Skip to content

Instantly share code, notes, and snippets.

View mcastelino's full-sized avatar

Manohar Castelino mcastelino

50 followers · 3 following
View GitHub Profile
@mcastelino
mcastelino / iptables-cheatsheet.md
Last active May 2, 2024 21:27
iptables-cheatsheet

The netfilter hooks in the kernel and where they hook in the packet flow

The figure below calls out

  • The netfilter hooks
  • The order of table traversal
@mcastelino
mcastelino / kcgroups.md
Last active April 12, 2024 08:58
Kubernetes and cgroups Resource Management/Static cpuManagerPolicy/Memory and Resource Isolation & Scheduling

Overview

The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc.

Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f

If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.

Kubernetes Resource Management

@mcastelino
mcastelino / qemu_all_pcie.md
Last active April 12, 2024 01:31
qemu all pcie devices
Note: virtio-serial does cannot be connected to a pcie bus. It does work when connected directly to the host bridge as a transistional virtio device.
This needs to be investigated
```
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
VMN=${VMN:=1}
@mcastelino
mcastelino / qemu_migrate.md
Last active March 21, 2024 21:06
Using Local Virtual Machine Migration to perform fast VM launch using QEMU

Overview

QEMU supports migration of a virtual machine across machine over the network. It also has the capability to save the state of a virtual machine and resume from that state.

It is described in detail in https://www.linux-kvm.org/page/Migration

This capability can be leveraged to create an instant resume virtual machine image if the virtual machine is crafted with care.

Creating a Virtual Machine that can be fast resumed

@mcastelino
mcastelino / prom_relabel.md
Created December 14, 2020 21:50
Kubernetes Pod Monitors & Re-Labeling

Kubernetes Pod Monitors & Re-Labeling

The Prometheus operator offers a simple method to scrape metrics from any Pod. However in many cases the Pod itself is not what you are monitoring but the Pod is used to expose metrics that relate to the Node. In such cases what the user cares about is the Node on which the Pod runs and not the Pod itself.

By default when using PodMonitor all the time series data will have the instance set to the Pod's name. Also the Pod or the Daemon set that the Pod was part of may be deleted, redeployed multiple times over the lifetime of the node. This means that the user will need to perform the mapping between the Pod and the Node on which it run.

However Prometheus allows the instance name (among other labels) to be relabeled in a very simple manner as shown below.

apiVersion: monitoring.coreos.com/v1
@mcastelino
mcastelino / get-kube-info-with-curl.md
Created April 4, 2018 16:27 — forked from ganeshmaharaj/get-kube-info-with-curl.md
Access Kube API with curl
@mcastelino
mcastelino / qemu_vhost.md
Last active February 23, 2024 08:59
QEMU Tips and Tricks

How to launch QEMU from command line without libvirt with macvtap and vhost support

This sets up a host local bridge with a macvlan interface for VM to host communication. The macvtap is setup with vhost support.

The command line options to note are

-netdev tap,fd=3,id=hostnet0,vhost=on,vhostfd=4 3<>$"$tapdev" 4<>/dev/vhost-net -device virtio-net-pci,netdev=hostnet0,id=net0,mac=$(< /sys/class/net/testtap/address)

This sets up two different fd's. The first for macvtap and the second for vhost-net.

@mcastelino
mcastelino / VFIO_nested.md
Last active February 5, 2024 09:34
QEMU VFIO in Nested VM vIOMMU

How to use VFIO to assign a device to nested VM

  • Here the vfio-pci device is passed in into the L1 VM
  • The L1 VM is setup with kernel_irqchip=split
  • The L0 exposes a virtual IOMMU to the L1 VM
qemu-system-x86_64 \
    -machine q35,accel=kvm,kernel_irqchip=split \
    -enable-kvm \
@mcastelino
mcastelino / Simple vsock setup for QEMU.md
Last active January 16, 2024 13:35
using qemu with vsock

Simple vsock setup for QEMU

Configuration

Host Kernel: rawhide 4.13.0-0.rc6.git4.2.fc28.x86_64 (on Fedora 24)

QEMU is mainline built from sources: QEMU emulator version 2.10.50 (v2.10.0-105-g223cd0e)

Guest: clear-17460-kvm.img (which has vsock support)

@mcastelino
mcastelino / qemu_netdev_socket_vlan.md
Last active December 21, 2023 13:20
QEMU usermode virtual vlan using -netdev socket

Goal

How to launch multiple QEMU based VM's that can communicate with the outside world and between each other other without any setup on the host.

This uses two features available in qemu

  • User Mode Networking stack - SLIRP
  • Socket networking backend allows you to create a network of guests that can see each other

This allows us to have