Brian Fleming bfleming-ciena

## dumpaz.sh
# Dumps all resources in all subscriptions and pulls fields related to the resource and most
# importantly, the tags currently applied.
#
# I was using this to import into an excel spreadsheet, which we then reviewed and modified the tag values.
# Then I would dump the spreadsheet back to csv and feed it into the python script which would go and
# update the tags.
echo "id,location,it_Environment,it_App,it_Role,it_Owner,name,resource group,kind,type,tags"
for i in $(az account list -o tsv|cut -f2); do
    az resource list --subscription="$i" | jq -r '.[] | [.id,.location,"","","","",.name,.resourceGroup,.kind,.type,(.tags | tostring)] | @csv'
done

## gist:b1a66fa94a6c6f962a3b9cd91570bf0b
2019-04-18T18:00:09.690 [Information] Executing 'Functions.azure-auto-tag-creator' (Reason='This function was programmatically called via the host APIs.', Id=b265df84-a1cf-4fb2-b8bb-611c0d54b721)
2019-04-18T18:00:09.806 [Error] Executed 'Functions.azure-auto-tag-creator' (Failed, Id=b265df84-a1cf-4fb2-b8bb-611c0d54b721)
Result: Failure
Exception: ValueError: time data '9999-12-31T23:59:59.9999999+00:00' does not match format '%Y-%m-%dT%H:%M:%S.%fZ'
Stack:   File "/root/.pyenv/versions/3.6.8/lib/python3.6/site-packages/azure/functions_worker/dispatcher.py", line 273, in _handle__invocation_request
    pytype=pb_type_info.pytype)
  File "/root/.pyenv/versions/3.6.8/lib/python3.6/site-packages/azure/functions_worker/bindings/meta.py", line 296, in from_incoming_proto
    trigger_metadata=trigger_metadata)
  File "/root/.pyenv/versions/3.6.8/lib/python3.6/site-packages/azure/functions_worker/bindings/queue.py", line 89, in from_proto
    trigger_metadata, 'ExpirationTime'),

## gist:1513f7b9f379aa8c9da3f9677bf490b9
~ module.vms_dmz_sqldmz.module.SQLDMZ1.azurerm_virtual_machine.vm-windows-with-datadisk
      boot_diagnostics.0.enabled:     "false" => "true"
      boot_diagnostics.0.storage_uri: "https://clustwitsqldmzdr77aa.blob.core.windows.net" => "https://clustwitsqldmzdr77aa.blob.core.windows.net/"


Running appy repeatedly finds the same change.


## gist:fd168f7475af46bbd5ff6fe9aa93215e
count = length(list)


lookup(list[count.index], "subscription_id")


## gist:492075edcfc3e51874f3a66f7e49ed33

Deployment

Update kube-apiserver (it is under the service kubernetes) in rancher via the UI.

click upgrade

Replace the command line with this. The IP range is my cluster IP range, yours could be different, just use what was there for you.

kube-apiserver --storage-backend=etcd2 --storage-media-type=application/json --service-cluster-ip-range=10.43.0.0/16 --etcd-servers=http://etcd.kubernetes.rancher.internal:2379 --insecure-bind-address=0.0.0.0 --insecure-port=0 --cloud-provider=rancher --allow_privileged=true --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota,MutatingAdmissionWebhook,ValidatingAdmissionWebhook --client-ca-file=/etc/kubernetes/ssl/ca.pem --tls-cert-file=/etc/kubernetes/ssl/cert.pem --tls-private-key-file=/etc/kubernetes/ssl/key.pem --kubelet-client-certificate=/etc/kubernetes/ssl/cert.pem --kubelet-client-key=/etc/kubernetes/ssl/key.pem --runtime-config=batch/v2alpha1 --anonymous-auth=false --a

## gist:337fb43582cc02694ab1ff7e5db42689
# Sorry for not mentioning the credit to the original author. I lost the original link. I just added the namespace to the picture.
function kube_context() {
    # could have used $?, but it was easier with a string compare
    local ctx=$(kubectl config current-context 2>&1)
    local ns=$(kubectl config get-contexts --no-headers | grep '*' | awk '{print $5}')

    if [ "${ctx}" != "error: current-context is not set" ]; then
        echo -n "<${ctx}:$ns> "
    fi
}

## gist:018882175ffa8efb57a7d594385cd6c7
-- My need was to include nodes outside of my k8s cluster for monitoring.
-- Thanks to @amalucelli for originally posting this.
-- https://github.com/coreos/prometheus-operator/issues/834
--
-- This is tested with k8s 1.9, and .17 prometheus operator, using the pre-built deployment at
-- https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus/README.md
-- Steps: Deploy per the script above, and then apply these objects. Should appear in granfa after a short time.

kind: Service
apiVersion: v1

## gist:24fdb54eb076e45bc952dc44669646c4
gitfs_remotes:
  - http://ourrepo/repos/sxa/repo.git:
    - saltenv:
      - csdev:
        - ref: salt-csdev
        - root: 'salt/env'

## kafka.service
[Unit]
Description=Apache Kafka server (broker)
Documentation=http://kafka.apache.org/documentation.html
Requires=network.target remote-fs.target
After=network.target remote-fs.target

