Skip to content

Instantly share code, notes, and snippets.

View ams0's full-sized avatar
🏠
Working from home

Alessandro Vozza ams0

🏠
Working from home
356 followers · 132 following
View GitHub Profile
@ams0
ams0 / cert-manager-ca-for-osm.sh
Created May 18, 2022 05:27
Deploys cert-manager with a custom CA and OSM pointing to that.
#create CA cert and key
brew install step
step certificate create root.osm.cluster.local ca.crt ca.key \
--not-after=87600h --profile root-ca --no-password --insecure
kubectl create ns cert-manager
kubectl create secret generic osm-ca-bundle -n cert-manager --from-file=tls.key=ca.key --from-file=tls.crt=ca.crt
helm upgrade -i cert-manager \
--namespace cert-manager --create-namespace \
@ams0
ams0 / aks-arc-gitops
Last active May 12, 2022 18:25
#Arc+Gitops in AKS
#Prep:
az config set extension.use_dynamic_install=yes_without_prompt
az extension add --name k8s-extension
az extension add --name k8s-configuration
az extension add --name aks-preview
RG=resources
CLUSTER=arc
@ams0
ams0 / brew.txt
Last active October 5, 2022 19:51
Azure/kubelogin/kubelogin
act
adns
aerial
alfred
ansible
aom
apparency
apr
apr-util
@ams0
ams0 / azurethursday_meetup.sh
Last active May 5, 2022 18:16
#https://docs.microsoft.com/en-us/azure/container-registry/container-registry-oci-artifacts
ACR_NAME=azuregiovedi
REGION=southcentralus
REGISTRY=$ACR_NAME.azurecr.io
REPO=net-monitor
TAG=v1
IMAGE=$REGISTRY/${REPO}:$TAG
@ams0
ams0 / backup-managed-disks.sh
Created December 14, 2021 15:14
#!/bin/bash -e
backuprg=prd-northeurope-backup-rg
location=northeurope
for name in `az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks']".name -o tsv`; do
for id in `az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks' && name=='$name'].id" -o tsv`; do
rg=`az resource list --tag backup=true --query "[?type=='Microsoft.Compute/disks' && name=='$name'].resourceGroup" -o tsv`;
az snapshot create --tags createdby=backupscript --incremental -l $location -g $backuprg --source $id --name $name-snap-$rg-`date '+%Y-%m-%d'` > /dev/null 2>&1;
echo "Incremental snapshot created from disk $name, saved as $name-snap-$rg-`date '+%Y-%m-%d'` in resource group $backuprg, tagged with createdby = backupscript";
@ams0
ams0 / Add Azure cloud shell IP to authorized IP address of AKS.txt
Created May 12, 2021 11:18
CLUSTER=prd-gp-cluster
RG=prd-northeurope-gp-rg
CLOUD_SHELL_IP=`curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'`
PREVIOUS_ADDRESSES=`az aks show -g $RG -n $CLUSTER --query apiServerAccessProfile.authorizedIpRanges -o tsv | sed -z 's/\n/,/g;s/,$/\n/'`
az aks update -g $RG -n $CLUSTER --api-server-authorized-ip-ranges $PREVIOUS_ADDRESSES,$CLOUD_SHELL_IP
@ams0
ams0 / scan_all_k8s_images.sh
Created March 11, 2021 00:35
A script to scan all images in the current Kubernetes cluster with Trivy (https://github.com/aquasecurity/trivy) for high & critical vulnerabilities.
#/bin/bash
if [ ! -f /usr/local/bin/trivy ]; then
echo "Trivy not found! Please install it from https://github.com/aquasecurity/trivy"
fi
for image in `kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c | awk '{print $2}'`; do trivy image -s HIGH,CRITICAL $image; done
@ams0
ams0 / git-rebase.sh
Created February 12, 2021 15:58
A script to rebase branch X from branch Y
#!/bin/bash
#Usage: gitrebase.sh <branch to rebase into> <branch to rebase from>
# $> gitrebase devel main
echo "Rebasing branch $1 from branch $2"
git checkout $1
git pull
@ams0
ams0 / backup-github.md
Last active January 12, 2021 13:11
Backup your Github account and start over

#Backup your github account

install the NPM package "repos"

npm install -g repos

get a list of all your repos

@ams0
ams0 / auditpolicy-kube-apiserver.yaml
Created January 10, 2021 03:18
...
spec:
containers:
- command:
- kube-apiserver
- --audit-policy-file=/etc/kubernetes/audit-policy.yaml
- --audit-log-path=/var/log/audit.log
- --audit-log-maxsize=10
- --audit-log-maxbackup=7