document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2020-02-18 12:05:46 +08:00
commit e5ad66fda3
5 changed files with 261 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sources/tech/20200130 Meet FuryBSD- A New Desktop BSD Distribution.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

169
sources/tech/20200203 Troubleshoot Kubernetes with the power of tmux and kubectl.md
View File

@ -1,169 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: ( guevaraya)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Troubleshoot Kubernetes with the power of tmux and kubectl)
[#]: via: (https://opensource.com/article/20/2/kubernetes-tmux-kubectl)
[#]: author: (Abhishek Tamrakar https://opensource.com/users/tamrakar)
Troubleshoot Kubernetes with the power of tmux and kubectl
======
A kubectl plugin that uses tmux to make troubleshooting Kubernetes much
simpler.
![Woman sitting in front of her laptop][1]
[Kubernetes][2] is a thriving open source container orchestration platform that offers scalability, high availability, robustness, and resiliency for applications. One of its many features is support for running custom scripts or binaries through its primary client binary, [kubectl][3]. Kubectl is very powerful and allows users to do anything with it that they could do directly on a Kubernetes cluster.
### Troubleshooting Kubernetes with aliases
Anyone who uses Kubernetes for container orchestration is aware of its features—as well as the complexity it brings because of its design. For example, there is an urgent need to simplify troubleshooting in Kubernetes with something that is quicker and has little need for manual intervention (except in critical situations).
There are many scenarios to consider when it comes to troubleshooting functionality. In one scenario, you know what you need to run, but the command's syntax—even when it can run as a single command—is excessively complex, or it may need one or two inputs to work.
For example, if you frequently need to jump into a running container in the System namespace, you may find yourself repeatedly writing:
```
`kubectl --namespace=kube-system exec -i -t <your-pod-name>`
```
To simplify troubleshooting, you could use command-line aliases of these commands. For example, you could add the following to your dotfiles (.bashrc or .zshrc):
```
`alias ksysex='kubectl --namespace=kube-system exec -i -t'`
```
This is one of many examples from a [repository of common Kubernetes aliases][4] that shows one way to simplify functions in kubectl. For something simple like this scenario, an alias is sufficient.
### Switching to a kubectl plugin
A more complex troubleshooting scenario involves the need to run many commands, one after the other, to investigate an environment and come to a conclusion. Aliases alone are not sufficient for this use
case; you need repeatable logic and correlations between the many parts of your Kubernetes deployment. What you really need is automation to deliver the desired output in less time.
Consider 10 to 20—or even 50 to 100—namespaces holding different microservices on your cluster. What would be helpful for you to start troubleshooting this scenario?
* You would need something that can quickly tell which pod in which namespace is throwing errors.
* You would need something that can watch logs of all the pods in a namespace.
* You might also need to watch logs of certain pods in a specific namespace that have shown errors.
Any solution that covers these points would be very useful in investigating production issues as well as during development and testing cycles.
To create something more powerful than a simple alias, you can use [kubectl plugins][5]. Plugins are like standalone scripts written in any scripting language but are designed to extend the functionality of your main command when serving as a Kubernetes admin.
To create a plugin, you must use the proper syntax of **kubectl-&lt;your-plugin-name&gt;** to copy the script to one of the exported pathways in your **$PATH** and give it executable permissions (**chmod +x**).
After creating a plugin and moving it into your path, you can run it immediately. For example, I have kubectl-krawl and kubectl-kmux in my path:
```
$ kubectl plugin list
The following compatible plugins are available:
/usr/local/bin/kubectl-krawl
/usr/local/bin/kubectl-kmux
$ kubectl kmux
```
Now let's explore what this looks like when you power Kubernetes with tmux.
### Harnessing the power of tmux
[Tmux][6] is a very powerful tool that many sysadmins and ops teams rely on to troubleshoot issues related to ease of operability—from splitting windows into panes for running parallel debugging on multiple machines to monitoring logs. One of its major advantages is that it can be used on the command line or in automation scripts.
I created [a kubectl plugin][7] that uses tmux to make troubleshooting much simpler. I will use annotations to walk through the logic behind the plugin (and leave it for you to go through the plugin's full code):
```
#NAMESPACE is namespace to monitor.
