Skip to content

Instantly share code, notes, and snippets.

Austin Heiman atheiman

Block or report user

Report or block atheiman

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@atheiman
atheiman / export-files-job.yaml
Last active Aug 17, 2019
Generate job artifacts in an initContainer and export the files to workstation afterwards.
View export-files-job.yaml
# Allows copying of job files to local after execution. Example copy command:
#
# kubectl apply -f ./export-file-job.yaml
# POD=$(kubectl get pod --selector=job-name=export-files -o jsonpath='{.items[0].metadata.name}')
# kubectl wait pod/$POD --for=condition=ready
# until kubectl logs $POD | grep 'Ready for download'; do sleep 2; done
# kubectl cp $POD:files.zip ./job-files-$(date +"%Y%m%d%H%M").zip
#
# Another option would be for the `export-files` container to be a webserver to
# serve of the artifact files to be downloaded with `kubectl port-forward ...`.
@atheiman
atheiman / README.md
Last active Aug 2, 2019
verify dind (docker in docker) working on each node of a kubernetes cluster
View README.md

Check the logs of the docker container in each pod of the deploy to verify dind is working on your kubernetes cluster. Pods will restart if they cannot talk to docker server.

@atheiman
atheiman / local-tiller.sh
Created Jul 29, 2019
Run local tiller pointing at kubernetes cluster
View local-tiller.sh
# If there are helm configmaps in `some-namespace`, this will let you interact with the helm releases
kubens some-namespace
export TILLER_NAMESPACE=some-namespace
export HELM_HOST="localhost:44134"
tiller -listen ${HELM_HOST} -alsologtostderr > /dev/null 2>&1 &
helm ls
@atheiman
atheiman / c7n-trailcreator.txt
Created May 30, 2019
cloud custodian trailcreator no workey
View c7n-trailcreator.txt
cloud-custodian $ python3 -m venv ~/tmp/c7n-trailcreator
cloud-custodian $ source ~/tmp/c7n-trailcreator/bin/activate
(c7n-trailcreator) cloud-custodian $ python -V
Python 3.6.2
(c7n-trailcreator) cloud-custodian $ pip freeze
You are using pip version 9.0.1, however version 19.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(c7n-trailcreator) cloud-custodian $ pip install c7n_trailcreator
Collecting c7n_trailcreator
Using cached https://files.pythonhosted.org/packages/f0/ec/9fba246762951275d6f9556eaae4885bc52ff32c8334a46e69c33cc9b4cf/c7n_trailcreator-0.1.2.tar.gz
@atheiman
atheiman / ideal-webhook-definition.yaml
Last active Apr 5, 2019
How I wish k8s admission webhooks could be defined
View ideal-webhook-definition.yaml
matchers:
- [ "metadata", "annotations", "example.com/label-key" ]
- [ "metadata", "annotations", "example.com/label-value" ]
approve: true
patches:
- upsert: # adds appropriate JSON Patch for add or replace
key:
ref: [ “metadata”, “annotations”, “example.com/label-key” ]
value:
ref: [ “metadata”, “annotations”, “example.com/label-value” ]
@atheiman
atheiman / README.md
Last active Jun 5, 2019
Vault secret saved as file in app pod
View README.md

These Kubernetes resource manifest yaml files demonstrate

  1. vault.yaml
  • setting up a test vault service
  • configuring the vault service with kubernetes auth and a role for a test app
  1. app.yaml
  • running an app with a vault-init initContainer to login to vault and obtain a token
  • a vault-secret-manager container to continuously interact with vault throughout the lifecycle of the app
  • an app container to use the secret saved by the vault-secret-manager container
@atheiman
atheiman / README.md
Last active Oct 29, 2018
Vault Kubernetes Auth Notes
View README.md

Setting up Kubernetes auth backend on Vault. I did this by running Vault server in dev mode in minikube. Files referenced in the commands below are included as other files in this gist.

Run Vault server in the vault-ns namespace in minikube and expose it as a service

kubectl create namespace vault-ns
kubectl --namespace=vault-ns run vault --image=vault --port=8200 -- vault server -dev -dev-listen-address=0.0.0.0:8200 -dev-root-token-id=root-token
kubectl --namespace=vault-ns expose deployment vault --type=NodePort --port=80 --target-port=8200
minikube service --namespace vault-ns vault --url 
@atheiman
atheiman / docker_run_nginx.sh
Created May 3, 2018
Run nginx in docker container to serve PWD
View docker_run_nginx.sh
docker run --rm -d -p 8080:80 -v ${PWD}:/usr/share/nginx/html:ro nginx
# outputs docker container id
curl http://localhost:8080/
docker stop <container_id>
View i_have_no_idea_what_im_doing.rb
# You run an e-commerce website and want to record the last N order ids in a log. Implement a data structure to accomplish this, with the following API:
# record(order_id): adds the order_id to the log
# get_last(i): gets the ith last element from the log. i is guaranteed to be smaller than or equal to N.
require 'rspec'
class RingBuffer < Array
attr_reader :max
You can’t perform that action at this time.