Skip to content

Instantly share code, notes, and snippets.

Avatar

Manohar Castelino mcastelino

48 followers · 3 following
View GitHub Profile
@mcastelino
mcastelino / macvlan-ipvlan.md
Created July 10, 2019 16:27 — forked from krsna1729/canal.md
tracing network stack for MACVLAN IPVLAN
View macvlan-ipvlan.md

MACVLAN

ip netns del net1
ip netns add net1
ip link add macvlan1 link enp130s0f0 type macvlan mode bridge
ip link set macvlan1 netns net1 up
ip netns exec net1 ip a add 192.168.1.200/24 dev macvlan1
ip netns exec net1 ping 192.168.1.101 -c1
@mcastelino
mcastelino / Nested_VFIO.md
Created June 27, 2019 18:20 — forked from sboeuf/Nested_VFIO.md
How to test VFIO with virtio-net-pci device
View Nested_VFIO.md

Prepare the host

Get the image clear-XXXXX-kvm.img

wget https://download.clearlinux.org/releases/30080/clear/clear-30080-kvm.img.xz
unxz clear-30080-kvm.img.xz

Add intel_iommu=on to the kernel boot parameters

mkdir mount_dir
@mcastelino
mcastelino / Vagrant Libvirt - Custom QEMU Argument to support NVDIMM and other features.md
Created June 6, 2019 00:25
Vagrant Libvirt - Custom QEMU Argument to support NVDIMM and other features
View Vagrant Libvirt - Custom QEMU Argument to support NVDIMM and other features.md

Vagrant-libvirt QEMU customization

Vagrant libvirt allows the user to customize the virtual machines to add features and use QEMU options that are not exposed via the plugin itself. For this it uses the libvirt's custom QEMU arguments options which appends the args at the very end of the command line. This allows you to not only add new arguments, it allows you to also override the plugin constructed defaults.

In the snippet below the

  • machine and memory default plugin arguments are over-ridden
  • an additional NVDIMM device is created and added to the machine
@mcastelino
mcastelino / gist:61993125ef9ed3bbcc9527a54d710a75
Last active May 2, 2019 19:18
Firecracker vs QEMU Boot Differences
View gist:61993125ef9ed3bbcc9527a54d710a75

Most of the difference comes from the virtio-blk boot. Systemd to kata-agent boot times are similar

[    1.002949] Freeing unused kernel image memory: 2016K                                                                                                                           |[    0.844629] Freeing unused kernel image memory: 2016K
[    1.018758] Freeing unused kernel image memory: 1204K                                                                                                                           |[    0.844878] Freeing unused kernel image memory: 1204K
[    1.018838] Run /usr/lib/systemd/systemd as init process                                                                                                                        |[    0.845072] Run /usr/lib/systemd/systemd as init process
[    1.248975] systemd[1]: systemd 241 running in system mode. (+PAM +AUDIT -SELINUX +IMA -APPARMOR -SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +B|[    1.004513] systemd[1]
@mcastelino
mcastelino / notes.md
Created April 12, 2019 19:02 — forked from egernst/notes.md
containerd + kubernetes, and making clr-examples do what i want on Bionic
View notes.md

Quick guide for getting Kata+containerd (using v2 shim) up and running super quick on bionic

Installation of Kube stuff on bionic:

Use the following sh:

sudo bash -c "cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial-unstable main
EOF"
@mcastelino
mcastelino / kata_cgroup.md
Created April 11, 2019 23:46
Current cgroup handling in Kata - Issues and Solutions
View kata_cgroup.md

group Updates in Kata

Containerd Handling Today

The hierarchy and cgroup handling seems pragmatic in the case of containerd. The container cgroups are currently placed under the podcgroup.

Output from containerd guaranteed pod, with two containers:

@mcastelino
mcastelino / top-failure.md
Created April 11, 2019 00:52 — forked from egernst/top-failure.md
View top-failure.md

In the not-dockershim and not-CRIO normal socket path case, we are handled by the cri stats provider: https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/stats/cri_stats_provider.go

The 'magic' happens in the listPodStats function

Looping over each managed container, kubelet calculates the container statics at https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/stats/cri_stats_provider.go#L198, then calculate a running total of the pod usage at https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/stats/cri_stats_provider.go#L200, and then eventually return the results.

Potential issue

Initial potential issue I noticed was that we will run into is at the top of addPodCPUMemoryStats function. The

@mcastelino
mcastelino / kata_resource.md
Last active April 10, 2019 18:19
Kata and Resource Management
View kata_resource.md

Workload

When running a simple workload such as

apiVersion: v1
kind: Pod
metadata:
  name: guar-2kc
spec:
@mcastelino
mcastelino / footloose_kata_kubernetes_k8s.md
Last active August 17, 2020 17:07
Footloose as a Kubernetes POD. So a VM in Kubernetes launched and managed as a container using the Kata runtimeClass.
View footloose_kata_kubernetes_k8s.md

Footloose as a Kubernetes POD. So a VM in Kubernetes launched and managed as a container using the Kata runtimeClass.

apiVersion: v1
data:
    authorized_keys: |
      ssh-rsa PUT_YOUR_KEY_HERE
kind: ConfigMap
metadata:
  name: ssh-pub-key
@mcastelino
mcastelino / kata_footloose_machine_container.md
Created April 8, 2019 18:15
kata with footloose machine containers
View kata_footloose_machine_container.md

Machine containers with Kata

kata-footloose$ docker info  | grep runtime
WARNING: No swap limit support
Runtimes: kata-runtime runc
Default Runtime: kata-runtime
kata-footloose$ footloose show
  NAME                HOSTNAME    PORTS      IP          IMAGE                                  CMD         STATE    
  cluster-fedora0     fedora0     22->32768  172.17.0.2  quay.io/footloose/fedora29:latest      /sbin/init  Running