Skip to content

Instantly share code, notes, and snippets.

Design and Implementation of K8s Services Proxy using eBpf

Goals and Priorities

  • Build an eBpf based implementation of Kubernetes Services (ClusterIP, NodePort, LoadBalancer) to replace Kube-proxy/ iptables and CNI based implementations of Kubernetes services.
  • The goal is not "use as much eBpf" as possible but rather to use eBpf selectively and opportunistically and also to leverage standard kernel datapaths as much as possible unless there is a good reason to do otherwise.
  • Since iptables packages are being deprecated in the Linux kernel and RHEL, it is necessary to have an implementation of kube-proxy that does not depend on iptables. See iptables deprecation
  • Primary design requirement is to retain end user experience for stability and debuggability when replacing the kube-proxy/ iptables based datapath. This requirement is more important that flat out data plane performanc
@DavidWells
DavidWells / javascript-proxy-as-rest-client.js
Last active May 12, 2024 14:24
Using a javascript proxy as low code REST client
/* Using a JavaScript proxy for a super low code REST client */
// via https://dev.to/dipsaus9/javascript-lets-create-aproxy-19hg
// also see https://towardsdatascience.com/why-to-use-javascript-proxy-5cdc69d943e3
// also see https://github.com/fastify/manifetch
// also see https://github.com/flash-oss/allserver
// and https://gist.github.com/v1vendi/75d5e5dad7a2d1ef3fcb48234e4528cb
const createApi = (url) => {
return new Proxy({}, {
get(target, key) {
@enixdark
enixdark / latency.txt
Created May 22, 2021 06:38 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
@righettod
righettod / venom_security_headers_tests_suite.yml
Last active November 2, 2022 19:02
VENOM sample HTTP security response headers test suites.
name: HTTP security response headers test suites
# TOOLS
# VENOM HOME: https://github.com/ovh/venom
# VENOM RELEASE: https://github.com/ovh/venom/releases
# VENOM ASSERTION KEYWORDS: https://github.com/ovh/venom#assertion
# REF AND RUN
# REF BASE: https://owasp.org/www-project-secure-headers/
# RUN CMD: venom run --var="target_site=https://righettod.eu" venom_security_headers_tests_suite.yml
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" venom_security_headers_tests_suite.yml
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" --var="logout_url=/logout" venom_security_headers_tests_suite.yml
ContractAddress TokenName TokenSymbol holder count transfer count # of times appears in list notes
0x420b595d8b648971b3bfcf46e66544c384860536 VenmoCash VMO 1 6 2
0xdeeb40536e94be7226b77fb89d7d3cd65a82fb85 Zoom Protocol ZOM 1 9 2
0xe670848d54788997942ecf938cd23b09550bae73 TARO TARO 1 4 2
0xf28fec34928a1dc19b650104ae082665b66f720e ETH/BTC Long-Only Alpha XTF.SWCEBL 1 4 2
0x030385efc63ebda6021d9098b1fcc422547d83d3 Tacos @ Taconomics.io $TACO 2 5 2
0x03bb9bbf0423e44370e88ec5fc31eecf4e2b4ac2 STVKE.Network STV 2 9 2
0x05e850909664a3cf926ca4777c3ec1577d36ec18 OnFlow Flow 2 8 2
0x06ca771a689d6d5f5e435be2ef1d1ffc6bdb3b4c Wing Token WING 2 8 2
0x08a958bdc9e0beb0c3ee2ec6e9c0013f14ce66e5 Harold Returns KEKW 2 6 2
KataContainers
- image coupled with kernel
- light vm layer
- can run in nested virturalization environments if hardware supports and you can enable it in bios (ex. only bare metal EC2 instances, limits many cloud providers)
- slower startup time
- OCI compliant
- previously known as ClearContainers by Intel
gvisor
- kernel implemented in userspace
@graninas
graninas / What_killed_Haskell_could_kill_Rust.md
Last active February 18, 2025 19:32
What killed Haskell, could kill Rust, too

At the beginning of 2030, I found this essay in my archives. From what I know today, I think it was very insightful at the moment of writing. And I feel it should be published because it can teach us, Rust developers, how to prevent that sad story from happening again.


What killed Haskell, could kill Rust, too

What killed Haskell, could kill Rust, too. Why would I even mention Haskell in this context? Well, Haskell and Rust are deeply related. Not because Rust is Haskell without HKTs. (Some of you know what that means, and the rest of you will wonder for a very long time). Much of the style of Rust is similar in many ways to the style of Haskell. In some sense Rust is a reincarnation of Haskell, with a little bit of C-ish like syntax, a very small amount.

Is Haskell dead?

@onlurking
onlurking / programming-as-theory-building.md
Last active March 4, 2025 04:39
Programming as Theory Building - Peter Naur

Programming as Theory Building

Peter Naur

Peter Naur's classic 1985 essay "Programming as Theory Building" argues that a program is not its source code. A program is a shared mental construct (he uses the word theory) that lives in the minds of the people who work on it. If you lose the people, you lose the program. The code is merely a written representation of the program, and it's lossy, so you can't reconstruct

@michaellihs
michaellihs / container-security.md
Last active February 12, 2020 01:25
Container Security

Container Security

Overview of Container Security Threats

  • Image Development
    • Installing SW without proper configuration, e.g. default passwords...
    • Exposed credentials in Dockerfiles
  • Malware in 3rd party resources used to build the image
@nhymxu
nhymxu / README-python-framework-benchmark.md
Last active February 8, 2025 10:11
Flask vs Falcon vs FastAPI benchmark
gunicorn run:app --workers=9
gunicorn run:app --workers=9 --worker-class=meinheld.gmeinheld.MeinheldWorker

Macbook Pro 2015 Python 3.7

Framework Server Req/s Max latency +/- Stdev