cjellick

tools: gh-api,gh-pr-help,gh-help

Iterate over all merged pull requests in github.com/kubernetes/kubernetes since 2024-02-01. For each PR, get its ID. Then write a summary of all the PRs that list the URL, title (not exceeding 30 characters), author, and who approved it.

---
name: gh-api

Description: A script to call the gh tool. You can only use flags and arguments as specified from the gh-pr-help and gh-help tools. Learn how to call gh by calling gh-help and gh-pr-help. Note that you can pass --help to any subcommand to learn the flags and arguments for it. If you're ever specifying a pull request, include the fully qualified for that includes org and repo.
arg: args: The arguments to pass the to gh command.

cjellick

containers: {
	"rtmp-app": {
		image: "docker.io/alfg/nginx-rtmp"
		ports: publish: ["80:80/http", "1935:1935/udp"]
	}
}

cjellick

Usage:

Prep:

1. Download install-main-acorn.sh to your home directory

cd $HOME
wget https://gist.githubusercontent.com/cjellick/a263ac8b1ce80bfba894045b134e5fab/raw/install-main-acorn.sh

2. Make it executable:

cjellick

node-ip: public 4, public 6
cluster-cidr: 10.42.0.0/16,2001:cafe:42:0::/56
service-cidr: 10.43.0.0/16,2001:cafe:42:1::/112

cjellick

curl 'https://localhost/v3/cluster' -H 'content-type: application/json' -H 'accept: application/json' -u '<generated token>' --data-binary '{"dockerRootDir":"/var/lib/docker","enableClusterAlerting":false,"enableClusterMonitoring":false,"enableNetworkPolicy":false,"windowsPreferedCluster":false,"type":"cluster","rancherKubernetesEngineConfig":{"addonJobTimeout":30,"ignoreDockerVersion":true,"sshAgentAuth":false,"type":"rancherKubernetesEngineConfig","kubernetesVersion":"v1.16.3-rancher1-1","authentication":{"strategy":"x509","type":"authnConfig"},"network":{"plugin":"canal","type":"networkConfig","options":{"flannel_backend_type":"vxlan"}},"ingress":{"provider":"nginx","type":"ingressConfig"},"monitoring":{"provider":"metrics-server","type":"monitoringConfig"},"services":{"type":"rkeConfigServices","kubeApi":{"alwaysPullImages":false,"podSecurityPolicy":false,"serviceNodePortRange":"30000-32767","type":"kubeAPIService"},"etcd":{"creation":"12h","extraArgs":{"heartbeat-interval":500,"election-timeout":5000

cjellick

#!/bin/bash

if [ $# -eq 0 ]; then
	echo "Need the secret name"
	exit 1
fi

secretName="$1"

kubectl get secrets -n cattle-system $secretName -o json | jq -r .data.cluster | base64 --decode | jq . >cluster-state-$secretName.json

cjellick

Authentication and Authorization

Backgroudn and Context

• Rancher APIs
• Kubernetes concepts
  • Authentication
    • Plugin model
    • Rancher: no special plugin, yes auth proxy
    • Impersonation
  • Authorization

cjellick

# Get a token. Take the token.Name field from the abov
curl -X POST -d '{"description": "test1", "localCredential": {"admin": "jeff", "password": "admin"}, "responseType": "json"}' http://localhost:1234/v3/tokens?action=login | jq .

# Sent as a cookie
curl -i --cookie 'R_SESS=<token.name from first request>' http://localhost:1234/v3/

# Sent as an auth header
curl -i -H 'Authorization: Bearer <token.name from first request>' http://localhost:1234/v3/

cjellick

#cloud-config
write_files:
  - path: /opt/rancher/bin/start.sh
    permissions: "0770"
    content: |
      #!/bin/sh
      cat > /opt/rancher/bin/kickoff.sh << EOF
      #!/bin/bash
      set -x
      while ! docker version >/dev/null 2>&1; do echo 'waiting for docker...'; sleep 2; done

cjellick

function print_deps() {
    name_and_file=($(curl -u"$1:$2" -s "https://api.github.com/search/code?q=filename:$3+user:rancher" | jq -r '.items[] | "\(.repository.name)|\(.url)"' | grep -v vendor))
    for x in "${name_and_file[@]}"; do
        parts=($x)
        name="$(echo $parts | cut -d$'|' -f1)"
        url="$(echo $parts | cut -d$'|' -f2)"
        download=$(curl -u"$1:$2" -s $url | jq -r '.download_url')
        html=$(curl -u"$1:$2" -s $url | jq -r '.html_url')
        echo $name
        echo "### Repo: $html"