Oleksii Asiutin aasiutin
aasiutin
/ kube-proxy-create-cluster-ip-rules.sh
Created
November 18, 2022 12:35
Example iptables commands kube-proxy creates for a clusterip service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # this is rough explanation on how kube-proxy manages clusterip services | |
| # through iptables rules. Other kube-proxy run modes are ipvs and userspace | |
| # We consider the service has 2 endpoint, to show load balancing approach. | |
| $ kubectl get svc olek | |
| NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
| olek ClusterIP 10.100.184.69 <none> 3000/TCP 511d |
aasiutin
/ discover-root-users.py
Created
March 25, 2020 13:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| from pprint import pprint | |
| from kubernetes import client, config | |
| from kubernetes.stream import stream | |
| config.load_kube_config() | |
| apps_v1 = client.AppsV1Api() | |
| core_v1 = client.CoreV1Api() | |
| def main(): |
aasiutin
/ describe-k8s-pods-users.py
Created
March 24, 2020 12:16
We discover pods from all namespaces and grab users which run processes (PID 1) inside pods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| ns_cmd = "kubectl get ns -o name | sed -e 's/namespace\\///g'" | |
| namespaces = subprocess.check_output(ns_cmd, shell=True).decode().split("\n")[:-1] | |
| for ns in namespaces: | |
| print("Processing {} namespace...".format(ns)) | |
| set_ns_cmd = "kubectl config set-context --current --namespace {}".format(ns) | |
| subprocess.check_call(set_ns_cmd, shell=True) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import subprocess | |
| ALLOWED_USERS = { | |
| "user@example.com": "user" | |
| } | |
| def check_user(email, name): |