besteban1989

# Check java settings within a pod
kubectl exec -it <pod> bash

java -XshowSettings:system -version

# Useful docs at https://developers.redhat.com/articles/2022/04/19/java-17-whats-new-openjdks-container-awareness#tuning_defaults_for_containers

# Setup options via JAVA_TOOL_OPTIONS, https://circleci.com/docs/java-oom/#javatooloptions
# Specify -XX:+UseZGC garbage collector for service with high memory requirements. https://www.linkedin.com/pulse/jdk-17-g1gc-vs-zgc-usage-core-exchange-application-performance-raza
- name: JAVA_TOOL_OPTIONS

besteban1989

# Connect using Azure Bastion with Native Client 
az login 
az account set --subscription "<your-subscription>"
az network bastion rdp --name "<bastion-name>" --resource-group "<bastion-rg>" --target-resource-id "<resource-id-of-vm>"

besteban1989

RG=<resource-group-name>
AKSNAME=<aks-name> 
# Get networking load balancer SKU
az aks show -g $RG -n $AKSNAME --query networkProfile.loadBalancerSku
# Get outbound type 
az aks show -g $RG -n $AKSNAME --query networkProfile.outboundType
# Get load balancer IP for outbound traffic (useful to whitelist AKS requests in 3rd party systems)
PUBLIC_IP_RESOURCE_ID=`az aks show -g $RG -n $AKSNAME --query "networkProfile.loadBalancerProfile.effectiveOutboundIPs[].id" -o tsv`

# Get IP address

besteban1989

# show bash history of commands for all users, replace the * with a user name to filter the results to a specific user. 
sudo su
grep -e "$pattern" /home/*/.bash_history

besteban1989

# Login to registry 
helm registry login [the-container-registry] \
  --username [username] \
  --password [password]

# pull helm chart locally
helm pull oci://[the-container-registry]/[chart-name] --version [version]

besteban1989

# Update the PVC directly and run kubectl apply 
# WARNING: DO NOT UPDATE THE PV, THE PVC WILL TAKE CARE OF THAT!!! 
# INFO: THE CHANGE MAY TAKE 1 OR 2 MINUTES TO BE COMPLETED BY THE CLOUD PROVIDER. IN SOME CASES A RESTART OF POD THAT UTILIZES THE PVC WILL RELEASE LOCKS.

# Docs for GKE: https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/volume-expansion

besteban1989

# Delete pod identity 
AADVERSION='v1.6.3'
kubectl delete -f https://raw.githubusercontent.com/Azure/aad-pod-identity/$AADVERSION/deploy/infra/deployment-rbac.yaml

# If the previous command get stuck, open an additional tab and run the following command 
kubectl get azureassignedidentity -A -o=json | jq '.items[].metadata.finalizers=null' | kubectl apply -f -

kubectl delete -f https://raw.githubusercontent.com/Azure/aad-pod-identity/$AADVERSION/deploy/infra/mic-exception.yaml

# Install pod identity 

besteban1989

# To get the images from deployments 
kubectl get deploy -n YOUR_NAMESPACE -o jsonpath="{.items[*].spec.template.spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n'

# To get the images from pods (it can be duplicates, needs to be removed with commands) 
kubectl get pods -n YOUR_NAMESPACE -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c

besteban1989

# method 1: if icmp is enabled in the target server then 
ping $DESTINATION_IP

# method 2: run telnet on a port where a service is listening. The target port must be binded (a service listening) so the test can be performed. 
telnet $DESTINATION_IP $PORT

# method 3 in case there is no service listening you can ask the target server owner/operator to install netcat. 
## A. In the destination server run netcat with -l <port>. Netcat will bind to the specified port in order to listen. This is handy when there is no services running but want to ensure connectivity exists. 
netcat -l $PORTNUMBER
## B. In the source server you can run telnet or netcat in order to test the connectivity to the destination server: 

besteban1989

-- Add an Azure AD user, make sure your connection is set to the target database
CREATE USER [the.email@domain.com] FROM EXTERNAL PROVIDER
GO

ALTER ROLE db_datareader ADD MEMBER [the.email@domain.com]