Improve docs in module3

Mercurio · Mercurio · commit 3571802e51c7 · 2021-11-04T11:42:56.000Z
diff --git a/module3/2.understand-docker.md b/module3/2.understand-docker.md
@@ -1,34 +1,42 @@
-
 # Understand Docker
-## overlay fs
-```
+
+## OverlayFS
+
+```shell
 $ mkdir upper lower merged work
-$ echo "from lower" > lower/in_lower.txt 
+$ echo "from lower" > lower/in_lower.txt
 $ echo "from upper" > upper/in_upper.txt
-$ echo "from lower" > lower/in_both.txt 
-$ echo "from upper" > upper/in_both.txt 
+$ echo "from lower" > lower/in_both.txt
+$ echo "from upper" > upper/in_both.txt
 $ sudo mount -t overlay overlay -o lowerdir=`pwd`/lower,upperdir=`pwd`/upper,workdir=`pwd`/work `pwd`/merged
 $ cat merged/in_both.txt
 ```
-```
+
+```shell
 $ echo 'new file' > merged/new_file
-$ ls -l */new_file 
-```
+$ ls -l */new_file
 ```
+
+```shell
 $ rm merged/in_both.txt
 $ ls -l upper/in_both.txt  lower/in_both.txt  merged/in_both.txt
 ```
-```
+
+```shell
 $ mount -t overlay overlay -o lowerdir:/dir1:/dir2:/dir3:...:/dir25,upperdir=...
 ```
-## namespace
-```
+
+## Namespace
+
+```shell
 $ lsns -t net
 $ cd /proc/25452/ns/
 $ nsenter -t <pid> -n ip addr
 ```
-## cgroup
-```
+
+## cgroups
+
+```shell
 $ cat /proc/25452/cgroup
 11:pids:/kubepods/besteffort/pod8d80a5f8-cb1e-4b28-ba54-393e6b363e20/a99d384f32fc7aeb8a06934e387ed9ea30992676257a61af37d705805f1dffb7
 10:freezer:/kubepods/besteffort/pod8d80a5f8-cb1e-4b28-ba54-393e6b363e20/a99d384f32fc7aeb8a06934e387ed9ea30992676257a61af37d705805f1dffb7
@@ -42,23 +50,26 @@ $ cat /proc/25452/cgroup
 2:net_cls,net_prio:/kubepods/besteffort/pod8d80a5f8-cb1e-4b28-ba54-393e6b363e20/a99d384f32fc7aeb8a06934e387ed9ea30992676257a61af37d705805f1dffb7
 1:name=systemd:/kubepods/besteffort/pod8d80a5f8-cb1e-4b28-ba54-393e6b363e20/a99d384f32fc7aeb8a06934e387ed9ea30992676257a61af37d705805f1dffb7
 ```
-```
+
+```shell
 $ docker ps
 ```
-```
+
+```shell
 $ docker inspect <containerid>| grep -i cgroup
 "CgroupParent": "kubepods-burstable-podfc9d9da9_7d7a_4970_b306_8ee27f121de1.slice",
 ```
-```
+
+```shell
 $ cd /sys/fs/cgroup/memory/kubepods.slice/kubepods-burstable.slice
 ```
-```
+
+```shell
 $ cd kubepods-burstable-podfc9d9da9_7d7a_4970_b306_8ee27f121de1.slice
 ```
-```
+
+```shell
 $ ls
 $ cat memory.limit_in_bytes
 1073741824
 ```
-
-
diff --git a/module3/Reduce docker images size.md b/module3/Reduce docker images size.md
@@ -13,8 +13,8 @@ docker.io/library/busybox  latest      42b97d3c2ae9  13 days ago   1.46 MB
 gcr.io/distroless/static   latest      e0851a4aa136  51 years ago  3.06 MB
 ```
 
-- busybox 
-- alpine 
+- busybox
+- alpine
 - google/distroless
 
 Example:
@@ -61,6 +61,7 @@ ADD https://example.com/big.tar.xz /usr/src/things/
 RUN tar -xJf /usr/src/things/big.tar.xz -C /usr/src/things
 RUN make -C /usr/src/things all
 ```
+
 instead of
 
 ```dockerfile
@@ -90,4 +91,3 @@ RUN apt-get update && apt-get install -y \
 https://github.com/docker-library/buildpack-deps/blob/master/Dockerfile.template
 
 https://www.digitalocean.com/community/tutorials/how-to-optimize-docker-images-for-production
-
diff --git a/module3/cgroup-cpu.MD b/module3/cgroup-cpu.MD
@@ -1,22 +1,31 @@
 ### 在 cgroup cpu 子系统目录中创建目录结构
-```
+
+```sh
 cd /sys/fs/cgroup/cpu
 mkdir cpudemo
 cd cpudemo
 ```
+
 ### 运行 busyloop
+
 ### 执行 top 查看 CPU 使用情况，CPU 占用 200%
+
 ### 通过 cgroup 限制 cpu
-```
+
+```sh
 cd /sys/fs/cgroup/cpu/cpudemo
 ```
+
 ### 把进程添加到 cgroup 进程配置组
-```
+
+```sh
 echo ps -ef|grep busyloop|grep -v grep|awk '{print $2}' > cgroup.procs
 ```
+
 ### 设置 cpuquota
-```
+
+```sh
 echo 10000 > cpu.cfs_quota_us
 ```
-### 执行 top 查看 CPU 使用情况，CPU 占用变为10%
 
