今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#infra

找到 72 篇相关文章

AI 资讯

What is SRE? A Beginner's Guide to Site Reliability Engineering

Why This Matters: The 2 AM Problem It's 2 AM. Your phone rings. Your production database is down. Customers can't log in. Revenue is dropping by the second. You call the Ops team. They restart the server. Downtime: 45 minutes. Cost: $100K in lost sales. Root cause? Unknown. This happens thousands of times a week at companies worldwide. The question isn't "Will your system break?" It's " When it breaks, are you ready? " That's where SRE comes in. What is SRE? (The Real Definition) SRE (Site Reliability Engineering) = Applying software engineering principles to build reliable, scalable infrastructure and systems. It's not just about keeping servers running. It's about: Reliability : Systems that don't break unexpectedly Scalability : Systems that handle growth without collapsing Infrastructure : Automating how systems are built, deployed, and monitored Measurability : Knowing exactly how your system is performing at any moment Traditional operations manages infrastructure reactively — when something breaks, you fix it. SRE manages infrastructure proactively — you engineer it so it rarely breaks, and when it does, it heals itself. The Key Insight: Reliability is Engineered, Not Hoped For Here's the critical shift in thinking: Old mindset : "Let's build this system and hope it doesn't break." SRE mindset : "Let's measure what 'reliable' means, design the system to achieve that, and automate the monitoring and recovery." But reliability isn't just uptime. It includes: Uptime : Is the system available? Latency : How fast does it respond? (A slow system is effectively broken) Error rate : What percentage of requests fail? Throughput : Can it handle the traffic? User experience : Does the system meet user expectations? All of these are engineered and measured. A Simple Analogy: The Bridge Imagine you're managing a bridge. Traditional approach : Engineers patrol daily, react to problems, work around the clock fixing issues SRE approach : Engineers design monitoring that aler

2026-06-15 原文 →
AI 资讯

Your DR Test Passed. The Assumptions Didn't.

The test passed. The restore completed inside the window. The workload came online. The team signed off, closed the ticket, and filed the results. DR test: successful. And then, somewhere between the test environment and the next real incident, the recovery plan drifted out of alignment with the infrastructure it was written to protect. Not dramatically. Not all at once. Gradually — through a cloud migration, an IdP consolidation, a new SaaS dependency, a network redesign that didn't make it into the runbook. DR plan failure rarely happens where you tested. It happens at the assumptions the exercise never reached. The Test Has a Boundary. The Incident Doesn't. A DR exercise begins with a defined scope. A specific workload. A known starting state. A target environment that has been prepared in advance. The team is available, credentialed, and not managing anything else. The blast radius is controlled before the test starts. A real incident does none of that. Scope expands from the first alert. Authentication problems surface because the IdP that wasn't in exercise scope is now unreachable. Networking issues appear because the failover path assumes a routing table that was updated three months ago. A vendor the plan never named is unavailable, and the recovery sequence stalls waiting for a dependency that was never documented as a dependency. The plan was written for the conditions of the test. The incident arrives in conditions the plan never anticipated. That gap is where DR plan failure actually lives — not in the restore mechanism, but in everything the restore mechanism was assumed to be able to reach. Most DR Plans Depend on Things They Never Recover The recovery exercise validates a workload. What it rarely validates is the recovery infrastructure itself. Consider what a typical enterprise DR plan silently depends on: Assumed — Not Tested: Identity provider, backup management console, cloud account access, ticketing and incident management systems, third-party

2026-06-14 原文 →
AI 资讯

Is it possible overload a AI as a Service with multiples requests ?

I was thinking about some tests for a service that uses language models; there are several, even prompt injection. A question came to mind: is it possible to make multiple requests asking for any text like Lorem Ipsum, generating many unnecessary tokens and incurring costs? But creating a test where there are multiple accounts making the same request to generate 10,000 Lorem Ipsum tokens simultaneously, could that cause a service outage? Because most of the infrastructure I see doesn't use any queuing method when the chat is free of tasks involving an agent or even heavier functionalities. I didn't actually generate anything, I just wanted to start a discussion on this topic.

