8s /var/lib/kubelet
sudo chmod g+rx /var/lib/kubelet
sudo chown root:k8s /var/lib/kubelet/pods -R


@@ 194,19 194,19 @@ sudo chmod g+s /var/lib/kubelet/pods

修 etcd 用的 directory

```
```shell
sudo chown k8s:k8s -R /var/lib/etcd
```

修 k8s config

```
```shell
sudo chown k8s:k8s -R /etc/kubernetes
```

然後再 bootstrap 一次應該就沒問題了

```
```shell
sudo kubeadm init --apiserver-advertise-address=10.0.3.1 --ignore-preflight-errors=all
```



@@ 216,7 216,7 @@ kubeadm 如果檔案存在會用現有的

#### bootstrap nodes

```
```shell
sudo kubeadm join <token, api server, ca cert...> --ignore-preflight-errors=swap
```



@@ 226,7 226,7 @@ sudo kubeadm join <token, api server, ca cert...> --ignore-preflight-errors=swap

修了後一樣再來一次

```
```shell
sudo kubeadm join <token, api server, ca cert...> --ignore-preflight-errors=all
```



@@ 254,7 254,7 @@ kube-proxy 本身實做上除了 iptables 外也會自動幫你 modprobe 和 sys

寫個自動 startup, 例如 systemd service

```
```systemd
[Unit]
Description=kube-proxy
Wants=network-online.target


@@ 274,7 274,7 @@ WantedBy=multi-user.target

刪除原本 kube-proxy 的 DaemonSet

```
```shell
kubectl delete daemonset kube-proxy -n kube-system
```