Skip to content

Instantly share code, notes, and snippets.

Austin Heiman atheiman

Block or report user

Report or block atheiman

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
atheiman / c7n-trailcreator.txt
Created May 30, 2019
cloud custodian trailcreator no workey
View c7n-trailcreator.txt
cloud-custodian $ python3 -m venv ~/tmp/c7n-trailcreator
cloud-custodian $ source ~/tmp/c7n-trailcreator/bin/activate
(c7n-trailcreator) cloud-custodian $ python -V
Python 3.6.2
(c7n-trailcreator) cloud-custodian $ pip freeze
You are using pip version 9.0.1, however version 19.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
(c7n-trailcreator) cloud-custodian $ pip install c7n_trailcreator
Collecting c7n_trailcreator
Using cached
atheiman / ideal-webhook-definition.yaml
Last active Apr 5, 2019
How I wish k8s admission webhooks could be defined
View ideal-webhook-definition.yaml
- [ "metadata", "annotations", "" ]
- [ "metadata", "annotations", "" ]
approve: true
- upsert: # adds appropriate JSON Patch for add or replace
ref: [ “metadata”, “annotations”, “” ]
ref: [ “metadata”, “annotations”, “” ]
atheiman /
Last active Jun 5, 2019
Vault secret saved as file in app pod

These Kubernetes resource manifest yaml files demonstrate

  1. vault.yaml
  • setting up a test vault service
  • configuring the vault service with kubernetes auth and a role for a test app
  1. app.yaml
  • running an app with a vault-init initContainer to login to vault and obtain a token
  • a vault-secret-manager container to continuously interact with vault throughout the lifecycle of the app
  • an app container to use the secret saved by the vault-secret-manager container
atheiman /
Last active Oct 29, 2018
Vault Kubernetes Auth Notes

Setting up Kubernetes auth backend on Vault. I did this by running Vault server in dev mode in minikube. Files referenced in the commands below are included as other files in this gist.

Run Vault server in the vault-ns namespace in minikube and expose it as a service

kubectl create namespace vault-ns
kubectl --namespace=vault-ns run vault --image=vault --port=8200 -- vault server -dev -dev-listen-address= -dev-root-token-id=root-token
kubectl --namespace=vault-ns expose deployment vault --type=NodePort --port=80 --target-port=8200
minikube service --namespace vault-ns vault --url 
atheiman /
Created May 3, 2018
Run nginx in docker container to serve PWD
docker run --rm -d -p 8080:80 -v ${PWD}:/usr/share/nginx/html:ro nginx
# outputs docker container id
curl http://localhost:8080/
docker stop <container_id>
View i_have_no_idea_what_im_doing.rb
# You run an e-commerce website and want to record the last N order ids in a log. Implement a data structure to accomplish this, with the following API:
# record(order_id): adds the order_id to the log
# get_last(i): gets the ith last element from the log. i is guaranteed to be smaller than or equal to N.
require 'rspec'
class RingBuffer < Array
attr_reader :max
View .md

Chef Cookbook Generator

Build Status

Template for creating new cookbooks with chef generate cookbook COOKBOOK_NAME --generator-cookbook:

# install `chef` utility from chef-dk if you dont already have it
gem install --no-document chef-dk
View test_kitchen_sharing_node_data_in_clusters.rb
# chef-nodes is useful to share a nodes attributes with other nodes. if you want to share _converged_ node
# data (more than just ip and hostname from chef-nodes) then you can use test-kitchen >= 1.20.0 which adds
# support for downloading files from nodes after converge via .kitchen.yml:
# provisioner:
# nodes_path: test/fixtures/nodes
# downloads:
# /tmp/kitchen/nodes: test/fixtures/
# this will download node data after converge and drop it into test/fixtures/nodes/node-a.json, node-b.json, etc

Keybase proof

I hereby claim:

  • I am atheiman on github.
  • I am austinheiman ( on keybase.
  • I have a public key ASC2ZiWvCqeAOkMAORKrAfBc6FUubaaHaXHScebkbcth0Ao

To claim this, I am signing this object:

You can’t perform that action at this time.