Skip to content

Instantly share code, notes, and snippets.

View SamuelBagattin's full-sized avatar
🏠
Personal projects

Samuel Bagattin SamuelBagattin

🏠
Personal projects
5 followers · 5 following
View GitHub Profile
@SamuelBagattin
SamuelBagattin / DBScript_library_project
Created February 3, 2019 11:13
Postgres Script for library project
------------------------------------------------------------
-- Script Postgre
------------------------------------------------------------
------------------------------------------------------------
-- Table: personality
------------------------------------------------------------
CREATE TABLE public.personality(
@SamuelBagattin
SamuelBagattin / install-tools-al2-arm64.sh
Last active March 6, 2021 13:00
Script to install the tools i use on amazon linux 2 ARM
yum update -y
yum upgrade -y
yum install git wget curl zsh jq htop python3 gcc python3-devel -y
amazon-linux-extras install docker epel nginx1 -y
systemctl enable nginx --now
systemctl enable docker --now
usermod -aG docker ec2-user
wget https://nodejs.org/dist/v14.15.4/node-v14.15.4-linux-arm64.tar.xz -O /tmp/nodejs.tar.xz
@SamuelBagattin
SamuelBagattin / Medium SonarQube Aurora Serverless.tf
Last active April 5, 2021 20:04
###
# Variables
###
variable "vpc_id" {
type = string
description = "ID of the VPC in which is located the db"
}
variable "subnet_ids" {
@SamuelBagattin
SamuelBagattin / amazon-linux-2-arm.sh
Last active September 20, 2024 21:44
install a single node kubeadm cluster on various OS. Make sure pod ip ranges do not overlap with physical network
sudo yum update -y
# Configure iptables to see bridged traffic
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
@SamuelBagattin
SamuelBagattin / irsa_iam_role.tf
Last active April 4, 2022 19:05
Code samples associated to...
# Create the trust policy for the role associated to the app
data "aws_iam_policy_document" "my_pod_role_trusted_identities" {
statement {
# Allow through AssumeRoleWithWebIdentity
actions = ["sts:AssumeRoleWithWebIdentity"]
effect = "Allow"
# Only if the requester is authenticated with the service-account "my-serviceaccount" in the namespace "default"
condition {
test = "StringEquals"
@SamuelBagattin
SamuelBagattin / irsa_oidc.tf
Created April 4, 2022 09:07
# Get EKS cluster certificate thumbprint
data "tls_certificate" "eks_cluster" {
url = aws_eks_cluster.main.identity[0].oidc[0].issuer
}
# Create the OIDC provider
resource "aws_iam_openid_connect_provider" "eks_cluster" {
client_id_list = ["sts.amazonaws.com"]
thumbprint_list = [data.tls_certificate.eks_cluster.certificates[0].sha1_fingerprint]
url = aws_eks_cluster.main.identity[0].oidc[0].issuer
@SamuelBagattin
SamuelBagattin / irsa_sa.yaml
Last active April 4, 2022 09:30
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
eks.amazonaws.com/role-arn: "arn:aws:iam::ACCOUNT_ID:role/my-pod-role"
name: my-serviceaccount
namespace: default
@SamuelBagattin
SamuelBagattin / irsa_pod.yml
Last active April 5, 2022 08:23
apiVersion: v1
kind: Pod
metadata:
name: my-pod
labels:
app: my-pod
spec:
serviceAccountName: my-serviceaccount
containers:
- image: ghcr.io/samuelbagattin/eks-irsa-example:master
@SamuelBagattin
SamuelBagattin / irsa_pod_identity_webhook.yml
Created April 4, 2022 10:03
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pod-identity-webhook
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: REDACTED
url: https://127.0.0.1:23443/mutate
@SamuelBagattin
SamuelBagattin / irsa_app_1.go
Created April 4, 2022 17:26
// Session creation
sess := session.Must(session.NewSession())
// Create a new STS client to get temporary credentials
initStsClient := sts.New(sess)
// Get the SA token
awsWebIdentityTokenFile := os.Getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
awsWebIdentityToken, err := ioutil.ReadFile(awsWebIdentityTokenFile)