IPTables Flow Chart

Another interesting flowchart about IPTables in general


KubeProxy IPTables

I found this flowchart about execution of different rule chains of IPTables firewall. It is based on various configurations and service types. So let me share it with readers of my blog. Express YourSelf !

Reference :

K8s Security : References from Kubecon2019

kubectl productivity

Auto Complete

source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.

echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.


kubectx helps you switch between clusters back and forth:

kubens helps you switch between Kubernetes namespaces smoothly:


kubectl explain
command outputs the specification of the requested resource or field.


A script to generate hundreds of convenient kubectl aliases programmatically.

Syntax explanation
  • k=kubectl
    • sys=--namespace kube-system
  • commands:
    • g=get
    • d=describe
    • rm=delete
    • a:apply -f
    • exexec -i -t
    • lologs -f
  • resources:
    • po=pod, dep=deploymenting=ingresssvc=servicecm=configmapsec=secretns=namespaceno=node
  • flags:
    • output format: oyamlojsonowide
    • all--all or --all-namespaces depending on the command
    • sl--show-labels
    • w=-w/--watch
  • value flags (should be at the end):
    • n=-n/--namespace
    • f=-f/--filename
    • l=-l/--selector


eBPF, OPA, Blackbox exporter, ffwd, Heroic

eBPF can be used for 

1. Map application and HA architecture
2. Detect network issues
3. Identify misbehaving svc


Open Policy Agent https://github.com/open-policy-agent/opa can be used to validate CRD

The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. https://github.com/prometheus/blackbox_exporter

ffwd is a flexible metric forwarding agent. It is intended to run locally on the system and receive metrics through a wide set of protocols and then forward them to your TSDB.  https://github.com/spotify/ffwd 

Heroic A scalable time series database based on Bigtable, Cassandra, and Elasticsearch. https://github.com/spotify/heroic