GauntletWizard

set -e
set -x

true | false |true

echo "done"

set -o pipefail

true | false ||true

GauntletWizard

Keybase proof

I hereby claim:

• I am gauntletwizard on github.
• I am gauntletwizard (https://keybase.io/gauntletwizard) on keybase.
• I have a public key ASA3GF3F2JAd_WN9-svtXfeDHDvSu7WiLV1V2L0n01gw8Qo

To claim this, I am signing this object:

GauntletWizard

#!/usr/bin/env python
# gceips.py - A script to print the cidr ranges of all of GCE.
# https://cloud.google.com/compute/docs/faq#where_can_i_find_short_product_name_ip_ranges

import re
# pip install dnspython
import dns.resolver
from dns.rdatatype import TXT

includesmatch = re.compile(r'include:([\w\.-]*)')

GauntletWizard

Must Dos:

• Use terraform, or other declarative infrastructure
• Use Organizations for billing. Set up an Org account, with an Infra account for build artifacts/login, and development, staging, and prod accounts with appropriate permissions.
• Developers should all have admin permissions in dev, and only necessary permissions in staging and prod. Staging should be exactly like prod except that customers aren't using it. Dev should be as close as possible, with any changes being backed out and repeated in staging before they make it to staging.

Useful tools:

• https://github.com/rebuy-de/aws-nuke
• https://github.com/toniblyx/prowler

Stretch Goals:

GauntletWizard

# Find our image, and first and last images.
# Gimp GIF export animates from bottom to top, so these are backwards.
foo = gimp.image_list()[0]
start = foo.layers[0]
end = foo.layers[1]


start.visible = False
end.visible = False
# Step - How much we increase opacity each time.

GauntletWizard

Read one link per day, mull on it, and ask clarifying questions from your local SRE

• What is a deployment?
  • Don't ready the whole doc - It's long and technical. Just read the preview, and know the primitives it mentions - Create, Update, Rollback, Scale, Pause, Status, Cleanup.
• Pods
• Persistent Volumes in k8s.
  • Editorializing for a bit; there's a bunch here, its very complex and only adds more. There's very few good reasons to use volumes. It doesn't reduce complexity vs. provisioning your backing store in more traditional ways. K8s is great because we're moving to stateless microservices; for stateful services like database backends, generally a losing proposition. Except when you can rapidly and automatically rebuild from quorum; I'll discuss those later.
• [What is a node?](https://kuber

GauntletWizard

#!/bin/bash
# honeysave.sh - Saves honeycomb boards for version control purposes

WRITEKEY=""

honeycurl() {
  curl -H "X-Honeycomb-Team: ${WRITEKEY}" https://api.honeycomb.io/1/boards/$*
}

save() {

GauntletWizard

kubectl --context CLUSTER run --image ubuntu pgtool --  /bin/bash -c "apt-get update; apt-get install -y postgresql-client; sleep 86400"
kubectl --context gke_lido-staging_us-east1_lido-staging-us-east1 run --image redis redis --  /bin/bash -c "sleep 86400"

GauntletWizard

set -eux -o pipefail
IAMUSER="$1"
aws iam create-user --user-name "${IAMUSER}"
POLICY="$(aws iam create-policy --policy-name "${IAMUSER}" --policy-document file://policy.json)" # "file://${IAMUSER}.policy"
ARN="$(echo $POLICY |jq -r .Policy.Arn)"
aws iam attach-user-policy --user-name "${IAMUSER}" --policy-arn="${ARN}"
# Create the access-key and parse the response to the ID and Secret
KEY="$(aws iam create-access-key --user-name "${IAMUSER}")"
KEYID="$(echo "${KEY}" |jq -r .AccessKey.AccessKeyId)"
KEYSECRET="$(echo "${KEY}" |jq -r .AccessKey.SecretAccessKey)"

GauntletWizard

# Notes on connecting 
# Trust the k8s root certificate
security -v add-trusted-cert -k "${HOME}/Library/Keychains/login.keychain-db" -r trustRoot "${KUBE_CERT}"
# Generate a user key and `security import` it
openssl genrsa -out "${CLIENTCERTKEY}" 4096
security import "${CLIENTCERTKEY}"

# Set for OSX
# Get the sha
# security find-cert -a -c ted -Z