Skip to content

Instantly share code, notes, and snippets.

View jicowan's full-sized avatar

Jeremy Cowan jicowan

62 followers · 4 following
View GitHub Profile
@jicowan
jicowan / .yaml
Last active November 23, 2021 01:38
RBAC
kind: Namespace
apiVersion: v1
metadata:
name: sock-shop
---
kind: Namespace
apiVersion: v1
metadata:
name: polaris
---
@jicowan
jicowan / main.go
Created October 18, 2021 23:27
package main
import (
"context"
"flag"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/eks"
"github.com/aws/aws-sdk-go-v2/service/iam"
@jicowan
jicowan / kube-forensics.sh
Created October 14, 2021 22:02
Forensic Capture
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
REGION=`curl -s -o /dev/null -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/placement/region`
VERSION=$(aws eks describe-cluster --name default_capi-eks-quickstart-control-plane --region $REGION | jq -r .cluster.version)
aws eks update-kubeconfig --name default_capi-eks-quickstart-control-plane --region $REGION
curl -LO --output-dir /usr/local/bin https://dl.k8s.io/release/$(VERSION)/bin/linux/amd64/kubectl
chmod +x /usr/local/bin/kubectl
if [[ -z "${SUBPATH}" ]]; then
export SUBPATH="forensics"
fi
@jicowan
jicowan / main.go
Created October 1, 2021 19:58
Create Fargate Profile from eks-controller CRD
package main
import (
"context"
"github.com/aws-controllers-k8s/eks-controller/apis/v1alpha1"
"github.com/aws/aws-sdk-go/aws"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
@jicowan
jicowan / main.go
Last active November 29, 2023 09:56
ECS Fargate tasks that are stopped by Spot interruptions are not deregistered from load balancers automatically. This function deregister an ECS Fargate Spot task from an AWS load balancer when it is interrupted..
package main
import (
"context"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/ec2"
"github.com/aws/aws-sdk-go-v2/service/ecs"
"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
@jicowan
jicowan / enable-mfa-delete.py
Created July 14, 2017 05:26
enable mfa-delete on a bucket
import boto3
from botocore.exceptions import ClientError
s3_client = boto3.client('s3')
s3_bucket = boto3.resource('s3')
bucket_name = raw_input('Enter the name of the bucket that you want to enable MFA-delete on: ')
mfa_token = raw_input('Enter your MFA serial number and token code, e.g. <deviceSerialNumber> <tokenCode>: ')
try:
s3_bucket.meta.client.head_bucket(Bucket=bucket_name)
@jicowan
jicowan / centos.erb
Created September 29, 2014 15:18
knife-vcair plug-in, custom distro example
bash -c '
<%= "export https_proxy=\"#{knife_config[bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%>
PACKAGE_URL="http://1.2.3.4/path-to-package-file/chef-11.16.2-1.el6.x86_64.rpm"
if [ ! -f /usr/bin/chef-client ]; then
curl -o /tmp/chef-client-package.rpm $PACKAGE_URL
rpm -Uvh /tmp/chef-client-package.rpm
fi