#POD is pod name
#Containers is container names
# initialize a counter n to count the number of loop counts, later be used by tmux to split panes.
n=0;
# start a loop on a list of pod and containers
while IFS=' ' read -r POD CONTAINERS
do
           # tmux create the new window for each pod
            tmux neww $COMMAND -n $POD 2&gt;/dev/null
           # start a loop for all containers inside a running pod
        for CONTAINER in ${CONTAINERS//,/ }
        do
        if [ x$POD = x -o x$CONTAINER = x ]; then
        # if any of the values is null, exit.
        warn "Looks like there is a problem getting pods data."
        break
        fi
           
            # set the command to execute
        COMMAND=”kubectl logs -f $POD -c $CONTAINER -n $NAMESPACE”
        # check tmux session
        if tmux has-session -t &lt;session name&gt; 2&gt;/dev/null;
        then
        &lt;set session exists&gt;
        else
        &lt;create session&gt;
        fi
           # split planes in the current window for each containers
        tmux selectp -t $n \; \
        splitw $COMMAND \; \
        select-layout tiled \;
           # end loop for containers
        done
           # rename the window to identify by pod name
        tmux renamew $POD 2&gt;/dev/null
       
            # increment the counter
        ((n+=1))
# end loop for pods
done&lt; &lt;(&lt;fetch list of pod and containers from kubernetes cluster&gt;)
# finally select the window and attach session
 tmux selectw -t &lt;session name&gt;:1 \; \
  attach-session -t &lt;session name&gt;\;
```
After the plugin script runs, it will produce output similar to the image below. Each pod has its own window, and each container (if there is more than one) is split by the panes in its pod window, streaming logs as they arrive. The beauty of tmux can be seen below; with the proper configuration, you can even see which window has activity going on (see the white tabs).
![Output of kmux plugin][8]
### Conclusion
Aliases are always helpful for simple troubleshooting in Kubernetes environments. When the environment gets more complex, a kubectl plugin is a powerful option for using more advanced scripting. There are no limits on which programming language you can use to write kubectl plugins. The only requirements are that the naming convention in the path is executable, and it doesn't have the same name as an existing kubectl command.
To read the complete code or try the plugins I created, check my [kube-plugins-github][7] repository. Issues and pull requests are welcome.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/kubernetes-tmux-kubectl
作者:[Abhishek Tamrakar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/tamrakar
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_women_computing_4.png?itok=VGZO8CxT (Woman sitting in front of her laptop)
[2]: https://opensource.com/resources/what-is-kubernetes
[3]: https://kubernetes.io/docs/reference/kubectl/overview/
[4]: https://github.com/ahmetb/kubectl-aliases/blob/master/.kubectl_aliases
[5]: https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/
[6]: https://opensource.com/article/19/6/tmux-terminal-joy
[7]: https://github.com/abhiTamrakar/kube-plugins
[8]: https://opensource.com/sites/default/files/uploads/kmux-output.png (Output of kmux plugin)

98
sources/tech/20200207 What is WireGuard- Why Linux Users Going Crazy Over it.md
View File

@ -1,98 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (What is WireGuard? Why Linux Users Going Crazy Over it?)
[#]: via: (https://itsfoss.com/wireguard/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
What is WireGuard? Why Linux Users Going Crazy Over it?
======
From normal Linux users to Linux creator [Linus Torvalds][1], everyone is in awe of WireGuard. What is WireGuard and what makes it so special?
### What is WireGuard?
![][2]
[WireGuard][3] is an easy to configure, fast, and secure open source [VPN][4] that utilizes state-of-the-art cryptography. Its aim is to provide a faster, simpler and leaner general purpose VPN that can be easily deployed on low-end devices like Raspberry Pi to high-end servers.
Most of the other solutions like [IPsec][5] and OpenVPN were developed decades ago. Security researcher and kernel developer Jason Donenfeld realized that they were slow and difficult to configure and manage properly.
This made him create a new open source VPN protocol and solution which is faster, secure easier to deploy and manage.
