Skip to content

Instantly share code, notes, and snippets.

Avatar

Andrew Kirkpatrick magickatt

View GitHub Profile
@magickatt
magickatt / gke_iam.yaml
Created February 24, 2023 15:21
Google Kubernetes Engine manifest for Workload Identity using Google Cloud IAM
View gke_iam.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
# Create a GKE Service Account that binds to a GCP Service Account
name: my_service_gke_serviceaccount
namespace: default
annotations:
iam.gke.io/gcp-service-account: my-project-gcp-serviceaccount@project-123456.iam.gserviceaccount.com
---
apiVersion: v1
@magickatt
magickatt / gcp_iam.tf
Last active February 24, 2023 15:19
Google Cloud IAM for Google Kubernetes Engine Workload Identity
View gcp_iam.tf
locals {
gcp_project_id = "project-123456"
gke_namespace = "default"
gke_service_account_name = "my-service-gke-serviceaccount"
}
# GCP Service Account (not to be confused with the GKE Service Account)
resource "google_service_account" "my_service" {
account_id = "my_service_gcp_serviceaccount"
display_name = "my_service"
@magickatt
magickatt / helm_chart_validate_matrix.yml
Created February 24, 2023 15:06
GitHub Action to validate multiple Helm charts at once
View helm_chart_validate_matrix.yml
name: Validate Helm charts
on:
push:
branches: [ main, master ]
pull_request:
jobs:
validate:
runs-on: ubuntu-latest
@magickatt
magickatt / helm_chart_validate.yml
Created February 24, 2023 15:00
GitHub Action to validate Helm charts
View helm_chart_validate.yml
name: Validate Helm chart
on:
push:
branches: [ main, master ]
pull_request:
jobs:
validate:
runs-on: ubuntu-latest
@magickatt
magickatt / check_container_status.sh
Last active January 4, 2023 18:41
Use Bash to wait for container to start
View check_container_status.sh
#!/bin/bash
IMAGE_NAME=test-1
# 1-liner
until [ $(docker inspect -f "{{json .State.Status }}" $(docker ps -a -q --filter ancestor=$IMAGE_NAME --format="{{.ID}}" | head -n 1)) == '"running"' ]; do echo "Waiting for container to start..." && sleep 1; done
# More readable
CONTAINER_ID=$(docker ps --all --quiet --filter ancestor=$IMAGE_NAME --format="{{.ID}}" | head -n 1)
CONTAINER_STATUS=$(docker inspect --format "{{json .State.Status }}" $CONTAINER_ID)
until [ $CONTAINER_STATUS == '"running"' ]
@magickatt
magickatt / silly_super.py
Created September 26, 2022 20:14
Silly example of method overriding using the parent return value
View silly_super.py
class Animal:
def what_am_i(self) -> str:
return "I am a "
class Fox(Animal):
def what_am_i(self) -> str:
return super().what_am_i() + "Fox"
@magickatt
magickatt / delete_namespace.sh
Created September 19, 2022 14:27
Delete a k8s namespace that is stuck in terminating state
View delete_namespace.sh
#!/bin/bash
NAMESPACE=test
kubectl proxy &
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
killall kubectl
@magickatt
magickatt / jq_dashes.sh
Last active June 10, 2022 15:27
Escape JSON fields with numbers or dashes to avoid jq compile errors
View jq_dashes.sh
echo '{"my-field": "something"}' > example.json
cat example.json | jq '.my-field' # Incorrect
# jq: error: key/0 is not defined at <top-level>, line 1: .my-field
# jq: 1 compile error
cat example.json | jq '."my-field"' # Correct
# "something"
@magickatt
magickatt / check_if_safe_to_release.sh
Last active March 29, 2022 15:18
Check if a CircleCI workflow is being run more than 1 at once
View check_if_safe_to_release.sh
#!/bin/bash
# Project in the form vcs-type/organisation-name/repository-name
PROJECT=github/magickatt/example
# First, get all the Pipeline IDs for this workflow (triggered by a Git tag from a new release)
PIPELINE_IDS=(`curl --silent GET https://circleci.com/api/v2/project/$PROJECT/pipeline \
--header "Circle-Token: $CIRCLE_API_TOKEN" \
| jq --raw-output '.items | map(select(.vcs.tag != null)) | .[].id'`)
@magickatt
magickatt / Dockerfile
Created August 10, 2021 15:36
Use forwarded SSH agent in Docker build
View Dockerfile
FROM python:3.9-buster
# Prevents issues with cloning private PIP packages from GitHub
RUN --mount=type=ssh mkdir -p ~/.ssh && ssh-keyscan -H github.com >> ~/.ssh/known_hosts
RUN pip install --upgrade pip
RUN pip install pipenv
COPY . .
# Use the forwarded SSH agent when installing pip packages