alexei-led

spotinfo --type="^[[:alnum:]]{2}g\.\S*" --cpu=8 --region=us-west-2 --sort=price --output=text

## output
type=t4g.2xlarge, vCPU=8, memory=32GiB, saving=70%, interruption='<5%', price=0.08
type=c6g.2xlarge, vCPU=8, memory=16GiB, saving=50%, interruption='<5%', price=0.14
type=m6g.2xlarge, vCPU=8, memory=32GiB, saving=54%, interruption='<5%', price=0.14
type=r6g.2xlarge, vCPU=8, memory=64GiB, saving=63%, interruption='<5%', price=0.15
type=c6g.4xlarge, vCPU=16, memory=32GiB, saving=50%, interruption='<5%', price=0.27
type=m6g.4xlarge, vCPU=16, memory=64GiB, saving=54%, interruption='5-10%', price=0.28
type=r6g.4xlarge, vCPU=16, memory=128GiB, saving=63%, interruption='<5%', price=0.30

alexei-led

spotinfo --type=t4g.small --output=table --region=all

# output
┌────────────────┬───────────────┬──────┬────────────┬────────────────────────┬───────────────────────────┬──────────┐
│ REGION         │ INSTANCE INFO │ VCPU │ MEMORY GIB │ SAVINGS OVER ON-DEMAND │ FREQUENCY OF INTERRUPTION │ USD/HOUR │
├────────────────┼───────────────┼──────┼────────────┼────────────────────────┼───────────────────────────┼──────────┤
│ us-west-2      │ t4g.small     │    2 │          2 │                    70% │ <5%                       │    0.005 │
├────────────────┼───────────────┼──────┼────────────┼────────────────────────┼───────────────────────────┼──────────┤
│ ap-northeast-1 │ t4g.small     │    2 │          2 │                    70% │ <5%                       │   0.0065 │
├────────────────┼───────────────┼──────┼────────────┼────────────────────────┼───────────────────────────┼──────────┤

alexei-led

kubectl create -f deployment/service-account.yaml

alexei-led

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": "secretsmanager:GetSecretValue",
        "Resource": "arn:aws:secretsmanager:us-west-2:123456789012:secret:aes128-1a2b3c"
    }
}

alexei-led

# environment variable passed to `secrets-init`
DB_PASSWORD=arn:aws:secretsmanager:$AWS_REGION:$AWS_ACCOUNT_ID:secret:dbpassword-cdma3

# environment variable passed to the child process, resolved by `secrets-init`
DB_PASSWORD=very-secret-password

alexei-led

kubectl create -f deployment/mutatingwebhook-bundle.yaml

alexei-led

kubectl create -f deployment/deployment.yaml

kubectl create -f deployment/service.yaml

alexei-led

./deployment/webhook-create-signed-cert.sh

creating certs in tmpdir /var/folders/vl/gxsw2kf13jsf7s8xrqzcybb00000gp/T/tmp.xsatrckI71
Generating RSA private key, 2048 bit long modulus
.........................+++
....................+++
e is 65537 (0x10001)
certificatesigningrequest.certificates.k8s.io/secrets-init-webhook-svc.default created
NAME                         AGE   REQUESTOR              CONDITION
secrets-init-webhook-svc.default   1s    [email protected]   Pending

alexei-led

cat ./deployment/mutatingwebhook.yaml | ./deployment/webhook-patch-ca-bundle.sh > ./deployment/mutatingwebhook-bundle.yaml

alexei-led

[...]
      service:
        name: secrets-init-webhook-svc
        namespace: default
        path: "/pods"
      caBundle: ${CA_BUNDLE}
[...]