Skip to content

Instantly share code, notes, and snippets.

Prashanth B bprashanth

Block or report user

Report or block bprashanth

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@bprashanth
bprashanth / mongo.md
Last active Aug 8, 2016
Mongo petset
View mongo.md

MongoDB is document database that supports range and field queries.

Replication

A single server can run either standalone or as part of a replica set. A "replica set" is set of mongod instances with 1 primary. Primary: receives writes, services reads. Can step down and become secondary. Secondary: replicate the primary's oplog. If the primary goes down, secondaries will hold an election. Arbiter: used to achieve majority vote with even members, do not hold data, don't need dedicated nodes. Never becomes primary.

View svc.yaml
apiVersion: v1
kind: Service
metadata:
name: echoheaders-lb
annotations:
service.alpha.kubernetes.io/only-node-local-endpoints: "true"
labels:
app: echoheaders-lb
spec:
type: LoadBalancer
View ingress_manual.md

First make your service type=NodePort

Then create an instance group in UI (console.cloud.google.com), with some pool of instances from one of your zones:

gcloud compute --project $PROJECT instance-groups create unmanaged $K8S_IG
gcloud compute --project $PROJECTinstance-groups unmanaged add-instances $K8S_IG --instances $NODE,$NODE_1...

Add the Service NodePort to the InstanceGroup:

gcloud compute --project $PROJECT instance-groups set-named-ports $K8S_G --named-ports svc1:$SVC1_NODE_PORT
View lp.yaml
apiVersion: v1
kind: Service
metadata:
name: echoheaders
labels:
app: echoheaders
spec:
type: NodePort
ports:
- port: 80
View simple_pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: test
spec:
capacity:
storage: 200Gi
accessModes:
- ReadWriteOnce
gcePersistentDisk:
@bprashanth
bprashanth / laundry.sh
Created Jun 15, 2016
packet laundering
View laundry.sh
#! /bin/bash
until (ifconfig cbr0); do
echo waiting for cbr0
sleep 1
done
CIDR_PREFIX="$(ifconfig cbr0 | grep inet | awk '{print $2}' | awk -F ':' '{print $2}' | awk -F '.' '{print $1"."$2"."$3}')"
echo found CIDR prefix: $CIDR_PREFIX
ip netns add k8s_hairpin_workaround
echo created packet laundering netns k8s_hairpin_workaround
View packet_laundering.md

First create a working service:

apiVersion: v1
kind: Service
metadata:
  name: echoheaders
  labels:
    app: echoheaders
spec:
  # type: NodePort
View intermediate.md

Generate root/intermediate/end certs

Run https://gist.github.com/bprashanth/d79b9810dea8b07a7bb1ccf467be5b66 (some googling + fiddling of how to generate intermediates with openssl, so don't take this as an authoritative guide). That script will create 3 CSRs, one for the root, one for an intermediate, and the last one for the end user. You probably don't care about most of the fields of the CSR execpt for "Common Name", eg:

If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
View generate_ca.sh
#!/bin/bash
mkdir ~/SSLCA/root/
cd ~/SSLCA/root/
openssl genrsa -aes256 -out rootca.key 2048
openssl req -sha256 -new -x509 -days 1826 -key rootca.key -out rootca.crt
touch certindex
echo 1000 > certserial
echo 1000 > crlnumber
echo '
[ ca ]
You can’t perform that action at this time.