云在青天水在瓶

忙里偷闲终于把大明王朝1566看完了,对政治和经济更加敬畏。分享那些让人听来振聋发聩的语录。

1.三思就是思危 、思退和思变。知道了危险就能躲开危险,这就是“思危”;躲到人家都不再注意你的地方,这就叫思退;退了下来就有机会再慢慢看慢慢想,自己以前哪儿错了,往后该怎么做,这就是思变。

2.不谋全局者,不可谋一隅,不谋一世者,并不可谋一时。

3.这个世上,真靠得住的就两种人,一种是笨人,一种是直人。笨人没有心眼,直人不使心眼。

4.圣人的书是用来读的,用来办事百无一用。

5.任何人答应你的事都不算数,只有自己能做主的才算数。

6.做事情,不问能不能做成,要问应不应该做。

7.这人啊,熬一天不累,熬十天就累了;小心一年不难,小心一辈子就难了。

8.圣人出黄河清,可黄河什么时候清过?黄河虽浊,亦能灌溉;长江虽清,时有泛滥。

9.世间万事万物都只有一个理,各人站的位置不同,看法不同而已。

10.都说人不如旧衣不如新,可在朕看来,衣服和人都是老的好,衣服旧了贴身,人旧了贴心啊。

11.有时离九霄而膺天命 情何以堪;御四海而哀苍生 心为之伤。有时候啊,最亲的不是父子是师徒。儿子将父母之恩视为当然,弟子将师傅之恩,视为报答。

12.只有架起锅子煮白米,不能架起锅子煮道理吧。

13.文官的衣服上绣的是禽,武官的衣服上绣的是兽。披上了这身皮,我们哪一个不是衣冠禽兽。

14.历来造反的都是种田的人,没听说商人能闹翻了天。

15.屋檐滴水代接代,新官不算旧官账。

16.有些事不上秤没四两重,上了秤一千斤打不住。

17.用人之道,贵在知人。两京一十三省的官员,都要靠你们来举荐。有实心用事者,如胡总宪,有顾全大局者,如赵贞吉,这些都是好的。像郑泌昌 何茂才这等硕鼠,竟也荐任封疆,严世藩的两双眼睛,是不是全都瞎了!

18.这个世上,真靠得住的就两种人,一种是笨人,一种是直人。笨人没有心眼,直人不使心眼。

19.人心似水,水是往低处走的,人心总是高了还想高啊!

20.官做的在大,落到底也是居家过日子。

21.平时叫你读读《左传通鉴》,你不以为然;我叫你读一读王阳明的书,你更是不以为然,还说什么半部《论语》可治天下。现在我问你,孔子说的‘知不可为而为之’是什么本意?孔子是告诉世人,做事时不问可不可能,但问应不应该。毁堤淹田,伤天害理,上误国家,下害百姓。这也叫知不可为而为之?

22.朝廷也就是几座宫殿,几座衙门。饭还是要分锅吃的。

23.读书是为了明理,明了理就有了主张,知道该怎么做。但理是在变化的,又不能守死理。

24.圣人出黄河清,可黄河什么时候清过?黄河虽浊,亦能灌溉;长江虽清,时有泛滥。

25.裕王:大明朝谁是贤臣?嘉靖:没有谁是真正的贤臣,贤时用之,不贤黜之。

service mesh

A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. Service meshes appear commonly in concert with cloud-based applications, containers and microservices.

A service mesh is in control of delivering service requests in an application. Common features provided by a service mesh include service discovery, load balancing, encryption and failure recovery. High availability is also common through utilizing software controlled by APIs rather than utilizing hardware. Service meshes can make service-to-service communication fast, reliable and secure.

As an example, an application structured in a microservices architecture might be composed of hundreds of services, all with their own instances operating in a live environment. This could make it challenging for developers to keep track of which components must interact, and make changes to their application if something goes wrong. Including communication protocols in a service rather than in a separate and dedicated layer would make the process of keeping track and making changes to an application fairly complex. Utilizing a service mesh allows developers the ability to separate service-to-service communication into a dedicated layer.

An organization may choose to utilize an API gateway, which handles protocol transactions, over a service mesh. However, developers must update the API gateway every time a microservice is added or removed.

How a service mesh works
A service mesh architecture uses a proxy instance called a sidecar in whichever development paradigm is in use, commonly containers and/or microservices. In a microservice application, a sidecar will attach to each service. In a container, the sidecar is attached to each application container, VM or container orchestration unit, such as a Kubernetes pod.

Sidecars can handle tasks abstracted from the service itself, such as monitoring and security.

Service instances, sidecars and their interactions make up what is called the data plane in a service mesh. A layer called the control plane manages tasks such as creating instances, monitoring and implanting policies, such as network management or network security policies. Control planes can connect to a CLI or a GUI interface for application management.

Service mesh benefits and drawbacks
A service mesh addresses some large issues with managing service-to-service communication, but not all. Some advantages of a service mesh include:

Simplifies communication between services in both microservices and containers.
Easier to diagnose communication errors, since they would occur on their own infrastructure layer.
Supports security features such as encryption, authentication and authorization.
Allows for faster development, testing and deployment of an application.
Sidecars placed next to a container cluster is effective in managing network services.
Some downsides to service meshes include:

Runtime instances increase by utilizing a service mesh.
Adds an extra step where each service call must first run through the sidecar proxy.
Service meshes do not address issues such as integrating with other services or systems and routing type or transformation mapping.
The service mesh market
A service mesh is commonly available as an open source technology from diverse creators. It can also be consumed as a service from major cloud providers.

Istio is an open source service mesh provided by Google, IBM and Lyft. Istio is designed as a universal control plane first targeted for Kubernetes deployments, but can be used on multiple platforms. Its data plane relies on proxies called Envoy sidecars. This service mesh features security measures such as identity and key management. It also supports fault injection and hybrid deployment.

Istio service mesh
The Istio service mesh architecture is one of the major designs available.
Linkerd is another open source, multiplatform service mesh. Linkerd was developed by Buoyant and is built on Twitter’s Finagle library. This service mesh supports platforms such as Kubernetes, Docker and Amazon ECS. Features include built-in service discovery and control plane, Namerd.