Test NFSv3 file locking with persistent locks across multiple pods using Trident ONTAP-NAS storage.
kubectl apply -k .
kubectl exec -it deployment/nfs-test-nfs-lock-tester -- nfs-lock.sh test myfile.txt
Clément Nussbaumer clementnuss
🐄
clementnuss
/ test-readonly-clone-export-policy.sh
Created
November 20, 2025 15:14
netapp trident nas-economy snapshot export policy bug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script to reproduce the read-only clone export policy bug in Trident nas-economy driver | |
| # | |
| # Bug Description: | |
| # When a read-only clone is deleted on the same node as its source volume, the unpublish | |
| # operation incorrectly removes export policy rules that are still needed by the source. | |
| # This is NOT a race condition - it's a deterministic logic bug where the code fails to | |
| # check for remaining publications of the source volume before removing export rules. | |
| # |
The few following manifests present how asciinema-server on Kubernetes, with a caching nginx reverse proxy (which also does the requests against the S3 endpoint, for cases where the S3 server is not publicly accesible).
For more details regarding the S3 proxying, check https://github.com/asciinema/asciinema-server/pull/363/files#diff-10557452cffb1028618b3bc1bfdd9f01d79642fe2823dc078f5208a0121b8495
Kubernetes CronJob to backup, compress (with gzip --rsyncable), and finally
use restic to backup your DBs to an S3 endpoint.
Advantages:
- using mariadb:latest Docker image, to ensure I don't use an outdated
mariadb-dumpbinary - backing up each database in a separate file, to make for easier restore
- compressing the backups with gzip and the
--rsyncableoption (details here), which makes gzip "regularly reset his compression algorithm to what it was at the beginning of the file", so that changes to a portion of the file do not alter the whole compressed output, which permits to make incremental backups. - using restic to store the backups on an S3 endpoint (Cloudflare R2, with a generous free tier!), which makes for simple management and rotation, as well as for simple restores.
clementnuss
/ eBPF-execve-argv-envp-print.md
Created
November 28, 2023 13:36
eBPF - using bpftrace to debug argv and env of an executable
With bpftrace on Linux, it's quite simple to monitor when a specific binary is run, and to print it's args and the environment variables passed to it.
This can be done with the following bpftrace "program":
tracepoint:syscalls:sys_enter_execve
/str(args->filename) == "/etc/network/if-up.d/resolved" /
{
When patching some Kubernetes control-plane nodes on which etcd also happens to be running, you might want to gracefully transfer the leadership of the etcd cluster away before patching and eventually patching the node.
This can be achieved with the following script, provided you specify the adequate environment variables in /etc/profile.d/etcd-all:
set -o pipefail && \
source /etc/profile.d/etcd-all && \
AM_LEADER=$(etcdctl endpoint status | grep $(hostname) | cut -d ',' -f 5 | tr -d ' ') && \
If you ever tried to delete more than a few hundred files on S3, you might have noticed how slow it was.
To speed-up the deletion, we can use a few bash commands to parallelize the deletion, and we can also use some json description of the objets we want to delete.
Concretely, it permits us to delete e.g. 1000 files with a single s3 API request.
clementnuss
/ rollout-restart.go
Last active
September 28, 2022 13:57
script to rollout restart all deployments on a kubernetes cluster by packs of 20, waiting 1min between packs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "os" | |
| "strings" | |
| "time" | |
| "github.com/bitfield/script" | |
| ) |
clementnuss
/ xclip
Last active
May 23, 2022 13:31
`xclip` script to permit replacing xclip with lemonade easily
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| stdin="$([[ -p /dev/stdin ]] && cat -)" | |
| lemonade copy $stdin |
clementnuss
/ yqblank.sh
Last active
June 2, 2023 23:09
fish/bash function to prevent changing blank lines while using yq
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #fish | |
| function yqblank; | |
| yq eval "$argv[1]" "$argv[2]" | diff -B "$argv[2]" - | patch "$argv[2]" -o - | |
| end | |
| #bash | |
| yqblank() { | |
| yq "$1" "$2" | diff -B "$2" - | patch "$2" - | |
| } |
NewerOlder