Skip to content

Instantly share code, notes, and snippets.

Austin Heiman atheiman

Block or report user

Report or block atheiman

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
atheiman /
Created Oct 22, 2019
ec2 user_data snippets
# get instance attrs
INSTANCE_ID=$(curl -s
PRIVATE_IP=$(curl -s
# get asg name
ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --region us-east-1 --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
# get tags
aws ec2 describe-tags --region us-east-1 --filters "Name=resource-id,Values=${INSTANCE_ID}"
atheiman / export-files-job.yaml
Last active Aug 17, 2019
Generate job artifacts in an initContainer and export the files to workstation afterwards.
View export-files-job.yaml
# Allows copying of job files to local after execution. Example copy command:
# kubectl apply -f ./export-file-job.yaml
# POD=$(kubectl get pod --selector=job-name=export-files -o jsonpath='{.items[0]}')
# kubectl wait pod/$POD --for=condition=ready
# until kubectl logs $POD | grep 'Ready for download'; do sleep 2; done
# kubectl cp $ ./job-files-$(date +"%Y%m%d%H%M").zip
# Another option would be for the `export-files` container to be a webserver to
# serve of the artifact files to be downloaded with `kubectl port-forward ...`.
atheiman /
Last active Aug 2, 2019
verify dind (docker in docker) working on each node of a kubernetes cluster

Check the logs of the docker container in each pod of the deploy to verify dind is working on your kubernetes cluster. Pods will restart if they cannot talk to docker server.

atheiman /
Last active Oct 7, 2019
Run local tiller pointing at kubernetes cluster
# If there are helm configmaps in `some-namespace`, this will let you interact with the helm releases
export TILLER_NAMESPACE=some-namespace
export HELM_HOST="localhost:44134"
tiller -listen ${HELM_HOST} -alsologtostderr > /dev/null 2>&1 &
helm ls
atheiman / c7n-trailcreator.txt
Created May 30, 2019
cloud custodian trailcreator no workey
View c7n-trailcreator.txt
cloud-custodian $ python3 -m venv ~/tmp/c7n-trailcreator
cloud-custodian $ source ~/tmp/c7n-trailcreator/bin/activate
(c7n-trailcreator) cloud-custodian $ python -V
Python 3.6.2
(c7n-trailcreator) cloud-custodian $ pip freeze
You are using pip version 9.0.1, however version 19.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(c7n-trailcreator) cloud-custodian $ pip install c7n_trailcreator
Collecting c7n_trailcreator
Using cached
atheiman /
Last active Jun 5, 2019
Vault secret saved as file in app pod

These Kubernetes resource manifest yaml files demonstrate

  1. vault.yaml
  • setting up a test vault service
  • configuring the vault service with kubernetes auth and a role for a test app
  1. app.yaml
  • running an app with a vault-init initContainer to login to vault and obtain a token
  • a vault-secret-manager container to continuously interact with vault throughout the lifecycle of the app
  • an app container to use the secret saved by the vault-secret-manager container
atheiman /
Last active Oct 29, 2018
Vault Kubernetes Auth Notes

Setting up Kubernetes auth backend on Vault. I did this by running Vault server in dev mode in minikube. Files referenced in the commands below are included as other files in this gist.

Run Vault server in the vault-ns namespace in minikube and expose it as a service

kubectl create namespace vault-ns
kubectl --namespace=vault-ns run vault --image=vault --port=8200 -- vault server -dev -dev-listen-address= -dev-root-token-id=root-token
kubectl --namespace=vault-ns expose deployment vault --type=NodePort --port=80 --target-port=8200
minikube service --namespace vault-ns vault --url 
atheiman /
Created May 3, 2018
Run nginx in docker container to serve PWD
docker run --rm -d -p 8080:80 -v ${PWD}:/usr/share/nginx/html:ro nginx
# outputs docker container id
curl http://localhost:8080/
docker stop <container_id>
View i_have_no_idea_what_im_doing.rb
# You run an e-commerce website and want to record the last N order ids in a log. Implement a data structure to accomplish this, with the following API:
# record(order_id): adds the order_id to the log
# get_last(i): gets the ith last element from the log. i is guaranteed to be smaller than or equal to N.
require 'rspec'
class RingBuffer < Array
attr_reader :max
You can’t perform that action at this time.