Skip to content

Instantly share code, notes, and snippets.

View egeneralov's full-sized avatar

Eduard Generalov egeneralov

27 followers · 16 following
View GitHub Profile
@egeneralov
egeneralov / iptables-chain-whitelist-example.sh
Created May 18, 2021 08:30
#!/bin/bash -xe
apt-get install iptables{,-persistent}
iptables -N node-exporter
iptables -A node-exporter -s 1.1.1.1 -j ACCEPT
iptables -A node-exporter -s 1.0.0.1 -j ACCEPT
iptables -A node-exporter -s 8.8.8.8 -j ACCEPT
iptables -A node-exporter -s 127.0.0.0/8 -j ACCEPT
iptables -A node-exporter -j REJECT
@egeneralov
egeneralov / ansible-integrate-gitlab-instance-with-k8s.yaml
Created June 9, 2021 12:05
---
- name: integrate gitlab instance with k8s
hosts: kube-master[0]
gather_facts: no
tasks:
- apt:
name:
- python-pip
- python-setuptools
@egeneralov
egeneralov / satisfactory.rsc
Created June 19, 2021 23:30
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=5222 log=yes log-prefix=satisfactory protocol=tcp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=5222 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=6666 log=yes log-prefix=satisfactory protocol=tcp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=6666 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=7777 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=7777
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=7778 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=7778
@egeneralov
egeneralov / containerd tls auth.md
Created June 30, 2021 02:04

containerd registry tls certificates auth

  • ${EDITOR} /etc/containerd/config.toml
  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.company.org".tls]
    ca_file   = "/etc/containerd/certs.d/registry.company.org/ca.pem"
    cert_file = "/etc/containerd/certs.d/registry.company.org/cert.pem"
    key_file  = "/etc/containerd/certs.d/registry.company.org/key.pem"
@egeneralov
egeneralov / gitlab runners cluster-admin.md
Last active June 30, 2021 02:06

gitlab runners cluster-admin (from kubernetes integration application tab)

cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-managed-apps
roleRef:
 apiGroup: rbac.authorization.k8s.io
@egeneralov
egeneralov / gitlab-rails console.rb
Created July 25, 2021 13:15
dump info about gitlab-runner[s]
for runner in Ci::Runner.find_each
if runner.ip_address == "1.1.1.1"
print(runner.to_json, "\n")
end
end
@egeneralov
egeneralov / debian-install-verify-containerd.sh
Created August 14, 2021 21:39
#!/bin/bash -x
apt-get update -q
apt-get install -yq curl sudo gnupg2
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
echo "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" > /etc/apt/sources.list.d/docker.list
apt-get update -q
apt-get install -yq containerd{,.io}
@egeneralov
egeneralov / kubeadm-InsecureSkipTLSVerify.diff
Last active January 22, 2022 16:12
diff --git a/cmd/kubeadm/app/cmd/join.go b/cmd/kubeadm/app/cmd/join.go
index 8487bd5aba4..3c8808139a0 100644
--- a/cmd/kubeadm/app/cmd/join.go
+++ b/cmd/kubeadm/app/cmd/join.go
@@ -481,6 +481,13 @@ func (j *joinData) InitCfg() (*kubeadmapi.InitConfiguration, error) {
return nil, err
}
klog.V(1).Infoln("[preflight] Fetching init configuration")
+
+ for _, el := range j.tlsBootstrapCfg.Clusters {
@egeneralov
egeneralov / kind.md
Last active September 23, 2021 04:12
@egeneralov
egeneralov / java-opts-discover-cgroup-limits.txt
Created September 23, 2021 03:59
-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 -XshowSettings:vm