James Francis tcotav

Intro

Scenario: you are a developer on-call, there is an issue with the cluster that you need to investigate and correct.

sudo for kubectl was the basic idea (Mattz):

- assume admin role
- ideally still have constraints as to which namespaces it can impact 
     (i.e. stay out of kube-system, monitoring, etc...)

	package main

	import (
	"fmt"
	"sort"
	)

	/*
	Designing an elevator car call control system

	source -- https://twitter.com/MsPhiona/status/1362007710946967556

	1. What does your ideal candidate look like and how do I compare?
	2. What concerns/reservations do you have about me for this position?
	3. What are the most important qualities for someone to excel in this role?
	4. What is the typical career path for someone in this position?
	5. What are the biggest opportunities/challenges facing company/department right now?
	6. What is the most important thing I can accomplish in the first 60 days?
	7. What is the most rewarding thing about this role?
	8. What do you feel you are doing better than your competitors?

	#!/bin/bash

	# create multiple terms hot-keyed


	### this is the ~/.zshrc_kube

	# zinit
	sh -c "$(curl -fsSL https://raw.githubusercontent.com/zdharma/zinit/master/doc/install.sh)"\n

	{
	"BTTWidgetName" : "VPN Status",
	"BTTTriggerType" : 639,
	"BTTTriggerTypeDescription" : "Apple Script Widget",
	"BTTTriggerClass" : "BTTTriggerTypeTouchBar",
	"BTTPredefinedActionType" : 172,
	"BTTPredefinedActionName" : "Run Apple Script (blocking)",
	"BTTInlineAppleScript" : "set activeInterfaces to do shell script \"ifconfig -lu\"\rif activeInterfaces is not \"lo0 en0 p2p0 awdl0 en2 en1 en3 en4 bridge0 utun0 utun1 utun2 utun3 utun4 en6\" then\r\treturn \"VPN - Connected\"\rend if\rreturn \"VPN - Disconnected\"",
	"BTTScriptType" : "AppleScript",
	"BTTEnabled2" : 1,

	version: '3'
	services:
	web:
	# pin it to a hard version -- latest will burn you sooner or later :)
	image: jupyter/datascience-notebook:4d19a9839c05
	ports:
	- "8888:8888"
	# I use two separate volumes -- one for the data
	# then one for any additional working scripts or ETL you've got related to the data and this file
	volumes:

	#!/usr/bin/python
	"""
	Track how many times in <time period> variable interval that a given IP makes a request
	"""

	CHECK_INTERVAL_SECONDS=1 # change to 5 minutes -- 300


	# this assumes we're sorted by time
	#

	#!/bin/bash

	DPORT=22 # inbound destination port
	PERIOD_SECONDS=5 # duration in seconds that we measure the # of hits
	HITCOUNT=4 # acceptable number of hits from same IP in duration

	# ref https://debian-administration.org/article/187/Using_iptables_to_rate-limit_incoming_connections

	iptables -I INPUT -p tcp --dport ${DPORT} -i eth0 -m state --state NEW -m recent --set

	# put in .bashrc on linux, .bash_profile on osx
	alias kc="kubectl"
	# get all specified resource types in current namespace
	alias kls="kubectl get svc,pods,rc,deployments,ds"
	# get all specified resource types across all namespaces
	alias klsa="kubectl get svc,pods,rc,deployments,ds --all-namespaces"
	# get count of number of pods running per node -- requires jq - https://stedolan.github.io/jq/download/
	alias knc="kubectl get pods --all-namespaces -o json \| jq '.items[] \| .spec.nodeName' -r \| sort \| uniq -c"
	# map pods to nodes
	alias kpn="kubectl get pods --all-namespaces -o json \| jq '.items \| map({podName: .metadata.name, nodeName: .spec.nodeName}) \| group_by(.nodeName) \| map({nodeName: .[0].nodeName, pods: map(.podName)})'"

	#!/bin/bash
	# add this to users .bashrc file -- remove the #!/bin/bash
	#
	# script that prompts user on login to select a kubernetes cluster as their current
	#
	# - we set an alias for kubectl which is kubectl --kubeconfig=<some config>
	# - we create a different kubeconfig file in .kube for each context
	#

	declare -a KUBE_CONFIG_FILES