mathieu-benoit · July 14, 2023 11:25
diff --git a/handy-snippets.sh b/handy-snippets.sh
 curl -sL https://api.github.com/repos/score-spec/score-humanitec/releases/latest | jq -r .tag_name

 INGRESS=
 NAMESPACE=
 kubectl -n ${NAMESPACE} annotate ingress ${INGRESS} nginx.ingress.kubernetes.io/limit-rps=5

 cat <<EOF > nginx.conf
 events {}
 http {
    server {
        listen                  8080;
    }
 }
 EOF
 kubectl create configmap confnginx --from-file=./nginx.conf
 cat <<EOF > deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: nginx
  labels:
    app: nginx     
 spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: cgr.dev/chainguard/nginx
          ports:
          - containerPort: 8080
          volumeMounts:
            - name: nginx-config
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
      volumes:
        - name: nginx-config
          configMap:
            name: confnginx
 EOF
 kubectl apply -f deployment.yaml
 kubectl expose deployment nginx --port=80 --target-port=8080 --type=LoadBalancer

 # Install crane
 VERSION=v0.12.0
 OS=Linux
 ARCH=x86_64
 curl -sL "https://github.com/google/go-containerregistry/releases/download/${VERSION}/go-containerregistry_${OS}_${ARCH}.tar.gz" > go-containerregistry.tar.gz
 tar -xvf go-containerregistry.tar.gz

 # Create a file
 cat <<EOF > myfile.yaml
 Content goes here
 EOF

 # Update texts in a file
 sed -i "s,TEXT1 TO REPLACE,TEXT1 REPLACEMENT,g;s,TEXT2 TO REPLACE,TEXT1 REPLACEMENT,g" myfile.yaml

 # Restard pods
 kubectl rollout restart deployments

 # My IP address on Crostini
 curl ifconfig.co

 # Get all container images on a Kubernetes cluster
 kubectl describe pods --all-namespaces | grep "Image:"

 # Get IP address of LoadBalancer service in Kubernetes
 kubectl get svc istio-ingress -n gke-system -o jsonpath="{.status.loadBalancer.ingress[*].ip}"

 # Remove all local container images
 docker rm $(docker ps -a -q) -f
 docker rmi $(docker images -a -q) -f

 # Upgrade ASM
 mkdir asmcli
 oldVersion=$(kubectl get deploy -n istio-system -l app=istiod -o jsonpath={.items[*].metadata.labels.'istio\.io\/rev'}'{"\n"}')
 curl https://storage.googleapis.com/csm-artifacts/asm/asmcli_1.12 > ~/asmcli
 chmod +x ~/asmcli
 projectId=FIXME
 clusterName=FIXME
 zone=FIXME

 cat <<EOF > distroless-proxy.yaml
 ---
 apiVersion: install.istio.io/v1alpha1
 kind: IstioOperator
 spec:
  meshConfig:
    defaultConfig:
      image:
        imageType: distroless
 EOF
 ~/asmcli install \
  --project_id $projectId \
  --cluster_name $clusterName \
  --cluster_location $zone \
  --enable-all \
  --option cloud-tracing \
  --option cni-gcp \
  --custom_overlay distroless-proxy.yaml

 # Update namespaces annotations
 kubectl rollout restart deployments -n FIXME
 kubectl delete Service,Deployment,HorizontalPodAutoscaler,PodDisruptionBudget istiod-$oldVersion -n istio-system --ignore-not-found=true
 kubectl delete IstioOperator installed-state-$oldVersion -n istio-system

 # Upgrade ACM
 gsutil cp gs://config-management-release/released/latest/linux_amd64/nomos nomos
 chmod +x nomos
 sudo mv nomos /usr/local/bin/nomos
 nomos version
 version=FIXME
 gcloud beta container hub config-management upgrade \
    --version=$version \
    --membership=$clusterName

