A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
# https://www.percona.com/blog/2008/11/07/poor-mans-query-logging/ | |
tcpdump -i eth0 -s 0 -l -w - dst port 3306 | strings | perl -e ' | |
while(<>) { chomp; next if /^[^ ]+[ ]*$/; | |
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER)/i) { | |
if (defined $q) { print "$q\n"; } | |
$q=$_; | |
} else { | |
$_ =~ s/^[ \t]+//; $q.=" $_"; | |
} |
# sniff hypervisor | |
dmesg | grep Hypervisor | |
[ 0.000000] Hypervisor detected: KVM | |
# get key in bytes | |
etcdctl get $key -w fields | grep -oP "(?<=Value\" : \").*" | wc -c | |
# defrag status in MB | |
cat etcd_info/endpoint_status.json | jq '(.[0].Status.dbSize - .[0].Status.dbSizeInUse)/1000/1000' |
function drips(){ | |
docker ps -q | xargs -n 1 docker inspect --format '{{ .NetworkSettings.IPAddress }} {{ .Name }}' | sed 's/ \// /' | |
} |
nginx.ingress.kubernetes.io/configuration-snippet: | | |
more_set_headers "Server:SEU_SERVER"; | |
more_set_headers "cache-Control: no-cache, no-store"; | |
more_set_headers "pragma: no-cache"; | |
if ($request_uri ~* \.(?:ico|css|js|gif|jpe?g|png|svg|woff2|woff|ttf|eo|mp3)$) { | |
more_set_headers "cache-control: public, must-revalidate, proxy-revalidate"; | |
more_set_headers "pragma: public"; | |
expires max; | |
} | |
rewrite ^/SUB_PATH(/?)(.*)$ /$2 break; |
global: | |
scrape_interval: 60s | |
external_labels: | |
monitor: 'example' | |
rule_files: | |
- /etc/prometheus/config/*.rules | |
scrape_configs: |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: kube-router-cfg | |
namespace: kube-system | |
labels: | |
tier: node | |
k8s-app: kube-router | |
data: | |
cni-conf.json: | |
--- | |
- hosts: localhost | |
connection: local | |
gather_facts: False | |
tasks: | |
# - include_vars: jsonfile.json | |
# | |
# - debug: | |
# var: ansible_devices | |
# |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: nginx-conf | |
data: | |
nginx.conf: | | |
user nginx; | |
worker_processes 3; | |
error_log /var/log/nginx/error.log; | |
events { |
#!/usr/bin/env bash | |
KUBEAPI=127.0.0.1:8001/api/v1/nodes | |
function getNodes() { | |
curl -s $KUBEAPI | jq -r '.items[].metadata.name' | |
} | |
function getPVCs() { | |
jq -s '[flatten | .[].pods[].volume[]? | select(has("pvcRef")) | '\ |