Article directory
- The first stage
-
- How do you usually deal with faults and what are your ideas?
- Public network and private network classification and range, local address, network address, broadcast address
- How the switch works
- What is ICMP used for and what commands does it have?
- The difference between TCP and UDP protocols
- What control bits does tcp have and what do they mean?
- What Linux commands have you used?
- Linux system security optimization and kernel optimization
- iOS seven-layer model
- Three handshakes and four waves
- lvm logical volume creation process
- raid disk array
- Text Three Musketeers
- Firewall iptables and fireward
- Linux system resource query command
- Linux boot process
- How to create a shell function
- Interaction-free use
- What shell scripts have you used?
- Tcpdump packet capture tool
- How to solve the problem of excessive CPU
- What is middleware? What is JDK
- second stage
-
- http
- Nginx
-
- What are the commonly used modules of Nginx?
- What to do if Nginx session is out of sync
- Optimization of nginx
- How Nginx realizes dynamic and static separation
- What are the ways to implement Nginx reverse proxy and what are the differences? How to configure
- What are the Nginx load balancing scheduling algorithms?
- tomcat knowledge points
- LVS
- keepalived
- mysql
- Deployment process of master-slave replication
- Mysql database backup
- redis
- ELK
- What are the plug-ins for ELK?
- zabbix
- kafka
- Ceph
- The third phase
-
- Docker
-
- What is docker?
- What is the difference between docker containers and virtual machines?
- Docker three core concepts
- What are the 6 major namespaces?
- Docker image and container management commands?
- The running process of docker run
- cgroup resource limits
- docker network mode
- What instructions does dockerfile have?
- How to reduce the size of dockerfile build image
- What is docker-compose?
- docker-compose.yml configuration explanation
- Harbor private warehouse management
- consul service automatic discovery
- https workflow
- Is the database running in a container? Why?
- Restart strategy for docker containers?
- Ansible
- K8S
- K8S binary build
- K8S kubeadm build
- Update certificate for K8S cluster deployed by kubeadm
- K8S 3 types of networks
- K8S 3 interfaces
- flannel 3 modes
- flannel UDP mode working principle
- flannel VXLAN mode working principle
- How Calico IPIP mode works
- The working principle of Calico BGP mode (the essence is to maintain the communication of each Pod through the routing table)
- What is the difference between flannel and calico?
- Declarative resource management
- 4 types of service:
- service port:
- How to obtain the resource configuration manifest file template (yaml configuration file)
- How many containers can a pod contain?
- What is the role of pause container?
- 3 types of Pods:
- 3 types of containers for Pod:
- 3 image pull strategies for Pod: spec.containers.imagePullPolicy
- 3 container restart strategies for Pod: spec.restartPolicy
- Resource limits for Pod containers
- 3 types of probes (health checks) for Pod containers
- 3 detection methods for probes
- Probe parameters:
- Pod application container life cycle startup action and exit action
- K8S realizes the collaboration of each component through the List-Watch mechanism.
- scheduler’s scheduling strategy
- Pod is scheduled to the specified Node node
- Tag management operations
- Affinity
- How to determine whether they are in the same topological domain?
- Affinity strategy
- stain taint
- tolerations
- Unschedulable
- Unschedulable + evicted
- Pod startup process:
- 5 states of Pod life cycle
- Troubleshooting methods in K8S
- K8S storage volumes volumes
- PV PVC
- How to create PV (type of PV):
- 4 states of PV:
- Create and use static PV
- Create and use dynamic PV
- 5 types of controllers for pods:
- The difference between stateful services and stateless services
- configmap
- 4 types of Secret resources:
- Create Secret resources
- Use Secret resources
- Declarative way of managing resources Modify or add configuration of resource objects
- Solution for client applications outside the K8S cluster to access internal services of the K8S cluster
- The composition of ingress:
- Use of ingress:
- Ingress configuration
- Based on https proxy forwarding
- Based on basic-auth access authentication
- Rewrite access paths based on rewrite
- Automatic scaling of pods
- K8S security mechanism
- How to authorize a normal user to use kubectl to have permission to operate resources in K8S?
