Teacher Zhou Zhiming has published eight computer technology books, among which "In-depth Understanding of Java Virtual Machine" is very famous. In 2020, he compiled a more than 300,000-word "Phoenix Architecture", which systematically elaborated on monomers, distributed systems, and inseparable systems. The theoretical knowledge of system development under changing infrastructure. I hope that more seniors in China can guide the way forward. I would like to express my gratitude again.
Book URL: https://icyfenix.cn/ , download address: https://raw.githubusercontent.com/fenixsoft/awesome-fenix/gh-pages/pdf/the-fenix-project.pdf
The knowledge points compiled below will be updated from time to time.
1. The browser obtains DNS in advance to speed up DNS resolution of multi-domain website content in advance.
<meta http-equiv="x-dns-prefetch-control" content="on" />
<link rel="dns-prefetch" href="http://eiv.baidu.com">
2.CDN
Nginx acts as a CDN resource server for static files
3. Caching
- 3.1. When reading data, read the cache first. If there is no cache, read the data source, then put the data into the cache, and then respond to the request.
- 3.2. When writing data, write the data source first, and then invalidate (rather than update) the cache.
4. Software architecture security
-
Authentication: How does the system correctly identify the true identity of the operating user? -> Login, unified encryption and decryption of front and back ends
-
Authorization: How does the system control what data a user can see and what functions he can operate? ->RBAC
-
Credentials: How does the system ensure that the commitment between it and the user reflects the true intentions of both parties at the time and is accurate, complete and non-repudiable? -> JWT + HTTPS
-
Confidentiality: How does the system ensure that sensitive data cannot be stolen or abused by internal and external personnel, including system administrators?
client_hash = MD5(MD5(password) + salt) // SALT = $2a 10 1010o5L.dWYEjZjaejOmN3x4Qu
client_hash = BCrypt(MD5(password) + salt) // MFfTW3uNI4eqhwDkG7HP9p2mzEUu/r2 -
Transport (Transport Security): How does the system ensure that information transmitted through the network cannot be eavesdropped, tampered with, or impersonated by third parties? HTTPS
-
Verification: How does the system ensure that the data submitted to each service complies with the rules and does not pose risks to system stability, data consistency, and correctness?
All access control models essentially solve the same problem: who (User) has what authority (Authority) to operate (Operation) which resources (Resource), Spring Security
5.Data verification
- 1. Java Bean Validation simple rule verification, such as: @NotBlank, @NotNull, @Email, @Size
- 2. Customize annotations to implement complex business rule verification, @AuthenticatedAccount @NotConflictAccount
@POST
public Response updateUser(@Valid @AuthenticatedAccount @NotConflictAccount Account user) { return CommonResponse.op(() -> service.updateAccount(user)); }
6. Service fault tolerance
7. Circuit breaker-current limiting: leaky bucket and token bucket algorithms, mostly use token buckets
8. Security: Spring Security provides security control
https://www.springcloud.cc/spring-security.html
9. Observability: log collection, link tracing and aggregated metrics. The responsibility of logging, traceId, and metrics
event logs is to record discrete events, and analyze the behavior of the program afterwards through these records; the
main purpose of tracking is to troubleshoot faults, such as analyzing which part of the call chain, which method has an error or blockage, whether the input and output are In line with expectations;
measurement refers to the statistical aggregation of a certain type of information in the system. The main purpose is monitoring and early warning. When certain measurement indicators reach the risk threshold, an event is triggered to automatically process or remind the administrator to intervene.
- 9.1. Log collection ELK, where Logstash may be replaced by Fluentd, ELK can implement the measurement function through Metricbeat, and a unique TraceID is generated by Spring Cloud Sleuth
- 9.2. Measure Prometheus. Its function is to monitor and alert. The purpose is to reveal the overall operating status of the system, collect some abnormal information, and alarm when the disk usage reaches 90%. The problem of repeated alarms needs to be solved (such as : After triggering an alarm, immediately repeat the alarm multiple times and send emails and text messages)
- 9.3. Track Jaeger, skywalking, zipkin
Apache SkyWalking's probes can support both measurement and tracking data sources. OpenTelemetry evolved from OpenTracing and integrates the strengths of logs, tracking, and metrics, and is expected to become a unified observability solution that combines all three. Solution, https://opentelemetry.io/docs/
10.Kubernetes
-
1. Network: container veth0 -> veth1 -> linux bridge -> eth0
- 1.1. veth0 and veth1 are virtual Ethernets that appear in pairs. The advantage is direct transmission without performance loss.
- 1.2. Linux bridge is a network bridge that is automatically installed after installing docker. It has an IP address and a mac address (device, driver).
- 1.3. eth0 is the hardware network card
-
2. Storage: Static Provisioning (static allocation), Dynamic Provisioning (dynamic allocation)
-
2.1.EmptyDir: local storage, container sharing within the Pod. When the Pod is destroyed, the local storage data is automatically deleted.
-
2.2.PersistentVolume: Persistent storage, usually network storage (NFS, ClusterFS, AWS-EBS), a small team develops and tests NFS, and produces ClusterFS
-
2.2.1.PersistentVolume storage is managed by operation and maintenance personnel
-
2.2.2.PersistentVolumeClaim is defined by the developer and declares the required storage application
-
2.2.3. K8s matches PersistentVolumeClaim and PersistentVolume. Once matched, PersistentVolume cannot be used by other Claims. If they do not match, the Pod startup fails, and the
operation and maintenance personnel need to manually allocate several PersistentVolume in advance, which will cause a waste of space. , suitable for small and medium-sized teams -
2.3.Local PersistentVolume: local persistent storage, high performance, solves the problem of network storage performance loss, but k8s will schedule the Pod to the Node with the local storage
-
2.4.Dynamic Provisioning: The operation and maintenance administrator prepares the StorageClass and Provisioner and no longer manually allocates the PersistentVolume. The developer declares the required storage through the PersistentVolumeClaim and clearly specifies which StorageClass. If both the StorageClass
and Provisioner are available, the StorageClass will be pressed according to the PersistentVolumeClaim. The statement automatically generates a PersistentVolume that meets the requirements and sends it to the Provisioner, and then gives the PersistentVolume to the Pod for use.
-
Single project structure
- Resource corresponds to the User Interface layer in DDD and is responsible for displaying information to the user or interpreting commands issued by the user. It can be a user, another process, or a service on the computer.
- Application corresponds to the Application layer in DDD, which is responsible for defining the externally exposed capabilities of the software itself, that is, what tasks the software itself can complete, and is responsible for coordinating domain objects internally to solve problems.
According to the principles of DDD, the application layer should be as simple as possible, not containing any business rules or knowledge, but only coordinating tasks and allocating work for the domain objects in the next layer so that they can cooperate with each other. This is reflected in the code as the Application
layer , generally there will not be any conditional judgment statements. In fact, in many projects, the Application layer will be chosen as the carrier to wrap the transaction
(the code enters this layer to start the transaction, and exits this layer to commit or rollback the transaction). 3. Domain corresponds to the Domain layer in DDD, which is responsible for implementing business logic, that is, expressing business concepts,
processing business status information and business rules. This layer is the focus of the entire project. - Infrastructure corresponds to the Infrastructure layer in DDD and provides common technical capabilities to other layers, such as persistence capabilities, remote service communication, tool sets, etc.
Original book website: https://icyfenix.cn/