diff --git a/docs/best-practices/application-services/distributed-message-service/optimizing-consumer-polling.md b/docs/best-practices/application-services/distributed-message-service/optimizing-consumer-polling.md index df2f931d4f..ca7b1b8798 100644 --- a/docs/best-practices/application-services/distributed-message-service/optimizing-consumer-polling.md +++ b/docs/best-practices/application-services/distributed-message-service/optimizing-consumer-polling.md @@ -8,7 +8,7 @@ tags: [kafka, dms, golang] While consuming messages from DMS, consumers can customize the duration for pulling messages. To pull messages for a long time, consumers only need to set the parameter of the poll(long) method to a proper value. However, such persistent connections may cause pressure on the client and the server, especially when the number of partitions is large and multiple threads are enabled for each consumer. -As shown in [Figure 1](#kafka-bp-190605001__fig6820724153018), the topic contains multiple partitions, and multiple consumers in the consumer group consume the resources at the same time. Each thread is in a persistent connection. When there are few or no messages in the topic, the connection persists, and all consumers pull messages continuously, which causes a waste of resources. +As shown in [Figure 1], the topic contains multiple partitions, and multiple consumers in the consumer group consume the resources at the same time. Each thread is in a persistent connection. When there are few or no messages in the topic, the connection persists, and all consumers pull messages continuously, which causes a waste of resources.
**Figure 1** Multi-thread consumption of Kafka consumers @@ -17,7 +17,7 @@ As shown in [Figure 1](#kafka-bp-190605001__fig6820724153018), the topic contain ## Solution -When multiple threads are enabled for concurrent access, if there is no message in the topic, only one thread is required to poll for messages in each partition. When a message is found by the polling thread, other threads can be woken up to consume the message for quick responses, as shown in [Figure 2](#kafka-bp-190605001__fig2089525512304). +When multiple threads are enabled for concurrent access, if there is no message in the topic, only one thread is required to poll for messages in each partition. When a message is found by the polling thread, other threads can be woken up to consume the message for quick responses, as shown in [Figure 2]. This solution is applicable to scenarios with low requirements on real-time message consumption. If quasi-real-time message consumption is required, it is recommended that all consumers be in the active state. diff --git a/docs/best-practices/management-and-deployment/cloud-trace/auditing-and-analyzing-logins-and-logouts-with-functiongraph.md b/docs/best-practices/management-and-deployment/cloud-trace/auditing-and-analyzing-logins-and-logouts-with-functiongraph.md index dd073a7fef..8a924996c3 100644 --- a/docs/best-practices/management-and-deployment/cloud-trace/auditing-and-analyzing-logins-and-logouts-with-functiongraph.md +++ b/docs/best-practices/management-and-deployment/cloud-trace/auditing-and-analyzing-logins-and-logouts-with-functiongraph.md @@ -6,7 +6,7 @@ tags: [cts, cts-trigger, functiongraph, events, logs] # Auditing and Analyzing Logins and Logouts with Functiongraph -Cloud Trace Service (CTS) collects real-time records of operations on cloud resources. You can create a CTS trigger to obtain records of subscribed cloud resource operations, analyze and process the operation records, and report alarms. You can use Simple Message Notification (SMN) to push alarm messages to service personnel by SMS message or email. [Figure 1](#figure-1) shows the procedure. +Cloud Trace Service (CTS) collects real-time records of operations on cloud resources. You can create a CTS trigger to obtain records of subscribed cloud resource operations, analyze and process the operation records, and report alarms. You can use Simple Message Notification (SMN) to push alarm messages to service personnel by SMS message or email. [Figure 1] shows the procedure. ## Solution Design @@ -286,7 +286,7 @@ On the *Configuration* tab page of the function, set the environment variables a **Table 