Frank's Weblog

  • 2022 Year in Review

    ,

    中文版:2022年终总结 – Frank’s Weblog

    2022 was a somehow a bumpy ride. Although many goals were not achieved, it was fortunate that I did not encounter any major difficulties in such a tough environment.

    Career

    In February, my company hosted the Sales/Engineering Kick Off for the new fiscal year and invited employees all over the world. After one year’s working from home I finally met some of my teammates, but lots of colleagues didn’t come because of another wave of COVID.

    Because of the success of the previous project, I got my first promotion in my career. Along with the promotion comes larger scope and higher expectation for ownership, as well as taking on more team service including supporting customers and mentoring new hires.

    In the mid of the year I successfully delivered a large project, This project revamped the network architecture of our cloud product and added the capability to serve enterprise customers from network security perspective, unblocked a few customers. Being the project owner, I’ve learned a lot in both technical and management perspective.

    (more…)
    Read more: 2022 Year in Review

  • 2022年终总结

    ,

    English version: 2022 Year in Review – Frank’s Weblog

    2022年从某种程度上是乏善可陈的一年。虽然很多目标并没有达成,但在糟糕的大环境下也万幸没有遇到太大的困难。

    工作

    年初我司在Las Vegas举办了新财年的Sales/Engineering Kick Off,并邀请了全球的员工前来参加。WFH一年来终于第一次见到了部分同事,遗憾的是因为年初Omicron变种的造成的大流行,很多同事并没有前来。

    由于去年年底和年初项目的成功,我如愿以偿地获得了第一次升职。随之而来的是更大的scope以及对于ownership的要求,以及承担更多的组内工作,如客户支持和mentor新人。

    今年年中成功交付了一个大型项目,这个项目改进了我们的Cloud产品的网络架构,从网络安全的角度上使我们的产品具备了服务企业用户的能力,unblock了一些客户。作为项目的owner,从整个过程中学到了很多东西,无论是技术上的还是管理上的。

    (more…)
    Read more: 2022年终总结

  • 使用K3s部署预算友好的ARM-X86混合Kubernetes集群

    English version: Deploying Budget Friendly ARM-X86 Hybrid Kubernetes Cluster with K3s – Frank’s Weblog

    Kubernetes大多被用于企业级的服务,十分沉重且昂贵。即使是最便宜的DigitalOcean,其Managed Kubernetes最低也需要$12/月每节点。后来我了解到了K3s,一个轻量级的Kubernetes发行版。K3s移除或轻量化了Kubernetes中的很多组件,使得K3s可以运行在较小的VM甚至Raspberry Pi上,同时仍然拥有Kubernetes的可扩展性。

    本文将研究如何使用K3s在免费的Oracle Cloud Free Tier上搭建一个预算友好的Kubernetes集群,并在炫酷技术和成本之间找到一个平衡,目标是将我之前使用Docker运行的一些个人服务,包括Matomo,Maraidb,Mastodon以及若干小工具迁移到Kubernetes上来。本文将侧重选型及概念,不会涉及具体实现细节。

    (more…)
    Read more: 使用K3s部署预算友好的ARM-X86混合Kubernetes集群

  • 使用Velero Restic集成备份及恢复Kubernetes数据卷

    English version: Backup and Restore Kubernetes Volumes with Velero Restic Integration – Frank’s Weblog

    我搭建了一个Kubernetes集群,使用OpenEBS作为存储后端。我选择了Jiva作为存储引擎,Jiva是一个高可用的存储控制器,数据被复制到所有节点。为了确保数据的安全,我使用Velero及其Restic集成将卷备份到AWS S3。

    安装

    首先需要在本地电脑上安装 Velero CLI以控制Kubernetes集群上的Velero控制器,请参阅Velero Docs – Basic Install了解安装说明。

    准备Kubernetes配置文件,其应位于.kube/config 并确保 kubectl get pod 返回正确的结果。

    使用如下的格式创建一个AWS密钥文件,该密钥应具有访问在下一步骤中提供的S3存储桶的权限,记下该文件的路径。

    (more…)
    Read more: 使用Velero Restic集成备份及恢复Kubernetes数据卷

  • Backup and Restore Kubernetes Volumes with Velero Restic Integration

    中文版: 使用Velero Restic集成备份及恢复Kubernetes数据卷 – Frank’s Weblog

    I built a Kubernetes cluster using OpenEBS as the storage backend. I selected Jiva as the storage engine, Jiva is a high-available storage controller, data is replicated to all nodes. To ensure the safety of the data, I used Velero and its Restic integration to backup the volumes to AWS S3.

    Install

    To install Velero CLI on your computer, see Velero Docs – Basic Install for install instructions.

    Prepare the kubeconfig. The kubeconfig should be placed in .kube/config and make sure kubectl get pod returns the correct result.

    Create an AWS credentials file with the following format, this credential should have access to the s3 bucket you provide below, note down the path to the file.

