Skip to content

Instantly share code, notes, and snippets.

{
"$ref": "#/definitions/VpcCni",
"$schema": "http://json-schema.org/draft-06/schema#",
"definitions": {
"Affinity": {
"type": [
"object",
"null"
]
},
@rk295
rk295 / workload-identity.tf
Created August 20, 2020 13:03
So this makes a Google SA. Attaches some Roles to it (optional) and then the most important bit, it adds the `roles/iam.workloadIdentityUser` role. Notice the kubernetes service account and namespace are in the `member` line.
resource "google_service_account" "gsa" {
account_id = local.gsa_name
display_name = "${var.name} K8s Service Account"
project = var.project_id
}
resource "google_project_iam_member" "gsa-roles" {
count = length(var.gsa_roles)
project = var.project_id
role = var.gsa_roles[count.index]
@rk295
rk295 / sg-tool
Last active June 10, 2022 13:19
Simple tool to query which things in AWS are using a specific security group.
#!/usr/bin/env bash
#
# Simple script to list resources that are using a specified Security Group.
#
# Accepts only one command line argument, which is the ID of the SecurityGroup
# to check for.
#
# Currently supports these resources:
#
# * EC2 Instances
@rk295
rk295 / terraform-remotestate.md
Created October 25, 2018 09:38
Terraform Remote State quick explanation

Cross Referencing resources

To reference the resources created by this stack in other stacks you need to define a data resource pointing to the S3 bucket and key defined in `remote-state.tf.

Your data definition should look something like this:

data "terraform_remote_state" "vpc" {
    backend = "s3"
    config {
# extended LDIF
#
# LDAPv3
# base <cn=users,dc=ad,dc=example,dc=com> with scope subtree
# filter: (cn=example12)
# requesting: ALL
#
# example12, Users, ad.example.com
dn: CN=example12,CN=Users,DC=ad,DC=example,DC=com
keycloak_1 | 20:45:52,571 WARN [org.keycloak.services.resources.admin.UsersResource] (default task-17) Could not create user: org.keycloak.models.ModelException: Could not modify attribute for DN [cn=example12,CN=Users,DC=ad,DC=example,DC=com]
keycloak_1 | at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:569)
keycloak_1 | at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:110)
keycloak_1 | at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.update(LDAPIdentityStore.java:112)
keycloak_1 | at org.keycloak.storage.ldap.mappers.LDAPTransaction.commitImpl(LDAPTransaction.java:48)
keycloak_1 | at org.keycloak.models.AbstractKeycloakTransaction.commit(AbstractKeycloakTransaction.java:48)
keycloak_1 | at org.keycloak.services.DefaultKeycloakTransactionManager.commit(DefaultKeycloakTransactionManager.java:146)
keycloak_1 | at org.keycloak.services.resources.admin.UsersResource.c
#!/usr/bin/env bash
set -eEo pipefail
baseDir="$PWD/"
modules="$(find . -maxdepth 1 -type d \! -name .git -a \! -name .)"
for module in $modules; do
echo "Checking $module"
stages:
- test
test:
stage: test
# hashicorp/terraform does not operate how the CI server wants.
# Switched to alternate container to work better within GitLab CI.
image: marcelocorreia/terraform
script:
- ./validate
-- This service checks all the servers in the named backend (see the
-- backend_name var). If _any_ of them are up, it returns 200 OK. If
-- they are all down it returns a 500 FAILED.
--
-- This is intended to be used as a HTTP health check from an upstream
-- load balancer, without this check the most intelligent health check
-- that could be performed is a simple TCP check on the HAProxy frontend.
-- This would not fail in the event that HAProxy cannot see *any* of its
-- downstream servers
-- -- `core` is a static class provided by haproxy containing all
-- -- the haproxy methods we can use.
-- -- `register_init` registers a function to be executed after
-- -- configuration parsing.
-- core.register_init(function ()
-- core.log(core.info, "script loaded: case-200-ok")
-- end)
-- `register_service` registers a lua function to be executed