Skip to content

Instantly share code, notes, and snippets.

View HarshadRanganathan's full-sized avatar
💭
Buy me a coffee (https://ko-fi.com/harshadranganathan)

Harshad Ranganathan HarshadRanganathan

💭
Buy me a coffee (https://ko-fi.com/harshadranganathan)
View GitHub Profile
@HarshadRanganathan
HarshadRanganathan / eks-best-practices.md
Last active July 25, 2022 21:05
EKS Best Practices
  • Access Control
    • Create the cluster with a dedicated IAM role (automatically granted system:masters permissions and cannot be removed)
    • Use IAM Roles when multiple users need identical access to the cluster
    • Employ least privileged access
    • IRSA (IAM Roles for Service Accounts)
      • Update the aws-node daemonset to use IRSA
    • Restrict Access to IMDS v1
    • Use dedicated service accounts for each application
  • Use PAC (Policy As Code) or PSS (Pod Security Standards)
  • Mitigate the risks from hostPath, configure the spec.containers.volumeMounts as readOnly
@HarshadRanganathan
HarshadRanganathan / README.md
Created June 27, 2022 08:22
ES Recommendations

_id field

The value of the _id field is also accessible in aggregations or for sorting, but doing so is discouraged as it requires to load a lot of data in memory. In case sorting or aggregating on the _id field is required, it is advised to duplicate the content of the _id field in another field that has doc_values enabled.

@HarshadRanganathan
HarshadRanganathan / eks-upgrade-1.19-to-1.20.groovy
Last active May 10, 2022 12:52
EKS Upgrade Jenkins Pipeline Scripts
#!/usr/bin/env groovy
final List<String> environments = Env.values().collect() { it.name() }
pipeline {
agent {
label any
}
parameters {
@HarshadRanganathan
HarshadRanganathan / README.md
Last active March 21, 2022 01:37
Things Cloud Engineers Should Know - Redhat
  • Multi Cloud Decisions

    Key Enablers

    • Workload Portability
    • Ability to negotiate with suppliers
    • Ability to select best tool for a given job

    Keys

    • Visibility - trusted single source of truth
  • Efficiency - across dev, qa, security and operations

<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
It will be read and overwritten.
DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Bookmarks</H1>
<DL><p>
<DT><H3 ADD_DATE="1578324816" LAST_MODIFIED="1644755499" PERSONAL_TOOLBAR_FOLDER="true">Bookmarks bar</H3>
<DL><p>
@HarshadRanganathan
HarshadRanganathan / config.yml
Last active February 13, 2022 20:44
WTF Config
wtf:
colors:
border:
focusable: darkslateblue
focused: orange
normal: gray
grid:
columns: [32, 32, 32, 32, 90]
rows: [10, 10, 10, 4, 4, 90]
refreshInterval: 1
@HarshadRanganathan
HarshadRanganathan / eks-upgrade-1.18-to-1.19.groovy
Last active January 4, 2022 19:07
EKS Upgrade Jenkins Pipeline Scripts
#!/usr/bin/env groovy
final List<String> environments = Env.values().collect() { it.name() }
pipeline {
agent {
label any
}
parameters {
@HarshadRanganathan
HarshadRanganathan / README.md
Last active August 5, 2022 20:14
AWS Services/Concepts Checklist

Networking

  • IPv6 Addressing
  • Dual Stack - IPv4/IPv6
  • VPC Interface Endpoints
  • AWS PrivateLink
  • Route53 Resolver
  • VPC IP Address Manager (IPAM)
  • ALB integration through NLB
@HarshadRanganathan
HarshadRanganathan / ecr_cleanup.sh
Created December 13, 2021 19:00
Bash script to delete ECR images in a filtered repository
aws ecr describe-repositories --output text |
awk '{print $6}' |
while read line; do
if [[ $line == *"api"* ]]; then
aws ecr list-images --repository-name $line --query 'imageIds[*]' --output text
fi |
while read imageDigest imageTag; do
aws ecr batch-delete-image --repository-name $line --image-ids imageDigest=$imageDigest;
done;
done
@HarshadRanganathan
HarshadRanganathan / commands.md
Last active December 1, 2021 23:01
Kubernetes jump pod for MySQL

[1] Add this Dockerfile

FROM python:alpine

ARG CLI_VERSION=1.18.188

RUN apk -uv add --no-cache groff jq less mysql-client && \
    pip install --no-cache-dir awscli==$CLI_VERSION