Skip to content

Instantly share code, notes, and snippets.

View andymotta's full-sized avatar

Andy Motta andymotta

25 followers · 18 following
  • Seattle, WA
View GitHub Profile
@andymotta
andymotta / cloudflare_warp.tf
Created February 20, 2023 17:44
Deploy Cloudflare WARP (VPN tunnel) on Kubernetes
provider "cloudflare" {
api_token = var.cf_api_token
}
variable "cf_api_token" {}
variable "account_id" {}
resource "random_id" "tunnel_secret" {
byte_length = 35
}
@andymotta
andymotta / external-dns.tf
Last active March 24, 2023 23:42
cross-account external-dns on EKS with private Route53 zone
locals {
eks_oidc_issuer_url = "https://${module.eks_blueprints.eks_oidc_issuer_url}"
name = "external-dns"
}
data "tls_certificate" "eks_cluster" {
url = local.eks_oidc_issuer_url
}
resource "aws_iam_openid_connect_provider" "eks_provider" {
@andymotta
andymotta / docker-ingest-node.json
Created November 1, 2021 06:33
Elasticsearch ingest node pipeline for elastic docker logs driver (Swarm)
{
"processors": [
{
"remove": {
"field": [
"agent.ephemeral_id",
"agent.hostname",
"agent.id",
"agent.type",
"agent.version",
@andymotta
andymotta / gcr-get-image-sizes.py
Created May 1, 2020 00:24
Get all image sizes across your GCP organization with tags
import google.auth
from google.auth.transport.requests import AuthorizedSession
### Global vars
REGISTRY_BASE = 'https://us.gcr.io/v2'
###
try:
credentials, project = google.auth.default(scopes=['https://www.googleapis.com/auth/cloud-platform'])
authed_session = AuthorizedSession(credentials)
@andymotta
andymotta / all_running_k8s_images.py
Created April 24, 2020 00:50
Find running images across all of your kubernetes cluster contexts
"""
Lists all the images currently in use in all clusters configured in your .kube/config
"""
from kubernetes import client, config
def main():
all_images = []
contexts, active_context = config.list_kube_config_contexts()
if not contexts:
@andymotta
andymotta / gke_credential_helper.py
Created April 24, 2020 00:49
Log into all Kubernetes Clusters across all your GCP Projects
import json
import os
def projects_list():
projList = []
data = json.loads(os.popen('gcloud projects list --format json').read())
for item in data:
if item['lifecycleState'] == "ACTIVE":
projList.append(item['projectId'])
return projList
@andymotta
andymotta / changes.py
Created April 18, 2019 19:17
IaC Pipeline: Detect changes/errors in Terraform Plan
#!/usr/bin/python
from subprocess import call, check_output, CalledProcessError
import subprocess
import fnmatch
import os
from datetime import datetime
logfile = "changes_" + datetime.now().strftime("%Y%m%d-%H%M%S") + ".log"
@andymotta
andymotta / update_confluence.py
Created April 10, 2019 19:42
Update/create a page containing a table w/ Confluence REST API
#!/usr/bin/env python
'''
Update/create a page containing a table w/ Confluence REST API
'''
import requests
import json
# Get api credentials from local config file
@andymotta
andymotta / cloudformation.groovy
Created April 4, 2019 01:58
Declarative Jenkins Pipeline Cloudformation Release Stage
stage ('Release') {
steps {
script {
def apply = true
def status = null
try {
status = sh(script: "aws cloudformation describe-stacks --stack-name WEBAPP-${STACK_ENV} \
--query Stacks[0].StackStatus --output text --profile ${PROFILE}", returnStdout: true)
apply = true
} catch (err) {
@andymotta
andymotta / microservices.yaml
Last active April 24, 2020 01:01
Kubernetes: Deploy Microservices under the nginx-ingress controller
apiVersion: v1
kind: Service
metadata:
name: product-web
spec:
type: ClusterIP
selector:
app: product-web
ports:
- protocol: TCP