I hereby claim:
- I am gauntletwizard on github.
- I am gauntletwizard (https://keybase.io/gauntletwizard) on keybase.
- I have a public key ASA3GF3F2JAd_WN9-svtXfeDHDvSu7WiLV1V2L0n01gw8Qo
To claim this, I am signing this object:
Ted Hahn GauntletWizard
GauntletWizard
/ Pipefail example
Created
May 23, 2016 06:48
An example of how to use the pipefail option, and how it works.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -e | |
| set -x | |
| true | false |true | |
| echo "done" | |
| set -o pipefail | |
| true | false ||true |
GauntletWizard
/ keybase.md
Created
August 15, 2016 19:00
GauntletWizard
/ gceips.py
Created
March 1, 2017 21:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # gceips.py - A script to print the cidr ranges of all of GCE. | |
| # https://cloud.google.com/compute/docs/faq#where_can_i_find_short_product_name_ip_ranges | |
| import re | |
| # pip install dnspython | |
| import dns.resolver | |
| from dns.rdatatype import TXT | |
| includesmatch = re.compile(r'include:([\w\.-]*)') |
- Use terraform, or other declarative infrastructure
- Use Organizations for billing. Set up an Org account, with an Infra account for build artifacts/login, and development, staging, and prod accounts with appropriate permissions.
- Developers should all have admin permissions in dev, and only necessary permissions in staging and prod. Staging should be exactly like prod except that customers aren't using it. Dev should be as close as possible, with any changes being backed out and repeated in staging before they make it to staging.
GauntletWizard
/ gimpgradientanimate.py
Created
October 31, 2017 20:47
Animate a transition between two images in GIMP.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Find our image, and first and last images. | |
| # Gimp GIF export animates from bottom to top, so these are backwards. | |
| foo = gimp.image_list()[0] | |
| start = foo.layers[0] | |
| end = foo.layers[1] | |
| start.visible = False | |
| end.visible = False | |
| # Step - How much we increase opacity each time. |
Read one link per day, mull on it, and ask clarifying questions from your local SRE
- What is a deployment?
- Don't ready the whole doc - It's long and technical. Just read the preview, and know the primitives it mentions - Create, Update, Rollback, Scale, Pause, Status, Cleanup.
- Pods
- Persistent Volumes in k8s.
- Editorializing for a bit; there's a bunch here, its very complex and only adds more. There's very few good reasons to use volumes. It doesn't reduce complexity vs. provisioning your backing store in more traditional ways. K8s is great because we're moving to stateless microservices; for stateful services like database backends, generally a losing proposition. Except when you can rapidly and automatically rebuild from quorum; I'll discuss those later.
- [What is a node?](https://kuber
GauntletWizard
/ honeysave.sh
Created
April 13, 2018 22:59
Saves honeycomb boards for version control purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # honeysave.sh - Saves honeycomb boards for version control purposes | |
| WRITEKEY="" | |
| honeycurl() { | |
| curl -H "X-Honeycomb-Team: ${WRITEKEY}" https://api.honeycomb.io/1/boards/$* | |
| } | |
| save() { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl --context CLUSTER run --image ubuntu pgtool -- /bin/bash -c "apt-get update; apt-get install -y postgresql-client; trap : TERM INT; sleep infinity & wait" | |
| kubectl --context gke_lido-staging_us-east1_lido-staging-us-east1 run --image redis redis -- /bin/bash -c "trap : TERM INT; sleep infinity & wait" | |
| kubectl --context CLUSTER run --image amazon/aws-cli --command --overrides='{"spec": { "serviceAccountName": "default"}}' cli -- /bin/bash -c "trap : TERM INT;sleep infinity" | |
| yq -o json '.spec.template | .metadata.name="bc-test" | .kind = "Pod" | .apiVersion = "v1" | .spec.containers[].command = ["/bin/bash", "-c", "sleep 86400"] | .spec.containers[].livenessProbe=null | .spec.containers[].readinessProbe=null' deployment.yaml | kubectl apply -f - | |
| # Debug cronjob | |
| kubectl get cronjobs.batch CRONJOB -o json | jq '{"apiVersion": "batch/v1", "kind": "Job", spec: .spec.jobTemplate.spec, metadata: { name: .metadata.name + (now | floor|tostring)}}' |
GauntletWizard
/ gist:3c5f13c3c98eb68148b7c365ee4b0f43
Last active
July 11, 2018 21:29
Creating a IAM user/policy for K8s role accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -eux -o pipefail | |
| IAMUSER="$1" | |
| aws iam create-user --user-name "${IAMUSER}" | |
| POLICY="$(aws iam create-policy --policy-name "${IAMUSER}" --policy-document file://policy.json)" # "file://${IAMUSER}.policy" | |
| ARN="$(echo $POLICY |jq -r .Policy.Arn)" | |
| aws iam attach-user-policy --user-name "${IAMUSER}" --policy-arn="${ARN}" | |
| # Create the access-key and parse the response to the ID and Secret | |
| KEY="$(aws iam create-access-key --user-name "${IAMUSER}")" | |
| KEYID="$(echo "${KEY}" |jq -r .AccessKey.AccessKeyId)" | |
| KEYSECRET="$(echo "${KEY}" |jq -r .AccessKey.SecretAccessKey)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Notes on connecting | |
| # Trust the k8s root certificate | |
| security -v add-trusted-cert -k "${HOME}/Library/Keychains/login.keychain-db" -r trustRoot "${KUBE_CERT}" | |
| # Generate a user key and `security import` it | |
| openssl genrsa -out "${CLIENTCERTKEY}" 4096 | |
| security import "${CLIENTCERTKEY}" | |
| # Set for OSX | |
| # Get the sha | |
| # security find-cert -a -c ted -Z |
OlderNewer