Skip to content

Instantly share code, notes, and snippets.

@bprashanth
bprashanth / mongo.md
Last active August 8, 2016 21:04
Mongo petset

MongoDB is document database that supports range and field queries.

Replication

A single server can run either standalone or as part of a replica set. A "replica set" is set of mongod instances with 1 primary. Primary: receives writes, services reads. Can step down and become secondary. Secondary: replicate the primary's oplog. If the primary goes down, secondaries will hold an election. Arbiter: used to achieve majority vote with even members, do not hold data, don't need dedicated nodes. Never becomes primary.

apiVersion: v1
kind: Service
metadata:
name: echoheaders-lb
annotations:
service.alpha.kubernetes.io/only-node-local-endpoints: "true"
labels:
app: echoheaders-lb
spec:
type: LoadBalancer

First make your service type=NodePort

Then create an instance group in UI (console.cloud.google.com), with some pool of instances from one of your zones:

gcloud compute --project $PROJECT instance-groups create unmanaged $K8S_IG
gcloud compute --project $PROJECTinstance-groups unmanaged add-instances $K8S_IG --instances $NODE,$NODE_1...

Add the Service NodePort to the InstanceGroup:

gcloud compute --project $PROJECT instance-groups set-named-ports $K8S_G --named-ports svc1:$SVC1_NODE_PORT
apiVersion: v1
kind: Service
metadata:
name: echoheaders
labels:
app: echoheaders
spec:
type: NodePort
ports:
- port: 80
@bprashanth
bprashanth / simple_pv.yaml
Last active June 20, 2016 22:01
simple pv
apiVersion: v1
kind: PersistentVolume
metadata:
name: test
spec:
capacity:
storage: 200Gi
accessModes:
- ReadWriteOnce
gcePersistentDisk:
@bprashanth
bprashanth / laundry.sh
Created June 15, 2016 21:31
packet laundering
#! /bin/bash
until (ifconfig cbr0); do
echo waiting for cbr0
sleep 1
done
CIDR_PREFIX="$(ifconfig cbr0 | grep inet | awk '{print $2}' | awk -F ':' '{print $2}' | awk -F '.' '{print $1"."$2"."$3}')"
echo found CIDR prefix: $CIDR_PREFIX
ip netns add k8s_hairpin_workaround
echo created packet laundering netns k8s_hairpin_workaround
@bprashanth
bprashanth / packet_laundering.md
Last active March 9, 2023 11:16
Packet laundering

First create a working service:

apiVersion: v1
kind: Service
metadata:
  name: echoheaders
  labels:
    app: echoheaders
spec:
  # type: NodePort

Generate root/intermediate/end certs

Run https://gist.github.com/bprashanth/d79b9810dea8b07a7bb1ccf467be5b66 (some googling + fiddling of how to generate intermediates with openssl, so don't take this as an authoritative guide). That script will create 3 CSRs, one for the root, one for an intermediate, and the last one for the end user. You probably don't care about most of the fields of the CSR execpt for "Common Name", eg:

If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
#!/bin/bash
mkdir ~/SSLCA/root/
cd ~/SSLCA/root/
openssl genrsa -aes256 -out rootca.key 2048
openssl req -sha256 -new -x509 -days 1826 -key rootca.key -out rootca.crt
touch certindex
echo 1000 > certserial
echo 1000 > crlnumber
echo '
[ ca ]