WireGuard was originally developed for Linux but it is now available for Windows, macOS, BSD, iOS and Android. It is still under heavy development.
### Why is WireGuard so popular?
![][6]
Apart from being a cross-platform, one of the biggest plus point for WireGuard is the ease of deployment. Configuring and deploying WireGuard is as easy as configuring and using SSH.
Look at [WireGuard set up guide][7]. You install WireGuard, generate public and private keys (like SSH), set up firewall rules and start the service. Now compare it to the [OpenVPN set up guide][8]. There are way too many things to do here.
Another good thing about WireGuard is that it has a lean codebase with just 4000 lines of code. Compare it to 100,000 lines of code of [OpenVPN][9] (another popular open source VPN). It is clearly easier to debug WireGuard.
Dont go by its simplicity. WireGuard supports all the state-of-the-art cryptography like like the [Noise protocol framework][10], [Curve25519][11], [ChaCha20][12], [Poly1305][13], [BLAKE2][14], [SipHash24][15], [HKDF][16], and secure trusted constructions.
Since WireGuard runs in the [kernel space][17], it provides secure networking at a high speed.
These are some of the reasons why WireGuard has become increasingly popular. Linux creator Linus Torvalds loves WireGuard so much that he is merging it in the [Linux Kernel 5.6][18]:
> Can I just once again state my love for it and hope it gets merged soon? Maybe the code isnt perfect, but Ive skimmed it, and compared to the horrors that are OpenVPN and IPSec, its a work of art.
>
> Linus Torvalds
### If WireGuard is already available, then whats the fuss about including it in Linux kernel?
This could be confusing to new Linux users. You know that you can install and configure a WireGuard VPN server on Linux but then you also read the news that Linux Kernel 5.6 is going to include WireGuard. Let me explain it to you.
At present, you can install WireGuard on Linux as a [kernel module][19]. Regular applications like VLC, GIMP etc are installed on top of the Linux kernel (in [user space][20]), not inside it.
When you install WireGuard as a kernel module, you are basically modifying the Linux kernel on your own and add some code to it. Starting kernel 5.6, you wont need manually add the kernel module. It will be included in the kernel by default.
The inclusion of WireGuard in Kernel 5.6 will most likely [extend the adoption of WireGuard and thus change the current VPN scene][21].
**Conclusion**
WireGuard is gaining popularity for the good reasons. Some of the popular [privacy focused VPNs][22] like [Mullvad VPN][23] are already using WireGuard and the adoption is likely to grow in the near future.
I hope you have a slightly better understanding of WireGuard. Your feedback is welcome, as always.
--------------------------------------------------------------------------------
via: https://itsfoss.com/wireguard/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/linus-torvalds-facts/
[2]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/02/wireguard.png?ssl=1
[3]: https://www.wireguard.com/
