Skip to content

Instantly share code, notes, and snippets.

Avatar

Andrew Kirkpatrick magickatt

View GitHub Profile
@magickatt
magickatt / cloud_iap_firewall_rule.tf
Last active Oct 22, 2020
Cloud IAP Terraform firewall rule for GKE
View cloud_iap_firewall_rule.tf
resource "google_compute_firewall" "allow_nodes_from_cloud_iap" {
name = "allow-gke-nodes-ssh-from-cloud-iap"
description = "Allow Cloud IAP to communicate with the the GKE nodes."
network = var.network
allow {
protocol = "tcp"
ports = ["22"]
}
@magickatt
magickatt / example_uid.yaml
Created Aug 6, 2020
Expose Kubernetes Pod UID as an environment variable to a container
View example_uid.yaml
apiVersion: v1
kind: Pod
metadata:
name: example-uid
spec:
containers:
- name: test
image: busybox
command: ["/bin/sh", "echo", "$EXAMPLE_UID"]
env:
View helm_dots_to_dashes.yaml
apiVersion: networking.gke.io/v1beta2
kind: ManagedCertificate
metadata:
name: {{ .Values.domain | replace "." "-" }}
namespace: kise
spec:
domains:
- {{ .Values.domain }}
View access_gcr_images_from_other_projects.tf
locals {
project_ids = [123456789012, 234567890123, 345678901234]
bucket_region = "us"
bucket_project = "something-123456"
bucket_name = "${local.bucket_region}.artifacts.${local.bucket_project}.appspot.com"
}
# Allow Cloud Build in every other project access to GCR images hosted in the central project
resource "google_storage_bucket_iam_member" "container_registry" {
for_each = var.project_ids
View access_vm_images_from_other_projects.tf
locals {
project_ids = [123456789012, 234567890123, 345678901234]
}
# Allow every other project access to GCE VM images in a central project
resource "google_project_iam_member" "image_user" {
for_each = local.project_ids
project = "tools-275721"
role = "roles/compute.imageUser"
@magickatt
magickatt / service_account.tf
Created May 19, 2020
Create Google Cloud Platform service account credentials JSON using Terraform
View service_account.tf
resource "google_service_account" "service_account" {
account_id = "test
display_name = "Test"
}
resource "google_service_account_key" "service_account" {
service_account_id = google_service_account.service_account.name
public_key_type = "TYPE_X509_PEM_FILE"
}
View check_kube_state_metrics.sh
# Port forward to kube-state-metrics on the cluster
kubectl port-forward service/kube-state-metrics 8080:8080 -n kube-system &
# Hit the metrics endpoint
curl localhost:8080/metrics
View missing_go_paths.sh
# Check what $GOPATH and $GOBIN are currently
echo "GOPATH = ${GOPATH}\nGOBIN = ${GOBIN}"
# Set them relative to your home directory
export GOPATH=$HOME && export GOBIN=$GOPATH/bin
echo "GOPATH = ${GOPATH}\nGOBIN = ${GOBIN}"
@magickatt
magickatt / port_forward_elasticsearch.sh
Created Apr 2, 2020
Port forward to Elasticsearch Pod or Service
View port_forward_elasticsearch.sh
# Port forward to a Pod
kubectl port-forward elasticsearch-0 9200:9200
# Port forward to a Service
kubectl port-forward service/elasticsearch 9200:9200
@magickatt
magickatt / check_ssl_validity.sh
Created Mar 30, 2020
Check SSL certificate validity
View check_ssl_validity.sh
HOSTNAME=example.com && \
echo | openssl s_client -showcerts \
-servername $HOSTNAME \ # Required for SNI
-connect $HOSTNAME:443 2>/dev/null | \
openssl x509 -inform pem -noout -text | \
grep Validity -A 2
You can’t perform that action at this time.