#Backup your github account
install the NPM package "repos"
npm install -g reposget a list of all your repos
ams0
/ azurethursday_meetup.sh
Last active
May 5, 2022 18:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #https://docs.microsoft.com/en-us/azure/container-registry/container-registry-oci-artifacts | |
| ACR_NAME=azuregiovedi | |
| REGION=southcentralus | |
| REGISTRY=$ACR_NAME.azurecr.io | |
| REPO=net-monitor | |
| TAG=v1 | |
| IMAGE=$REGISTRY/${REPO}:$TAG |
ams0
/ backup-managed-disks.sh
Created
December 14, 2021 15:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| backuprg=prd-northeurope-backup-rg | |
| location=northeurope | |
| for name in `az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks']".name -o tsv`; do | |
| for id in `az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks' && name=='$name'].id" -o tsv`; do | |
| rg=`az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks' && name=='$name'].resourceGroup" -o tsv`; | |
| az snapshot create --tags createdby=backupscript --incremental -l $location -g $backuprg --source $id --name $name-snap-$rg-`date '+%Y-%m-%d'` > /dev/null 2>&1; | |
| echo "Incremental snapshot created from disk $name, saved as $name-snap-$rg-`date '+%Y-%m-%d'` in resource group $backuprg, tagged with createdby = backupscript"; |
ams0
/ Add Azure cloud shell IP to authorized IP address of AKS.txt
Created
May 12, 2021 11:18
ams0
/ scan_all_k8s_images.sh
Created
March 11, 2021 00:35
A script to scan all images in the current Kubernetes cluster with Trivy (https://github.com/aquasecurity/trivy) for high & critical vulnerabilities.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| if [ ! -f /usr/local/bin/trivy ]; then | |
| echo "Trivy not found! Please install it from https://github.com/aquasecurity/trivy" | |
| fi | |
| for image in `kubectl get pods --all-namespaces -o jsonpath="{..image}" |\ | |
| tr -s '[[:space:]]' '\n' |\ | |
| sort |\ | |
| uniq -c | awk '{print $2}'`; do trivy image -s HIGH,CRITICAL $image; done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Usage: gitrebase.sh <branch to rebase into> <branch to rebase from> | |
| # $> gitrebase devel main | |
| echo "Rebasing branch $1 from branch $2" | |
| git checkout $1 | |
| git pull |
ams0
/ backup-github.md
Last active
January 12, 2021 13:11
Backup your Github account and start over
ams0
/ auditpolicy-kube-apiserver.yaml
Created
January 10, 2021 03:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| spec: | |
| containers: | |
| - command: | |
| - kube-apiserver | |
| - --audit-policy-file=/etc/kubernetes/audit-policy.yaml | |
| - --audit-log-path=/var/log/audit.log | |
| - --audit-log-maxsize=10 | |
| - --audit-log-maxbackup=7 |
ams0
/ check_storage_account_public_access_containers.sh
Last active
January 7, 2021 01:03
Checks the current subscription for public access containers in all storage accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| red=`tput setaf 1` | |
| reset=`tput sgr0` | |
| subscription=$(az account show -o tsv --query id) | |
| echo "Checking subscription $subscription" | |
| for account in `az storage account list -o tsv --query [].name` |
ams0
/ kubenet-azurecni-comparison.txt
Last active
December 28, 2020 16:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Kubenet vs AzureCNI for Cilium investigation | |
| az aks create -k 1.19.3 --enable-managed-identity -g k8s --network-plugin kubenet -s Standard_B4ms -c 2 -n kubenet --no-wait | |
| az aks create -k 1.19.3 --enable-managed-identity -g k8s --network-plugin azure -s Standard_B4ms -c 2 -n cilium --no-wait | |
| AzureCNI | |
| # cat /etc/systemd/system/kubelet.service | |
| [Unit] | |
| Description=Kubelet | |
| ConditionPathExists=/usr/local/bin/kubelet |
ams0
/ kubeadm-containerd-audit.md
Last active
January 29, 2021 13:36
First, we'll need a VM. In one simple command, you can create a VM in azure and pass a cloud-init script that will install containerd and kubeadm, and will deploy a single node Kubernetes cluster:
wget https://gist.githubusercontent.com/ams0/0e57d15d53782c2c2259cce8545caa70/raw/d4e0686e4dc068ea146717af5d5a7be3dab97a4c/kubeadm-containerd.sh
az group create -n cks
az vm create -g cks -n cks --image UbuntuLTS --ssh-key-values ~/.ssh/id_rsa.pub --admin-username cks --size Standard_B4ms --custom-data kubeadm-containerd.sh