[4]: https://en.wikipedia.org/wiki/Virtual_private_network
[5]: https://en.wikipedia.org/wiki/IPsec
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/02/wireguard-logo.png?ssl=1
[7]: https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
[8]: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
[9]: https://openvpn.net/
[10]: https://noiseprotocol.org/
[11]: https://cr.yp.to/ecdh.html
[12]: https://cr.yp.to/chacha.html
[13]: https://cr.yp.to/mac.html
[14]: https://blake2.net/
[15]: https://131002.net/siphash/
[16]: https://eprint.iacr.org/2010/264
[17]: http://www.linfo.org/kernel_space.html
[18]: https://itsfoss.com/linux-kernel-5-6/
[19]: https://wiki.archlinux.org/index.php/Kernel_module
[20]: http://www.linfo.org/user_space.html
[21]: https://www.zdnet.com/article/vpns-will-change-forever-with-the-arrival-of-wireguard-into-linux/
[22]: https://itsfoss.com/best-vpn-linux/
[23]: https://mullvad.net/en/

161
translated/tech/20200203 Troubleshoot Kubernetes with the power of tmux and kubectl.md Normal file
View File

@ -0,0 +1,161 @@
[#]: collector: (lujun9972)
[#]: translator: ( guevaraya)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Troubleshoot Kubernetes with the power of tmux and kubectl)
[#]: via: (https://opensource.com/article/20/2/kubernetes-tmux-kubectl)
[#]: author: (Abhishek Tamrakar https://opensource.com/users/tamrakar)
解决 Kubernetes 问题的利器 Tmux 和 kubectl
======
一个 kubectl 插件 用 tmux 使 Kubernetes 疑难问题变得更简单。
![一个坐在笔记本面前的妇女][1]
[Kubernetes][2] 是一个活跃的开源容器管理平台,它提供了可扩展性,高可用性,健壮性和富有弹性的应用程序管理。它的众多特性之一是支持通过原生的客户端程序 [kubectl][3] 运行定制脚本或可执行程序Kubectl 很强大的,允许用户在 Kubernetes 集群上用它直接做很多事情。
### 使用别名进行 Kubernetes 的故障排查
使用 Kubernetes 的容器管理的人都知道由于设计上原因带来了其复杂性。因此迫切的需要快速的以及几乎不需要人工干预方式简化故障排查(除过特殊情况)。
在故障排查功能方面,这有很多场景需要考虑。有一个场景,你知道你需要运行什么,但是这个命令的语法(即使作为一个单独的命令运行)过于复杂,或需要一、两次交互才能起作用。
例如,如果你频繁的需要调整一个系统命名空间里正在运行的容器,你可能发现自己在重复的写入:
```
`kubectl --namespace=kube-system exec -i -t <your-pod-name>`
```
为了简化故障排查,你可以用这些指令的命令行补全功能。比如,你可以增加下面命令到你的隐藏配置文件(.bashrc 或 .zshrc
```
`alias ksysex='kubectl --namespace=kube-system exec -i -t'`
```
这是来自于常见的 [Kubernetes 别名仓][4]的一个例子,它展示了一个 kubectl 简化的功能的方法。像这个场景的简化情况,使用别名很有用。
### 切换到 kubectl 插件
更复杂的故障排查场景是需要执行很多命令一个一个的执行然后去调查环境最后得出结论。单用别名方法是不能解决这种情况的你需要知道你所部署的Kubernetes 之间逻辑和和相关性,你真是需要的是自动化来短时间输出你想要的。
考虑到你的集群有10到20或50到100个命名空间来提供不同的微服务。一般在进行故障排查时做什么事情对你有帮助
* 你需要某个东西可快速的告知哪个 Pod 哪个 命名空间抛的错误。
* 你需要某个东西可监视一个命名空间的所有 pod 的日志。
* 你可能也需要监视出现错误的指定命名空间的特定 pod 的日志。
只要包含以上任意的解决方案将对定位产品问题很大的帮助,包含对开发和测试周期过程。
你可以用 [kubectl 插件][5] 创建比简易别名更强大的方法。插件类似于其他用任何语言编写的独立脚本,被设计为 Kubernetes 管理员的主要命令扩展。
创建一个插件,你必须用正确的语法 **kubectl-&lt;your-plugin-name&gt;** 来拷贝这个脚本到导出目录 **$PATH** ,需要赋予可执行权限(**chmod +x**)。
创建插件之后把他移动到你的目录,你需要立即运行。例如,你的目录下有一个 kubectl-krawl 和 kubectl-kmux:
```
$ kubectl plugin list
The following compatible plugins are available:
/usr/local/bin/kubectl-krawl
/usr/local/bin/kubectl-kmux
$ kubectl kmux
```
现在让我们见识下带有 tmux 的 Kubernetes 的有多强大。
### 驾驭强大的 tmux
[Tmux][6] 是一个非常强大的工具,许多管理员和操作团队通过它来反馈问题故障,通过易于分屏的方式到窗口上并行调试多个机器以及管理日志。他的主要的优点是可基于命令行或自动化的脚本。
我创建[一个 kubectl 插件][7] 用 tmux 使故障排查更加简单。我将通过注释来了解插件背后的逻辑(我们来瞅一瞅插件的整个源码):
```
#NAMESPACE is namespace to monitor.
