Skip to content

Instantly share code, notes, and snippets.

View jimangel's full-sized avatar
🌤️
around

Jim Angel jimangel

🌤️
around
123 followers · 7 following
View GitHub Profile
@andrewloux
andrewloux / numa.md
Last active May 3, 2024 19:16
What is NUMA, and why should Kubernetes users care?

Historically, all memory on x86 architectures were equally accessibly by all CPUs on the system. This is an effective implementation, but there's increased bandwidth on the bus, and the more CPUs you have, the further away from the memory it is. This layout is called Uniform Memory Access.

Older UMA Layout

Modern x86 architectures introuduce the concept of memory nodes (also referred to elsewhere as zones or cells), where new writes are associated with a CPU's memory node. The nodes are connected by a bus, so all the memory is still accessible via any CPU, but of course, we have faster memory access time for CPUs accessing local nodes.

NUMA NUMA Layout

When you have a virtualization layer on top, and you are scheduling workloads, you can take advantage of this by pinning processes to specific CPUs.

@IanColdwater
IanColdwater / twittermute.txt
Last active February 23, 2025 18:09
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@bgeesaman
bgeesaman / CVE-2019-11253-poc.sh
Last active December 29, 2022 14:25
CVE-2019-11253 Kubernetes API Server YAML Parsing Remote Denial of Service PoC aka "Billion Laughs"
#!/usr/bin/env bash
# CVE-2019-11253
# https://github.com/kubernetes/kubernetes/issues/83253
# Shout out: @raesene for poc collab, @iancoldwater + @mauilion for
# HONKing inspiration and other guidance.
# Description: In Kubernetes 1.13 and below, the default configuration
# is that system:anonymous can request a selfsubjectaccessreview
# via mechanisms such as "kubectl auth can-i". This request can
# include POSTed YAML, and just the act of trying to parse it causes
@HenriTEL
HenriTEL / daemonset.yml
Created October 17, 2019 10:09
A custom driver installer for gke ubuntu based images that includes nvidia-docker.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nvidia-driver-installer
namespace: kube-system
labels:
k8s-app: nvidia-driver-installer
spec:
selector:
matchLabels:
@jmhobbs
jmhobbs / Dockerfile
Created December 27, 2018 22:02
Google Cloud Build Secret Environment Demo
FROM busybox
ARG THE_SECRET
RUN echo "::${THE_SECRET}::"
@gochist
gochist / find_outdated.py
Last active March 25, 2024 19:07
import os
import subprocess
DEVNULL = open(os.devnull, 'w')
BASE_CONTENT = "content/en"
WORK_CONTENT = "content/ko"
L_COMMIT = "website/dev-1.13-ko.3"
R_COMMIT = "website/master"
@dims
dims / e2e_manifests.go
Last active August 24, 2018 03:22
package main
import (
"fmt"
"k8s.io/apimachinery/pkg/util/sets"
imageutils "k8s.io/kubernetes/test/utils/image"
"os"
"os/exec"
)
@ernoaapa
ernoaapa / list-failing-pods.sh
Last active June 19, 2024 10:50
Script to list all Kubernetes Pods what are NOT ready
#!/bin/sh
#
# Print Pods which are Pending or not Ready for some reaosn
#
kubectl get pods --all-namespaces -o go-template='{{ range $item := .items }}{{ range .status.conditions }}{{ if (or (and (eq .type "PodScheduled") (eq .status "False")) (and (eq .type "Ready") (eq .status "False"))) }}{{ $item.metadata.name}} {{ end }}{{ end }}{{ end }}'
@lizrice
lizrice / Vagrantfile
Last active February 3, 2023 02:21
Vagrant file for setting up a single-node Kubernetes cluster that I can access from my desktop. Read more: https://medium.com/@lizrice/kubernetes-in-vagrant-with-kubeadm-21979ded6c63
# -*- mode: ruby -*-
# vi: set ft=ruby :
# This script to install Kubernetes will get executed after we have provisioned the box
$script = <<-SCRIPT
# Install kubernetes
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
@kevinsimper
kevinsimper / dump-secrets-kubernetes.sh
Last active May 3, 2024 09:54
kubectl get — no-headers secret | awk '{print $1}' | \
xargs -I{} sh -c 'kubectl get secret -o yaml "$1" > "$1.yaml"' — {}