After a quite long time, I read an interesting, thought provoking book. "Transcendence" - My Spiritual Experiences with Pramukh Swamiji by A.P.J. Abdul Kalam with Arun Tiwari. 

This blog has many articles with label "Spiritual Science". This book is also about Spiritual Science. How a renown scientist looks at religion, philosophy, spirituality. I recommend, all people - with scientific temperament - must read:
(1) "Chapter 14. Walking Over the Waves" and 
(2) "Part 3 Fusion of Science and Spirituality", particularly "Chapter 19 Mind Is the Matrix of All Matter" that talks about spirituality, quantum physics etc.

The entire book has diversified interesting topics. It talks about 
- various philosopher, scientists, good people of different time and places. 
- big bang, solar system, universe, galaxy etc. 
- statistics about BAPS, and HDH Pramukh Swami Maharaj. 
- India's space programme
- India's white revolution by Verghese Kurien
- Life of author A.P.J. Abdul Kalam. His native place. His teachers, relatives, other books. Also his role as president of India. 

The last two pages of "chapter 20. Growing into Highly Evolved Physical and Spiritual Being" sheds light on how status quo of our own inner lives harms us: We denounce wisdom of others when it does not fit into our emotional framework. We choose to agree only with opinions of others who share our personal values and feelings...In this state of ignorance, we become subservient, we are at the mercy of the popular status quo.

It also reminds me, a story about bumblebee and an insect. A bumblebee offered ride to an insect across the beautiful garden. The insect took some of the bad smelling matter in his nose with him and could not understand, what the bumblebee was describing about different fragrance of different flowers. The bumblebee realized it and make the insects dawn into pond and take it out, so it can enjoy fragrance. Same way sometimes we are cut of – like a fortress. A Guru open a window in the fortress. Then also we need to put efforts to progress in this spiritual path. I was one of the fortunate persons, who listened to this story directly from HDH Pramukh Swami Maharaj. Prior to that I read it in some book by Swami Vivekanand or Ramkrishna Paramhansa. 

You will like this book, regardless of you are bright atheist or committed religionists. Here is my favorite content from the book. You may also like it. It is in context of Galileo

People who are unable to understand perfectly both scripture and science far outnumber those who do understand them perfectly. The former glancing superficially through the scriptures, could easily arrogate to themselves the authority to decide upon every question of physics on the strength of some word which they have misunderstood, and which was consciously employed by the sacred authors for some different purpose. And the smaller number of understanding men could not dam up the furious torrent of such people. These people would gain the most followers, simply because it is much more pleasant to gain a reputation for wisdom without effort or study, than to consume oneself tirelessly in the most laborious disciplines.

We all have heard famous quote from Shrimad Bhagavad Gita:  

कर्मण्येवाधिकारस्ते मा फलेषु कदाचन ।  

We have control/rights about our own actions only, not on its result / fruit / outcome. The same point when living Guru like HDH Praumkh Swami Maharaj explains with following words, it gives more insight understanding. 

Do not confuse excellence with perfection. Excellence man can reach, but perfection is God's work. 
- Pramukh Swami Maharaj

I have captured many such gems, thought provoking statements in my blog about this book. The book has four sections. So I wrote four blog posts covering pearls of wisdom from each section of the book. You may like to read: 

Book: Transcendence

Transcendence - 4

---------------------------------------------------------------------------------------Let me share some pearls of wisdom from a book. 
My Spiritual Experiences with Pramukh Swamiji
by A.P.J. Abdul Kalam
with Arun Tiwari. 

This is not a book review.

This article is just like
'key take away points' for me. 

The book is divided in 4 parts. This article covers 4th part of the book. 


Part 4 Evolution of Creative Leadership


Let me not pray to be sheltered from dangers,

but to be fearless in facing them,
Let me not beg for the stilling of my pain, but
for the heart to conquer it. 

Six basic fears in the order of their most common appearance : 

1. fear of poverty
2. fear of criticism
3. fear of ill health
4. fear of loss of someone
5. fear of old age and
6. fear of death. 
- Napoleon Hill (from his classic book 'Think and Grow Rich' 1937)

Man can create nothing which he does not first conceive in the form of an impulse of thought. 

Death is not extinguishing the light; it is only putting out the lamp because the dawn has come. 
- Rabindranath Tagore

May we be fearless, from friends and enemies, from known and unknown. 
From night and day, may all the direction be our allies. 
- From Atharva Veda (XIX, 15:6)


Moral excellence was more a matter of divine bequest

- Socrates 

Body has five senses: touch, smell, taste, sight and hearing.
Soul has five qualities: intuition, peace, foresight, trust and empathy. 

Self-giving to God's Will

Is without fail,
A slow-ripening
But most delicious fruit


The noble man, he says, will help others even with his bones, whereas the ignoble, governed by fear and greed, is completely worthless, and in a crisis will only sell himself

- Thiruvalluvar - A Tamil poet and philosopher. From book Thirukkural 1080

How could anyone wish to fatten himself by eating fat of other beings? Butchering is disgrace; and eating meat is senseless 

- Thiruvalluvar - A Tamil poet and philosopher. From book Thirukkural 254

Liquor does not differ from poison

- Thiruvalluvar - A Tamil poet and philosopher. From book Thirukkural 926

Ethics, virtues, righteousness and purity indeed make a human different from the beast  

We must be pure. I do not speak merely of the purity of senses. We must observe great purity in our wills, in our intentions - in all our actions. 

- HDH Pramukh Swami Maharaj

The light of love, the purity of grace,

The mind, the Music breathing from (his) face,
The heart whose softness harmonized the whole - 
And, oh! that eye was in itself a Soul !
- Lord Byron (English Poet)

There is more than enough good to go around. There are more than enough create ideas. There is more than enough power, love, joy. 


Access to higher consciousness is the purpose of human evolution, and non-violence is the means to access the higher consciousness. 

Eight measures of self realization 

1. Smyak gyan: Appropriate knowledge
2. Smyak darshan: Appropriate philosophy
3. Smyak charitra: Appropriate conduct
Five great vows for appropriate conduct
4. Ahimsa: non-violence
5. Satya: truthfulness
6. Asteya: not stealing
7. Bhramacharya: abstinence
8. Aprigriha: No possessions
- Vardhman Mahaveer (Jainism)

  • English: One world family
  • Sanskrit: Vasudhaiva Kutumbakam
  • Tamil: Every country is my own and all the people are my kinsman. Purananuru Tamil poem in 300-100 BC
  • Unity (tawhid) has 3 categories: Unity of God, Unity of religion and Unity of mankind, in Ahmadiya Muslim community
  • "The earth is one country, and mankind its citizens" - Baha'ullah (founder og Bahai faith) in book "Tablet of Maqsud" 
  • Ubuntu - prominent philosophy of South Africa means 'humanness' 'humanity towards other' ' the belief in a universal bond of sharing that connects all humanity' 
Everything is connected and non-violence is an expression of this interconnection. 


As I walked out of the door towards the gate that would lead to my freedom, I know if I didn't leave my bitterness and hatred behind, I'd still be in prison.
- Dr. Nelson Mandela (while coming out prison after 27 years)

Great peacemakers are all people of integrity, of honesty, and of humility. 
- Dr. Nelson Mandela

The weak can never forgive, Forgiveness is the attribute of the strong
- Mahatma Gandhi

Forgiveness is ultimately gift to ourselves. Only through forgiveness can wounds heal. 

The truth is, unless you let go - unless you forgive yourself, unless you forgive the situation, unless you realize that the situation is over - you cannot move forwards


The purpose of human life is to serve, and to show compassion and the will to help others.
- Albert Schweitzer

If you are serious about your health, think and take most concern for your peace of mind. 
- Dalai Lama

Compassion has three components
1. cognitive: I understand you
2. affective: I feel for you
3. motivational: I want to help you
- Thupten Jinpa (eminent Tibetan scholar and translator of Dalai Lama)

True renewal relies on three key elements
1. Mindfulness
2. Hope
3. Compassion

i have just three things to teach
1. simplicity
2. patience
3. compassion
These three are your greatest treasures. 
- HDH Pramukh Swami Maharaj


Never underestimate the power of dreams and the influence of the human spirit. We are all the same in this motion: the potential for greatness lives within each of us.
- Wilma Rudolph (African-American sprinter)

Vision without action is merely a dream
Action without vision just passes the time;
but vision with action can change the world. 


We must reprogramme ourselves to understand that cooperation is a higher principle than competition. 

The senses are not always reliable. Infinite intelligence does not err.

Quite time spent in reflection, a life of rigour and austerity; simple service does at any place to help the poor, the deprived, the disadvantaged and the disabled - and aiding animals and the environment - are method by which infinite intelligence may be most readily contacted. 

Let us make our planet more liveable!


What a dream I had! I thought.
Or is this the dream into which I have not woken? 

Spoken Sanskrit Workshops by me

Spoken Sanskrit Workshops: My students, are performing at last day closing ceremony. They learnt Sanskrit in just 10 days. Daily 2 hours. 10 x 2 = 20 hours. Feeling happy for my students, their fast progress and wishing all of them all the best for further Sanskrit study, good health, good wealth and happy life. 

I will keep updating this list, in future. 

1. Jun - July 2013

2. Sept - Oct 2013

3. Feb 2014

4. Feb 2016

5. April 2017: 

6. Feb 2019:

OSN Days 2019

Take Away points

  • Hyperledger Telecom Special Interest Group (TCSIG) has released many white papers about usage of blockchain in telecom.
  • Linux Foundation Edge is focusing on various verticals by diverse set of projects:
  • O-RAN Software Community (SC) The first two release cover plumbing of different components. Subsequent releases will focus more on end to end cases.
  • Linux Foundation has Acumos project to develop AI apps. It is a platform and open source framework. 
  • eBPF is promising technology. The speaker claimed, its performance is as good as DPDK. With DPDK, your code need to process all packets. With eBPF, you just check and if packet is irrelevant, you can pass it back to Linux Kernel to process it. Here are important github repo  Click Here Click Here 
  • An introductory session on OVP (OPNFV Versification Program) certification. OVP verifies (1) VNF and (2) Infrastructure for VNF. It is an initiative to help operators. OVP certifies (1) compliance (2) validation and (3) performance. 
Overview of sessions


  • ONAP is merger of (1) ECOMP (Enhanced Control, Orchestration, Management & Policy) by AT&T and (2) Open-Orchestrator (Open-O) project by Linux Foundation. 
  • At present, only AT&T and Orange has deployed ONAP in live production environment. Many vendors have done PoC with ONAP.  
  • At present, ONAP is mainly for VNF. There is only one sample CNF is available to run on ONAP. 
  • ONAP's Dublin release has initial user cases for 5G. ONAP's Frankfurt release will have features for 5G end-to-end network slicing. 
  • ONAP has two components: (1) Design framework generates VNFD, NSD (2) Run-time framework is about monitoring and service assurance. K8s and ONAP can have slight overlap of functionality. E.g. Horizontal scaler of K8s 
  • The ONAP Orange OpenLab can be accessed by any ONAP contributor for hands-on with ONAP.

2. "OVS HW offload engagement with Mellanox". 

  • One need to adjust BIOS settings, CPU clock, NIC card driver option, OS parameters etc to get maximum throughput. 
  • The counters for Bytes transmit/receive was resetting in just 3 miniutes.
  • The PCIe was also bottleneck, to achieve 100 Gbps throughput. 
  • Here are important tools/utility/command for throughput measurement and optimisation:
3. "Dynamic Orchestration for 5G Slicing" 
  • 3GPP TS 23.502, ETSI and GSMA defines network slicing. 
  • NEST is Network Slicing Task Force. 
  • 5G network slicing characteristics (1) End to end in nature,  (2) Dynamic or runtime connections (3) Multi Domain (4) Shared Resources. 
  • 5G network slicing has three functions (1) Communication Service function is associated with BSS domain (2) Network slice management function (3) Network slice subnet management function. 
  • SDC (Service Design and Creation) of ONAP defines network slice template, network slice subnet template etc. 
  • NSI (Network Slice Instance) and ONAP service has one to one mapping. 
  • Orange has contributed with Service Resolver Click Here Click Here 
4. "Tungsten Fabric"
  • Service chaining in K8s
  • Tungsten Fabric and Akraino based network edges 
  • Four modes of Tungsten Fabric.
  • MSO API in ONAP 
  • Tungsten Fabric and NSM 
  • Tungsten Fabric can configure any router that supports BGP
 5. eBPF
  • eBPF maps can be accessed by user space
  • To achieve 10 Gbps, one packet gets 67.5 nano second. For 100 Gbps, 6.75 nano second. 
  • eBPF is driver level hook to call eBPF program. That is XDP (eXpress Data Path)
  • XDP program can call Kernel API also. 
  • XDP has two modes (1) native mode (no skb) (2) Generic mode (skb is allocated). 
  • Cilium is CNI for K8s. It implements Layer 7 security policy. It uses eBPF. 
  • Facebook uses eBPF for Layer 4 load balancer. 
  • eBPF was discussed at recent KubeCon 2019.
  • OVS and eBPF
  • Suricata is open source network threat detection engine. It uses eBPF
  • Netronome is about hardware offload. it uses eBPF

General Comments:

  • There are plenty of open source projects for telecom. Mobile operators are willing to go for the one which are “popular”. The “popular” can be the one which are used by most of their competitors.
  • Now, the traditional marketing people have less role to influence the customer in Telecom world. If a company has more participation and contribution to open source projects then it results in more influence in purchasing decision of customer. It results in more business. The engineers from R&D team participates and contribute to open source projects. 
  • Today in telecom world, there are no real gold category CNF. The VNF are just packaged as CNF. Since VNF will remain for sometime, we will see hybrid world of CNF and VNF. 
  • Open Source is a community that never sleeps. 

IPTables Flow Chart

Another interesting flowchart about IPTables in general


KubeProxy IPTables

I found this flowchart about execution of different rule chains of IPTables firewall. It is based on various configurations and service types. So let me share it with readers of my blog. Express YourSelf !

Reference :

Another relevant diagram: 


K8s Security : References from Kubecon2019

Extended NodeRestrictions for Pods:
Bounding Self-Labeling Kubelets:
Choose a minimal base image
Run as non root! 
Use resource limits 
Use least privilege authorization 
Restrict network access 
Node Authorizer:
Node Restriction:
Kubelet Static Pods:
Extended NodeRestrictions for Pods:
Bounding Self-Labeling Kubelets:
ReplicaSet deletion logic:
Run as non-root using security context
Minimal base images:
Resource limits:
Least privilege:
GKE hardening guide:
GKE sandboxes:
Kata containers:
State of Kubernetes Security
“The Devil in the Details: Kubernetes’ First Security Assessment”
Walls Within Walls: What If Your Attacker Knows Parkour?”
“Binary Authorization in Kubernetes”
“Piloting Around the Rocks: Avoiding Threats in Kubernetes”
“Hello from the Other Side: Dispatches from a Kubernetes
“How Kubernetes Components Communicate Securely in Your
“Sig-Auth Update”
“Attacking and Defending Kubernetes Clusters: A Guided Tour”

kubectl productivity

Auto Complete

source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.

echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.


kubectx helps you switch between clusters back and forth:

kubens helps you switch between Kubernetes namespaces smoothly:


kubectl explain
command outputs the specification of the requested resource or field.


A script to generate hundreds of convenient kubectl aliases programmatically.

Syntax explanation
  • k=kubectl
    • sys=--namespace kube-system
  • commands:
    • g=get
    • d=describe
    • rm=delete
    • a:apply -f
    • exexec -i -t
    • lologs -f
  • resources:
    • po=pod, dep=deploymenting=ingresssvc=servicecm=configmapsec=secretns=namespaceno=node
  • flags:
    • output format: oyamlojsonowide
    • all--all or --all-namespaces depending on the command
    • sl--show-labels
    • w=-w/--watch
  • value flags (should be at the end):
    • n=-n/--namespace
    • f=-f/--filename
    • l=-l/--selector


eBPF, OPA, Blackbox exporter, ffwd, Heroic

eBPF can be used for 

1. Map application and HA architecture
2. Detect network issues
3. Identify misbehaving svc

Open Policy Agent can be used to validate CRD

The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP.

ffwd is a flexible metric forwarding agent. It is intended to run locally on the system and receive metrics through a wide set of protocols and then forward them to your TSDB. 