1** Environment variable description -For details about how to set environment variables, see [Using Environment Variables](https://docs.otc.t-systems.com/function-graph/umn/configuring_functions/configuring_environment_variables.html), as shown in [Figure 2](#figure-2). +For details about how to set environment variables, see [Using Environment Variables](https://docs.otc.t-systems.com/function-graph/umn/configuring_functions/configuring_environment_variables.html), as shown in [Figure 2]. @@ -308,7 +308,7 @@ CTS records the logins and logouts of users on IAM. ## Processing Operation Records -When a user performs login or logout using an account, the subscription service log will be triggered and a function will be directly invoked. The system then checks whether the IP address of the current login or logout account is in the whitelist based on function code. If the IP address is not in the whitelist, SMN will send notifications, as shown in [Figure 4](#figure-4). +When a user performs login or logout using an account, the subscription service log will be triggered and a function will be directly invoked. The system then checks whether the IP address of the current login or logout account is in the whitelist based on function code. If the IP address is not in the whitelist, SMN will send notifications, as shown in [Figure 4]. @@ -318,7 +318,7 @@ When a user performs login or logout using an account, the subscription service The email contains the unauthorized IP address and user operation (login or logout). -On the *Monitoring* tab page of the function, check the number of invocations, as shown in [Figure 5](#figure-5). +On the *Monitoring* tab page of the function, check the number of invocations, as shown in [Figure 5]. diff --git a/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/defense-measures/enabling-ransomware-prevention-and-backup.md b/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/defense-measures/enabling-ransomware-prevention-and-backup.md index 7bd70f4997..9a2297d509 100644 --- a/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/defense-measures/enabling-ransomware-prevention-and-backup.md +++ b/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/defense-measures/enabling-ransomware-prevention-and-backup.md @@ -23,7 +23,7 @@ Create a ransomware prevention policy and configure honeypot file directories, e ![](/img/docs/best-practices/security-services/host-security-service/en-us_image_0000001955394073.png) -5. Configure the policy information by referring to [Table 1](#table1). +5. Configure the policy information by referring to [Table 1]. **Figure 2** Protection policy parameters ![](/img/docs/best-practices/security-services/host-security-service/en-us_image_0000002107288888.png) @@ -41,7 +41,7 @@ Create a ransomware prevention policy and configure honeypot file directories, e | OS | Server OS. | Linux | | Policy | Policy name. | test | | Action | How an event is handled.
- **Report alarm and isolate**
- **Report alarm** | **Report alarm and isolate** | -| Dynamic Honeypot Protection | After honeypot protection is enabled, the system deploys honeypot files in protected directories and other random locations (unless otherwise specified by users). The honeypot files deployed in random locations are automatically deleted every 12 hours and then randomly deployed again. A honeypot file occupies a few server resources. Therefore, configure the directories that you do not want to deploy the honeypot file in the excluded directories.
(see also [Note](#note1)). | Enabled | +| Dynamic Honeypot Protection | After honeypot protection is enabled, the system deploys honeypot files in protected directories and other random locations (unless otherwise specified by users). The honeypot files deployed in random locations are automatically deleted every 12 hours and then randomly deployed again. A honeypot file occupies a few server resources. Therefore, configure the directories that you do not want to deploy the honeypot file in the excluded directories.
(see also [Note]). | Enabled | | Honeypot File Directories | Directory that needs to be protected by static honeypot (excluding subdirectories). You are advised to configure important service directories or data directories.

Separate multiple directories with semicolons (;). You can configure up to 20 directories.

This parameter is mandatory for Linux servers and optional for Windows servers. | Linux: **/etc**

Windows: **C:\Test** | | Excluded Directory (Optional) | Directory that does not need to be protected by honeypot files.

Separate multiple directories with semicolons (;). You can configure up to 20 excluded directories. | Linux: **/etc/lesuo**

Windows: **C:\Test\ProData** | | File Type | Types of files to be protected.

More than 70 file formats can be protected, including databases, containers, code, certificate keys, and backups.

This parameter is mandatory only for Linux servers. | Select all | @@ -54,7 +54,7 @@ Create a ransomware prevention policy and configure honeypot file directories, e Currently, Linux servers support dynamic generation and deployment of honeypot files. Windows servers support only static deployment of honeypot files. ::: -6. Confirm the policy information and click **OK**. +1. Confirm the policy information and click **OK**. ## Step 2: Enabling Ransomware Prevention diff --git a/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/overview.md b/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/overview.md index 8631af34d9..2fffb0e115 100644 --- a/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/overview.md +++ b/docs/best-practices/security-services/host-security-service/using-hss-and-cbr-to-defend-against-ransomware/overview.md @@ -29,7 +29,7 @@ This solution describes how to use HSS and CBR to implement three-phase protecti Enterprises or individuals can use HSS to detect ransomware and identify system risks. CBR can be used to back up service data and plan and control account permissions and organizational structures. -The following figure [HSS+CBR ransomware protection](#figure2) shows the protection principle. +The following figure [HSS+CBR ransomware protection] shows the protection principle. **Figure 2** HSS+CBR ransomware protection diff --git a/docs/best-practices/storage/object-storage-service/migrating-local-data-to-obs.md b/docs/best-practices/storage/object-storage-service/migrating-local-data-to-obs.md index bd7eb09abc..e5fe976929 100644 --- a/docs/best-practices/storage/object-storage-service/migrating-local-data-to-obs.md +++ b/docs/best-practices/storage/object-storage-service/migrating-local-data-to-obs.md @@ -17,7 +17,7 @@ T Cloud Public provides diverse [migration solutions](#migration-solutions) to h ## Migration Solutions -[Table 1](#table1) describes the migration solutions provided by T Cloud Public. +[Table 1] describes the migration solutions provided by T Cloud Public. Table 1 Migration solutions diff --git a/docs/blueprints/by-use-case/devops/self-hosting-github-runners-on-cce.mdx b/docs/blueprints/by-use-case/devops/self-hosting-github-runners-on-cce.mdx index cca122e482..46abd3d38b 100644 --- a/docs/blueprints/by-use-case/devops/self-hosting-github-runners-on-cce.mdx +++ b/docs/blueprints/by-use-case/devops/self-hosting-github-runners-on-cce.mdx @@ -283,7 +283,7 @@ This enables your runners to scale up rapidly in response to workflow demand and - Go to your GitHub organization's **Settings**. - Select **Webhooks** from the sidebar. - Click **Add webhook**. - - **Payload URL:** Enter the endpoint that will receive webhook events (which you provided [earlier](#install-actions-runner-controller), e.g., `https://github-webhook.example.com`). + - **Payload URL:** Enter the endpoint that will receive webhook events (which you provided [earlier](#installing-actions-runner-controller), e.g., `https://github-webhook.example.com`). - **Content type:** Choose `application/json`. - **Secret:** Set a strong secret token (you'll use this in your Kubernetes secret). - **Events to send:** Select **Let me select individual events** and check: @@ -303,7 +303,7 @@ kubectl create secret generic github-webhook-token \ --from-literal=GITHUB_WEBHOOK_SECRET_TOKEN=WEBHOOK_SECRET ``` -Replace `WEBHOOK_SECRET` with the exact secret set in the [previous step](#1-register-webhook-in-github). +Replace `WEBHOOK_SECRET` with the exact secret set in the [previous step](#registering-webhook-in-github). ### Configuring a HorizontalRunnerAutoscaler diff --git a/docs/blueprints/by-use-case/sovereignty/opendesk/2_evaluate-opendesk-on-tcloud-public.md b/docs/blueprints/by-use-case/sovereignty/opendesk/2_evaluate-opendesk-on-tcloud-public.md index 2fa17f8d01..e2e74184df 100644 --- a/docs/blueprints/by-use-case/sovereignty/opendesk/2_evaluate-opendesk-on-tcloud-public.md +++ b/docs/blueprints/by-use-case/sovereignty/opendesk/2_evaluate-opendesk-on-tcloud-public.md @@ -285,7 +285,7 @@ customization: :::note -1️⃣ **Single Elastic Load Balancer**: This