Skip to content

Instantly share code, notes, and snippets.

View antigenius0910's full-sized avatar

Yen antigenius0910

20 followers · 30 following
  • Austin
View GitHub Profile
@antigenius0910
antigenius0910 / list-all-access-keys.sh
Created January 6, 2023 08:44 — forked from mafonso/list-all-access-keys.sh
List Access Keys for all IAM users
#!/usr/bin/env bash
for user in $(aws iam list-users --output text | awk '{print $NF}'); do
aws iam list-access-keys --user $user --output text
test $? -gt 128 && exit
done
@antigenius0910
antigenius0910 / instant_log.py
Last active November 3, 2022 09:49
Cloudflare instant log
import json
import requests
import websockets
import asyncio
import os
import urllib.request
url = "https://api.cloudflare.com/client/v4/"
x_auth_token = os.environ['CLOUDFLARE_LOG_READ_TOKEN']
@antigenius0910
antigenius0910 / gist:0f9ce8a1ea38f8ead66b4b0b1ab30146
Created April 5, 2022 16:26
Kiali as an example
resource "kubernetes_manifest" "virtualservice_istio_system_kiali_vs" {
depends_on = [
kubernetes_manifest.k8s-istio-gateway
]
provider = kubernetes
manifest = {
"apiVersion" = "networking.istio.io/v1alpha3"
"kind" = "VirtualService"
"metadata" = {
"name" = "kiali-vs"
@antigenius0910
antigenius0910 / gist:223fcd0200435608cd8436946fb60803
Created April 5, 2022 16:24
Your setup for Istio gateway
resource "kubernetes_manifest" "k8s-istio-gateway" {
depends_on = [
kubernetes_manifest.k8s-wildcard-cert
]
provider = kubernetes
manifest = {
"apiVersion" = "networking.istio.io/v1alpha3"
"kind" = "Gateway"
"metadata" = {
name = "istio-gateway"
@antigenius0910
antigenius0910 / gist:23e9e2d9af08bd58c2eaf2197631482a
Created April 5, 2022 16:22
create a Certificate with cert-manager
resource "kubernetes_manifest" "k8s-wildcard-cert" {
depends_on = [
kubectl_manifest.origin-ca-issuer
]
manifest = {
"apiVersion" = "cert-manager.io/v1"
"kind" = "Certificate"
"metadata" = {
name = "k8s-wildcard-cert"
@antigenius0910
antigenius0910 / gist:bccd2ff8d661171eee3c00bef75c1185
Created April 5, 2022 16:20
This OriginIssuer resource creates a binding between cert-manager and the Cloudflare API for an account.
data "kubectl_filename_list" "origin-ca-issuer" {
pattern = "./origin-ca-issuer/issuer.yaml"
}
resource "kubectl_manifest" "origin-ca-issuer" {
depends_on = [
kubernetes_secret.origin-ca-key
]
count = length(data.kubectl_filename_list.origin-ca-issuer.matches)
yaml_body = file(element(data.kubectl_filename_list.origin-ca-issuer.matches, count.index))
@antigenius0910
antigenius0910 / gist:548254149b08437322eb4d45137fb7df
Last active April 5, 2022 16:31
Origin CA Key from API Token section of your Cloudflare
resource "kubernetes_secret" "origin-ca-key" {
metadata {
name = "origin-ca-key"
namespace = "istio-system"
}
data = {
key = var.origin-ca-key
}
}
@antigenius0910
antigenius0910 / gitstfile1.tf
Last active April 5, 2022 16:17
this helm chart will take care of rbac, deployment and serviceaccount
resource "helm_release" "origin-ca-issuer" {
depends_on = [
kubernetes_namespace.origin-ca-issuer-system
]
name = "origin-ca-issuer"
namespace = data.kubernetes_namespace.origin-ca-issuer-system.metadata[0].name
chart = "./origin-ca-issuer/deploy/charts/origin-ca-issuer/."
version = "0.5.0"
create_namespace = false
values = [
@antigenius0910
antigenius0910 / gist:39544a337315c34f128879c25702fd08
Last active April 5, 2022 16:29
Third, create namespace
resource "kubernetes_namespace" "origin-ca-issuer-system" {
depends_on = [
kubectl_manifest.origin-ca-issuer-crds
]
metadata {
annotations = {
name = "origin-ca-issuer-system"
}
labels = merge(
local.tags,
@antigenius0910
antigenius0910 / gist:ed538adefee5507a202cde2f32d64c35
Created April 5, 2022 16:02
Second, create origin-ca-issuer-crds
variable "manifestversion" {
type = string
description = "origin-ca-issuer CustomResourceDefinition resources version"
default = "v0.6.1"
}
data "http" "manifestfile" {
url = "https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/${var.manifestversion}/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml"
}