Skip to content

Instantly share code, notes, and snippets.

View avoidik's full-sized avatar

Viacheslav Vasilyev avoidik

22 followers · 6 following
View GitHub Profile
@avoidik
avoidik / eks_best_practice.md
Created November 9, 2021 01:39 — forked from ejlp12/eks_best_practice.md
EKS Best Practice

Please check https://aws.github.io/aws-eks-best-practices/ for more comprehensive EKS best practice!

Architecture

  • Think about multi-tenancy, isolation for different environment or different workload
    • Isolation at account level using AWS organization
    • Isolation at the network layer ie. different VPC & different cluster
    • Use different Nodes Group (Node pool) for different purpose/category e.g. create dedicated node groups for Operational tools such as CI/CD tool, Monitoring tool, Centralize logging system.
    • Separate namespace for different workload

Reliability | Principles

@avoidik
avoidik / telegraf.conf
Created September 29, 2021 15:52 — forked from pacohope/telegraf.conf
Telegraf config for FreeBSD on EC2 using CloudWatch on AWS
# Generic, basic /usr/local/etc/telegraf.conf file for FreeBSD
# Gathers some basic metrics and transmits them to cloudwatch
# Be sure to set the region below
[agent]
interval = "10s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
@avoidik
avoidik / FreeBSD-11-ec2-cloudwatch.md
Created September 29, 2021 15:52 — forked from pacohope/FreeBSD-11-ec2-cloudwatch.md
FreeBSD 11 on AWS EC2, with CloudWatch Logs and EC2 Metrics

Introduction

This is how you would create a livable FreeBSD instance on EC2 by hand. The smart thing to do is to automate most of these actions. But I do it this way so you can see and understand all the different techniques. I want to create FreeBSD instances in EC2 and I want some of the management benefits that come from native AWS technologies like CloudWatch. It can be done, but it takes a bit of extra work because FreeBSD isn't Linux, and AWS doesn't directly support FreeBSD.

Prepping in AWS land

Before we go far, we will want some things setup in AWS IAM and VPC. I assume you have already created a VPC, decided what network numbers you're going to use, created a subnet and so on. If you haven't done those basic things, you need to go do them. I also assume you've created an ssh key and uploaded it to your AWS account.

@avoidik
avoidik / Uninstall-Pester.ps1
Created July 31, 2021 18:11 — forked from nohwnd/Uninstall-Pester.ps1
Remove built-in version of Pester 3 (or -All) from Windows 10 Program Files and Program Files (x86).
#Requires -RunAsAdministrator
function Uninstall-Pester ([switch]$All) {
if ([IntPtr]::Size * 8 -ne 64) { throw "Run this script from 64bit PowerShell." }
#Requires -RunAsAdministrator
$pesterPaths = foreach ($programFiles in ($env:ProgramFiles, ${env:ProgramFiles(x86)})) {
$path = "$programFiles\WindowsPowerShell\Modules\Pester"
if ($null -ne $programFiles -and (Test-Path $path)) {
if ($All) {
@avoidik
avoidik / logstash-cloudwatch.yml
Created June 17, 2021 13:07 — forked from callum-p/logstash-cloudwatch.yml
Deploys lambda functions to forward cloudwatch logs to logstash
Description: Deploys lambda functions to forward cloudwatch logs to logstash
Parameters:
coreNetworkingStackName:
Type: String
Resources:
lambdaRole:
Type: "AWS::IAM::Role"
Properties:
@avoidik
avoidik / log-forwarding-with-etw.ps1
Created June 10, 2021 12:24 — forked from ajpc500/log-forwarding-with-etw.ps1
Quick-and-dirty PowerShell script to install Sysmon (SwiftOnSecurity config), SilkService and Winlogbeat, and forward logs to HELK based on IP set in environment variable "HELK_IP" (see Line 233).
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$wc = New-Object System.Net.WebClient
if (!(Test-Path "C:\Tools")) {
New-Item -Path "C:\" -Name "Tools" -ItemType "directory"
}
# SYSMON
# Download Sysmon
$SysmonDirectory = "C:\Tools\Sysmon\"
@avoidik
avoidik / aws-auth-cm.sh
Created May 22, 2021 17:31 — forked from pmatv/aws-auth-cm.sh
Map IAM group to EKS ConfigMap
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
IAM_GROUP=${1:-admins}
EKS_ROLE_ARN=${2:-arn:aws:iam::111122223333:role/eks-node-role}
RBAC_GROUP=${3:-system:masters}
@avoidik
avoidik / kcgroups.md
Created April 24, 2021 21:10 — forked from mcastelino/kcgroups.md
Kubernetes and cgroups Resource Management/Static cpuManagerPolicy/Memory and Resource Isolation & Scheduling

Overview

The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc.

Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f

If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.

Kubernetes Resource Management

@avoidik
avoidik / wsl2-network.ps1
Created April 1, 2021 10:42 — forked from daehahn/wsl2-network.ps1
WSL 2 TCP NETWORK FORWARDING
# WSL2 network port forwarding script v1
# for enable script, 'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser' in Powershell,
# for delete exist rules and ports use 'delete' as parameter, for show ports use 'list' as parameter.
# written by Daehyuk Ahn, Aug-1-2020
# Display all portproxy information
If ($Args[0] -eq "list") {
netsh interface portproxy show v4tov4;
exit;
}
@avoidik
avoidik / jitsi-meet-multi-server.md
Created March 8, 2021 10:26 — forked from facsiaginsa/jitsi-meet-multi-server.md
This tutorial is for jitsi-meet installation using 2 server or more. The main server will contain jitsi-meet react source code, prosody, nginx, and jicofo. The videobridge will be installed seperatelly on the second server and so on.

How to Install Jitsi Meet with Multi Server Configuration

This tutorial is for jitsi-meet installation using 2 server or more. The main server will contain jitsi-meet react source code, prosody, nginx, and jicofo. The videobridge will be installed seperatelly on the second server and so on.

Prerequisite

  1. Minimum 2 server with 1 IP Public each
  2. Ubuntu 18.04

Sudo Privileges

Before start we make sure that we will have no permission issue on the installation.