 # Ping X times an URL
 URL=FIXME
 pingNumber=10
 for i in {1..$pingNumber}; do curl $URL; done

 # Minimal/Simple containerized dotnetcore console app
 cat <<EOF > Program.cs
 using Grpc.Core;
 using System;
 using System.Text;
 var marshaller = new Marshaller<string>(Encoding.UTF8.GetBytes, Encoding.UTF8.GetString);
 var method = new Method<string, string>(MethodType.Unary, "test-service", "test-method", marshaller, marshaller);
 var channel = new Channel("spanner.googleapis.com:443", ChannelCredentials.Insecure);
 var callInvoker = channel.CreateCallInvoker();
 var text = callInvoker.BlockingUnaryCall(method, "spanner.googleapis.com", new CallOptions(), "request");
 Console.WriteLine(text);
 EOF
 cat <<EOF > issue.csproj
 <Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <TargetFramework>net5.0</TargetFramework>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Grpc.Core" Version="2.38.1" />
  </ItemGroup>
 </Project>
 EOF
 cat <<EOF > Dockerfile
 FROM mcr.microsoft.com/dotnet/sdk:5.0.301 AS build
 WORKDIR /app
 COPY issue.csproj ./
 WORKDIR /app
 RUN dotnet restore issue.csproj -r linux-musl-x64
 COPY / .
 FROM build AS publish
 WORKDIR /app
 RUN dotnet publish issue.csproj -r linux-musl-x64 --self-contained true -c release -o out --no-restore
 FROM mcr.microsoft.com/dotnet/runtime-deps:5.0.7-alpine3.13-amd64
 WORKDIR /app
 COPY --from=publish /app/out ./
 ENTRYPOINT ["/app/issue"]
 EOF

 # Add a new 443 port on the CRfA's Gateway
 cat <<EOF > patch.yaml
 spec:
  servers:
    - hosts:
      - "*"
      port:
        name: http
        number: 80
        protocol: HTTP
    - hosts:
      - "*"
      port:
        name: https
        number: 443
        protocol: HTTPS
      tls:
        mode: SIMPLE
        credentialName: SECRET_NAME
 EOF
 kubectl patch gateway gke-system-gateway --namespace knative-serving --patch "$(cat patch.yaml)" --type='merge'

 # Update myblog/mygkecluster
 # - Create new cluster
 # - Remove old cluster
 # - Remove 2 forwarding rules
 # - kubectl delete ing myblog -n myblog
	curl -sL https://api.github.com/repos/score-spec/score-humanitec/releases/latest \| jq -r .tag_name

	INGRESS=
	NAMESPACE=
	kubectl -n ${NAMESPACE} annotate ingress ${INGRESS} nginx.ingress.kubernetes.io/limit-rps=5

	cat <<EOF > nginx.conf
	events {}
	http {
	server {
	listen 8080;
	}
	}
	EOF
	kubectl create configmap confnginx --from-file=./nginx.conf
	cat <<EOF > deployment.yaml
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nginx
	labels:
	app: nginx
	spec:
	selector:
	matchLabels:
	app: nginx
	template:
	metadata:
	labels:
	app: nginx
	spec:
	containers:
	- name: nginx
	image: cgr.dev/chainguard/nginx
	ports:
	- containerPort: 8080
	volumeMounts:
	- name: nginx-config
	mountPath: /etc/nginx/nginx.conf
	subPath: nginx.conf
	volumes:
	- name: nginx-config
	configMap:
	name: confnginx
	EOF
	kubectl apply -f deployment.yaml
	kubectl expose deployment nginx --port=80 --target-port=8080 --type=LoadBalancer

	# Install crane
	VERSION=v0.12.0
	OS=Linux
	ARCH=x86_64
	curl -sL "https://github.com/google/go-containerregistry/releases/download/${VERSION}/go-containerregistry_${OS}_${ARCH}.tar.gz" > go-containerregistry.tar.gz
	tar -xvf go-containerregistry.tar.gz

	# Create a file
	cat <<EOF > myfile.yaml
	Content goes here
	EOF

	# Update texts in a file
	sed -i "s,TEXT1 TO REPLACE,TEXT1 REPLACEMENT,g;s,TEXT2 TO REPLACE,TEXT1 REPLACEMENT,g" myfile.yaml

	# Restard pods
	kubectl rollout restart deployments

	# My IP address on Crostini
	curl ifconfig.co

	# Get all container images on a Kubernetes cluster
	kubectl describe pods --all-namespaces \| grep "Image:"

	# Get IP address of LoadBalancer service in Kubernetes
	kubectl get svc istio-ingress -n gke-system -o jsonpath="{.status.loadBalancer.ingress[*].ip}"

