Skip to content

Instantly share code, notes, and snippets.

View magickatt's full-sized avatar

Andrew Kirkpatrick magickatt

View GitHub Profile
@magickatt
magickatt / delete_namespace.sh
Created September 19, 2022 14:27
Delete a k8s namespace that is stuck in terminating state
#!/bin/bash
NAMESPACE=test
kubectl proxy &
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
killall kubectl
@magickatt
magickatt / jq_dashes.sh
Last active June 10, 2022 15:27
Escape JSON fields with numbers or dashes to avoid jq compile errors
echo '{"my-field": "something"}' > example.json
cat example.json | jq '.my-field' # Incorrect
# jq: error: key/0 is not defined at <top-level>, line 1: .my-field
# jq: 1 compile error
cat example.json | jq '."my-field"' # Correct
# "something"
@magickatt
magickatt / check_if_safe_to_release.sh
Last active March 29, 2022 15:18
Check if a CircleCI workflow is being run more than 1 at once
#!/bin/bash
# Project in the form vcs-type/organisation-name/repository-name
PROJECT=github/magickatt/example
# First, get all the Pipeline IDs for this workflow (triggered by a Git tag from a new release)
PIPELINE_IDS=(`curl --silent GET https://circleci.com/api/v2/project/$PROJECT/pipeline \
--header "Circle-Token: $CIRCLE_API_TOKEN" \
| jq --raw-output '.items | map(select(.vcs.tag != null)) | .[].id'`)
@magickatt
magickatt / Dockerfile
Created August 10, 2021 15:36
Use forwarded SSH agent in Docker build
FROM python:3.9-buster
# Prevents issues with cloning private PIP packages from GitHub
RUN --mount=type=ssh mkdir -p ~/.ssh && ssh-keyscan -H github.com >> ~/.ssh/known_hosts
RUN pip install --upgrade pip
RUN pip install pipenv
COPY . .
# Use the forwarded SSH agent when installing pip packages
@magickatt
magickatt / cloudbuild.yaml
Created August 10, 2021 15:31
Add deploy key to SSH agent forwarding for Docker build in Google Cloud Build
- name: 'gcr.io/cloud-builders/git'
secretEnv: ['SSH_KEY']
entrypoint: 'bash'
args:
- -c
- |
echo "$$SSH_KEY" >> /root/.ssh/id_rsa
chmod 400 /root/.ssh/id_rsa
volumes:
- name: 'ssh'
@magickatt
magickatt / restart_namespace.sh
Created January 31, 2021 19:44
Restart all deployments in a k8s namespace
#!/bin/bash
if [ "$#" -ne 1 ]
then
echo "Usage: restart_namespace \$NAMESPACE"
exit 1
fi
NAMESPACE=$1
echo "Restarting all deployments in $NAMESPACE..."
@magickatt
magickatt / check_ssl_validity.sh
Created January 4, 2021 20:05
Check at specified intervals whether an SSL certificate is valid
#!/bin/bash
URI=https://www.yahoo.com
INTERVAL_IN_SECONDS=0.5
RESULTS_PER_LINE=50
echo "Checking $URI at ${INTERVAL_IN_SECONDS}s intervals..."
check_uri () {
@magickatt
magickatt / filebeat.yaml
Created November 23, 2020 18:55
Filebeat configuration to ignore Consul Connect container logs
filebeat.autodiscover:
providers:
- type: kubernetes
hints.enabled: true
hints.default_config.enabled: false
add_resource_metadata:
namespace:
enabled: true
processors:
- add_kubernetes_metadata:
#!/bin/bash
# Random number between 1 and 10
WAIT=`shuf -i 1-10 -n 1`
# Subtract 1 from the random number, check if it is now 0
is_random_number_zero () {
let WAIT=WAIT-1
return $([[ "$WAIT" -eq "0" ]])
}
@magickatt
magickatt / cloud_iap_firewall_rule.tf
Last active October 22, 2020 14:52
Cloud IAP Terraform firewall rule for GKE
resource "google_compute_firewall" "allow_nodes_from_cloud_iap" {
name = "allow-gke-nodes-ssh-from-cloud-iap"
description = "Allow Cloud IAP to communicate with the the GKE nodes."
network = var.network
allow {
protocol = "tcp"
ports = ["22"]
}