Skip to content

Instantly share code, notes, and snippets.

View bprashanth's full-sized avatar

Prashanth B bprashanth

89 followers · 1 following
View GitHub Profile
@bprashanth
bprashanth / packet_laundering.md
Last active March 9, 2023 11:16
Packet laundering

First create a working service:

apiVersion: v1
kind: Service
metadata:
  name: echoheaders
  labels:
    app: echoheaders
spec:
  # type: NodePort
@bprashanth
bprashanth / zk.md
Last active November 8, 2022 09:51

Zookeeper:

# A headless service to create DNS records
apiVersion: v1
kind: Service
metadata:
  name: zk
  labels:
    app: zookeeper
spec:
@bprashanth
bprashanth / generate_ca.sh
Created April 22, 2016 00:56
#!/bin/bash
mkdir ~/SSLCA/root/
cd ~/SSLCA/root/
openssl genrsa -aes256 -out rootca.key 2048
openssl req -sha256 -new -x509 -days 1826 -key rootca.key -out rootca.crt
touch certindex
echo 1000 > certserial
echo 1000 > crlnumber
echo '
[ ca ]
@bprashanth
bprashanth / intermediate.md
Last active August 2, 2019 15:53

Generate root/intermediate/end certs

Run https://gist.github.com/bprashanth/d79b9810dea8b07a7bb1ccf467be5b66 (some googling + fiddling of how to generate intermediates with openssl, so don't take this as an authoritative guide). That script will create 3 CSRs, one for the root, one for an intermediate, and the last one for the end user. You probably don't care about most of the fields of the CSR execpt for "Common Name", eg:

If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
@bprashanth
bprashanth / https-sticky.md
Last active February 19, 2018 18:54
https sticky sessions

Create a backend service that simply serves the pod name, and a frontend haproxy instance that balances based on client cookies.

# This is the backend service
apiVersion: v1
kind: Service
metadata:
  name: hostname
  annotations:
    # Enable sticky-ness on "SERVERID"
    serviceloadbalancer/lb.cookie-sticky-session: "true"
@bprashanth
bprashanth / mongo.md
Last active August 8, 2016 21:04
Mongo petset

MongoDB is document database that supports range and field queries.

Replication

A single server can run either standalone or as part of a replica set. A "replica set" is set of mongod instances with 1 primary. Primary: receives writes, services reads. Can step down and become secondary. Secondary: replicate the primary's oplog. If the primary goes down, secondaries will hold an election. Arbiter: used to achieve majority vote with even members, do not hold data, don't need dedicated nodes. Never becomes primary.

@bprashanth
bprashanth / stickysessions.md
Last active July 29, 2016 21:30
sticky sessions

Create a backend service that simply serves the pod name, and a frontend haproxy instance that balances based on client cookies.

# This is the backend service
apiVersion: v1
kind: Service
metadata:
  name: hostname
  annotations:
    # Enable sticky-ness on "SERVERID"
    serviceloadbalancer/lb.cookie-sticky-session: "true"
@bprashanth
bprashanth / svc.yaml
Created July 13, 2016 00:43
apiVersion: v1
kind: Service
metadata:
name: echoheaders-lb
annotations:
service.alpha.kubernetes.io/only-node-local-endpoints: "true"
labels:
app: echoheaders-lb
spec:
type: LoadBalancer
@bprashanth
bprashanth / ingress_manual.md
Last active July 11, 2016 03:19

First make your service type=NodePort

Then create an instance group in UI (console.cloud.google.com), with some pool of instances from one of your zones:

gcloud compute --project $PROJECT instance-groups create unmanaged $K8S_IG
gcloud compute --project $PROJECTinstance-groups unmanaged add-instances $K8S_IG --instances $NODE,$NODE_1...

Add the Service NodePort to the InstanceGroup:

gcloud compute --project $PROJECT instance-groups set-named-ports $K8S_G --named-ports svc1:$SVC1_NODE_PORT
@bprashanth
bprashanth / lp.yaml
Created July 6, 2016 22:36
apiVersion: v1
kind: Service
metadata:
name: echoheaders
labels:
app: echoheaders
spec:
type: NodePort
ports:
- port: 80