This article introduces a simple way of working with Hashicorp Vault key-value secrets engine.
You should have a running Hashicorp/Vault service and Vault command available.
Here is a quick way to install a Vault dev server.
Xu Wang xuwang
xuwang
/ vault-secrets-the-simple-way.md
Created
February 22, 2020 20:37
Vault Secrets The Simple Way
xuwang
/ keybase.md
Created
October 11, 2017 17:44
I hereby claim:
- I am xuwang on github.
- I am xuwang (https://keybase.io/xuwang) on keybase.
- I have a public key ASAinOrGaJOZfACW4XUwCN1nZl3BfAGwSRcE_Wv6ZXXabQo
To claim this, I am signing this object:
xuwang
/ gist:4744cba03a941df4a5a491425709b8d4
Created
April 10, 2017 19:58
Kubernetes Heapster cannot reach kube apiserver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2017-04-10T19:45:05.000759144Z E0410 19:45:05.000259 1 kubelet.go:271] No nodes received from APIserver. | |
| 2017-04-10T19:45:24.541461398Z E0410 19:45:24.541221 1 reflector.go:203] k8s.io/heapster/metrics/sources/kubelet/kubelet.go:342: Failed to list *api.Node: Get https://kubernetes.default/api/v1/nodes?resourceVersion=0: dial tcp 10.32.0.1:443: i/o timeout | |
| 2017-04-10T19:45:24.542933403Z E0410 19:45:24.542578 1 reflector.go:203] k8s.io/heapster/metrics/heapster.go:319: Failed to list *api.Pod: Get https://kubernetes.default/api/v1/pods?resourceVersion=0: dial tcp 10.32.0.1:443: i/o timeout | |
| 2017-04-10T19:45:24.54319463Z E0410 19:45:24.542914 1 reflector.go:203] k8s.io/heapster/metrics/processors/namespace_based_enricher.go:84: Failed to list *api.Namespace: Get https://kubernetes.default/api/v1/namespaces?resourceVersion=0: dial tcp 10.32.0.1:443: i/o timeout | |
| 2017-04-10T19:45:24.543205245Z E0410 19:45:24.542935 1 reflector.go:203] k8s.io/heapster/metrics/processors/node_autoscaling |
xuwang
/ get-aws-metadata
Last active
August 23, 2023 18:40
Utility script to get commonly used AWS instance metadata (e.g., id, role, account, region, security credentials etc.). Just need curl.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Retrieve AWS instrance's commonly used metadata. Require curl. | |
| # ./get-metadata help | |
| # ./get-metadata id | |
| # Input is case insensitive; format to uppper case to generate self-help page. | |
| info=${1^^} | |
| meta_data_url=http://169.254.169.254/latest/meta-data/ | |
| roleProfile=$(curl -s http://169.254.169.254/latest/meta-data/iam/info \ | |
| | grep -Eo 'instance-profile/([a-zA-Z.-]+)' | sed 's#instance-profile/##') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| # This scrip uses toolbox that comes with CoreOS and runs python -m json.tool to parse JSON output. | |
| # The script has pre-configured commands for common etcd api calls, but can take any commands that | |
| # generate JSON output. | |
| command="$@" | |
| # Output directory shared into the toolbox | |
| outputFile=/home/core/output.$$ | |
| toolboxFile=/media/root/$outputFile |