Skip to content

Instantly share code, notes, and snippets.

View full-sized avatar

Armen Rostamian armenr

  • 5thKind + StelthLabs
  • SF || LA - CA
View GitHub Profile
@armenr
armenr / README.md
Last active August 12, 2023 19:34
Cilium vxlan overlay for EKS clusters
View README.md

Cilium vxlan overlay w/ Terraform

Why?

The AWS EKS team works extremely hard. We appreciate all of their effort.

But the aws-vpc-cni requires fine-tuning of complex settings, and:

  1. Limits the number of pods you can run on an EC2, based on the number of ENIs that instance size (or type) can support. Pod density is valuable.
  2. Requires you to play with settings like WARM_ENI_TARGET, WARM_IP_TARGET, WARM_PREFIX_TARGET, etc...
  3. Runs into conditions where Pods get stuck in "Creating," since IP management gets tricky based on cluster pod churn, and aws-vpc-cni...and ENABLE_PREFIX_DELEGATION + branching can lead to a lot of wasted IPs
@armenr
armenr / README.md
Last active September 4, 2023 14:39
Wait for EC2 to Become Reachable
View README.md

EC2 Wait Until Ready

This script is part of a broader library of utilities that are used in conjunction with Terraform...to make life better/easier for Ops & SRE.

Use-Case

Not everything begins and ends with Kubernetes. Sometimes, you've got things to do directly on an EC2. It (almost) always goes the same way:

  1. Create an instance
@armenr
armenr / README.md
Last active May 22, 2023 12:38
terraform null_resource for automatically setting up Cilium + EKS via Cilium CLI
View README.md

Install Cilium on EKS

Example

ENI Mode

The example auto-installs cilium into EKS with the default ENI "datapath" (aka - "mode").

Be sure to roll/restart all running pods upon successful installation. Cilium will restart "unamanaged" pods, but that doesn't mean all pods will get restarted.

@armenr
armenr / install_ncdu_amazon_linux.sh
Created April 21, 2023 14:46 — forked from MrHassanMurtaza/install_ncdu_amazon_linux.sh
Install ncdu on amazon linux 2
View install_ncdu_amazon_linux.sh
#!/bin/bash
# install packages/dependencies for compilation
sudo yum -y install gcc make ncurses-devel
cd /tmp
# the latest version of ncdu is published here: http://dev.yorhel.nl/ncdu
# update the link below if necessary:
wget -nv http://dev.yorhel.nl/download/ncdu-1.10.tar.gz
@armenr
armenr / README.md
Last active April 16, 2023 03:35
Terraform external data source to generate SOPS-encrypted secret files
View README.md

Terraform gen-sops

This example demonstrates how to use terraform's external data provider to automatically encrypt and save sops secrets files.

This implementation makes every effort to avoid exposing secrets in stdout, or by writing unencrypted data to temporary files on disk.

The example includes:

  1. gen-sops.sh script (generates and returns sops-encrypted file contents to terraform)
  2. test_gen-sops.sh script which provides an easy way to continuously test your script
  3. terraform example implementation (vars.tf, sops_secrets.tf)
@armenr
armenr / Dockerfile
Last active November 30, 2022 09:36
ArgoCD 2.5.2 + Extras w/ Helmfile (helmfile, helm-diff, helm-secrets)
View Dockerfile
# syntax=docker/dockerfile:1.4
# follow link regarding ^^: https://hub.docker.com/r/docker/dockerfile
################################################################################
# Straightforward ArgoCD + HelmFile Custom Image
################################################################################
# This Dockerfile allows us to customize the ArgoCD Docker image with additional tooling
# This could be achieved by using a CMP-sidecar, but we'd prefer not to lose hours/days
# fiddling with Argo's as-yet clumsy-feeling plugin sidecar + cmp support.
@armenr
armenr / ssh_key.tf
Created November 21, 2022 12:01 — forked from irvingpop/ssh_key.tf
Terraform external data source example - dynamic SSH key generation
View ssh_key.tf
# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use:
# "${data.external.ssh_key_generator.result.public_key}" (contents)
# "${data.external.ssh_key_generator.result.private_key}" (contents)
# "${data.external.ssh_key_generator.result.private_key_file}" (path)
data "external" "ssh_key_generator" {
program = ["bash", "${path.root}/../ssh_key_generator.sh"]
query = {
customer_name = "${var.customer_name}"
customer_group = "${var.customer_group}"
@armenr
armenr / install_k3s.sh
Created February 19, 2022 19:10
Testing Things - Don't mind me
View install_k3s.sh
#!/bin/sh
set -e
set -o noglob
# Usage:
# curl ... | ENV_VAR=... sh -
# or
# ENV_VAR=... ./install.sh
#
# Example:
View AWS-EKS-Fargate-MySQLAurora-Elasticache.md

Prerequisites

  • EKS Fargate profiles for <fargate-profile-namespace>. Guide
  • EKS Fargate coredns profile for coredns pods to run (create profile for kube-system namespace, refer guide from previous step)
  • EFS CSI Driver installed, mount points set and pv.yaml created. Refer Guide
  • EKS ALB Controller, refer Guide.

Install Helm

Refer Helm Installation to install helm command

@armenr
armenr / Readme.md
Last active December 1, 2021 04:20
A small, lightweight, m1-friendly, fully-portable (yay Docker) kubernetes setup & some goodies
View Readme.md