Skip to content

Instantly share code, notes, and snippets.

Avatar
😺

Anastas Dancha anapsix

😺
View GitHub Profile
@anapsix
anapsix / docker_pull_remains.sh
Last active Nov 17, 2020
Naive script to check how many anonymous pulls from Docker hub remain / allowed from current IP
View docker_pull_remains.sh
#!/usr/bin/env sh
for dep in curl jq grep awk; do
if ! which ${dep} >&/dev/null; then
echo >&2 "ERROR: required ${dep} binary is not found, exiting.."
exit 1
fi
done
TOKEN=$(
@anapsix
anapsix / generate_firewall_rules.jq
Created May 13, 2020
Generate Terraform statements for cloudflare_filter, and cloudflare_firewall_rule
View generate_firewall_rules.jq
##############################################################################
# this JQ script parses Cloudflare API call listing Firewall Rules
# and generates cloudflare_filter_and cloudflare_firewall_rule
##############################################################################
# Copyright (c) 2020 Anastas Dancha (@anapsix)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
@anapsix
anapsix / check_k8s_certs.sh
Created Sep 20, 2019
Check K8s certificates and attempt to renew expired
View check_k8s_certs.sh
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
renew_cert() {
local cert="${1:-}"
local renew="n"
if [[ "${cert:-_unset_}" == "_unset_" ]]; then
@anapsix
anapsix / rkind.sh
Last active Jan 8, 2021
Rancher in KIND (Rancher in Kubernetes-in-Docker)
View rkind.sh
#!/usr/bin/env bash
#
# RKIND is a naive helper script to start KIND and Rancher Management Server
#
set -u
set -o pipefail
RANCHER_CONTAINER_NAME="rancher-for-kind"
RANCHER_HTTP_HOST_PORT=$[$[RANDOM%9000]+30000]
@anapsix
anapsix / k8s-oidc-login.sh
Last active Oct 16, 2020
K8s-OIDC-LOGIN - helper to simplify multi-cluster OIDC login and related configuration for kubectl. Can be used as kubectl plugin
View k8s-oidc-login.sh
#!/usr/bin/env bash
#
# K8s-OIDC-LOGIN helper to simplify configuration of OIDC authentication for kubectl
#
# Heavily influenced by oidckube project by @mrbobbytables
# https://github.com/mrbobbytables/oidckube
#
# Copyright (C) 2019 Anastas Dancha (aka @anapsix)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@anapsix
anapsix / k8s-vault
Last active Jan 18, 2021
K8s-Vault, like AWS-Vault, but for cli tools using KUBECONFIG (~/.kube/config), such as helm, kubectl, etc..
View k8s-vault
#!/usr/bin/env bash
#
# K8s-Vault, like AWS-Vault is a helper for AWS related CLI tools
# is a helper for CLI tools using kubectl config and K8s API.
# Unlike AWS-Vault, vault here is used as a verb,
# synonymous to leap, jump, spring, etc..
# Copyright (C) 2019-2020 Anastas Dancha (aka @anapsix)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@anapsix
anapsix / kubectl_with_ssh_jumphost.sh
Last active Sep 30, 2019
Wrapper for kubectl to automatically establish SSH connection to jumphost, though which to proxy requests to K8s API
View kubectl_with_ssh_jumphost.sh
#!/usr/bin/env bash
#
# DEPRECATED
# use k8s-vault instead
# https://gist.github.com/anapsix/b5af204162c866431cd5640aef769610
#
#
# Wrapper for kubectl to establish SSH connection to jumphost,
# though which to proxy requests to K8s API
#
@anapsix
anapsix / cronjob_with_exec_timeout.yaml
Last active Feb 1, 2019
K8s CronJob with execution timeout implemented via livenessProbe
View cronjob_with_exec_timeout.yaml
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: do-something-job
namespace: scheduled-tasks
spec:
schedule: "*/2 * * * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
@anapsix
anapsix / helm_tls_wrapper.sh
Last active Oct 28, 2020
Helm CLI wrapper making it easier to work with multiple clusters when using TLS-enabled Tiller
View helm_tls_wrapper.sh
#!/usr/bin/env bash
#
# this script is a helpful wrapper for Helm CLI, when using TLS enabled Tiller
# See https://github.com/helm/helm/blob/master/docs/tiller_ssl.md
#
# === NOTE ===
# It will attempt to download Helm binary to match Helm Server version
# if it's not found locally
#
# === INSTRUCTIONS ===
@anapsix
anapsix / rmq_passwd_hash.py
Created May 22, 2018
generate RabbitMQ compatible SHA256 password hash
View rmq_passwd_hash.py
#!/usr/bin/env python
# details on rabbitMQ password hashing
# https://www.rabbitmq.com/passwords.html#computing-password-hash
from __future__ import print_function
import base64
import os
import hashlib
import struct
import getpass