-
Notifications
You must be signed in to change notification settings - Fork 555
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'cncf:dev-zh' into dev-zh
- Loading branch information
Showing
31 changed files
with
311 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ | |
title: 裸机 | ||
status: Completed | ||
category: 技术 | ||
tags: ["基础设施", "", ""] | ||
--- | ||
|
||
## 是什么 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
title: 容器编排 | ||
status: Completed | ||
category: 概念 | ||
--- | ||
|
||
## 是什么 | ||
|
||
[容器](/zh-cn/container/)编排指的是在动态的环境中自动管理容器化应用的生命周期。 | ||
这通过一个容器编排器(大多是 [Kubernetes](/zh-cn/kubernetes))来执行,实现部署、(自动)扩缩、自愈和监控。 | ||
编排是一个比喻用词:编排工具像乐队指挥一样指挥众多容器,确保每个容器(或乐手)各行其是。 | ||
|
||
## 解决的问题 | ||
|
||
手动管理大规模的[微服务](/zh-cn/microservices)、安全性和网络通信 | ||
(及常见的[分布式系统](/zh-cn/distributed-systems))即使并非不可能,亦会非常困难。 | ||
而容器编排能让用户自动化处理所有这些管理任务。 | ||
|
||
## 如何帮助 | ||
|
||
容器编排工具允许用户确定系统的状态。 | ||
首先,这些工具会声明系统应具备的框架(例如 x 个容器、y 个 Pod 等)。 | ||
然后,编排工具将自动监控基础设施,并在其状态偏离声明的状态时对其进行修正(例如如果一个容器崩溃,则启动一个新的容器)。 | ||
这种自动化作业精简了许多工程团队原本需要大量手动完成的复杂运营任务,例如制备、部署、扩缩容、联网、负载均衡和其他活动。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
title: 事件驱动架构 | ||
status: Completed | ||
category: 概念 | ||
--- | ||
|
||
## 是什么 | ||
|
||
事件驱动架构是一种提倡事件的创建、处理和消费的软件架构。 | ||
事件是对应用程序状态的任何更改。 | ||
例如,在拼车应用上叫车代表一个事件。 | ||
这种架构创建了一个结构,在该结构中,事件可以从它们的源(请求乘车的应用程序)正确地路由到所需的接收器(附近可用司机的应用程序)。 | ||
|
||
## 解决的问题 | ||
|
||
随着越来越多的数据变得实时,寻找可靠的方法来确保捕获事件并将其路由到必须处理事件请求的适当[服务](/zh-cn/service/)变得越来越具有挑战性。 | ||
处理事件的传统方法通常无法保证消息被恰当地路由或发送或接收。 | ||
随着应用程序的扩展,编排事件变得更具挑战性。 | ||
|
||
## 如何帮助 | ||
|
||
事件驱动架构为所有事件建立了一个中心枢纽(例如,Kafka)。 | ||
然后定义事件生产者(源)和消费者(接收者),中心事件枢纽保证事件的流动。 | ||
这种架构确保服务保持解耦,并且事件从生产者正确路由到消费者。 | ||
生产者通常通过 HTTP 协议接收传入事件,然后路由事件信息。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
title: 托管服务 | ||
status: Completed | ||
category: 技术 | ||
tags: ["", "", ""] | ||
--- | ||
|
||
## 是什么 | ||
|
||
托管服务是一种软件产品,其运营和管理由第三方负责。 | ||
例如类似 Amazon RDS 的数据库即服务或类似 Datadog 的外部监控服务。 | ||
|
||
## 解决的问题 | ||
|
||
软件的管理比较复杂,尤其是要考虑现代技术栈所包含的各种不同技术。 | ||
而想要将管理做到面面俱到并招募能胜任此职的内部专家,要么成本过于高昂,要么会耗用工程师的宝贵时间。 | ||