#POD is pod name
#Containers is container names
# initialize a counter n to count the number of loop counts, later be used by tmux to split panes.
n=0;
# start a loop on a list of pod and containers
while IFS=' ' read -r POD CONTAINERS
do
           # tmux create the new window for each pod
            tmux neww $COMMAND -n $POD 2&gt;/dev/null
           # start a loop for all containers inside a running pod
        for CONTAINER in ${CONTAINERS//,/ }
        do
        if [ x$POD = x -o x$CONTAINER = x ]; then
        # if any of the values is null, exit.
        warn "Looks like there is a problem getting pods data."
        break
        fi
           
            # set the command to execute
        COMMAND=”kubectl logs -f $POD -c $CONTAINER -n $NAMESPACE”
        # check tmux session
        if tmux has-session -t &lt;session name&gt; 2&gt;/dev/null;
        then
        &lt;set session exists&gt;
        else
        &lt;create session&gt;
        fi
           # split planes in the current window for each containers
        tmux selectp -t $n \; \
        splitw $COMMAND \; \
        select-layout tiled \;
           # end loop for containers
        done
           # rename the window to identify by pod name
        tmux renamew $POD 2&gt;/dev/null
       
            # increment the counter
        ((n+=1))
# end loop for pods
done&lt; &lt;(&lt;fetch list of pod and containers from kubernetes cluster&gt;)
# finally select the window and attach session
 tmux selectw -t &lt;session name&gt;:1 \; \
  attach-session -t &lt;session name&gt;\;
```
运行插件脚本后,它将在当前目录会生成一个同名的镜像。每个 pod 有一个窗口,每个容器(如果有多个)被分割成不同 pos 窗口,日志以数据流形式输出。 漂亮的tmux 如下;如果配置正确,你将会看到哪个窗口是否处于激活运行状态(可看到标签是白色的)。
![kmux 插件的输出][8]
### 总结
别名是在 Kubernetes 环境下常见的也有用的简易故障排查方法。当环境变得复杂用高级脚本生成的kubectl 插件是一个很强大的方法。至于用哪个编程语言来编写 kubectl 插件是没有限制。唯一的要求是路径命名是可执行的,并且不能与已知的 kubectl 命令重复。
为了阅读完整的插件源码,我们尝试创建了一个插件,请查看我的 [kube-plugins-github][7] 仓。欢迎提交问题和补丁。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/kubernetes-tmux-kubectl
作者:[Abhishek Tamrakar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/guevaraya)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/tamrakar
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_women_computing_4.png?itok=VGZO8CxT (一个坐在笔记本面前的妇女)
[2]: https://opensource.com/resources/what-is-kubernetes
[3]: https://kubernetes.io/docs/reference/kubectl/overview/
[4]: https://github.com/ahmetb/kubectl-aliases/blob/master/.kubectl_aliases
[5]: https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/
[6]: https://opensource.com/article/19/6/tmux-terminal-joy
[7]: https://github.com/abhiTamrakar/kube-plugins
[8]: https://opensource.com/sites/default/files/uploads/kmux-output.png (Output of kmux plugin)

99
translated/tech/20200207 What is WireGuard- Why Linux Users Going Crazy Over it.md Normal file
View File

@ -0,0 +1,99 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (What is WireGuard? Why Linux Users Going Crazy Over it?)
[#]: via: (https://itsfoss.com/wireguard/)
[#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
什么是 WireGuard为什么 Linux 用户对它疯狂?
======
从普通的 Linux 用户到 Linux 创建者 [Linus Torvalds][1],每个人都对 WireGuard 很感兴趣。什么是 WireGuard它为何如此特别
### 什么是 WireGuard
![][2]
[WireGuard][3] 是一个易于配置、快速且安全的开源 [VPN][4],它利用了最新的加密技术。目的是提供一种更快、更简单、更精简的通用 VPN它可以轻松地在树莓派这类低端设备到高端服务器上部署。
[IPsec][5] 和 OpenVPN 等大多数其他解决方案是几十年前开发的。安全研究人员和内核开发人员 Jason Donenfeld 意识到它们速度慢且难以正确配置和管理。
