master x 1, worker x2の構成 eth0がサービス用、wlan0を管理用に使う
- k8s-master
- eth0: 192.168.100.21/24
- wlan0: 192.168.200.21/24
- k8s-worker1
- eth0: 192.168.100.31/24
Kuniaki Shimizu kun432
kun432
/ gist:9d46e42684f501fad91c0b56f63651e1
Last active
November 16, 2021 02:32
ssm parameters storeから/etc/hosts.allowを作る
$ aws ssm get-parameters-by-path --path "/hosts" --region ap-northeast-1
{
"Parameters": [
{
"Name": "/hosts/sample-1",
"DataType": "text",
"LastModifiedDate": 1637029822.924,
"Value": "111.111.111.111\n222.222.222.221\n222.222.222.223",
"Version": 2,
epelにパッケージはもうないので、直接。
$ rpm -Uvh https://rpmfind.net/linux/dag/redhat/el7/en/x86_64/dag/RPMS/denyhosts-2.6-5.el7.rf.noarch.rpm
設定ファイルはこれだけ。
$ tree /etc/denyhosts
centos7で確認
$ sudo yum install -y epel-release
$ sudo yum install -y fail2ban
ディレクトリ構成
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_customer_gateway" "cgw-main" { | |
| bgp_asn = 65000 | |
| ip_address = var.cgw1 | |
| type = "ipsec.1" | |
| tags = { | |
| Name = "cgw-main" | |
| } | |
| } |
kun432
/ gist:2f3374ce6038b5a6d468cdde32007db3
Created
October 18, 2021 03:08
cloud optix のcloudformation stackの実行に必要な権限
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "elasticfilesystem:DescribeMountTargetSecurityGroups", | |
| "elasticfilesystem:DescribeMountTargets", | |
| "sns:ListSubscriptions", | |
| "s3:GetAccountPublicAccessBlock", | |
| "ce:GetCostAndUsage", | |
| "ce:GetCostForecast", | |
| "ce:GetUsageForecast", | |
| "eks:List*", | |
| "detective:ListGraphs", | |
| "ec2:SearchTransitGatewayRoutes", |
kun432
/ cfn-onboarding-mini.yaml
Created
October 15, 2021 06:40
cloud optixのcloudformation stackのyaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Template to create AWS resources for onboarding an account with Sophos Optix | |
| # ExternalId and CustomerId come from the Sophos Optix UI. | |
| Parameters: | |
| ExternalId: | |
| Type: String |
トポロジを意識したservice転送
- Topology-aware service routing
- クラスタがリージョンやAZにまたがっていてもserviceは意識せずに転送する
- またがるとレイテンシーやパフォーマンスの低下
- ノード数が多いと起きやすい
- externalTrafficPolicy: Localでリスクは下げれるが・・・
- ClusterIPでは不可
- 同一ノード内でしか転送できない、同一ノード内にpodがいなければタイムアウト
- Topology-aware service routingにより回避できる
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| parallel=3 | |
| subcmds="$@" | |
| vagrant status --machine-readable | \ | |
| perl -wnlaF"," -e 'print $F[1] if $F[2] =~ /metadata/;' | \ | |
| xargs -P${parallel} -I {} vagrant $subcmds {} | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Specify the desired volume size in GiB as a command line argument. If not specified, default to 20 GiB. | |
| SIZE=${1:-20} | |
| # Get the ID of the environment host Amazon EC2 instance. | |
| INSTANCEID=$(curl http://169.254.169.254/latest/meta-data/instance-id) | |
| # Get the ID of the Amazon EBS volume associated with the instance. | |
| VOLUMEID=$(aws ec2 describe-instances \ |