Skip to content

Instantly share code, notes, and snippets.

Avatar
🐞

Rahul Jadhav nyrahul

🐞
View GitHub Profile
@nyrahul
nyrahul / gist:3ad59a48508fc3ce60a1fa0442c8fbe5
Created May 20, 2022
cherry pick from remote branch and raise PR
View gist:3ad59a48508fc3ce60a1fa0442c8fbe5
git fetch upstream
git checkout -b v0.3-backport remotes/upstream/v0.3
git cherry-pick <commit-hash> #Note that you should not pick merge hash
git push origin v0.3-backport
# Raise a PR from origin/v0.3-backport to upstream/v0.3
View imp-git-cmds.sh
# Backporting to a branch by cherry-picking from the upstream/stable branch
git fetch upstream
git checkout upstream/v0.2 # verify if the tip is same as that of the branch you expect by comparing sha hash
git switch -c gke-cos-fix
git cherry-pick e2737efa975198efde13a48435cc994daa3ba018 # substitute with your commit of interest
git push origin gke-cos-fix # push the branch to your origin repo
# Go to github UI and raise PR to the v0.2 branch
# Pull PR locally and test
git fetch upstream pull/37/head:mybranch
@nyrahul
nyrahul / close-fd-problem.c
Last active Dec 15, 2021
ebpf syscall close does not give the right fd
View close-fd-problem.c
//https://stackoverflow.com/questions/70344928/bpf-kprobe-macro-provides-unexpected-value-of-function-argument
// Trying without BPF_KPROBE
SEC("kprobe/__x64_sys_close")
int myclose(struct pt_regs *ctx) {
u32 pid = bpf_get_current_pid_tgid() >> 32;
int fd = PT_REGS_PARM1_CORE(ctx);
// filter specific pid for simplicity
if (pid != SRV_PID) {
@nyrahul
nyrahul / ka-visibility.sh
Created Dec 1, 2021
Enable Kubearmor visibility across k8s deployments/pods (except kube-system namespace)
View ka-visibility.sh
#!/usr/bin/env bash
annotate()
{
ns_ignore_list=("kube-system" "explorer" "cilium" "kubearmor")
while read line; do
depnm=${line/ */}
depns=${line/* /}
[[ " ${ns_ignore_list[*]} " =~ " ${depns} " ]] && continue
echo "Applying KubeArmor visibility annotation for namespace=[$depns], $1=[$depnm]"
@nyrahul
nyrahul / cilium-quick-cmds.sh
Last active Aug 18, 2021
cilium quick notes for dev VM
View cilium-quick-cmds.sh
# -------[ Cilium installation on GKE ]---------
NATIVE_CIDR="$(gcloud container clusters describe "cluster-core-backend" --zone "us-central1-c" --format 'value(clusterIpv4Cidr)')"
# with hubble-relay
helm install cilium cilium/cilium --version 1.9.6 \
--namespace kube-system \
--set nodeinit.enabled=true \
--set nodeinit.reconfigureKubelet=true \
--set nodeinit.removeCbrBridge=true \
--set cni.binPath=/home/kubernetes/bin \
@nyrahul
nyrahul / cdump.sh
Created Apr 16, 2021
tcpdump for pod controlled by cilium
View cdump.sh
#!/bin/bash
# Usage: $0 <pod> [tcpdump-filter]
[[ "$1" == "" ]] && echo "Usage: $0 <pod> [tcpdump-filter]" && exit 1
ep_id=`kubectl get cep -A -o jsonpath="{.items[?(@.metadata.name==\"$1\")].status.id}"`
iface=`cilium endpoint get $ep_id -o jsonpath="{[*].status.networking.interface-name}"`
shift
@nyrahul
nyrahul / ssh-port-fwd
Last active May 31, 2021
ssh port forwarding
View ssh-port-fwd
ssh -L 6060:127.0.0.1:6060 vagrant@192.168.34.11
golang pprof tool by default starts the pprof web server on localhost:6060. My pprof was running inside a VM and I needed to access the web server from the host. I could ssh to the VM. Thus I needed to enable port-forwarding on the host to the VM (remote).
ssh -L 6060:127.0.0.1:6060 vagrant@192.168.34.11
| | | |-------v------------|
| | | \--------------- remote ssh user@hostname
| | |
| | \--------- remote port to forward
| |
@nyrahul
nyrahul / BUILD_BUG_ON.c
Created Mar 13, 2021
Compile time check to validate structure size
View BUILD_BUG_ON.c
#include <stdio.h>
#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2 * !!(condition)]))
int main(void)
{
struct t {
int x;
int y;
int z;
@nyrahul
nyrahul / ssh-pushkey
Last active May 10, 2021
ssh password less login: Add my pub key to .ssh/authorized_keys
View ssh-pushkey
# Generate ssh keys
ssh-keygen -t rsa
# Add my pub key as an authorized key on the remote host rahul@vbox20
cat ~/.ssh/id_rsa.pub | ssh rahul@vbox20 'mkdir -p .ssh && cat >> .ssh/authorized_keys'
@nyrahul
nyrahul / dig-container.sh
Created Jan 13, 2021
Map the container syscall events using sysdig
View dig-container.sh
#!/bin/bash
ignore_evts="futex switch clock_gettime io_getevents sched_getaffinity getrusage nanosleep rt_sigaction rt_sigprocmask ioctl sched_yield sigreturn times"
declare -A map
[[ "$1" == "" ]] && echo "Need container name as input" && exit 1
[[ $UID -ne 0 ]] && echo "Need to exec as root" && exit 1
[[ ! -x "$(which jq)" ]] && echo "Need jq command (try, apt install jq)" && exit 1
[[ ! -x "$(which sysdig)" ]] && echo "Need sysdig command (try, apt install sysdig)" && exit 1