Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Benji Visser noqcks

🏠
Working from home
View GitHub Profile
@noqcks
noqcks / decrypt.sh
Last active Jan 6, 2019
This is a script to be added to a Docker ENTRYPOINT for secret decryption using ejson-kms.
View decrypt.sh
#!/bin/sh
# This is a secret decryption script that will decrypt ejson-kms secrets and
# export them to the shell environment.
#
# It expects two sane defaults:
# 1. That $ENV has been set already, so that we know which environment we're in
# and what secrets to export.
# 2. That the location of your secrets are either relative at
# _infra/secrets/$ENV.json or absolutely located at /opt/_infra/secrets/$ENV.json.
View ejson2env
This file has been truncated, but you can view the full file.
View ejson.sh
#!/bin/sh
set -eo pipefail
# get ejson2env
wget -q https://gist.github.com/noqcks/88304840eb85e6d7ac6d3dcfe1fa9bc4/raw/e8d7beaa89ec8a819489852d023dc641b027748c/ejson2env
chmod +x ejson2env
mv ejson2env /usr/bin/ejson2env
# exit if $ENV doesn't exist. Not sure what environment to decrypt!
@noqcks
noqcks / main.go
Created Dec 6, 2018
Kubernetes go-client deployment patching.
View main.go
package main
// the equivalent of kubectl set image deployment/api api="image"
import (
"fmt"
patchtype "k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
"k8s.io/client-go/rest"
View airflow-rbac.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: airflow-scheduler
namespace: airflow
---
# Allows Airflow to grab config maps (airflow.cfg)
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@noqcks
noqcks / Makefile
Created Oct 3, 2018
Development setup
View Makefile
.PHONY: app api chat api_worker setup
setup:
brew install yarn
brew install rabbitmq
brew install mongodb
brew install redis
app:
cd app/ && yarn
@noqcks
noqcks / pci.sh
Last active Aug 20, 2018
PCI Output
View pci.sh
#!/bin/bash
# run as './task.sh >> $(hostname)-$(date +%Y-%m-%d).txt 2>&1'
set -e
set -x
ssh -V
# list interfaces
View docker-compose.yaml
---
version: '3'
services:
node:
image: node:9
ports:
- 8002:8002
env_file: .env
volumes:
- ./:/usr/src/app:nocopy
View node:9
FROM node:9-alpine
# node-sass requirements...
RUN apk --no-cache add --virtual native-deps g++ gcc libgcc libstdc++ \
linux-headers make python && \
apk del native-deps
WORKDIR /usr/src/app
COPY entrypoint.sh /entrypoint.sh
View more-basic-audit-logging.yml
---
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
— level: RequestResponse
omitStages:
— RequestReceived
resources:
— group: ""
You can’t perform that action at this time.