2026-06-13 原文 →
AI 资讯

IaC, FdI, IaF: three ways a codebase becomes infrastructure

Published June 17, 2026 by gyorgy Infrastructure used to be something you wrote separately from your application. Lately that boundary has been dissolving, and the vocabulary has not kept up. Three distinct ideas are getting blurred together, partly because they all start from the same place: your code already implies what infrastructure it needs, so why state it twice. They diverge sharply on what they do about that. Here is the short version, then the longer one. The short version Infrastructure as Code (IaC). You describe the infrastructure explicitly, in its own files. The tool turns those files into real resources. Total control, total verbosity, and your infrastructure definition lives apart from your application code. Framework-defined Infrastructure (FdI). The framework infers the infrastructure from your application code, and a managed platform provisions it for you. Almost no configuration, no drift between app and infra, but the inference only covers what the framework exposes, and the resulting infrastructure runs on the platform's rails. Infrastructure as Framework (IaF). The framework reads your applications and generates infrastructure code that you own, deployed into your own cloud accounts. The framework does the inferring, you keep the output and the account. Who writes the infra Who owns the output Where it runs Scope IaC You, by hand You Any cloud Anything you can express FdI The framework The platform The platform What the framework exposes IaF The framework You Your cloud accounts What the framework covers The rest of this is just those three rows, explained. Infrastructure as Code IaC is the established answer. You write declarations, in HCL or a general-purpose language, that spell out the resources you want: this VPC, this load balancer, this database, these IAM bindings. A tool like Terraform or Pulumi reads the declarations and reconciles your cloud to match. The strength is that nothing is hidden. Every resource is something you chose and

2026-06-13 原文 →
AI 资讯

SpaceX, Anthropic, and OpenAI’s hot IPO summer

The IPO market is back, and it’s not the same companies leading the charge. FAANG had a good run, but a new acronym is taking over: MANGOS — Meta (or Microsoft, depending on who you ask), Anthropic, Nvidia, Google, OpenAI, and SpaceX. Half of that bunch is heading to public markets in the same window, and it’s a stress test for investors, for valuations, and for […]

2026-06-13 原文 →
AI 资讯

Kubernetes kills your pod? Here's why

Your pods keep getting killed. Not crashing — killed. One moment they're running fine, the next they're gone and Kubernetes is spinning up replacements. You check the logs and there's nothing useful. The pod just… disappeared. Turns out Kubernetes killed it on purpose. And if you don't tell it how much memory your app actually needs, it'll keep doing it. Why Kubernetes evicts pods Kubernetes runs on nodes — physical or virtual machines that host your containers. Each node has a finite amount of CPU and memory. When a node runs low on resources, Kubernetes has to make a choice: which pods stay, and which ones get evicted to free up space. The decision comes down to QoS classes — Quality of Service tiers that Kubernetes assigns to every pod based on how you've configured resource requests and limits. There are three classes: BestEffort — no resource requests or limits defined. Kubernetes has no idea how much CPU or memory the pod needs. These get killed first. Burstable — requests and limits are defined, but they're different (e.g., requests: 256Mi , limits: 512Mi ). The pod is guaranteed the request amount, but can burst up to the limit. Killed second. Guaranteed — requests and limits are set to the same value. Kubernetes reserves exactly that amount of resources for the pod. Killed last. If your pods don't have resource configuration at all, they're running as BestEffort. And when the node hits memory pressure, BestEffort pods are the first to go — no questions asked. The Guaranteed class Setting your pod to the Guaranteed class is one line in your deployment config. Define requests and limits for both CPU and memory, and make them identical: resources : requests : memory : " 512Mi" cpu : " 500m" limits : memory : " 512Mi" cpu : " 500m" That's it. Kubernetes now knows this pod needs exactly 512 MiB of RAM and half a CPU core, and it reserves that capacity when scheduling the pod onto a node. If a node doesn't have 512 MiB available, the pod won't be placed there. An

2026-06-12 原文 →
AI 资讯

G4 Fractional VMs are now available on Google Cloud!

