Skip to content

Instantly share code, notes, and snippets.

View mikesparr's full-sized avatar

Mike Sparr mikesparr

  • Montana, USA
View GitHub Profile
@mikesparr
mikesparr / gke-clickhouse-operator-parquet.sh
Created October 21, 2024 23:59
Example deploying Clickhouse database operator on Google Kubernetes Engine (GKE) Autopilot cluster and importing parquet data from storage bucket using HMAC key
#!/usr/bin/env bash
#####################################################################
# REFERENCES
# - https://cloud.google.com/kubernetes-engine/docs/how-to/creating-an-autopilot-cluster
# - https://cloud.google.com/storage/docs/creating-buckets
# - https://cloud.google.com/storage/docs/access-control/using-iam-permissions
# - https://cloud.google.com/storage/docs/authentication/managing-hmackeys#command-line
# - https://github.com/Altinity/clickhouse-operator/blob/master/docs/quick_start.md
# - https://clickhouse.com/docs/en/getting-started/quick-start
@mikesparr
mikesparr / gke-gateway-iap-demo.sh
Created February 24, 2024 17:56
Demo securing a Google Kubernetes Engine (GKE) hosted app using Gateway API, HTTPRoute, and Identity Aware Proxy (IAP)
#!/usr/bin/env bash
#####################################################################
# REFERENCES
# - https://cloud.google.com/iap/docs/concepts-overview
# - https://cloud.google.com/iap/docs/enabling-kubernetes-howto
# - https://cloud.google.com/kubernetes-engine/docs/how-to/configure-gateway-resources#configure_iap
# - https://cloud.google.com/sdk/gcloud/reference/container/clusters/create
# - https://github.com/digitalocean/kubernetes-sample-apps/tree/master/podinfo-example
# - https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing
@mikesparr
mikesparr / gcp-gae-cr-private.sh
Last active October 15, 2024 22:46
Example Google Cloud Platform (GCP) serverless apps communicating via private network
#!/usr/bin/env bash
#####################################################################
# REFERENCES
# - https://cloud.google.com/run/docs/securing/private-networking#from-other-services
# - https://cloud.google.com/run/docs/securing/private-networking#from-vpc
# - https://cloud.google.com/appengine/docs/flexible/disable-external-ip
# - https://cloud.google.com/dns/docs/records#adding_or_removing_a_record
# - https://cloud.google.com/vpc/docs/configure-private-google-access
# - https://cloud.google.com/run/docs/quickstarts/build-and-deploy/deploy-go-service
@mikesparr
mikesparr / secure-gcp-checklist.md
Created January 11, 2021 02:37
Secure Google Cloud Platform Checklist

Secure GCP infrastructure checklists

Initial setup

  • Configure org policies
    • Restrict allowed IAM domains
    • Disable key download
    • Disable default network
    • Disable external IP
    • Require shielded VM
  • Prepare for VPC service controls (data protection)
@mikesparr
mikesparr / 01-architecting-solutions.md
Last active September 21, 2024 03:46
Study Guide for GCP Professional Cloud Architect exam (notes from refresher course)

Architecting for the cloud

  • Architect solutions to be scalable and reilient
  • Business requirements involve lowering costs / enhancing user experience
  • Keep an eye on technical needs during development and operation

3 Major Questions To Ask

  1. Where is the company coming from
@mikesparr
mikesparr / gke-cdn-backend-config.sh
Last active September 16, 2024 11:51
Example BackendConfig for Google Kubernetes Engine (GKE) to enable Cloud CDN and cache content
#!/usr/bin/env bash
#####################################################################
# REFERENCES
# - https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#cloud_cdn
# - https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#expandable-1
#####################################################################
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
@mikesparr
mikesparr / cloudbuild-merge.yaml
Created August 21, 2020 03:54
Google Cloud Build PR merge
steps:
# Build image and push to GCR
- name: 'gcr.io/cloud-builders/docker'
id: Build
args:
- 'build'
- '-t'
- 'gcr.io/$PROJECT_ID/$_SERVICE_NAME:$SHORT_SHA'
- '.'
# TODO: look into [images]
@mikesparr
mikesparr / sre-practices.md
Last active September 11, 2024 06:32
SRE best practices

SRE best practices

  • don’t expect a tool to solve
  • cultural change and need “believers” in senior role to advocate within company
  • people need to absorb info within their own mindset

“Reliability is a journey”

  • it is a process that can span 6-9 months in orgs w/ 5000 engineers; nothing happens immediately
  • Step 1: “I want to be reliable when I grow up” (you must believe you have problem first)
  • Step 2: “Read the book!” and watch SRE v DevOps
  • Step 3: “Panic!” (myth: fire team and retrain; not the case and can retrain team in house)
@mikesparr
mikesparr / example-snapshot-sharing.sh
Last active September 5, 2024 13:17
Example sharing snapshots across projects in different regions for disk analysis
#!/usr/bin/env bash
#####################################################
# SETUP (OPTIONAL)
#
# Note: this code is not meant to just run;
# copy and paste snippets as you go.
#####################################################
export PROJECT_ID=$(gcloud config get-value project)
@mikesparr
mikesparr / gcp-pro-networking-cert.md
Last active September 5, 2024 12:50
Study notes for the GCP Professional Network Engineer cert exam

GCP Professional Network Engineer

RFC1918 IP Address Allocation for Private Internets

  • determine the number of servers and IP address you need
  • determine number of private hosts first
    • 10.0.0.0/8 (24-bit; Class A)
    • 172.16.0.0/12 (20-bit; 16 Class B blocks)
    • 192.168.0.0/16 (16-bit; 256 Class C blocks)
  • use route summarization for better routing performance and management
  • 192.168.0.0/24 and 192.168.1.0/24 could be 192.168.0.0/23, spanning both (borrowing a bit)