	# Remove all local container images
	docker rm $(docker ps -a -q) -f
	docker rmi $(docker images -a -q) -f

	# Upgrade ASM
	mkdir asmcli
	oldVersion=$(kubectl get deploy -n istio-system -l app=istiod -o jsonpath={.items[*].metadata.labels.'istio\.io\/rev'}'{"\n"}')
	curl https://storage.googleapis.com/csm-artifacts/asm/asmcli_1.12 > ~/asmcli
	chmod +x ~/asmcli
	projectId=FIXME
	clusterName=FIXME
	zone=FIXME

	cat <<EOF > distroless-proxy.yaml
	---
	apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	spec:
	meshConfig:
	defaultConfig:
	image:
	imageType: distroless
	EOF
	~/asmcli install \
	--project_id $projectId \
	--cluster_name $clusterName \
	--cluster_location $zone \
	--enable-all \
	--option cloud-tracing \
	--option cni-gcp \
	--custom_overlay distroless-proxy.yaml

	# Update namespaces annotations
	kubectl rollout restart deployments -n FIXME
	kubectl delete Service,Deployment,HorizontalPodAutoscaler,PodDisruptionBudget istiod-$oldVersion -n istio-system --ignore-not-found=true
	kubectl delete IstioOperator installed-state-$oldVersion -n istio-system

	# Upgrade ACM
	gsutil cp gs://config-management-release/released/latest/linux_amd64/nomos nomos
	chmod +x nomos
	sudo mv nomos /usr/local/bin/nomos
	nomos version
	version=FIXME
	gcloud beta container hub config-management upgrade \
	--version=$version \
	--membership=$clusterName

	# Ping X times an URL
	URL=FIXME
	pingNumber=10
	for i in {1..$pingNumber}; do curl $URL; done

	# Minimal/Simple containerized dotnetcore console app
	cat <<EOF > Program.cs
	using Grpc.Core;
	using System;
	using System.Text;
	var marshaller = new Marshaller<string>(Encoding.UTF8.GetBytes, Encoding.UTF8.GetString);
	var method = new Method<string, string>(MethodType.Unary, "test-service", "test-method", marshaller, marshaller);
	var channel = new Channel("spanner.googleapis.com:443", ChannelCredentials.Insecure);
	var callInvoker = channel.CreateCallInvoker();
	var text = callInvoker.BlockingUnaryCall(method, "spanner.googleapis.com", new CallOptions(), "request");
	Console.WriteLine(text);
	EOF
	cat <<EOF > issue.csproj
	<Project Sdk="Microsoft.NET.Sdk.Web">
	<PropertyGroup>
	<TargetFramework>net5.0</TargetFramework>
	</PropertyGroup>
	<ItemGroup>
	<PackageReference Include="Grpc.Core" Version="2.38.1" />
	</ItemGroup>
	</Project>
	EOF
	cat <<EOF > Dockerfile
	FROM mcr.microsoft.com/dotnet/sdk:5.0.301 AS build
	WORKDIR /app
	COPY issue.csproj ./
	WORKDIR /app
	RUN dotnet restore issue.csproj -r linux-musl-x64
	COPY / .
	FROM build AS publish
	WORKDIR /app
	RUN dotnet publish issue.csproj -r linux-musl-x64 --self-contained true -c release -o out --no-restore
	FROM mcr.microsoft.com/dotnet/runtime-deps:5.0.7-alpine3.13-amd64
	WORKDIR /app
	COPY --from=publish /app/out ./
	ENTRYPOINT ["/app/issue"]
	EOF

	# Add a new 443 port on the CRfA's Gateway
	cat <<EOF > patch.yaml
	spec:
	servers:
	- hosts:
	- "*"
	port:
	name: http
	number: 80
	protocol: HTTP
	- hosts:
	- "*"
	port:
	name: https
	number: 443
	protocol: HTTPS
	tls:
	mode: SIMPLE
	credentialName: SECRET_NAME
	EOF
	kubectl patch gateway gke-system-gateway --namespace knative-serving --patch "$(cat patch.yaml)" --type='merge'

	# Update myblog/mygkecluster
	# - Create new cluster
	# - Remove old cluster
	# - Remove 2 forwarding rules
	# - kubectl delete ing myblog -n myblog