Skip to content

Instantly share code, notes, and snippets.

View pre's full-sized avatar
🚀
Cloud & Kubernetes

Petrus Repo pre

🚀
Cloud & Kubernetes
37 followers · 8 following
View GitHub Profile
@pre
pre / gcp-iam-test.sh
Last active March 27, 2025 13:24
Google Workload Identity Federation (WIF) using a Kubernetes Service Account
SERVICE_ACCOUNT_NAME="example-sa"
GOOGLE_PROJECT_NAME="example-google-project"
GOOGLE_PROJECT_ID="123456"
PROVIDER_NAME="example-provider"
POOL_NAME="example-pool"
cat >ksa.json <<EOF
{
"type": "external_account",
"audience": "//iam.googleapis.com/projects/${GOOGLE_PROJECT_ID}/locations/global/workloadIdentityPools/${PROVIDER_NAME}/providers/${POOL_NAME}",
"subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
@pre
pre / traverse.sh
Last active January 20, 2025 12:12
Traverse directories recursively and run tf
#!/usr/bin/env bash
set -Eeuo pipefail
# gather error codes
# https://gist.github.com/matti/3d2f04b1a9485a3a15d0267a68b341ba#gather-exit-codes-of-backgrounded-processes
export NO_COLOR="1"
export TF_CLI_ARGS="-no-color"
@pre
pre / s3etag.sh
Created March 27, 2024 10:11 — forked from emersonf/s3etag.sh
A Bash script to compute ETag values for S3 multipart uploads on OS X.
#!/bin/bash
if [ $# -ne 2 ]; then
echo "Usage: $0 file partSizeInMb";
exit 0;
fi
file=$1
if [ ! -f "$file" ]; then
@pre
pre / irsa-iam.json
Last active November 13, 2024 12:05
AWS IAM Roles for Service Accounts (IRSA)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::MY_AWS_ACCOUNT_ID:oidc-provider/MY_PROVIDER_URL"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
@pre
pre / loop.rb
Created September 8, 2023 09:03
Ruby HTTP request poller for success / errors on rollout
require 'net/http'
errors = 0
successes = 0
begin
Kernel.loop do
begin
request = Net::HTTP.get_response("35.236.26.249", "/productpage")
if request.is_a?(Net::HTTPSuccess)
@pre
pre / gist:7339dfdaa3aefc3abd609c7040883bde
Created May 31, 2023 13:10
openssl read ssl certificate with sni
```
echo | openssl s_client -showcerts -servername google.com -connect google.com:443
```
@pre
pre / k8s-nginx.yaml
Last active September 5, 2022 06:08
k8s nginx hello world manifest
---
apiVersion: v1
kind: Namespace
metadata:
name: hello-1
---
apiVersion: v1
kind: Service
metadata:
name: hello-1
@pre
pre / gist:e25423ef5d932d5cf0f2fd2f7b030437
Created June 22, 2022 12:55
openssl read certificate
openssl x509 -in certificate.crt -text -noout
@pre
pre / gist:a5f0067b5b0f8e65597dfcae1332453d
Created May 17, 2022 15:20
openssl generate local cert
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
@pre
pre / abba
Created January 17, 2022 14:39
RG7RUXhgLBbmWwoWfakQwjaPugnbJDMEZ3