[Service]
Type=simple
PIDFile=/var/run/kafka.pid
User=kafka

## gist:d4bb7cb5a87862f22719
ip route show
default via 10.9.248.1 dev eth0
10.9.248.0/25 dev eth0  proto kernel  scope link  src 10.9.248.101

after ifup eth0:0

ip route show
default via 10.9.248.1 dev eth0
10.9.248.0/25 dev eth0  proto kernel  scope link  src 10.9.248.101
10.9.248.128/25 dev eth0  proto kernel  scope link  src 10.9.248.180
	# Dumps all resources in all subscriptions and pulls fields related to the resource and most
	# importantly, the tags currently applied.
	#
	# I was using this to import into an excel spreadsheet, which we then reviewed and modified the tag values.
	# Then I would dump the spreadsheet back to csv and feed it into the python script which would go and
	# update the tags.
	echo "id,location,it_Environment,it_App,it_Role,it_Owner,name,resource group,kind,type,tags"
	for i in $(az account list -o tsv\|cut -f2); do
	az resource list --subscription="$i" \| jq -r '.[] \| [.id,.location,"","","","",.name,.resourceGroup,.kind,.type,(.tags \| tostring)] \| @csv'
	done
	2019-04-18T18:00:09.690 [Information] Executing 'Functions.azure-auto-tag-creator' (Reason='This function was programmatically called via the host APIs.', Id=b265df84-a1cf-4fb2-b8bb-611c0d54b721)
	2019-04-18T18:00:09.806 [Error] Executed 'Functions.azure-auto-tag-creator' (Failed, Id=b265df84-a1cf-4fb2-b8bb-611c0d54b721)
	Result: Failure
	Exception: ValueError: time data '9999-12-31T23:59:59.9999999+00:00' does not match format '%Y-%m-%dT%H:%M:%S.%fZ'
	Stack: File "/root/.pyenv/versions/3.6.8/lib/python3.6/site-packages/azure/functions_worker/dispatcher.py", line 273, in _handle__invocation_request
	pytype=pb_type_info.pytype)
	File "/root/.pyenv/versions/3.6.8/lib/python3.6/site-packages/azure/functions_worker/bindings/meta.py", line 296, in from_incoming_proto
	trigger_metadata=trigger_metadata)
	File "/root/.pyenv/versions/3.6.8/lib/python3.6/site-packages/azure/functions_worker/bindings/queue.py", line 89, in from_proto
	trigger_metadata, 'ExpirationTime'),
	~ module.vms_dmz_sqldmz.module.SQLDMZ1.azurerm_virtual_machine.vm-windows-with-datadisk
	boot_diagnostics.0.enabled: "false" => "true"
	boot_diagnostics.0.storage_uri: "https://clustwitsqldmzdr77aa.blob.core.windows.net" => "https://clustwitsqldmzdr77aa.blob.core.windows.net/"


	Running appy repeatedly finds the same change.
	count = length(list)


	lookup(list[count.index], "subscription_id")

	Deployment

	Update kube-apiserver (it is under the service kubernetes) in rancher via the UI.

	click upgrade

	Replace the command line with this. The IP range is my cluster IP range, yours could be different, just use what was there for you.

	kube-apiserver --storage-backend=etcd2 --storage-media-type=application/json --service-cluster-ip-range=10.43.0.0/16 --etcd-servers=http://etcd.kubernetes.rancher.internal:2379 --insecure-bind-address=0.0.0.0 --insecure-port=0 --cloud-provider=rancher --allow_privileged=true --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota,MutatingAdmissionWebhook,ValidatingAdmissionWebhook --client-ca-file=/etc/kubernetes/ssl/ca.pem --tls-cert-file=/etc/kubernetes/ssl/cert.pem --tls-private-key-file=/etc/kubernetes/ssl/key.pem --kubelet-client-certificate=/etc/kubernetes/ssl/cert.pem --kubelet-client-key=/etc/kubernetes/ssl/key.pem --runtime-config=batch/v2alpha1 --anonymous-auth=false --a
	# Sorry for not mentioning the credit to the original author. I lost the original link. I just added the namespace to the picture.
	function kube_context() {
	# could have used $?, but it was easier with a string compare
	local ctx=$(kubectl config current-context 2>&1)
	local ns=$(kubectl config get-contexts --no-headers \| grep '*' \| awk '{print $5}')

	if [ "${ctx}" != "error: current-context is not set" ]; then
	echo -n "<${ctx}:$ns> "
	fi
	}
	-- My need was to include nodes outside of my k8s cluster for monitoring.
	-- Thanks to @amalucelli for originally posting this.
	-- https://github.com/coreos/prometheus-operator/issues/834
	--
	-- This is tested with k8s 1.9, and .17 prometheus operator, using the pre-built deployment at
	-- https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus/README.md
	-- Steps: Deploy per the script above, and then apply these objects. Should appear in granfa after a short time.

	kind: Service
	apiVersion: v1
	gitfs_remotes:
	- http://ourrepo/repos/sxa/repo.git:
	- saltenv:
	- csdev:
	- ref: salt-csdev
	- root: 'salt/env'
	[Unit]
	Description=Apache Kafka server (broker)
	Documentation=http://kafka.apache.org/documentation.html
	Requires=network.target remote-fs.target
	After=network.target remote-fs.target

	[Service]
	Type=simple
	PIDFile=/var/run/kafka.pid
	User=kafka
	ip route show
	default via 10.9.248.1 dev eth0
	10.9.248.0/25 dev eth0 proto kernel scope link src 10.9.248.101

	after ifup eth0:0

	ip route show
	default via 10.9.248.1 dev eth0
	10.9.248.0/25 dev eth0 proto kernel scope link src 10.9.248.101
	10.9.248.128/25 dev eth0 proto kernel scope link src 10.9.248.180