I hereby claim:
- I am kmcquade on github.
- I am kmcquade (https://keybase.io/kmcquade) on keybase.
- I have a public key whose fingerprint is C50D 6568 07A1 84AA 1C91 AD99 CB96 8886 7C80 622E
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
rm -rf /var/lib/cloud/instance && rm -rf /var/lib/cloud/instances/* && rm -rf /var/lib/cloud/sem/* | |
cloud-init init && cloud-init modules --mode config && cloud-init modules --mode final |
#!/usr/bin/env bash | |
# License: MIT - https://opensource.org/licenses/MIT | |
# | |
# Usage: | |
# | |
# Encrypt a file: | |
# kms-vault encrypt My-Key-Alias some-file-i-want-encrypted.txt > topsecret.asc | |
# |
resource "aws_iam_policy" "terraform_create_policy" { | |
name = "terraform_create_policy" | |
path = "/" | |
policy = "${data.aws_iam_policy_document.terraform_create_policy.json}" | |
} | |
data "aws_iam_policy_document" "terraform_create_policy" { | |
statement { | |
sid = "1" | |
actions = [ |
# To install: | |
# sudo cat grow-root.service > /etc/systemd/system/grow-root.service | |
# sudo systemctl daemon-reload | |
# sudo systemctl enable -f grow-root.service | |
# | |
# Start (auto disables after first successful expansion): | |
# sudo systemctl start grow-root.service | |
# | |
# Debugging: | |
# sudo systemctl status grow-root.service |
#/bin/bash | |
trap exit INT | |
INSTANCES=$( aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId[]' | sed -e 's/\[//g' -e 's/\]//g') | |
SUM=0 | |
echo $INSTANCES | |
for i in $( echo $INSTANCES | sed -e 's/"//g' -e 's/,//g' -e 's/\[//g' -e 's/\]//g' ) ;do | |
echo "---------------------------$i-------------------------------\n" | |
aws ec2 describe-instances --instance-ids $i --query 'Reservations[].Instances[].Tags[?Key==`Name`].Value' --output text | |
aws ec2 describe-instance-attribute --instance-id $( echo $i | sed -e 's/"//g' -e 's/,//' -e 's/\[//g' -e 's/\]//g' ) --attribute userData \ | |
| jq '.UserData.Value' | sed 's/"//g' | base64 --decode |
apiVersion: extensions/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: restricted | |
annotations: | |
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' | |
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' | |
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' | |
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' | |
spec: |
I wrote these scripts to help faciliate batch import of our CloudFormation templates into Terraform Configuration.
This script is a light wrapper around batch.sh
. It simply iterates over the list of regions provided, exports expected variables, creates required directories, and calls batch.sh
.
BASE_DIR=/path/to/dir EXCLUDE_REGEX="(some-stack-production|some-stack-staging)" ./region-batch.sh us-east-1 us-west-1
List:
export
command needed for pumping your AWS creds to command lineaws-secrets-send.sh and aws-secrets-get.sh
#cloud-config | |
write-files: | |
- path: /etc/conf.d/nfs | |
permissions: '0644' | |
content: | | |
OPTS_RPC_MOUNTD="" | |
coreos: | |
units: | |
- name: update-engine.service |