Anastas Dancha anapsix

## export_route53_zone.sh
#!/bin/bash

case $1 in
  --name)
    shift
    zonename="$1"
    hostedzoneid=($(aws route53 list-hosted-zones | jq -r ".HostedZones[] | select(.Name == \"$zonename.\") | .Id" | cut -d'/' -f3))
    if [ ${#hostedzoneid[@]} -eq 0 ]; then
      echo >&2 "Could not find Route53 zone for \"$zonename\", exiting.."
      exit 1

## check_k8s_certs.sh
#!/usr/bin/env bash

set -e
set -u
set -o pipefail

renew_cert() {
  local cert="${1:-}"
  local renew="n"
  if [[ "${cert:-_unset_}" == "_unset_" ]]; then

## kubectl_with_ssh_jumphost.sh
#!/usr/bin/env bash
#
# DEPRECATED
# use k8s-vault instead
# https://gist.github.com/anapsix/b5af204162c866431cd5640aef769610
#
#
# Wrapper for kubectl to establish SSH connection to jumphost,
# though which to proxy requests to K8s API
#

## kinesis_consumer.php
<?php
// if running in Alpine, install the following
// apk -U add php7 php7-mbstring php7-simplexml php7-json php7-phar php7-openssl curl
// curl -sS https://getcomposer.org/installer | php
// php composer.phar require aws/aws-sdk-php
//
// export AWS_ACCESS_KEY_ID=...
// export AWS_SECRET_ACCESS_KEY=...
if (getenv('KINESIS_STREAM')) {
    $streamName = getenv('KINESIS_STREAM');

## generate_firewall_rules.jq
##############################################################################
# this JQ script parses Cloudflare API call listing Firewall Rules
# and generates cloudflare_filter_and cloudflare_firewall_rule
##############################################################################
# Copyright (c) 2020 Anastas Dancha (@anapsix)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

## helm_tls_wrapper.sh
#!/usr/bin/env bash
#
# this script is a helpful wrapper for Helm CLI, when using TLS enabled Tiller
# See https://github.com/helm/helm/blob/master/docs/tiller_ssl.md
#
# === NOTE ===
# It will attempt to download Helm binary to match Helm Server version
# if it's not found locally
#
# === INSTRUCTIONS ===

## mouse_latlon.py
#!/usr/bin/env python
# I didn't write this
# many examples exist on StackOverflow, etc..
#
# Note: you'll need python-xlib, python-gtk
# sudo apt-get install python-xlib python-gtk2
#

import sys
import os

## check_dns.sh
#!/usr/bin/env bash
#
## example running it from cron
# MAILTO=""
# SHELL=/bin/bash
# VERBOSE=1
# CMD_ON_FAILURE='/etc/init.d/nginx reload'
# * * * * * root timeout -k 2 5 /tmp/check_dns.sh upstream.server.com 2>>/var/log/check_dns.log
# * * * * * root sleep 10 && sed -e :a -e '$q;N;501,$D;ba' -i /var/log/check_dns.log
#

## rkind.sh
#!/usr/bin/env bash
#
# RKIND is a naive helper script to start KIND and Rancher Management Server
#

set -u
set -o pipefail

RANCHER_CONTAINER_NAME="rancher-for-kind"
RANCHER_HTTP_HOST_PORT=$[$[RANDOM%9000]+30000]

## aws_metadata_proxy.md

      
        
          
            
              
              1 file
            
          
          
            
              
              1 fork
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                anapsix
                / aws_metadata_proxy.md
            
            
              Created
              December 13, 2017 16:47
            
              
                How to proxy EC2 metadata
              
          
        
      
        
  
      
    How to proxy to EC2 Metadata

Sometimes, you need to use your EC2 instance's credentials to access the AWS resources, for testing, development, etc..
This is how you do it.
Step 1

create 169.254.169.254 on loopback interface
linux

sudo ip a add 169.254.169.254 dev lo
	#!/bin/bash

	case $1 in
	--name)
	shift
	zonename="$1"
	hostedzoneid=($(aws route53 list-hosted-zones \| jq -r ".HostedZones[] \| select(.Name == \"$zonename.\") \| .Id" \| cut -d'/' -f3))
	if [ ${#hostedzoneid[@]} -eq 0 ]; then
	echo >&2 "Could not find Route53 zone for \"$zonename\", exiting.."
	exit 1
	#!/usr/bin/env bash

	set -e
	set -u
	set -o pipefail

	renew_cert() {
	local cert="${1:-}"
	local renew="n"
	if [[ "${cert:-_unset_}" == "_unset_" ]]; then
	#!/usr/bin/env bash
	#
	# DEPRECATED
	# use k8s-vault instead
	# https://gist.github.com/anapsix/b5af204162c866431cd5640aef769610
	#
	#
	# Wrapper for kubectl to establish SSH connection to jumphost,
	# though which to proxy requests to K8s API
	#
	<?php
	// if running in Alpine, install the following
	// apk -U add php7 php7-mbstring php7-simplexml php7-json php7-phar php7-openssl curl
	// curl -sS https://getcomposer.org/installer \| php
	// php composer.phar require aws/aws-sdk-php
	//
	// export AWS_ACCESS_KEY_ID=...
	// export AWS_SECRET_ACCESS_KEY=...
	if (getenv('KINESIS_STREAM')) {
	$streamName = getenv('KINESIS_STREAM');
	##############################################################################
	# this JQ script parses Cloudflare API call listing Firewall Rules
	# and generates cloudflare_filter_and cloudflare_firewall_rule
	##############################################################################
	# Copyright (c) 2020 Anastas Dancha (@anapsix)
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	#!/usr/bin/env bash
	#
	# this script is a helpful wrapper for Helm CLI, when using TLS enabled Tiller
	# See https://github.com/helm/helm/blob/master/docs/tiller_ssl.md
	#
	# === NOTE ===
	# It will attempt to download Helm binary to match Helm Server version
	# if it's not found locally
	#
	# === INSTRUCTIONS ===
	#!/usr/bin/env python
	# I didn't write this
	# many examples exist on StackOverflow, etc..
	#
	# Note: you'll need python-xlib, python-gtk
	# sudo apt-get install python-xlib python-gtk2
	#

	import sys
	import os
	#!/usr/bin/env bash
	#
	## example running it from cron
	# MAILTO=""
	# SHELL=/bin/bash
	# VERBOSE=1
	# CMD_ON_FAILURE='/etc/init.d/nginx reload'
	# * * * * * root timeout -k 2 5 /tmp/check_dns.sh upstream.server.com 2>>/var/log/check_dns.log
	# * * * * * root sleep 10 && sed -e :a -e '$q;N;501,$D;ba' -i /var/log/check_dns.log
	#
	#!/usr/bin/env bash
	#
	# RKIND is a naive helper script to start KIND and Rancher Management Server
	#

	set -u
	set -o pipefail

	RANCHER_CONTAINER_NAME="rancher-for-kind"
	RANCHER_HTTP_HOST_PORT=$[$[RANDOM%9000]+30000]