besteban1989

# Run busybox 
kubectl run -i --tty busybox --image=busybox --restart=Never -- sh

# Run SSH-client
kubectl run -i --tty ssh-client --image=kroniak/ssh-client --restart=Never -- sh

# Run busybox with curl included
kubectl run -i --tty busybox --image=yauritux/busybox-curl --restart=Never -- sh

# Test network connectivy by running netcat 

besteban1989

# List all resources on the current subscription
az resource list --query "[].[name, id, location, type, resourceGroup]" -o tsv > resources.txt

# Purge container registry and keep the last 3 tags for each repo
# Remove the --dry-run to execute the deletion
PURGE_CMD="acr purge \
  --filter '.*:.*' \
  --ago 0d --untagged --keep 3 --dry-run"

az acr run \

besteban1989

-- Add an Azure AD user, make sure your connection is set to the target database
CREATE USER [the.email@domain.com] FROM EXTERNAL PROVIDER
GO

ALTER ROLE db_datareader ADD MEMBER [the.email@domain.com]

besteban1989

# method 1: if icmp is enabled in the target server then 
ping $DESTINATION_IP

# method 2: run telnet on a port where a service is listening. The target port must be binded (a service listening) so the test can be performed. 
telnet $DESTINATION_IP $PORT

# method 3 in case there is no service listening you can ask the target server owner/operator to install netcat. 
## A. In the destination server run netcat with -l <port>. Netcat will bind to the specified port in order to listen. This is handy when there is no services running but want to ensure connectivity exists. 
netcat -l $PORTNUMBER
## B. In the source server you can run telnet or netcat in order to test the connectivity to the destination server: 

besteban1989

# To get the images from deployments 
kubectl get deploy -n YOUR_NAMESPACE -o jsonpath="{.items[*].spec.template.spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n'

# To get the images from pods (it can be duplicates, needs to be removed with commands) 
kubectl get pods -n YOUR_NAMESPACE -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c

besteban1989

# Delete pod identity 
AADVERSION='v1.6.3'
kubectl delete -f https://raw.githubusercontent.com/Azure/aad-pod-identity/$AADVERSION/deploy/infra/deployment-rbac.yaml

# If the previous command get stuck, open an additional tab and run the following command 
kubectl get azureassignedidentity -A -o=json | jq '.items[].metadata.finalizers=null' | kubectl apply -f -

kubectl delete -f https://raw.githubusercontent.com/Azure/aad-pod-identity/$AADVERSION/deploy/infra/mic-exception.yaml

# Install pod identity 

besteban1989

# Update the PVC directly and run kubectl apply 
# WARNING: DO NOT UPDATE THE PV, THE PVC WILL TAKE CARE OF THAT!!! 
# INFO: THE CHANGE MAY TAKE 1 OR 2 MINUTES TO BE COMPLETED BY THE CLOUD PROVIDER. IN SOME CASES A RESTART OF POD THAT UTILIZES THE PVC WILL RELEASE LOCKS.

# Docs for GKE: https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/volume-expansion

besteban1989

# Login to registry 
helm registry login [the-container-registry] \
  --username [username] \
  --password [password]

# pull helm chart locally
helm pull oci://[the-container-registry]/[chart-name] --version [version]

besteban1989

# show bash history of commands for all users, replace the * with a user name to filter the results to a specific user. 
sudo su
grep -e "$pattern" /home/*/.bash_history

besteban1989

RG=<resource-group-name>
AKSNAME=<aks-name> 
# Get networking load balancer SKU
az aks show -g $RG -n $AKSNAME --query networkProfile.loadBalancerSku
# Get outbound type 
az aks show -g $RG -n $AKSNAME --query networkProfile.outboundType
# Get load balancer IP for outbound traffic (useful to whitelist AKS requests in 3rd party systems)
PUBLIC_IP_RESOURCE_ID=`az aks show -g $RG -n $AKSNAME --query "networkProfile.loadBalancerProfile.effectiveOutboundIPs[].id" -o tsv`

# Get IP address