Skip to content

Instantly share code, notes, and snippets.

View joestringer's full-sized avatar

Joe Stringer joestringer

155 followers · 43 following
View GitHub Profile
@joestringer
joestringer / deploy_kernel_to_gke.sh
Created January 26, 2022 22:00
Deploy a new kernel into a GKE VM
#!/bin/bash
set -eo pipefail
FETCH_DEBS=fetch_ubuntu_mainline_debs.sh
FETCH_DEBS_PATH=$PWD/$FETCH_DEBS
if [[ $# -lt 2 ]]; then
>&2 echo "usage: $0 <KERNEL-VERSION> <NODE-NAME> [NODE-NAME ...]"
>&2
@joestringer
joestringer / fetch_ubuntu_mainline_debs.sh
Created October 2, 2020 17:08
Fetch Ubuntu mainline debs for a specific kernel version
#!/usr/bin/env bash
set -eu
VERSION="${1:-}"
ERSION="$(echo $VERSION | sed 's/[^0-9]*\([0-9rc.-]\+\)/\1/')"
URL="https://kernel.ubuntu.com/~kernel-ppa/mainline/v$ERSION"
CURL_OPTS=${CURL_OPTS:-""}
if [[ $# -ne 1 ]]; then
@joestringer
joestringer / process-kv-dump.sh
Last active July 2, 2020 03:13
Process etcd kvstore dumps for relevant keys/values by lease
#!/bin/bash
set -eo pipefail
KV_DUMP="${1:-""}"
LEASES="${1:-""}"
LEASE_MODE=false
DEBUG_MODE=false
LOCK_FILTER=false
@joestringer
joestringer / skb_free.bt
Created June 24, 2020 21:34
Collect stack traces for dropped packets and print them after ^C
#!/usr/bin/env bpftrace
/*
* skb_free.bt Trace skb drops when the socket is associated with the skb.
* For Linux, uses bpftrace and eBPF.
*
* USAGE: skb_free.bt
*
* Copyright (c) 2019 Joe Stringer.
* Licensed under the Apache License, Version 2.0 (the "License")
*
@joestringer
joestringer / build-deb.sh
Created May 29, 2020 23:20
Build linux .deb packages from kernel git tree
#!/bin/bash
version="$(git rev-parse --abbrev-ref HEAD \
| sed 's/^[^/]*\///' \
| sed 's/\//-/' \
| sed 's/_/-/')"
if [ "$version" == "" ] || [ "$version" == HEAD ]; then
version="$(git rev-parse --short HEAD)"
fi
echo $version
@joestringer
joestringer / cilium_base64_decode.sh
Created May 8, 2020 18:04
Cilium endpoint structure base64 decode functions
#!/bin/bash
base64_decode()
{
echo "$@" | sed -e 's/^.*://' | base64 -di | jq '.'
}
base64_decode_ep()
{
EPID="$1"
@joestringer
joestringer / skb_free.bt
Created April 23, 2020 19:56
bpftrace script for gathering stack traces for dropped packets
#!/usr/bin/env bpftrace
/*
* skb_free.bt Trace skb drops when the socket is associated with the skb.
* For Linux, uses bpftrace and eBPF.
*
* USAGE: skb_free.bt
*
* Copyright (c) 2020 Joe Stringer.
* Licensed under the Apache License, Version 2.0 (the "License")
*
@joestringer
joestringer / debug_iptables.sh
Last active May 8, 2020 00:02
Debug netfilter on a Cilium-managed kubernetes node
#!/bin/bash
STANDARD_CHAINS="CILIUM_INPUT CILIUM_FORWARD CILIUM_OUTPUT"
CUSTOM_CHAINS="CILIUM_PRE CILIUM_POST CILIUM_OUTPUT"
TABLES="raw mangle nat"
NAMESPACE="kube-system"
IP=""
NODE=""
ONLY_CLEAR=false
@joestringer
joestringer / skb-orphan-dmesg.log
Last active June 20, 2019 20:58
Kernel stack trace issue with skb_orphan() removal
[ 1474.586748] ------------[ cut here ]------------
[ 1474.586773] refcount_t hit zero at sk_stop_timer+0x2c/0x30 in cilium-agent[16359], uid/euid: 0/0
[ 1474.586785] WARNING: CPU: 0 PID: 16359 at kernel/panic.c:686 refcount_error_report+0x9c/0xa1
[ 1474.586787] Modules linked in: xt_TPROXY nf_tproxy_ipv6 nf_tproxy_ipv4 xt_comment xt_CT xt_mark ip6table_raw ip6table_mangle ip6_tables iptable_raw iptable_mangle cls_bpf algif_hash af_alg sch_ingress vxlan ip6_udp_tunnel udp_tunnel nfsv3 nfs_acl nfs lockd grace fscache veth cpuid xt_nat xt_tcpudp xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_alg
o iptable_nat xt_addrtype iptable_filter xt_conntrack nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc overlay intel_rapl_perf input_leds serio_raw mac_hid sch_fq_codel binfmt_misc ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sunrpc ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid4
56 async_raid6_recov async_memcpy async_pq a
@joestringer
joestringer / micro-k8s-setup.md
Last active April 20, 2021 17:06
MicroK8s development environment setup for Cilium

Set up microk8s with Cilium for development

Microk8s is a Canonical project to provide a kubernetes environment for local development, similar to minikube but without requiring a separate VM to manage. These instructions describe setting it up for common development use cases with Cilium and may be helpful in particular for testing BPF kernel extensions with Cilium.

Microk8s will run its own containerd runtime, which may be initially confusing when building containers locally with docker. This guide assumes that you will use docker locally for building containers, and push these into a microk8s registry for use by containerd in the microk8s environment.

This guide works with MicroK8s 1.14 or above, with containerd. If you are running an earlier version, see the previous instructions.

Requirements