Skip to content

Instantly share code, notes, and snippets.

@jewzaam
jewzaam / grafana
Created August 12, 2020 21:02
Fire up local grafana for remote prometheus using oc to get bearer token etc.
#!/bin/bash
DEFAULT_PORT=3000
PORT=${1:-$DEFAULT_PORT}
CONTAINER_ENGINE=${CONTAINER_ENGINE:-docker}
SA_NAME=prometheus-k8s
SA_NAMESPACE=openshift-monitoring
SA_TOKEN=$(oc -n $SA_NAMESPACE sa get-token $SA_NAME)
@jewzaam
jewzaam / nmalik-prometheus.yaml
Last active July 23, 2020 16:59
install prometheus from operatorhub.io catalog source
---
apiVersion: project.openshift.io/v1
kind: Project
metadata:
name: nmalik-prometheus
---
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: operatorhubio-catalog
@jewzaam
jewzaam / alertmanager.yaml
Created June 5, 2020 17:16
example alertmanager configuration
global:
resolve_timeout: 5m
pagerduty_url: https://events.pagerduty.com/v2/enqueue
route:
receiver: "null"
group_by:
- job
routes:
- receiver: "null"
group_by:
@jewzaam
jewzaam / yaml2json
Created March 27, 2020 13:23
convert yaml to json
python -c 'import json, sys, yaml ; y=yaml.safe_load(sys.stdin.read()) ; print(json.dumps(y))'
@jewzaam
jewzaam / python-crd-rbac.py
Created March 17, 2020 21:24
Script to grant RBAC to dedicated-admins for CRDs
import re
from kubernetes import client, config
from kubernetes.client import ApiClient
# based on initial 4.3.0 installation using 3 tiers of crd name possible:
# oc get crds -o json | jq -r '.items[].metadata.name' | sed 's/.*\(\.[^.]*\.[^.]*\.[^.]*\)$/\1/g' | sed 's/^[^.]*\(\.[^.]*\.[^.]*\)/\1/g' | sort -u
RE_DENYLIST = [
r".*\.authorization\.openshift\.io",
@jewzaam
jewzaam / script
Last active August 25, 2020 12:29
info from grpc catalogsource
# Useful link for how to discover API's: https://github.com/operator-framework/operator-registry/issues/33#issuecomment-473671805
# get tools
go get github.com/fullstorydev/grpcurl/...
go install github.com/fullstorydev/grpcurl/cmd/grpcurl
# constants for what we're investigating
NAMESPACE=openshift-marketplace
LOCAL_PORT=50051
REMOTE_PORT=50051
@jewzaam
jewzaam / dump-grv
Created March 6, 2020 16:03
Dump all Group/Resource/Verb in an OCP cluster
#!/bin/bash
# /api
GROUP=""
for VERSION in `oc get --raw /api | jq -r .versions[] | sort`;
do
echo "- apiGroups:"
echo " - $GROUP"
for RESOURCE in `oc get --raw /api/${VERSION} | jq -r .resources[].name | sort`;
@jewzaam
jewzaam / gpg-sop.md
Last active October 22, 2019 18:51
sre gpg sop

6.1. GPG (PGP)

As an ops person, you need a GPG key associated with your @redhat.com email address and distributed to a public keyserver such as pgp.mit.edu.

More information on specific steps can currently be found starting here, or via a web search: https://www.gnupg.org/gph/en/manual/c14.html

If you are creating a new GPG key, make sure it's 4096 bits long. If you're sure you want to re-use an existing key, you may do so. 4096 bits is preferred,

@jewzaam
jewzaam / notes
Last active September 23, 2019 20:26
Overview of GitHub authentication setup for OCP 4.x
Assumes you have an OCP 4.x cluster already created and you are logged in.
A few gotyas:
* Do not use spaces in your callback name. In this example it's called "github".
* If you want to use a team, the format in the config (not shown here) is "<ORGANIZATION_NAME>/<TEAM_NAME>"
# Create github oauth app with:
# hostname
echo "https://`oc get routes -n openshift-console | grep -v NAME | awk '{print $2}'`"
@jewzaam
jewzaam / ocp-groupResourceVerb.sh
Last active December 6, 2019 14:29
Script to scrape OCP API to get all groups + resources + verbs
#!/bin/bash
# /api
GROUP=""
for VERSION in `oc get --raw /api | jq -r .versions[] | sort`;
do
echo "- apiGroups:"
echo " - $GROUP"
for RESOURCE in `oc get --raw /api/${VERSION} | jq -r .resources[].name | sort`;