In 2025 Google Cloud added G4 , powered by NVIDIA's RTX PRO 6000 Blackwell Server Edition GPUs to their offering, allowing them to offer hardware not only for AI applications, but also for other applications, such as rendering, simulations or gaming. A single G4 instance with one accelerator ( g4-standard-48 ) comes equipped with 48 CPU cores, 180 gigabytes of RAM and 96 gigabytes of GPU memory. This is a lot of resources for a single cloud workstation, that only the most demanding workstreams would utilize. Most professionals who require a graphics accelerator to do their job, don't really need this much compute power for day to day tasks. It wasn't financially reasonable to pay for a G4 instance, when you weren't utilizing all the resources you paid for. If only there were smaller machine types… If only you could share that one very powerful GPU between multiple virtual machines… Introducing fractional VMs! During Google Cloud Next 2026, Google announced GA for fractional G4 VMs and was the first provider to bring vGPU functionality to RTX PRO 6000 accelerators. vGPU stands for virtual graphical processing unit . Just like VMs (virtual machines) are a way to split one physical computer into smaller, independent systems, vGPU allows for a single physical accelerator to be split into 2, 4 or 8 virtual accelerators! The new fractional machine types ( g4-standard-24 , g4-standard-12 , g4-standard-6 ) now allow you to perfectly match the compute capabilities to your needs! Who is it for? The existence of those new machine types makes it much more cost-efficient to move many GPU-dependent tasks to the cloud. Replacing physical workstations in offices with cloud infrastructure is not a new thing , but till now, Google Cloud didn't offer a good platform for those who needed workstations to process images, post-process videos, simulate physics or render 3D graphics. Those users now can get exactly the hardware they need, allowing their companies to move away from maintaini

2026-06-10 原文 →
AI 资讯

Virtualization in Cloud Computing: Definition, Types, and Practical Guide

If you've ever spun up an EC2 instance for a side project, accessed a remote work desktop from your personal laptop, or stored files on Google Drive without thinking about the physical hard drive it lives on, you've used virtualization. As the foundational technology behind all modern cloud computing, virtualization transformed how we build, deploy, and manage IT infrastructure—cutting hardware costs significantly for enterprises and making on-demand scalability a reality for teams of all sizes. In this guide, we'll break down exactly what virtualization is, how it powers the cloud, the 6 core types of virtualization, and best practices to implement it safely and efficiently. Table of Contents What is Virtualization in Cloud Computing? Core Virtualization Concepts You Need to Know Role of Virtualization in Cloud Computing 6 Key Types of Virtualization (With Use Cases) Top Benefits of Virtualization for Teams of All Sizes Virtualization vs. Related Technologies Virtualization vs. Cloud Computing Virtualization vs. Containerization Common Virtualization Challenges and Mitigations Real-World Virtualization Use Cases Virtualization Best Practices Conclusion References What is Virtualization in Cloud Computing? Virtualization is a technology that creates virtual, software-based representations of physical hardware (servers, storage, networks, etc.) and abstracts these resources from the underlying physical machine. A software layer called a hypervisor separates operating systems and applications from physical hardware, allowing multiple isolated, self-contained systems called Virtual Machines (VMs) to run simultaneously on a single physical host. Each VM has its own virtual CPU, memory, storage, and network interface, and operates independently of other VMs on the same host. For cloud providers, this technology is the backbone of all on-demand infrastructure services, allowing them to share physical hardware across thousands of customers securely and efficiently. Core Vi

