Kapil Agrawal
@netops2devops.net
Kubernetes platform Security Engineer by profession. Also a recovering network engineer. Open source exuberant. Fan of open standards. Spends way too much time in homelab
FWIW, Alma Linux is the new blessed “Scientific Linux” for HPC. But Ubuntu/Debian should work just fine too.
November 19, 2025 at 5:43 AM
FWIW, Alma Linux is the new blessed “Scientific Linux” for HPC. But Ubuntu/Debian should work just fine too.
Another option worth checking out in the name of simplicity github.com/alecthomas/k...
GitHub - alecthomas/kong: Kong is a command-line parser for Go
Kong is a command-line parser for Go. Contribute to alecthomas/kong development by creating an account on GitHub.
github.com
November 17, 2025 at 7:13 PM
Another option worth checking out in the name of simplicity github.com/alecthomas/k...
Nothing specific yet. Mostly curiosity around what all can be done in networking/security space with all the eBPF hooks.
November 15, 2025 at 7:41 PM
Nothing specific yet. Mostly curiosity around what all can be done in networking/security space with all the eBPF hooks.
I’m yet to find anything as fast and slick as neovim (with language server plugins) when it comes to smooth developer experience.
November 15, 2025 at 7:39 PM
I’m yet to find anything as fast and slick as neovim (with language server plugins) when it comes to smooth developer experience.
While I am not a Kernel programmer by trait I’ve never felt this enthusiastic about going back to my CS roots and refreshing my C skills only so I can dabble with eBPF. I don’t need to be a professional kernel engineer to build eBPF programs, I just need to know enough to be dangerous 😂
November 14, 2025 at 4:27 PM
While I am not a Kernel programmer by trait I’ve never felt this enthusiastic about going back to my CS roots and refreshing my C skills only so I can dabble with eBPF. I don’t need to be a professional kernel engineer to build eBPF programs, I just need to know enough to be dangerous 😂
I skipped most of the keynotes or talks about AI slop
November 14, 2025 at 1:19 AM
I skipped most of the keynotes or talks about AI slop
IPv6 Only Kubernetes with Cilium: What to Know Before Production
netops2devops.net
November 2, 2025 at 4:52 PM
I think you maybe looking for multus 😅 Cilium also supports doing separate subnets per pod but that’s an enterprise feature IIRC. there’s also cni.dev which might be worth looking into.
CNI
cni.dev
October 28, 2025 at 5:49 AM
I think you maybe looking for multus 😅 Cilium also supports doing separate subnets per pod but that’s an enterprise feature IIRC. there’s also cni.dev which might be worth looking into.
Yeah container networking world has a whole lot of catching up to do with IPv6
October 28, 2025 at 5:44 AM
Yeah container networking world has a whole lot of catching up to do with IPv6
Envoy uses a feature within the Linux Kernel called TPROXY (transparent proxy). So technically your application sees the original client IP and not the reverse proxy IP, if that helps. Now granted I have never worked with SIP so I could be mistaken.
October 28, 2025 at 5:36 AM
Envoy uses a feature within the Linux Kernel called TPROXY (transparent proxy). So technically your application sees the original client IP and not the reverse proxy IP, if that helps. Now granted I have never worked with SIP so I could be mistaken.
Since pod address are ephemeral there has to be a mechanism that provides a fixed stable address (Gateway address) for the application that an end user can access.
October 28, 2025 at 5:29 AM
Since pod address are ephemeral there has to be a mechanism that provides a fixed stable address (Gateway address) for the application that an end user can access.
pod to pod and pod to wan is Unicast. Ingress has to be a virtual IP. It’s basically a load balancer for your Pods. Albeit, since Cilium uses Envoy proxy as L7 proxy underneath it preserves the original source IP. So when user traffic reaches pod it sees real source IP
October 28, 2025 at 5:27 AM
pod to pod and pod to wan is Unicast. Ingress has to be a virtual IP. It’s basically a load balancer for your Pods. Albeit, since Cilium uses Envoy proxy as L7 proxy underneath it preserves the original source IP. So when user traffic reaches pod it sees real source IP
Using cilium’s BGP LoadBalancer IPAM to hand out addresses to Gateway api and announce those over BGP as well! From user’s perspective they hit the gateway api to access an application.