- Helm is the K8S software package (Chart package) manager
- Helm’s three major concepts:
- Helm warehouse management commands:
- The key components of the chart package:
- Prometheus
The first stage
How do you usually deal with faults and what are your ideas?
You can know the cause by looking at the fault phenomenon and based on experience;
When encountering it for the first time, locate the problem first. The fault is not necessarily my problem, but also development, testing, hardware, and network. It may be my problem; if the problem is mine, analyze the problem based on the error message, system log, and error log.
For system problems, you can use top to check the cpu, df to check the disk, uptime to check the load, ps to check the process, and sar to check the traffic.
The application is to look at the log prompts to solve the problem. If it is a development problem, you can describe the fault phenomenon and the locating process and send it to the development docking person and my leader through email.
If it is a network problem, you can contact a network engineer for routing or switches, and you can capture packets with tcpdump;
If it is a hardware problem, you can contact the manufacturer.
Public network and private network classification and range, local address, network address, broadcast address
public mail
A: 1.0.0.1~126.255.255.254/18
B: 128.0.0.1~191.255.255.254/16 127 Excluded from 127.255.255.255 169.254.0.0~169.254.255.255 Distribution location when DHCP fails Others 192.168.0.0~192.168.255.255 172.16.0.0~172.31.255.255 10.0.0.0~10.255.255.255 Private mail E: 240.0.0.1~ 255.255.255.254 D: 224.0.0.1~239.255.255.254
C: 192.0.0.1~223.255.255.254/24
224.0.0.18 VRRP protocol switch listens on this address
How the switch works
1) There is no record in the MAC address table when the switch is powered on
2) The source host sends a data frame to the target host through the switch, and the switch learns the source MAC and corresponding interface identifier in the data frame And recorded in the MAC address table
3) If the MAC address of the switch does not have an interface record corresponding to the destination MAC address, broadcast flooding will occur
4) Only the host with the corresponding MAC address will respond
5) The switch will learn the MAC address and corresponding interface identifier from the message replied by the destination host and record it in the MAC address table. Afterwards, the two hosts can conduct unicast communication through the MAC address table of the switch
. The switch forwards data frames through the records in the MAC address table. The default aging time of the MAC address table is 300S
What is ICMP used for and what commands does it have?
is an error detection and feedback mechanism that sends error and control messages to detect the network connectivity of nodes
ping
pathping Example: pathping www .baidu.com traces the data packet path and computer packet loss
traceroute
The difference between TCP and UDP protocols
TCP UDP
Reliability Reliable Unreliable
Connectivity connection-oriented and connectionless
Message-oriented byte stream-oriented message (retaining message boundaries)
Efficiency, low transmission efficiency, high transmission efficiency
Duplex, full duplex, one-to-one, one-to-many, many-to-one, many-to-many
Flow control is available (sliding window) None
Congestion control is available (slow start, congestion avoidance, fast retransmission, fast recovery) None
What control bits does tcp have and what do they mean?
URG emergency bit
ACK confirmation bit
PSH urgent bit
RST reset bit< a i=4> SYN synchronization (connection) bit FIN disconnect bit
What Linux commands have you used?
In terms of performance monitoring: free to view memory top dynamically monitor cpu load, etc. df to view disk usage ps to view processes iostat to view io
User aspect: useradd creates user chmod modifies permissions chown sets ownership
Query: sed grep awk cat more less which whereis
Linux system security optimization and kernel optimization
Security optimization: Set firewall rules, restrict root user remote login, set historical command entries and login timeout, chattr lock file, time synchronization, configure yum update source
Kernel system optimization:
sysctl.conf 文件中 net.ipv4.ip_forward 设置路由转发 net.ipv4.tcp tw recycle = 1 开启time-wait 快速回收 net.ipv4.ip_local_port_range = 1024 65000 设置外向连接端口范围 /etc/security/limits.conf nofile 设置文件最大打开数 nproc 设置最大进程数 rss 设置最大常驻集大小 menlock 锁定内存地址空间
What do you often use shell scripts for?
