🐞

Rahul Jadhav nyrahul

🐞

CTO/Cofounder for AccuKnox, SIG-Security chair for LFN Nephio, CNCF Ambassador, Maintainer for CNCF Project KubeArmor

107 followers · 20 following

AccuKnox

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

nyrahul / kubetls-report.txt

Last active June 21, 2023 13:25

	\| Name \| Address \| Status \| Version \| Ciphersuite \| Hash \| Signature \| Verification \|
	\| ------------------------------------------------------------------------------------- \| -------------------- \| ---------- \| ------- \| ---------------------------- \| ------ \| --------- \| -------------------------------------------- \|
	\| accuknox-agents/agents-operator[health-check] \| 172.20.183.36:9090 \| PLAIN_TEXT \| \| \| \| \| \|
	\| accuknox-agents/agents-operator[spire-agent] \| 172.20.183.36:9091 \| PLAIN_TEXT \| \| \| \| \| \|
	\| accuknox-agents/discovery-engine

nyrahul / dependencies.json

Last active March 6, 2023 05:43

Accuknox microservices dependency map

	[
	{
	"microservice": "cluster-entity-daemon",
	"operator": ">=",
	"version": "v0.2.0"
	},
	[
	{
	"depends_on": "shared-informer-service",
	"operator": ">=",

nyrahul / docker-compose.yaml

Created August 31, 2022 06:13

gitea docker-compose yaml that just works

	version: "3"

	networks:
	gitea:
	external: false

	services:
	server:
	image: gitea/gitea:1.17.1
	container_name: gitea

nyrahul / gist:3ad59a48508fc3ce60a1fa0442c8fbe5

Created May 20, 2022 17:01

cherry pick from remote branch and raise PR

	git fetch upstream
	git checkout -b v0.3-backport remotes/upstream/v0.3
	git cherry-pick <commit-hash> #Note that you should not pick merge hash
	git push origin v0.3-backport

	# Raise a PR from origin/v0.3-backport to upstream/v0.3

nyrahul / imp-git-cmds.sh

Last active March 14, 2022 15:28

git commands

	# Backporting to a branch by cherry-picking from the upstream/stable branch
	git fetch upstream
	git checkout upstream/v0.2 # verify if the tip is same as that of the branch you expect by comparing sha hash
	git switch -c gke-cos-fix
	git cherry-pick e2737efa975198efde13a48435cc994daa3ba018 # substitute with your commit of interest
	git push origin gke-cos-fix # push the branch to your origin repo
	# Go to github UI and raise PR to the v0.2 branch

	# Pull PR locally and test
	git fetch upstream pull/37/head:mybranch

nyrahul / close-fd-problem.c

Last active December 15, 2021 07:52

ebpf syscall close does not give the right fd

	//https://stackoverflow.com/questions/70344928/bpf-kprobe-macro-provides-unexpected-value-of-function-argument

	// Trying without BPF_KPROBE
	SEC("kprobe/__x64_sys_close")
	int myclose(struct pt_regs *ctx) {
	u32 pid = bpf_get_current_pid_tgid() >> 32;
	int fd = PT_REGS_PARM1_CORE(ctx);

	// filter specific pid for simplicity
	if (pid != SRV_PID) {

nyrahul / ka-visibility.sh

Created December 1, 2021 17:39

Enable Kubearmor visibility across k8s deployments/pods (except kube-system namespace)

	#!/usr/bin/env bash

	annotate()
	{
	ns_ignore_list=("kube-system" "explorer" "cilium" "kubearmor")
	while read line; do
	depnm=${line/ */}
	depns=${line/* /}
	[[ " ${ns_ignore_list[*]} " =~ " ${depns} " ]] && continue
	echo "Applying KubeArmor visibility annotation for namespace=[$depns], $1=[$depnm]"

nyrahul / cilium-quick-cmds.sh

Last active August 18, 2021 04:11

cilium quick notes for dev VM

	# -------[ Cilium installation on GKE ]---------
	NATIVE_CIDR="$(gcloud container clusters describe "cluster-core-backend" --zone "us-central1-c" --format 'value(clusterIpv4Cidr)')"

	# with hubble-relay
	helm install cilium cilium/cilium --version 1.9.6 \
	--namespace kube-system \
	--set nodeinit.enabled=true \
	--set nodeinit.reconfigureKubelet=true \
	--set nodeinit.removeCbrBridge=true \
	--set cni.binPath=/home/kubernetes/bin \

nyrahul / cdump.sh

Created April 16, 2021 18:55

tcpdump for pod controlled by cilium

	#!/bin/bash

	# Usage: $0 <pod> [tcpdump-filter]

	[[ "$1" == "" ]] && echo "Usage: $0 <pod> [tcpdump-filter]" && exit 1

	ep_id=`kubectl get cep -A -o jsonpath="{.items[?(@.metadata.name==\"$1\")].status.id}"`
	iface=`cilium endpoint get $ep_id -o jsonpath="{[*].status.networking.interface-name}"`
	shift

nyrahul / ssh-port-fwd

Last active May 31, 2021 12:17

ssh port forwarding

	ssh -L 6060:127.0.0.1:6060 [email protected]

	golang pprof tool by default starts the pprof web server on localhost:6060. My pprof was running inside a VM and I needed to access the web server from the host. I could ssh to the VM. Thus I needed to enable port-forwarding on the host to the VM (remote).

	ssh -L 6060:127.0.0.1:6060 [email protected]
	\| \| \| \|-------v------------\|
	\| \| \| \--------------- remote ssh user@hostname
	\| \| \|
	\| \| \--------- remote port to forward
	\| \|

Newer Older

	\| Name \| Address \| Status \| Version \| Ciphersuite \| Hash \| Signature \| Verification \|
	\| ------------------------------------------------------------------------------------- \| -------------------- \| ---------- \| ------- \| ---------------------------- \| ------ \| --------- \| -------------------------------------------- \|
	\| accuknox-agents/agents-operator[health-check] \| 172.20.183.36:9090 \| PLAIN_TEXT \| \| \| \| \| \|
	\| accuknox-agents/agents-operator[spire-agent] \| 172.20.183.36:9091 \| PLAIN_TEXT \| \| \| \| \| \|
	\| accuknox-agents/discovery-engine

	ssh -L 6060:127.0.0.1:6060 [email protected]

	golang pprof tool by default starts the pprof web server on localhost:6060. My pprof was running inside a VM and I needed to access the web server from the host. I could ssh to the VM. Thus I needed to enable port-forwarding on the host to the VM (remote).

	ssh -L 6060:127.0.0.1:6060 [email protected]
	\| \| \| \|-------v------------\|
	\| \| \| \--------------- remote ssh user@hostname
	\| \| \|
	\| \| \--------- remote port to forward
	\| \|