这让他创建了一个新的开源 VPN 协议和解决方案,它更加快速、安全、易于部署和管理。
WireGuard 最初是为 Linux 开发的,但现在可用于 Windows、macOS、BSD、iOS 和 Android。它仍在活跃开发中。
### 为什么 WireGuard 如此受欢迎?
![][6]
除了可以跨平台之外WireGuard 的最大优点之一就是易于部署。配置和部署 WireGuard 就像配置和使用 SSH 一样容易。
看看 [WireGuard 设置指南][7]。安装 WireGuard、生成公钥和私钥像 SSH 一样),设置防火墙规则并启动服务。现在将它和 [OpenVPN 设置指南][8]进行比较。它有太多要做的了。
WireGuard 的另一个好处是它有一个仅 4000 行代码的精简代码库。将它与 [OpenVPN][9](另一个流行的开源 VPN的 100,000 行代码相比。显然调试W ireGuard 更加容易。
不要小看它的简单。WireGuard 支持所有最新的加密技术,例如 [Noise协议框架][10]、[Curve25519][11]、[ChaCha20][12]、[Poly1305][13]、[BLAKE2][14]、[SipHash24][15]、[HKDF][16] 和安全受信任结构。
由于 WireGuard 运行在[内核空间][17],因此可以高速提供安全的网络。
这些是 WireGuard 越来越受欢迎的一些原因。Linux 创造者 Linus Torvalds 非常喜欢 WireGuard以至于将其合并到 [Linux Kernel 5.6][18] 中:
> 我能否再次声明对它的爱,并希望它能很快合并?也许代码不是完美的,但我已经忽略,与 OpenVPN 和 IPSec 的恐怖相比,这是一件艺术品。
>
> Linus Torvalds
### 如果 WireGuard 已经可用,那么将其包含在 Linux 内核中有什么大惊小怪的?
这可能会让新的 Linux 用户感到困惑。你知道可以在 Linux 上安装和配置 WireGuard VPN 服务器,但同时会看到 Linux Kernel 5.6 将包含 WireGuard 的消息。让我向您解释。
目前,你可以将 WireGuard 作为[内核模块][19]安装在 Linux 中。诸如 VLC、GIMP 等常规应用安装在 Linux 内核之上(在 [用户空间][20]中),而不是内部。
当将 WireGuard 安装为内核模块时,基本上是自行修改 Linux 内核并向其添加代码。从 5.6 内核开始,你无需手动添加内核模块。默认情况下它将包含在内核中。
在 5.6 内核中包含 WireGuard 很有可能[扩展 WireGuard 的采用,从而改变当前的 VPN 场景][21]。
**总结**
WireGuard 之所以受欢迎是有充分理由的。诸如 [Mullvad VPN][23] 之类的一些流行的[关注隐私的 VPN][22] 已经在使用 WireGuard并且在不久的将来采用率可能还会增长。
希望你对 WireGuard 有所了解。与往常一样,欢迎提供反馈。
--------------------------------------------------------------------------------
via: https://itsfoss.com/wireguard/
作者:[Abhishek Prakash][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/abhishek/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/linus-torvalds-facts/
[2]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/02/wireguard.png?ssl=1
[3]: https://www.wireguard.com/
[4]: https://en.wikipedia.org/wiki/Virtual_private_network
[5]: https://en.wikipedia.org/wiki/IPsec
[6]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/02/wireguard-logo.png?ssl=1
[7]: https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
[8]: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
[9]: https://openvpn.net/
[10]: https://noiseprotocol.org/
[11]: https://cr.yp.to/ecdh.html
[12]: https://cr.yp.to/chacha.html
[13]: https://cr.yp.to/mac.html
[14]: https://blake2.net/
[15]: https://131002.net/siphash/
[16]: https://eprint.iacr.org/2010/264
[17]: http://www.linfo.org/kernel_space.html
[18]: https://itsfoss.com/linux-kernel-5-6/
[19]: https://wiki.archlinux.org/index.php/Kernel_module
[20]: http://www.linfo.org/user_space.html
[21]: https://www.zdnet.com/article/vpns-will-change-forever-with-the-arrival-of-wireguard-into-linux/
[22]: https://itsfoss.com/best-vpn-linux/
[23]: https://mullvad.net/en/