Derrick Burns derrickburns
derrickburns
/ gist:a1d90312765a1c7612b9a79e929fdfcd
Created
June 12, 2023 19:30
Probabilistic analysis of failures
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import yaml | |
| import sys | |
| from decimal import Decimal, getcontext | |
| from collections import defaultdict | |
| # Set the precision | |
| getcontext().prec = 100 | |
| def calculate_probability(N: int, M: int) -> float: | |
| return 1 - (Decimal(1)/Decimal(M))**N |
derrickburns
/ gist:807ef5acfe7d05a1870188686817da7f
Created
June 10, 2023 00:36
Multi-AZ anti-affinity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import yaml | |
| import csv | |
| from collections import defaultdict | |
| def supports_anti_affinity_across_zones(deployment): | |
| affinity = deployment.get('spec', {}).get('template', {}).get('spec', {}).get('affinity', {}) | |
| pod_anti_affinity = affinity.get('podAntiAffinity', {}) | |
| required_during_scheduling_ignored_during_execution = pod_anti_affinity.get('requiredDuringSchedulingIgnoredDuringExecution', []) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import yaml | |
| import csv | |
| from collections import defaultdict | |
| def check_security_best_practices(deployment, stats): | |
| spec = deployment.get('spec', {}) | |
| pod_spec = spec.get('template', {}).get('spec', {}) | |
| containers = pod_spec.get('containers', []) | |
derrickburns
/ gist:b2d5c884edeb82b72269c35a256bda2a
Last active
June 11, 2023 22:37
Identify K8s Deployments without HA enabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I then ran a rather simple script to identify whether each Deployment resource has the necessary (though not sufficient!) configuration to support a high availability deployment, by which I mean: | |
| more than one replica, | |
| an anti-affinity rule, | |
| a liveness probe, and | |
| a readiness probe. | |
| I did not review the actual content returned, so it is entirely possible that there are not enough replicas, the anti-affinity rule is incorrect, or one of the probes is incorrect. | |
| However, this cursory audit reveals that of the 270 total Deployment resources, only 20 have anti-affinity rules. Of these 20, only 18 have more than one replica. Of these 18, 16 have readiness probes, 15 have liveness probes, and 14 have both readiness and liveness probes. |
derrickburns
/ unwatch.sh
Created
March 26, 2022 17:03
— forked from madchap/unwatch.sh
Unwatch all github repos from organization (unsubscribe)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # get api token with proper perms, ensure full "repos" for private repo access. | |
| $ export auth="Authorization: token 123345465hfghfghfghgfhgfhfg" | |
| $ export org="your_org" | |
| # get the last page in the Link header. github API limits per_page to 100. Anything over this will require pagination. | |
| $ curl -I -H "$auth" https://api.github.com/orgs/$org/repos | |
| # go over all pages. Put this in a script, and save it. | |
| #!/bin/bash |