Skip to content

Instantly share code, notes, and snippets.

View ElXreno's full-sized avatar
:shipit:

ElXreno ElXreno

:shipit:
41 followers · 9 following
View GitHub Profile
@ElXreno
ElXreno / gist.md
Created March 16, 2026 23:23
KubeSpan + Cilium Egress Gateway + BPF Masquerade: Making the 'Impossible' Combination Work

KubeSpan + Cilium Egress Gateway + BPF Masquerade: Making the "Impossible" Combination Work

The Problem

Running a multi-site Kubernetes cluster on TalosOS with Cilium as the CNI, we needed:

  1. Inter-node encryption — all traffic between nodes encrypted (nodes communicate over public internet)
  2. Egress Gateway — specific pods' external traffic routed through a gateway node for geo-IP requirements
  3. Talos host firewallNetworkDefaultActionConfig: ingress: block for node-level security

These three requirements created an "impossible triangle":

@ElXreno
ElXreno / patch.yaml
Created October 27, 2023 09:03
CCM for Selectel on Talos
- op: add
path: /cluster/externalCloudProvider
value:
enabled: true
manifests:
- https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/v1.28.1/manifests/controller-manager/cloud-controller-manager-roles.yaml
- https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/v1.28.1/manifests/controller-manager/cloud-controller-manager-role-bindings.yaml
- https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/v1.28.1/manifests/cinder-csi-plugin/cinder-csi-controllerplugin-rbac.yaml
- https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/v1.28.1/manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml
- https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/v1.28.1/manifests/cinder-csi-plugin/cinder-csi-nodeplugin-rbac.yaml
@ElXreno
ElXreno / repo-sync-manifest.xml
Last active October 21, 2023 08:52
AOSPA repo manifest for courbet (Xiaomi Mi 11 Lite)
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<!-- TEMP!!! -->
<remove-project name="platform/vendor/nxp/opensource/external/libnfc-nci" />
<project name="ElXreno/platform_vendor_xnp_opensource_external_libnfc-nci" path="vendor/nxp/opensource/commonsys/external/libnfc-nci" remote="github" revision="uvite" />
<!-- TEMP!!! end -->
<project name="ThankYouMario/android_prebuilts_clang-standalone" path="prebuilts/clang-standalone" remote="gitlab" revision="17" />
@ElXreno
ElXreno / openebs-zfs-node.log
Created April 10, 2023 22:14
I0410 21:53:47.745797 1 main.go:164] Version: v2.3.0
I0410 21:53:47.745842 1 main.go:165] Running node-driver-registrar in mode=registration
I0410 21:53:47.746437 1 main.go:189] Attempting to open a gRPC connection with: "/plugin/csi.sock"
I0410 21:53:47.746571 1 connection.go:154] Connecting to unix:///plugin/csi.sock
I0410 21:53:48.749518 1 main.go:196] Calling CSI driver to discover driver name
I0410 21:53:48.749546 1 connection.go:183] GRPC call: /csi.v1.Identity/GetPluginInfo
I0410 21:53:48.749554 1 connection.go:184] GRPC request: {}
I0410 21:53:48.754748 1 connection.go:186] GRPC response: {"name":"zfs.csi.openebs.io","vendor_version":"develop-ff097c0:07-12-2022"}
I0410 21:53:48.754812 1 connection.go:187] GRPC error: <nil>
I0410 21:53:48.754819 1 main.go:206] CSI driver name: "zfs.csi.openebs.io"
@ElXreno
ElXreno / output.log
Last active December 3, 2020 16:38
IOR Benchmark Samsung 860 EVO 250GB. Made JFF because https://www.phoronix.com/scan.php?page=article&item=wd-black-sn850&num=2
ior/src on  master [?]
❯ /usr/lib64/mpich/bin/mpirun -n 64 ./ior -t 1m -b 16m -s 16
IOR-3.4.0+dev: MPI Coordinated Test of Parallel I/O
Began : Thu Dec 3 19:27:06 2020
Command line : ./ior -t 1m -b 16m -s 16
Machine : Linux laptop.local
TestID : 0
StartTime : Thu Dec 3 19:27:06 2020
Path : testFile
FS : 151.8 GiB Used FS: 62.4% Inodes: 0.0 Mi Used Inodes: -nan%
@ElXreno
ElXreno / 99-sign-all.install
Last active September 15, 2020 13:17
#!/usr/bin/bash
# openssl req -new -x509 -newkey rsa:2048 -sha256 -days 365 -subj "/CN=Platform Key" -keyout PK.key -out PK.pem -nodes
# openssl req -new -x509 -newkey rsa:2048 -sha256 -days 365 -subj "/CN=Key Exchange Key" -keyout KEK.key -out KEK.pem -nodes
# openssl req -new -x509 -newkey rsa:2048 -sha256 -days 365 -subj "/CN=Image Signing Key" -keyout ISK.key -out ISK.pem -nodes
# cert-to-efi-sig-list -g "$(uuidgen)" PK.pem PK.esl
# cert-to-efi-sig-list -g "$(uuidgen)" KEK.pem KEK.esl
# cert-to-efi-sig-list -g "$(uuidgen)" ISK.pem ISK.esl
# cp ISK.esl db.esl
# sign-efi-sig-list -k PK.key -c PK.pem PK PK.esl PK.auth
@ElXreno
ElXreno / flab
Last active May 24, 2020 17:01
Flathub builder wrapper script
#!/usr/bin/bash
set -e
if [ "$1" = "" ]; then
echo "Usage: $0 MANIFEST_FILE"
exit 1
fi
MANIFEST_FILE="$1"
@ElXreno
ElXreno / 2189.patch
Last active May 20, 2020 10:55
DDNet manifest
From bb9983fa6f2b76788ad9e6d913f9570e979e6cad Mon Sep 17 00:00:00 2001
From: ElXreno <elxreno@gmail.com>
Date: Sun, 17 May 2020 10:27:58 +0300
Subject: [PATCH 1/2] Appdata: Append releases tag
---
other/ddnet.appdata.xml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/other/ddnet.appdata.xml b/other/ddnet.appdata.xml
@ElXreno
ElXreno / rust-vendor-sources.sh
Last active June 22, 2020 06:03
Rust vendored source generator
#!/bin/bash
set -e
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: $0 GIT_URL GIT_TAG"
echo "Example: $0 https://github.com/ElXreno/zswap-cli.git v1.0.3"
exit 1
fi
REPO_URL="$1"
@ElXreno
ElXreno / golang-vendor-sources.sh
Last active June 22, 2020 06:03
Golang vendored source generator
#!/bin/bash
set -e
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: $0 GIT_URL GIT_TAG"
echo "Example: $0 https://github.com/go-gitea/gitea.git v1.12.1"
exit 1
fi
REPO_URL="$1"