2026-06-10 原文 →
AI 资讯

What is AWS EC2 Instance Storage? A Complete 2026 Guide for Developers

If you’ve ever spent hours debugging slow EC2 workloads or getting sticker shock from unexpected EBS IOPS charges, you’ve probably wondered if there’s a better storage option for temporary, high-performance data. AWS EC2 Instance Storage (also called Instance Store) is one of the most underutilized but powerful tools in the EC2 ecosystem—if you know how to use it correctly. This guide breaks down everything you need to know: core concepts, performance optimizations, use cases, limitations, and how it stacks up against EBS. By the end, you’ll be able to cut storage costs, boost workload performance, and avoid costly data loss mistakes. Table of Contents What Exactly Is AWS EC2 Instance Storage? Core Concepts of EC2 Instance Store Key Features That Make Instance Store Stand Out Which EC2 Instance Types Support Instance Store? Deep Dive: NVMe SSD Instance Store Volumes SSD Instance Store Performance Best Practices EC2 Instance Store vs EBS: Head-to-Head Comparison Top Real-World Use Cases for EC2 Instance Store Critical Limitations to Avoid Costly Mistakes Production-Grade Best Practices for Instance Store Root Volume Options: EBS-Backed vs Instance Store-Backed Instances EC2 Instance Store Pricing: No Hidden Costs Conclusion References What Exactly Is AWS EC2 Instance Storage? EC2 Instance Store is temporary block-level storage that is physically attached to the host server running your EC2 instance. Unlike standalone storage services like EBS, EFS, or S3, it is part of the EC2 service itself, with no network overhead between your instance and the storage disks. Its defining trait is its ephemeral nature: data stored on Instance Store only persists for the lifetime of the associated instance. If you stop, hibernate, or terminate your instance, all data on Instance Store volumes is permanently deleted. Core Concepts of EC2 Instance Store Before you start using Instance Store, make sure you understand these foundational rules: Device naming : Instance Store volumes are

2026-06-08 原文 →
AI 资讯

The Hypervisor Is Becoming a Policy Enforcement Point

Most organizations still think of the hypervisor as a resource abstraction layer. CPU. Memory. Storage. The platform that decides where workloads run. That mental model is increasingly incomplete. Every major virtualization platform — vSphere, AHV, Proxmox — has been steadily accumulating policy enforcement responsibilities. The hypervisor isn't just deciding where workloads run. It's increasingly deciding what they're allowed to do. The Speed of the Shift Is the Real Story Virtualization practitioners already know security controls have moved downward through the stack. What's less appreciated is how compressed the most recent phase has been. For years, hypervisors enforced resource allocation. Within a single platform generation cycle, that same layer accumulated encryption policy enforcement, workload trust validation, microsegmentation, secure boot enforcement, host attestation, and workload isolation boundaries — not as optional add-ons, but as core platform capabilities. The perimeter-to-OS transition took decades. The hypervisor accumulated a comparable policy enforcement surface in the time between one major vSphere release and the next. That compressed timeline is what creates the ownership lag — the governance model adequate for a resource scheduler has not caught up to a platform that enforces organizational policy. The Hypervisor Now Makes Binding Decisions The distinction that matters: a platform that observes policy versus a platform that enforces it. The hypervisor is no longer observing. It is enforcing. VM fails attestation → workload does not start. Encryption policy mismatch → workload cannot migrate. Segmentation policy violation → communication blocked at the platform layer. Trust validation failure → host removed from workload eligibility. Those are not scheduling decisions. Those are governance outcomes. The workload doesn't get a vote. This is what makes the hypervisor governance infrastructure : infrastructure that directly enforces organiza

2026-06-07 原文 →
AI 资讯

Terraform vs CDK vs Pulumi: Choosing Your Infrastructure-as-Code Tool

The IaC landscape split into two philosophies about a decade ago and hasn't fully resolved the argument since. On one side: declarative configuration languages designed specifically for infrastructure (Terraform HCL, CloudFormation YAML, Bicep). On the other: general-purpose programming languages brought to infrastructure (AWS CDK, Pulumi). Both approaches have won in production at major organizations. Neither is clearly superior. This comparison covers Terraform, AWS CDK, and Pulumi in depth — how they work, where they excel, where they struggle, and which makes sense for different team situations. It isn't a beginner introduction to any of these tools; if you're choosing between them for a real project, this assumes you've at least skimmed each one. The core philosophical difference Terraform's HCL is a purpose-built configuration language. It's not Turing-complete (no arbitrary loops, no recursion, limited conditionals). This is by design: HashiCorp's position is that infrastructure definitions should be readable, predictable, and safe to generate tooling around. When you read a .tf file, you can understand what it creates without executing anything. CDK and Pulumi take the opposite position: the limitations of configuration languages are a tax on productive engineers. Why invent a domain-specific language when TypeScript already exists? Real programming languages have proper abstractions, test frameworks, package managers, IDE support, and a billion engineers who already know them. Infrastructure should be no different from application code. Both positions have merit. The choice between them often comes down to who's writing the infrastructure more than which approach is technically superior. Terraform Terraform is the default choice for infrastructure-as-code in 2026. It works with every major cloud provider and hundreds of minor ones. The Terraform Registry has thousands of modules — reusable packages for common patterns like VPCs, EKS clusters, and RDS databa

