Skip to content

Instantly share code, notes, and snippets.

View jimangel's full-sized avatar
🌤️
around

Jim Angel jimangel

🌤️
around
110 followers · 7 following
View GitHub Profile
@aojea
aojea / README.md
Last active April 22, 2024 05:03
kube-proxy nftables and iptables vs a Service with 100k endpoints

kube-proxy nftables and iptables vs a Service with 100k endpoints

Background

Iptables performance is limited mainly by two reasons:

The kernel community moved to nftables as replacement of iptables, with the goal of removing the existing performance bottlenecks. Kubernetes has decided to implement a new nftables proxy because of this and another reasons explained in more detail in the corresponding KEP and during the Kubernetes Contributor Summit in Chicago 2023 on the session [Iptables, end of

@shkarupa-alex
shkarupa-alex / install.sh
Last active March 22, 2024 06:33
Ubuntu 22.04 + Cuda
# Prioritize NVIDIA packages
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin
sudo mv cuda-ubuntu2204.pin /etc/apt/preferences.d/cuda-repository-pin-600
# Fetch NVIDIA keys
sudo apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/3bf863cc.pub
# Add NVIDIA repos
sudo add-apt-repository "deb https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/ /"
@palewire
palewire / README.md
Last active May 5, 2024 05:41
How to push tagged Docker releases to Google Artifact Registry with a GitHub Action

How to push tagged Docker releases to Google Artifact Registry with a GitHub Action

Here's how I configured a GitHub Action so that a new version issued by GitHub's release interface will build a Dockerfile, tag it with the version number and upload it to Google Artifact Registry.

Before you attempt the steps below, you need the following:

  • A GitHub repository that contains a working Dockerfile
  • The Google Cloud SDK tool gcloud installed and authenticated

Create a Workload Identity Federation

@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 6, 2024 10:09
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@stapelberg
stapelberg / tailscalefrontend.go
Last active April 1, 2022 08:49
// Tailscale Frontend: It uses tailscale-as-a-library to
// listen on a port, independently from the operating system network, i.e. you
// can run an nginx server on :80 and :443 without impacting the frontend.
//
// set up DNS, e.g.:
// prometheus.ts.zekjur.net A 100.117.6.125
//
// frontend% TAILSCALE_USE_WIP_CODE=true tailscalefrontend -hostname=srv.example.net -allowed_user=michael@example.net
//
// (first login requires running with TS_LOGIN=1 environment variable to print link for the browser)
@cyrenity
cyrenity / Parition_Layout.txt
Last active November 9, 2023 12:29
Ubuntu 20.04 Auto-install custom storage layout for multiple volume groups
Device: /dev/vda
Partition Table: gpt
/dev/sda1 - 1MB - for UEFI/Bootloader
/dev/sda2 - 10G - root partition
/dev/sda3 - Remaining Space - for cinder-volumes
LVM Volume Groups:
@b01
b01 / download-vs-code-server.sh
Last active May 4, 2024 21:41
Linux script to download latest VS Code Server, good for Docker (tested in Alpine).
#!/bin/sh
# Copyright 2023 Khalifah K. Shabazz
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the “Software”),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
@lg
lg / adding-tailscale-to-edgerouter.md
Last active April 11, 2024 07:44
Add tailscale to an EdgeRouter and surviving system upgrade

Adding tailscale to an EdgeRouter (and surviving system upgrades)

I suggest you run sudo bash on all of these so you're the root user.

Installing

  1. Download tailscale and put the files in /config/. Find the latest stable or unstable version for your EdgeRouter's processor (ex. ER4 is mips and ERX is mipself)
sudo bash    # if you havent already
@anedward01
anedward01 / meta-data
Created July 16, 2020 05:18
autoinstall data files
#cloud-config
instance-id: iid-local01
hostname: cloudimg
@andrewloux
andrewloux / numa.md
Last active May 3, 2024 19:16
What is NUMA, and why should Kubernetes users care?

Historically, all memory on x86 architectures were equally accessibly by all CPUs on the system. This is an effective implementation, but there's increased bandwidth on the bus, and the more CPUs you have, the further away from the memory it is. This layout is called Uniform Memory Access.

Older UMA Layout

Modern x86 architectures introuduce the concept of memory nodes (also referred to elsewhere as zones or cells), where new writes are associated with a CPU's memory node. The nodes are connected by a bus, so all the memory is still accessible via any CPU, but of course, we have faster memory access time for CPUs accessing local nodes.

NUMA NUMA Layout

When you have a virtualization layer on top, and you are scheduling workloads, you can take advantage of this by pinning processes to specific CPUs.