evaluation setup uses a single Elastic Load Balancer to handle all openDesk traffic, including HTTP and HTTPS via Ingress, UDP for Jitsi, and TCP for mail services. Ensure that you specify the `` of the same load balancer whose IP address (``) was configured during the [Configure DNS](#configure-dns) step. +1️⃣ **Single Elastic Load Balancer**: This evaluation setup uses a single Elastic Load Balancer to handle all openDesk traffic, including HTTP and HTTPS via Ingress, UDP for Jitsi, and TCP for mail services. Ensure that you specify the `` of the same load balancer whose IP address (``) was configured during the [Configure DNS](#configuring-dns-records) step. 2️⃣ **Why we need to set** `cluster.networking.cidr`: By default, some openDesk components assume a standard `10.0.0.0/8` pod network. If this setting mismatches your actual cluster CIDR, internal network policies or Postfix trusted networks may fail, causing connectivity issues. diff --git a/docs/blueprints/by-use-case/sovereignty/opendesk/3_deploy-opendesk-on-cce.md b/docs/blueprints/by-use-case/sovereignty/opendesk/3_deploy-opendesk-on-cce.md index 0733a7d3f9..d918fe1780 100644 --- a/docs/blueprints/by-use-case/sovereignty/opendesk/3_deploy-opendesk-on-cce.md +++ b/docs/blueprints/by-use-case/sovereignty/opendesk/3_deploy-opendesk-on-cce.md @@ -43,14 +43,14 @@ The same cluster-level prerequisites, as in the [Evaluation Guide](./deploy-open All of the following T Public Cloud resources must be provisioned **before** starting the deployment. The Helm charts do not create these resources automatically. -| Service | OTC Offering | Spec | -| --------------------- | ------------------ | ----------------------------------------------------------------------- | -| **PostgreSQL** | RDS for PostgreSQL | Version **15.x**, HA (Primary+Standby), ≥ 4 vCPU / 8 GB RAM | -| **MySQL** | RDS for MySQL | Version **8.0**, HA (Primary+Standby), ≥ 2 vCPU / 4 GB RAM | -| **Redis** | DCS for Redis | Version **7.x**, HA (Master+Replica), with AUTH enabled | -| **Object Storage** | OBS | 7 private buckets (see [Provision OBS Buckets](#provision-obs-buckets)) | -| **Shared Filesystem** | SFS Turbo | ≥ 500 GB, Standard or Performance type | -| **CCE Cluster** | CCE | Minimum 3 worker nodes across different AZs | +| Service | OTC Offering | Spec | +| --------------------- | ------------------ | -------------------------------------------------------------------------- | +| **PostgreSQL** | RDS for PostgreSQL | Version **15.x**, HA (Primary+Standby), ≥ 4 vCPU / 8 GB RAM | +| **MySQL** | RDS for MySQL | Version **8.0**, HA (Primary+Standby), ≥ 2 vCPU / 4 GB RAM | +| **Redis** | DCS for Redis | Version **7.x**, HA (Master+Replica), with AUTH enabled | +| **Object Storage** | OBS | 7 private buckets (see [Provision OBS Buckets](#provisioning-obs-buckets)) | +| **Shared Filesystem** | SFS Turbo | ≥ 500 GB, Standard or Performance type | +| **CCE Cluster** | CCE | Minimum 3 worker nodes across different AZs | :::info Memcached Runs In-Cluster **Memcached is not externalized.** OTC does not offer a managed Memcached service, so the bundled in-cluster Memcached deployment is kept as-is. It is used internally by OX App Suite and is not a critical data store — no persistent state is lost if the pod restarts. @@ -519,7 +519,7 @@ For the purpose of this guide, the following placeholder values are used as exam | **Portal Components** | `*.opendesk.example.com` | A | `1.2.3.4` | Wildcard for all subdomains | | **Mail (MX)** | `opendesk.example.com` | MX | `10 opendesk.example.com` | Inbound mail | | **SPF** | `opendesk.example.com` | TXT | `v=spf1 ip4:1.2.3.4 ~all` | Authorize sending IP | -| **DKIM** | `default._domainkey.opendesk.example.com` | TXT | `v=DKIM1; k=ed25519; p=` | [See below](#generate-dkim-keys) | +| **DKIM** | `default._domainkey.opendesk.example.com` | TXT | `v=DKIM1; k=ed25519; p=` | [See below](#generating-dkim-keys) | | **DMARC** | `_dmarc.opendesk.example.com` | TXT | `v=DMARC1; p=none; rua=mailto:dmarc@opendesk.example.com` | Start in monitor mode | ### Generating DKIM Keys @@ -595,8 +595,8 @@ The storage class name `csi-sfsturbo-opendesk` must match the `persistence.stora All production-specific overrides are located in **helmfile/environments/prod/**. Each file addresses a specific configuration area: -| File | Purpose | -| -------------------------- | ---------------------------------------------------- | +| File | Purpose | +| ---------------------------- | ---------------------------------------------------- | | **values.yaml.gotmpl** | Global settings, apps, ingress, SMTP, cluster config | | **databases.yaml.gotmpl** | External PostgreSQL / MySQL connection parameters | | **cache.yaml.gotmpl** | External Redis connection parameters |