Skip to content

Instantly share code, notes, and snippets.

View egernst's full-sized avatar

Eric Ernst egernst

48 followers · 8 following
View GitHub Profile
@egernst
egernst / ipmi-sol.md
Created March 4, 2020 17:51 — forked from krsna1729/ipmi-sol.md
ipmi serial over lan sol

Pre-requisites

Install IPMItools using your package manager on laptop and target machine. Load the drivers on the target.

modprobe ipmi_devintf
modprobe ipmi_si

If you see the following, drivers are not loaded.

@egernst
egernst / graphics-vfio.md
Last active March 15, 2024 02:05
Passing graphics card to a Clear Container

Passing a graphics card to a Clear Container

Host system setup:

The directions below are specific to an Ubuntu 16.04 host system equipped with a GeForce GTX 550 Ti graphics card. While the process should be the same, YMMV.

  1. Make sure your system supports IOMMU groups

todo -- get directions from SRIOV page

@egernst
egernst / iptables-cheatsheet.md
Last active October 14, 2023 16:42 — forked from mcastelino/iptables-cheatsheet.md
iptables-cheatsheet

The netfilter hooks in the kernel and where they hook in the packet flow

The figure below calls out

  • The netfilter hooks
  • The order of table traversal
@egernst
egernst / eck-fluentbit.md
Last active November 28, 2022 06:46
ECK, Fluent-bit

todo:

  • - update Kibana object to set an antiaffinity (lack aarch64 support)
  • - show example of using fluent-bit annotation to highlight what parser to use.

EFK using fluent-bit and the Elastic Operator

ECK provides a higher baseline for security out of the box, which makes most "quick-start" guides for utilizing as a sink for logging fail. This gist provides details on how to update fluent-bit quick-start guides to work with ECK, utilizing emptyDir for the ES PVC.

@egernst
egernst / kata-fc.md
Last active May 15, 2022 22:23
Getting Started with Kata with Firecracker

Kata Containers with Firecracker hypervisor

The 1.5.0-rc2 release of Kata Containers introduced support for the Firecracker hypervisor. While we do not yet have packages available for Firecracker, we do have the built binary included as part of our release tarball. A Firecracker specific tarball was created which includes all of the configurations and binaries required for running Kata+Firecracker.

This is a quick guide to show how to quickly start playing with Kata + Firecracker in docker. This is the initial introduction, and we have plenty of work around optimizations, but I expect users to be able to use block based volumes (up to 7 per container right now) as well as multiple network interfaces with these containers.

I plan to update kata-deploy's container image to allow users a quick daemonset for installing and configuring Kata (with both QEMU and Firecracker) in a Kubernetes cluster which utilizes containerd and/o

@egernst
egernst / clc-vmm-log.md
Created August 20, 2020 21:30 
kata-hypervisor[694477]: cloud-hypervisor: 6.79924672s: WARN:virtio-devices/src/vsock/csm/connection.rs:306 -- vsock: error writing to local stream (lp=1073742542, pp=1024): StreamWrite(Os { code: 32, kind: BrokenPipe, message: "Broken pipe" })
kata-hypervisor[694477]: time="2020-08-20T21:28:13.118007Z" level=debug msg="new request" debug_console=true name=kata-agent pid=56 req="container_id:\"63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989\" exec_id:\"63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989\" " request=/grpc.AgentService/WaitProcess sandbox=63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989 source=agent
kata-hypervisor[694477]: time="2020-08-20T21:28:13.13044142Z" level=debug msg="request end" debug_console=true duration="4.275µs" name=kata-agent pid=56 request=/grpc.AgentService/WaitProcess resp= sandbox=63d46b5f61c694b3b78d8812b8669cffd67d9275809cdbf2894cfba7316ab989 source=agent
kata-hypervisor[694477]: time="2020-08-20T21:28:13.140517344Z" level
@egernst
egernst / kata-debug.md
Created August 20, 2020 18:54
overview of kata debug for CLH and QEMU

Summary

QEMU+CLI QEMU+SHIMV2 CLH+CLI CLH+SHIMV2
Logs
Tracing
Guest Console

Support details

@egernst
egernst / access-k8s-publicip.md
Last active June 17, 2020 22:58
Access kubernetes cluster via public IP
  • not feasible to 'advertise address' using the public IP, since none of the rest of the control plane components can access (ie, public IP is NAT'd and not available on the actual noe)
  • need to create a certificate so the public IP can access the cluster

sample kubeadm config:

---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
 certSANs:
@egernst
egernst / notes.md
Created June 12, 2020 21:14
moby modifications for v2 shim configuration

cgroups v2 makes use of shim-v2 (added by Akihiro): See 612343618dd7dad7cf023e6263d693ab37507a92

Today, this is set statically across the board for the daemon. What would be more ideal is if this could (also?) be selected on a per-runtime basis.

  • - where are other runtime-specific flags set today in moby?
  • - should this be "OR"d against the daemonset setting (which is specified based on v2, which ... actually breaks Kata... right?)
@egernst
egernst / prometheus_fluentd_pod_monitor.md
Created June 11, 2020 18:19 — forked from mcastelino/prometheus_fluentd_pod_monitor.md
Prometheus - POD Monitor for Fluentd 
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: fluentd-es
  labels:
    k8s-app: fluentd-es
spec:
 selector: