Security vulnerabilities in software dependencies are inevitable. What matters is how quickly and accurately they’re tracked. The Go Vulnerability Database powers tools like govulncheck, helping developers identify vulnerable code in their projects. Recently, I contributed CL734660 to add missing symbols to vulnerability report GO-2025-4188. This post walks through what the Go Vulnerability Database is, why contributions matter, and how you can make your own.
Read More
First of all, what is an EgressIP?, an EgressIP allows one to ensure that the traffic from one or more pods in one or more namespaces has a consistent source IP address for services outside the cluster network. It uses the namespaceSelector or podSelector to identify the traffic. The OVN-K documentation explains the in-depth traffic flow. When it comes to the EgressIP that has attached to the secondary interface of the OpenShift node, it showed the limitation to communicate to the different subnet. The workaround for the issue was not practical as the node’s rule table with source IP of the pod should be modified.
Read More
MetalLB is a must-have Operator in the non-cloud OpenShift/Kubernetes environment. It fecilitates the automated assignment of an ExternalIP to a Service so that it can be accessed from the outside world. It attract external traffic using ARP and BGP protocol in the IPv4 network. In this post, we are discussing the usage of BGP protocol in detail. First of all, for the better understanding, we can divide our topic into three different parts.
- How to create a MetalLB + BGP lab environment?
- What are the flows of communication between the MetalLB and a router?
- How to trace an issue while configuring a BGP peer?
Read More
