Skip to content

Instantly share code, notes, and snippets.

View aojea's full-sized avatar

Antonio Ojea aojea

557 followers · 0 following
View GitHub Profile
@aojea
aojea / Dockerfile
Created May 21, 2026 17:08
Retry admission webhooks on transport errors #139105
FROM alpine:latest
COPY webhook /usr/local/bin/webhook
ENTRYPOINT ["/usr/local/bin/webhook"]
@aojea
aojea / Dockerfile.nft-builder
Last active May 20, 2026 15:01
nftables user space compatibility check
FROM debian:bookworm
# 1. Install compilation toolchain and dependencies
RUN apt-get update && apt-get install -y \
git build-essential autoconf automake libtool \
bison flex pkg-config libgmp-dev libreadline-dev \
libedit-dev libjansson-dev \
&& rm -rf /var/lib/apt/lists/*
# 2. Build libmnl (rarely changes, master is fine)
@aojea
aojea / README.md
Created February 26, 2026 14:25
Golang apidiff since kubernetes 1.23.0

Hot to check golang API changes on client-go or other kubernetes exposed module

  1. Clone kubernetes and cd to the repo
git clone kubernetes
cd kubernetes
  1. Checkout to your target version, in this case we will check from v1.35.0
@aojea
aojea / README.sh
Last active January 4, 2026 16:25
Build tailscale for openwrt
# Ref https://tailscale.com/kb/1207/small-tailscale
git clone https://github.com/tailscale/tailscale.git
# obtain the tags from the build_dist.sh --extra-small script
# check the existing ones with go run ./cmd/featuretags --list
TAGS=$(go run ./cmd/featuretags --min --add=osrouter,unixsocketidentity,useexitnode,clientupdate)
# Use the corresponding architecture https://go.dev/wiki/GoMips
@aojea
aojea / Android_VPN_hotspot.txt
Last active November 17, 2025 16:36
Android VPN Hotspot
# adb shell with root privileges to configure the android routing tables
# In this case wlan1 is the hotspot interface and tun0 the vpn interface
# use the vpn routing table for hotspot traffic
ip rule add from all iif wlan1 lookup tun0 pref 17999
# allow traffic between VPN and hotspot
iptables -I tetherctrl_FORWARD -i tun0 -o wlan1 -j RETURN
iptables -I tetherctrl_FORWARD -i wlan1 -o tun0 -j RETURN
@aojea
aojea / zero_downtime_app.yaml
Created November 2, 2025 22:05
KCD Porto 2025 - Achieving Zero-Downtime Deployments in Kubernetes"
apiVersion: apps/v1
kind: Deployment
metadata:
name: server-deployment
labels:
app: MyApp
spec:
replicas: 2
selector:
matchLabels:
@aojea
aojea / sockets.bt
Created September 28, 2025 21:45
list sockets with bpftrace
#!/usr/bin/env bpftrace
#define AF_INET 2
#define AF_INET6 10
iter:tcp
{
$sk_common = ctx->sk_common;
if ($sk_common == 0) {
@aojea
aojea / monitoring.yaml
Created June 28, 2025 08:42
---
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
@aojea
aojea / README.md
Last active January 27, 2026 09:24
Network Device Management with container runtimes

Network Device Management with container runtimes

This document provides a hands-on guide to understanding how runtimes interacts with network devices and namespaces, focusing on the new "Network Devices" feature described in the OCI (Open Container Initiative) runtime specification. The feature is expected to be released in the version 1.3.0 of the OCI specification.

In high-level container orchestration systems like Kubernetes, the management of network namespaces and interfaces is handled by the [Container Runtime Interface

@aojea
aojea / ssh_pod.yaml
Created June 1, 2025 17:09
ssh pod
# based on https://taozhi.medium.com/the-amazing-chroot-making-simply-ssh-to-each-nodes-in-kubernetes-a3448a665c95
# kubectl exec -it ssh-pod -- chroot /host /bin/bash
apiVersion: v1
kind: Pod
metadata:
name: ssh-pod
labels:
app: ssh-pod
spec:
hostNetwork: true