2026-06-07 原文 →
AI 资讯

What Happens When an AI Agent Manages Your Password Vault

TL;DR Claude Code and the op CLI reorganized 690 credentials — four vaults, 390 items tagged, SSH agent configured — in one session. This is AI-native work: the agent operated the vault; the human set direction and approved via Touch ID. The CLI failed on 18 items with social-auth ( UNKNOWN field type) — hard failure, not graceful degradation; a real reliability blocker for team-scale use. The bug was filed from the terminal via the GitHub CLI in the same session it was found. If your password manager has a CLI, you already have everything needed to run this. I've been a 1Password user for years. Not in a conscious, intentional way — more in the way you use a good chair: it became part of how I work and I stopped thinking about it. That changed when I set up a new machine. I had to install 1Password, wire up the SSH agent, reconnect the CLI, re-authenticate everything. The process took longer than it should have because I'd never written down what I'd built. I'd only accumulated it. And somewhere in the middle of that setup, it hit me: I had 690 credentials in one flat vault — logins from jobs I'd left years ago sitting next to active API keys, personal bank accounts mixed with infrastructure credentials, demo user passwords alongside production secrets. The kind of accumulation that happens when a tool works well enough that you never stop to organize it. I'd been meaning to clean it up for a long time. I never did, because the job is exactly the kind of work that's too tedious to do manually and too important to skip: touch every item, make a judgment call, move it somewhere sensible, repeat 690 times. Then I realized: with Claude Code and the op CLI, this was now actually possible. Not assisted — the agent could do it. So I handed it the keys. What "AI-native" actually means here Quick context on timing: 1Password launched its SSH agent and CLI 2.0 in March 2022. Git commit signing via the vault came six months later. These are mature, stable features — not betas

2026-06-06 原文 →
AI 资讯

7 Infra Improvement Strategies to Prevent Next.js Deployment Build Failures in 2026

7 Infra Improvement Strategies to Prevent Next.js Deployment Build Failures in 2026 Recently, our team's deployment pipeline started showing serious instability. Specifically, we encountered recurring build failures related to the chat build. As a result, the entire development team was preoccupied with battling these build failures. Attempts and Pitfalls Initially, I thought the --preload detection logic was the problem. I modified it to detect only specific lines, but this ended up causing issues in other areas. The recurring chat build failures were actually caused by the next.config file not properly recognizing file extensions. I modified it to allow extensions like .mjs , .js , .ts , and .cjs , but even that didn't work correctly at first, leading to some wasted effort. # .github/workflows/deploy.yml (Excerpt from initial version) - name : Run Preload Detection run : | # ... existing logic ... if [[ "$LINE" == *"some_pattern"* ]]; then echo "Preload detected" # ... fi I modified it to detect only specific lines like the above, which led to unintended behavior. // next.config.js (Initial configuration) module . exports = { // ... experimental : { // ... }, // ... }; Regarding extensions, I initially allowed only a few types, and only after experiencing chat build failures did I modify it to support more extensions. Root Causes In the end, it was a combination of several complex issues. There were flaws in the --preload detection logic, and the range of supported extensions in the next.config file was too narrow, which was the direct cause of the chat build failures. Additionally, there was confusion arising from the chat server builds being inconsistent between P1/P2 and P0 stages. Problems also occurred because the .next directory was not preserved, and the smoke gate was too lenient, failing to catch build failures. Finally, there was an unexpected side effect where the next/font/google library caused GCE outbound connection errors. Solutions To address these

2026-06-06 原文 →
AI 资讯

How We Strengthened Magento Performance Architecture for a Multi-Million Product Store