你的团队应投入精力构建新功能,而不是处理可以通过外包就能轻松解决的运营任务。 | ||
|
||
## 如何帮助 | ||
|
||
托管服务从一开始就处于使用就绪状态,运营开销非常小。 | ||
托管服务具备良好定义的、通常由 [API](/zh-cn/application-programming-interface/) 驱动的边界, | ||
便于各个组织将超出其核心竞争力的任务有效外包出去。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
title: 双向传输层安全性协议(mTLS) | ||
status: Completed | ||
category: 概念 | ||
tags: ["安全", "", ""] | ||
--- | ||
|
||
## 是什么 | ||
|
||
双向 TLS (mTLS) 是一种用于对两个[服务](/zh-cn/service/)之间发送的消息进行身份验证和加密的技术。 | ||
双向 TLS (mTLS) 是标准的[传输层安全性协议](/zh-cn/transport-layer-security/)(TLS) , | ||
但不是仅验证一个连接的身份,而是验证双方。 | ||
|
||
## 解决的问题 | ||
|
||
[微服务](/zh-cn/microservices/)通过网络进行通信, | ||
就像您的 wifi 网络一样,通过该网络传输的通信可能会被黑客入侵。 | ||
mTLS 确保没有未经授权的一方监听或冒充合法请求。 | ||
|
||
## 如何帮助 | ||
|
||
mTLS 确保客户端和服务器之间的双向流量是安全和可信的, | ||
为进入网络或应用程序的用户提供了额外的安全层。 | ||
它还验证不遵循登录过程的客户端设备连接,例如物联网 (IoT) 设备。 | ||
mTLS 可以防止诸如路径上的攻击、欺骗攻击、凭证填充、暴力攻击等攻击。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
title: 可观测性 | ||
status: Completed | ||
category: 概念 | ||
tags: ["方法论", "应用程序", "基础设施"] | ||
--- | ||
|
||
## 是什么 | ||
|
||
可观测性指的是从所观测的系统采集信号,持续生成并发现可执行的洞察力。 | ||
换言之,可观测性允许用户从某个系统的外部输出中洞察该系统的状态并采取(修正)措施。 | ||
|
||
## 解决的问题 | ||
|
||
计算机系统的衡量机制为观测 CPU 时间、内存、磁盘空间等底层信号以及每秒 | ||
API 响应次数、每秒错误率、每秒处理的事务数等高级信号和业务信号。 | ||
|
||
系统的可观测性对其运营和开发成本有重大影响。 | ||
可观测系统为操作人员提供了有意义的、可执行的数据,使他们能够达成有利的结果 | ||
(即更快的事件响应、更高的开发效率)以及更少的艰辛时刻和更短的停机时间。 | ||
|
||
## 如何帮助 | ||
|
||
请注意,更多的信息并不一定能转化为可观测性更好的系统。 | ||
事实上,有时系统生成的大量信息会形成信息噪音,会使得鉴别有价值的健康信号变得更加困难。 | ||
可观测性需要在合适的时间为合适的消费者(一个人或一个软件)提供合适的数据,从而做出合适的决策。 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
title: 策略即代码 (PaC) | ||
status: Feedback Appreciated | ||
category: 概念 | ||
tags: ["", "", ""] | ||
--- | ||
|
||
## 是什么 | ||
|
||
策略即代码是将一些策略的定义存储为一个或多个机器可读和可处理格式文件的做法。 | ||
这取代了在传统模型中,以人类可读的形式记录在单独文档中的策略。 | ||
|
||
## 解决的问题 | ||
|
||
构建应用和基础设施通常受到某组织所定义的许多策略的约束, | ||
例如禁止在源代码中存储 Secret、禁止以超级用户权限运行容器或禁止将某些数据存储在特定地理区域之外的安全策略。 | ||
对于开发人员和审查人员来说,按照策略文档手动检查应用和基础设施既耗时费力又容易出错。 | ||
手动检查策略无法满足云原生应用的响应要求和扩缩要求。 | ||
|
||
## 如何帮助 | ||
|
||
通过使用策略即代码,可以自动检查系统属性和操作。 | ||
软件开发的最佳实践也适用于构建策略即代码,例如使用 Git 及相关工作流。 |
Oops, something went wrong.