Heroic A scalable time series database based on Bigtable, Cassandra, and Elasticsearch.

Easily Observing Operators

kube-state-metrics you can gather the following state about your cluster:
  • Counts of each object type
  • All of the Kubernetes labels and their values attached to each object
  • The creation time (as an epoch) of each object
  • Some generic, object specific “info”
  • Other states specific to the object in question

kube-state-metrics can be deployed like a classic Kubernetes service with only one replica.

List of metrics

Metrics about your CRD

Kustomize plugins

This is the third article out of three articles on Kubernetes tool : Kustomize. This article covers the plugins. 

kustomize plugins

Kustomize offers a plugin framework allowing people to write their own resource generators and transformers.


- gen_file.yaml
- trans_file.yaml

Let's focus on gen_file. Trans_file will be similar. 


apiVersion: "apiVersion"
kind: Gen_File
  name: "some name"

Now the file name "Gen_File" will be searched at path  
XDG_CONFIG_HOME = $HOME/.config = /home/manish.config
Possible value for apiVersion =

If failed then "" will be searched at same path

This file will be invoked with gen_file.yaml

Reference :

Built-in plugins :

Plugin Development

UseCases of Kustomize

This is the second article out of three articles on Kubernetes tool : Kustomize. This article covers the usecases. 

UseCase 1 : Config map generation and secreat generation 
- name: myregistrykey
 type: docker-registry
 - docker-username=DOCKER_USER
 - docker-password=DOCKER_PASSWORD
 - docker-email=DOCKER_EMAIL

This is same as: 

kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

Same as above configMapGenerator

- name: profile
  - hello.config
We can also merge two configmaps

- name: my-configmap
  behavior: merge

Configmap from literals

- name: my-configmap
  - foo=bar
  - baz=qux
UseCase 2 : Creating multiple variants using overlays. 
Edit attributes  as per specific file. Here localserv.yaml . Keyword is patchesStrategicMerge

kustomize edit add patch ocalserv.yaml

- ../../base
- localserv.yaml

Multi Variant Examples:

we can use "kustomize diff base/variant1/variant2" command to see the difference. 

UseCase 3 : edit container image and tag

kustomize edit set image busybox=alpine:3.6

- name: busybox
  newName: alpine
  newTag: 3.6
UseCase 4 : Remote Target
kustomize build can be run on a URL.

The effect is the same as cloning the repo, checking out a particular ref (commit hash, branch name, release tag, etc.), then running kustomize build against the desired directory in the local copy.
UseCase 5 : applying a JSON patch. Replace and add

cat <$DEMO_HOME/ingress_patch.json
  {"op": "replace", "path": "/spec/rules/0/host", "value": ""},
  {"op": "replace", "path": "/spec/rules/0/http/paths/0/backend/servicePort", "value": 8080}
You can also write the patch in YAML format. This example also shows the "add" operation:

cat <$DEMO_HOME/ingress_patch.yaml
- op: replace
  path: /spec/rules/0/host

- op: add
  path: /spec/rules/0/http/paths/-
    path: '/test'
      serviceName: my-test
      servicePort: 8081

- target:
    group: apps
    version: v1
    kind: Deployment
    name: my-nginx
  path: patch.yaml
UseCase 6 : Patch on multiple objects
JSON patch and strategic merge patch can be applied to selected resources

- path: "PatchFile"
    group: "Group"
    version: "Version"
    kind: "Kind"
    name: "Name"
    namespace: "Namespace"
    labelSelector: "LabelSelector"
    annotationSelector: "AnnotationSelector"
UseCase 7 : Injecting k8s runtime data into containers