    (more…)
    Read more: Backup and Restore Kubernetes Volumes with Velero Restic Integration

  • ISO期权的行权及税务

    本文仅作为分享,不构成任何投资及税务建议。投资收益及AMT税务非常复杂,如果你是利益相关者,请务必自己花时间研究或咨询会计师。

    前段时间,我在公司工作满一年后收到了前25%的股票期权。对于如何处理这些期权,我进行了一些研究。

    和上市公司或PreIPO公司发放的RSU(Restricted Stock Unit, 受限股票单位)相比,Stock Options潜在的收益更大,同时风险也更高。全职员工通常拿到的是ISO(Incentive Stock Options)期权,另一种期权是NSO(Non-Qualified Stock Option),本文不作讨论。

    ISO期权在拥有一些税务优势的同时也会产生很大的税务风险。简单来说,ISO期权可能让你获得一大笔钱,或是(花钱买来的)一堆废纸,甚至在最坏情况下,可能让你因为税务破产。要在规避风险的同时使收益最大化,需要提早规划并谨慎操作。

    本文只讨论ISO期权的行权策略及联邦层面的税务问题。关于股票期权的基础知识请参考如下资源 :

    jlevy/og-equity-compensation: Stock options, RSUs, taxes

    Equity 101 Course

    Stock options explained for startup employees | Carta

    (more…)
    Read more: ISO期权的行权及税务

  • macOS Ventura Developer Beta5/Public Beta3 休眠期间重启Bug的解决方案

    我在我的2019 MacBook Pro上升级了macOS Ventura Public Beta3(22A5321d)之后出现了合盖休眠期间重启,并在唤醒之后丢失之前工作内容的问题。

    问题

    在macOS Ventura Developer Beta5/Public Beta3中,将MacBook合盖休眠后可能会遇到如下两个问题:

    1.再次开盖唤醒时无法从休眠中恢复,屏幕显示如下界面。长按电源键强行重启后可以正常启动。

    2.启动后屏幕弹出如下对话框,点击任意选项之后可以正常进入系统,但是之前的工作内容会丢失。(相当于系统重启),无论问题1有没有出现。

    (more…)
    Read more: macOS Ventura Developer Beta5/Public Beta3 休眠期间重启Bug的解决方案

  • Deploy Cloudflare Tunnel on Kubernetes

    中文版:在Kubernetes中部署Cloudflare Tunnel – Frank’s Weblog

    Cloudflare Tunnel is a tunneling service provided by Cloudflare. With Cloudflare Tunnel you can connect the origin to Cloudflare and provide service without exposing any ports on the server or cluster, therefore minimizing the attack surface.

    Cloudflare Tunnel was formerly known as Argo Tunnel. Later Cloudflare Tunnel became part of the Cloudflare Zero Trust and became available to all users for free in 2021[1].

    Cloudflare Tunnel

    Cloudflare Tunnel had several iterations in the past two years, many tutorials on the internet have become outdated. The latest Cloudflare Tunnel needs no configuration on the client (cloudflared) side besides token. All sites (services) can be configured on the Cloudflare web console. If a tutorial asks you to configure the site on Cloudflared through yaml, the tutorial is likely outdated.

    This post will use httpbin as an example to illustrate how to deploy Cloudflared on Kubernetes and serve other services deployed on the cluster.

    (more…)
    Read more: Deploy Cloudflare Tunnel on Kubernetes

  • 在Kubernetes中部署Cloudflare Tunnel

    English Version: Deploy Cloudflare Tunnel on Kubernetes – Frank’s Weblog

    Cloudflare Tunnel 是一个隧道服务,通过Cloudflare Tunnel可以无需在服务器上暴露任何端口的情况下将源站连接到Cloudflare并提供服务,从而降低攻击面。

    Cloudflare Tunnel以前叫Cloudflare Argo Tunnel。后来Cloudflare Tunnel成为了Cloudflare Zero Trust的一部分,并向所有用户免费提供[1]

    Cloudflare Tunnel

    Cloudflare Tunnel在过去两年经过了大量迭代,网络上的很多教程,甚至包括官方的教程都已经过时。最新的Cloudflare Tunnel无需在客户端(Cloudflared)上做除了token之外的任何配置,所有网站(服务)配置都可以通过Cloudflare Web控制台进行。如果一篇教程让你在Cloudflared上通过yaml来配置网站,那么这篇教程大概率是过时的。

    本文将以httpbin为例,介绍如何在Kubernetes上部署Cloudflared并路由Kubernetes上部署的其他服务。

    (more…)
    Read more: 在Kubernetes中部署Cloudflare Tunnel

  • 修复车身的锈迹及喷漆

    由于融雪剂的侵蚀,汽车后轮上方生锈在美国东北部是很常见的现象。我的这辆车从两年前开始,后轮上方出现了一个小锈斑,从去年冬天开始,这块锈开始扩大。如果放任不管的话,它会更快地蔓延,最终变得无法修复。所以我决定修复它。

    其中大部分的步骤参照了ChrisFix的视频,Chris的视频已经讲得很全面了。本文中我将介绍Chris在视频中没有涉及的一些细节,以及一些个人技巧。

    (more…)
    Read more: 修复车身的锈迹及喷漆