+### 执行 top 查看 CPU 使用情况，CPU 占用变为 10%
diff --git a/module3/cgroup-mem.MD b/module3/cgroup-mem.MD
@@ -1,21 +1,31 @@
 ### 在 cgroup memory 子系统目录中创建目录结构
-```
+
+```sh
 cd /sys/fs/cgroup/memory
 mkdir memorydemo
 cd memorydemo
 ```
-### 运行 malloc（在linux机器make build）
+
+### 运行 malloc（在 linux 机器 make build）
+
 ### 查看内存使用情况
-```
+
+```sh
 watch 'ps -aux|grep malloc|grep -v grep'
 ```
+
 ### 通过 cgroup 限制 memory
-### 把进程添加到cgroup进程配置组
-```
+
+### 把进程添加到 cgroup 进程配置组
+
+```sh
 echo ps -ef|grep malloc |grep -v grep|awk '{print $2}' > cgroup.procs
 ```
+
 ### 设置 memory.limit_in_bytes
-```
+
+```sh
 echo 104960000 > memory.limit_in_bytes
 ```
+
 ### 等待进程被 oom kill
diff --git a/module3/namespace.MD b/module3/namespace.MD
@@ -1,20 +1,27 @@
 ### 在新 network namespace 执行 sleep 指令：
-```
+
+```sh
 unshare -fn sleep 60
 ```
+
 ### 查看进程信息
-```
+
+```sh
 ps -ef|grep sleep
 root       32882    4935  0 10:00 pts/0    00:00:00 unshare -fn sleep 60
 root       32883   32882  0 10:00 pts/0    00:00:00 sleep 60
 ```
+
 ### 查看网络 Namespace
-```
+
+```sh
 lsns -t net
 4026532508 net       2 32882 root unassigned                                unshare
 ```
+
 ### 进入改进程所在 Namespace 查看网络配置，与主机不一致
-```
+
+```sh
 nsenter -t 32882 -n ip a
 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
diff --git a/module3/overlay-fs.MD b/module3/overlay-fs.MD
@@ -10,7 +10,9 @@ $ echo "from upper" > upper/in_upper.txt
 $ echo "from lower" > lower/in_both.txt
 $ echo "from upper" > upper/in_both.txt
 ```
+
 ### Check it
+
 ```log
 root@k8s-master:~/testlab# tree .
 .
@@ -33,6 +35,7 @@ $ sudo mount -t overlay overlay -o lowerdir=`pwd`/lower,upperdir=`pwd`/upper,wor
 ```
 
 ### Check the merged file
+
 ```shell
 $ cat merged/in_both.txt
 
diff --git a/module3/readme.md b/module3/readme.md
@@ -2,15 +2,13 @@
 
 ### Core
 
-- [namespace](namespace.MD)
-
-- cgroup
-  - [cpu](cgroup-cpu.MD)
-  - [memory](cgroup-mem.MD)
-  - [filesystem](overlay-fs.MD)
-  - [network](setup-network.md)
-
-- [understand docker](2.understand-docker.md)
+- [Namespace](namespace.MD)
+- cgroups
+  - [CPU](cgroup-cpu.MD)
+  - [Memory](cgroup-mem.MD)
+- [Filesystem](overlay-fs.MD)
+- [Network](setup-network.md)
+- [Understand docker](2.understand-docker.md)
 
 ### Some Tips
 
diff --git a/module3/setup-network.md b/module3/setup-network.md
@@ -1,33 +1,44 @@
-### create network ns
-```
+### Create network ns
+
+```sh
 mkdir -p /var/run/netns
 find -L /var/run/netns -type l -delete
 ```
-### start nginx docker with non network mode
-```
+
+### Start nginx docker with non network mode
+
+```sh
 docker run --network=none  -d nginx
 ```
-### check corresponding pid
-```
+
+### Check corresponding pid
+
+```sh
 docker ps|grep nginx
 docker inspect <containerid>|grep -i pid
 
 "Pid": 876884,
 "PidMode": "",
 "PidsLimit": null,
 ```
-### check network config for the container
-```
+
+### Check network config for the container
+
+```sh
 nsenter -t 876884 -n ip a
 ```
-### link network namespace
-```
+
+### Link network namespace
+
+```sh
 export pid=876884
 ln -s /proc/$pid/ns/net /var/run/netns/$pid
 ip netns list
 ```
-### check docker bridge on the host 
-```
+
+### Check docker bridge on the host
+
+```sh
 brctl show
 ip a
 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
@@ -37,17 +48,23 @@ ip a
     inet6 fe80::42:35ff:fe40:d38b/64 scope link
        valid_lft forever preferred_lft forever
 ```
-### create veth pair
-```
+
+### Create veth pair
+
+```sh
 ip link add A type veth peer name B
 ```
-### config A
-```
+
+### Config A
+
+```sh
 brctl addif docker0 A
 ip link set A up
 ```
-### config B
-```
+
+### Config B
+
+```sh
 SETIP=172.17.0.10
 SETMASK=16
 GATEWAY=172.17.0.1
@@ -58,7 +75,9 @@ ip netns exec $pid ip link set eth0 up
 ip netns exec $pid ip addr add $SETIP/$SETMASK dev eth0
 ip netns exec $pid ip route add default via $GATEWAY
 ```
-### check connectivity
-```
+
+### Check connectivity
+
+```sh
 curl 172.17.0.10
-```
+```