Use shell scripts to perform repetitive operations
Deploy the company's business services with one click
Log monitoring and segmentation backup Configure crontab -e to perform scheduled tasks
Inspection
The difference between soft links and hard links
Hard links and source files share inodes, that is to say, they all point to the same data and occupy the same disk space. Deleting a total hard link does not affect the content of the source file and other hard links, which is equivalent to giving the file an alias.
Not only is the inode different between the soft link and the source file, the source file has been deleted. The soft connection will be invalid, similar to a shortcut,
How to view files
find Find files
locate locates the file index library that has been established in the system
whereis can find binary files and source code files for the specified command
which searches the directory where the command is located
iOS seven-layer model
- physical layer
- data link layer
- Network layer
- transport layer
- session layer
- presentation layer
- Application layer
Three handshakes and four waves
Three-way handshake: pc1 sends a SYN message to pc2, pc replies with a SYN + ACK message, and pc1 sends an ACK message again.
Waving four times: pc1 sends a FIN/ACK message to pc2 (at this time, the pc1 client enters the waiting disconnection state)
pc2 receives the disconnection request sent by pc1 After the message, reply an ACK message for confirmation
pc2 then sends a FIN/ACK message to pc1 (at this time, the pc2 client enters the waiting disconnection state)
After receiving it, pc1 sends an ACK message for confirmation (at this time, pc1 enters the time waiting state and ends by default after 60 seconds)
lvm logical volume creation process
- Create a physical volume: pvcreate device name (multiple can be created)
- Create a volume group: vgcreate volume group name physical volume name
- Create a logical volume: lvcreate -L capacity -n logical volume name volume group name
- Extend the volume group: first extend the physical volume and then use vgextend volume group name device
- Extend the logical volume: Then use lvextend -L + capacity size /dev/volume group name/logical volume name
- Format and mount using·
Disk quota
- First check if xfsprogs and xfs_quota are installed
- Mount the file system in a way that supports quotas mount -o usrquota,grpquota /dev/vgname1/lvname1 /opt or permanently mount /dev/vgname1/lvname1/opt xfs defaults,usrquota, grpquota 0
- Set quota limits for user and group accounts xfs_quota -x -c 'limit -u bsoft-80M bhard-100M isoft=40 ihard=50 lisi’ /opt/
- Verify user usage in restricted directories
raid disk array
Raid 0 striped storage transfer rate reaches N times that of a single hard disk, but it has no data redundancy
Raid 1 mirror storage achieves data redundancy but utilization rate is N/2
Raid 5 N>=3 disks Utilization rate (N-1)/N (one of them is used for verification)
Raid 6 N>=4 disks (N-2)/N (two disks are used for verification)
Raid 1 0 Mirror first, then stripe Utilization N/2
Text Three Musketeers
grip:
-i is not case sensitive
-v negate
-n displays line number
-r recursively filters everything in a folder
-w displays only columns of all characters
-l lists the file contents matching the specified style file name
but:
-i replace: s replaces the specified content
d Delete selected rows
a Add a line below the current line
i Add a line above the current line
c Replace the specified content of the selected behavior
y Character conversion The characters before and after conversion must be of the same length
awk:
FS column separator
NF is the number of fields in the current row being processed.
NR The sequence number of the currently processed line
RS row separator
Firewall iptables and fireward
Four tables: raw table, mangle table, nat table, filter table
Five chains: INPUT chain, OUTPUT chain, FORWARD chain, PREROUTING chain, POSTROUTING chain
firewalld firewall 9 major areas: trusted (trusted area) public (public area) home (family area) internal (internal area) work (work area) dmz (isolated area) block (restricted area) drop