October 28, 2025 at 5:24 AM
Using cilium’s BGP LoadBalancer IPAM to hand out addresses to Gateway api and announce those over BGP as well! From user’s perspective they hit the gateway api to access an application.
I’m planning to cover just that in part4. Still working on part 3 this week😅 but yes I do have a working architecture/config with #cilium that uses native routing i.e no tunneling or masquerading. Each namespace gets a clean /64 using multi-pool ipam. POD addresses announced via BGP.
October 28, 2025 at 5:19 AM
I’m planning to cover just that in part4. Still working on part 3 this week😅 but yes I do have a working architecture/config with #cilium that uses native routing i.e no tunneling or masquerading. Each namespace gets a clean /64 using multi-pool ipam. POD addresses announced via BGP.
Would using ‘iota’ solve your use case for enums? blog.learngoprogramming.com/awesome-go-e...
★ Ultimate Visual Guide to Go Enums ★
Golang Enums & iota Guide—Full of tips and tricks with visuals and runnable code examples.
blog.learngoprogramming.com
October 27, 2025 at 3:27 AM
Would using ‘iota’ solve your use case for enums? blog.learngoprogramming.com/awesome-go-e...
topics for subsequent posts:
- IPv6 address planning to run #cilium in native routing with cluster pool vs. multi-pool ipam.
- Cilium BGP control plane with LB IPAM and GatewayAPI for ingress
- Predictable egress IP without using an egress gateway (aka no SNAT/masquerading)
Stay tuned ;)
- IPv6 address planning to run #cilium in native routing with cluster pool vs. multi-pool ipam.
- Cilium BGP control plane with LB IPAM and GatewayAPI for ingress
- Predictable egress IP without using an egress gateway (aka no SNAT/masquerading)
Stay tuned ;)
October 25, 2025 at 5:38 PM
topics for subsequent posts:
- IPv6 address planning to run #cilium in native routing with cluster pool vs. multi-pool ipam.
- Cilium BGP control plane with LB IPAM and GatewayAPI for ingress
- Predictable egress IP without using an egress gateway (aka no SNAT/masquerading)
Stay tuned ;)
- IPv6 address planning to run #cilium in native routing with cluster pool vs. multi-pool ipam.
- Cilium BGP control plane with LB IPAM and GatewayAPI for ingress
- Predictable egress IP without using an egress gateway (aka no SNAT/masquerading)
Stay tuned ;)
part2 covers building the simplest #IPv6 only #k3s cluster using @cilium.io
netops2devops.net/series/k8s-c...
netops2devops.net/series/k8s-c...
Simplest IPv6 only k3s cluster using Cilium
netops2devops.net
October 25, 2025 at 5:24 PM
part2 covers building the simplest #IPv6 only #k3s cluster using @cilium.io
netops2devops.net/series/k8s-c...
netops2devops.net/series/k8s-c...
part1 covers underlying #ipv6 infrastructure requirements before installing #kubernetes
netops2devops.net/series/k8s-c...
netops2devops.net/series/k8s-c...
IPv6 infrastructure before deploying Kubernetes
netops2devops.net
October 25, 2025 at 5:23 PM
part1 covers underlying #ipv6 infrastructure requirements before installing #kubernetes
netops2devops.net/series/k8s-c...
netops2devops.net/series/k8s-c...
1.25.3 is available now 😁https://formulae.brew.sh/formula/go#default
go
Homebrew’s package index
formulae.brew.sh
October 16, 2025 at 3:44 AM
1.25.3 is available now 😁https://formulae.brew.sh/formula/go#default