Skip to content

Instantly share code, notes, and snippets.

View armenr's full-sized avatar

Armen Rostamian armenr

View GitHub Profile
@armenr
armenr / install_k3s.sh
Created February 19, 2022 19:10
Testing Things - Don't mind me
#!/bin/sh
set -e
set -o noglob
# Usage:
# curl ... | ENV_VAR=... sh -
# or
# ENV_VAR=... ./install.sh
#
# Example:
@armenr
armenr / ssh_key.tf
Created November 21, 2022 12:01 — forked from irvingpop/ssh_key.tf
Terraform external data source example - dynamic SSH key generation
# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use:
# "${data.external.ssh_key_generator.result.public_key}" (contents)
# "${data.external.ssh_key_generator.result.private_key}" (contents)
# "${data.external.ssh_key_generator.result.private_key_file}" (path)
data "external" "ssh_key_generator" {
program = ["bash", "${path.root}/../ssh_key_generator.sh"]
query = {
customer_name = "${var.customer_name}"
customer_group = "${var.customer_group}"
@armenr
armenr / Dockerfile
Last active November 30, 2022 09:36
ArgoCD 2.5.2 + Extras w/ Helmfile (helmfile, helm-diff, helm-secrets)
# syntax=docker/dockerfile:1.4
# follow link regarding ^^: https://hub.docker.com/r/docker/dockerfile
################################################################################
# Straightforward ArgoCD + HelmFile Custom Image
################################################################################
# This Dockerfile allows us to customize the ArgoCD Docker image with additional tooling
# This could be achieved by using a CMP-sidecar, but we'd prefer not to lose hours/days
# fiddling with Argo's as-yet clumsy-feeling plugin sidecar + cmp support.
@armenr
armenr / README.md
Last active April 16, 2023 03:35
Terraform external data source to generate SOPS-encrypted secret files

Terraform gen-sops

This example demonstrates how to use terraform's external data provider to automatically encrypt and save sops secrets files.

This implementation makes every effort to avoid exposing secrets in stdout, or by writing unencrypted data to temporary files on disk.

The example includes:

  1. gen-sops.sh script (generates and returns sops-encrypted file contents to terraform)
  2. test_gen-sops.sh script which provides an easy way to continuously test your script
  3. terraform example implementation (vars.tf, sops_secrets.tf)
@armenr
armenr / install_ncdu_amazon_linux.sh
Created April 21, 2023 14:46 — forked from MrHassanMurtaza/install_ncdu_amazon_linux.sh
Install ncdu on amazon linux 2
#!/bin/bash
# install packages/dependencies for compilation
sudo yum -y install gcc make ncurses-devel
cd /tmp
# the latest version of ncdu is published here: http://dev.yorhel.nl/ncdu
# update the link below if necessary:
wget -nv http://dev.yorhel.nl/download/ncdu-1.10.tar.gz
@armenr
armenr / README.md
Last active May 22, 2023 12:38
terraform null_resource for automatically setting up Cilium + EKS via Cilium CLI

Install Cilium on EKS

Example

ENI Mode

The example auto-installs cilium into EKS with the default ENI "datapath" (aka - "mode").

Be sure to roll/restart all running pods upon successful installation. Cilium will restart "unamanaged" pods, but that doesn't mean all pods will get restarted.

@armenr
armenr / README.md
Last active February 20, 2024 23:48
Wait for EC2 to Become Reachable

EC2 Wait Until Ready

This script is part of a broader library of utilities that are used in conjunction with Terraform...to make life better/easier for Ops & SRE.

Use-Case

Not everything begins and ends with Kubernetes. Sometimes, you've got things to do directly on an EC2. It (almost) always goes the same way:

  1. Create an instance
@armenr
armenr / README.md
Last active July 15, 2025 07:13
Cilium vxlan overlay for EKS clusters

Cilium vxlan overlay w/ Terraform

Why?

The AWS EKS team works extremely hard. We appreciate all of their effort.

But the aws-vpc-cni requires fine-tuning of complex settings, and:

  1. Limits the number of pods you can run on an EC2, based on the number of ENIs that instance size (or type) can support. Pod density is valuable.
  2. Requires you to play with settings like WARM_ENI_TARGET, WARM_IP_TARGET, WARM_PREFIX_TARGET, etc...
  3. Runs into conditions where Pods get stuck in "Creating," since IP management gets tricky based on cluster pod churn, and aws-vpc-cni...and ENABLE_PREFIX_DELEGATION + branching can lead to a lot of wasted IPs
@armenr
armenr / sse.ts
Created January 12, 2024 16:41 — forked from atinux/sse.ts
SSE endpoint example with Nuxt 3
// ~/server/api/sse.ts
export default defineEventHandler(async (event) => {
if (!process.dev) return { disabled: true }
// Enable SSE endpoint
setHeader(event, 'cache-control', 'no-cache')
setHeader(event, 'connection', 'keep-alive')
setHeader(event, 'content-type', 'text/event-stream')
setResponseStatus(event, 200)
@armenr
armenr / eslint.config.js
Last active June 23, 2025 07:31
antfu-eslintconfig + oxlint?
import antfu from '@antfu/eslint-config'
import { FlatCompat } from '@eslint/eslintrc'
// see here: https://github.com/oxc-project/eslint-plugin-oxlint
import oxlint from "eslint-plugin-oxlint"
const compat = new FlatCompat()
export default antfu({
typescript: {