Managing a multi-million product catalog on Magento presents unique challenges around performance, scalability, and operational efficiency. At Rave Digital, we recently undertook a Magento performance optimization project for a large-scale eCommerce merchant struggling with slow site speed, infrastructure bottlenecks, and backend instability. This use case breakdown details how we modernized their Magento architecture, optimized database performance, and scaled infrastructure to deliver a stable, high-speed shopping experience. This post is tailored for eCommerce managers, directors, and Magento merchants—especially those running Adobe Commerce or Magento Open Source platforms—who want to understand practical strategies for Magento architecture scaling and performance tuning for large catalogs. The Problem: Performance Bottlenecks in a Complex Magento Environment: Our client operated an enterprise Magento store with a multi-million product catalog. Despite Magento’s robust capabilities, the site suffered from: Slow page load times impacting user experience and SEO Scalability challenges as product volume and traffic grew Infrastructure bottlenecks causing backend instability and downtime Complex integrations and manual processes limiting operational efficiency Platform limitations in handling large catalog management and real-time inventory updates These issues collectively threatened the site’s ability to support growth and deliver a seamless customer experience. The client sought a comprehensive Magento platform modernization to address these challenges. Context: Why Magento Architecture and Infrastructure Matter Magento’s flexibility and extensibility make it ideal for enterprise eCommerce, but large catalogs require careful architecture and infrastructure planning. Key technical pain points include: Database performance under heavy read/write loads Indexing delays and cache invalidation impacting site speed Integration complexity with third-party systems and API

2026-06-05 原文 →
产品设计

AWS Replaces Fat-Tree Data Center Networks with Random Graph Theory, Cutting Routers by 69%

AWS disclosed that Resilient Network Graphs, a flat network architecture based on quasi-random graph theory, is now the default for most new data center builds. The design replaces fat-tree hierarchies with direct ToR-to-ToR mesh connections using passive optical ShuffleBoxes, cutting routers by 69%, boosting throughput by 33%, and reducing network power consumption by 40%. By Steef-Jan Wiggers

2026-06-04 原文 →
AI 资讯

Puppetlabs Modules Roundup – May 2026

This time around we look back at May 2026 and the 11 Puppetlabs module releases on the Forge, with an emphasis on the changes most likely to matter in active environments. Highlighted Updates New Windows audit policy module released! The new audit_policy module has been released by Perforce as a Ruby replacement for the generated DSC community auditpolicydsc module . This module uses Puppet Resources API for managing Windows audit policy using auditpol.exe ruby_task_helper Dependency Bound Update Five Bolt-adjacent modules all bumped the ruby_task_helper upper bound to < 2.0.0 in a coordinated maintenance pass, helping with dependency resolution failures when using Bolt 5.x. Affected modules: vault, terraform, http_request, gcloud_inventory, azure_inventory. CentOS 9 Support Multiple modules added explicit CentOS 9 compatibility, expanding the Linux platform coverage in line with the broader Puppet ecosystem push. Affected modules: concat, inifile. What Updates Happened to Puppetlabs Modules in May 2026? The following is an alphabetical listing of modules which received updates in May 2026. If a module had multiple versions released, the updates are collected together, numbered with the "latest" version available. apt 11.3.1 📅 Latest release: 2026-05-19 (🌐 View on the Forge ) This release introduced an explicit hash value syntax while also adding a param to support purging keyrings and other community contributions. Includes monthly releases: 11.3.1 (2026-05-19), 11.3.0 (2026-05-18). Use explicit hash value syntax instead of shorthand #1285 ( SugatD ) Add param for purging keyrings #1266 ( bwitt ) Include components when suite does not end with slash #1259 ( bwitt ) Bugfix - sources format and ensure => absent fails #1243 ( traylenator ) fix: allow plus signs in ppa #1222 ( moritz-makandra ) Fix and improve DEB822-style template #1212 ( smortex ) audit_policy 1.0.0 🌟 New Module: 2026-05-29 (🌐 View on the Forge ) This new module allows you to manage Windows audit pol

2026-06-04 原文 →