Skip to content

Instantly share code, notes, and snippets.

View pydevops's full-sized avatar
🏠
Working from home

Victor Yang pydevops

🏠
Working from home
82 followers · 199 following
View GitHub Profile
@pydevops
pydevops / gke-gce-cloud-armor-lb.sh
Created December 7, 2021 23:42 — forked from mikesparr/gke-gce-cloud-armor-lb.sh
Example Cloud Armor policies protecting Google HTTPS Global Load Balancer in front of GCE instance group and GKE cluster
#!/usr/bin/env bash
# REF: https://cloud.google.com/armor/docs/integrating-cloud-armor#with_ingress
# REF: https://cloud.google.com/armor/docs/configure-security-policies
# REF: https://cloud.google.com/iap/docs/load-balancer-howto
# REF: https://cloud.google.com/sdk/gcloud/reference/compute/url-maps/add-path-matcher
# REF: https://cloud.google.com/load-balancing/docs/https/setting-up-url-rewrite
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
@pydevops
pydevops / core-arch-training.md
Created May 21, 2021 18:54 — forked from mikesparr/core-arch-training.md
Core cloud architecture training videos

The following videos, or playlists, can help ensure consistent knowledge amongst all core team members and help make customer support easier.

  • CS fundamentals - 12-min videos (9 hr)

    • Learn about computer origins, transistors, logic gates, and computer architecture

    • Learn about binary, bits, and bytes (bits, bytes, and octets key in networking)

    • Computer architecture, programming, languages, ML, robotics

@pydevops
pydevops / cloud-scheduler-run-demo.sh
Created May 21, 2021 18:49 — forked from mikesparr/cloud-scheduler-run-demo.sh
Google Cloud demo invoking a Cloud Run app in Ruby using Cloud Scheduler with OIDC
#!/usr/bin/env bash
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain
export GCP_REGION="us-central1" # CHANGEME (OPT)
export GCP_ZONE="us-central1-a" # CHANGEME (OPT)
export NETWORK_NAME="default"
@pydevops
pydevops / artifact-registry-cloud-run-demo.sh
Created May 21, 2021 18:41 — forked from mikesparr/artifact-registry-cloud-run-demo.sh
Google Cloud Platform demo of Artifact Registry deployment and Cloud Run app
#!/usr/bin/env bash
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain
export GCP_REGION="us-east1" # CHANGEME (OPT)
export GCP_ZONE="us-east1-c" # CHANGEME (OPT)
export NETWORK_NAME="default"
@pydevops
pydevops / gcp-iam-restrict-user-bucket.sh
Created March 20, 2021 17:15 — forked from mikesparr/gcp-iam-restrict-user-bucket.sh
Google Cloud Platform example to add IAM role restricting user to specific storage buckets with conditions
#!/usr/bin/env bash
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workload identity domain
export GCP_REGION="us-central1"
export GCP_ZONE="us-central1-a"
@pydevops
pydevops / istio-gke-tls-example.sh
Created March 20, 2021 16:49 — forked from mikesparr/istio-gke-tls-example.sh
Example GKE ingress with TLS certificate for secure traffic to backend Istio ingress gateway
#!/usr/bin/env bash
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain
export GCP_REGION="us-west1"
export ISTIO_VERSION="1.9.1"
@pydevops
pydevops / cloudbuild-pr.yaml
Created March 20, 2021 16:45 — forked from mikesparr/cloudbuild-pr.yaml
Google Cloud Build PR deploy
steps:
# Build image and push to GCR
- name: 'gcr.io/cloud-builders/docker'
id: Build
args:
- 'build'
- '-t'
- 'gcr.io/$PROJECT_ID/$_SERVICE_NAME:v$_PR_NUMBER'
- '.'
# TODO: look into [images]
@pydevops
pydevops / gke-anthos-register.md
Last active December 8, 2021 03:52
gke connect gateway register anthos
@pydevops
pydevops / ai.md
Last active February 23, 2024 19:35
ai machine learning deep learning genai
@pydevops
pydevops / kube-env.md
Last active August 21, 2020 00:26
gke kube-env 
curl -s -H "Metadata-flavor: Google" http://169.254.169.254/computeMetadata/v1/instance/attributes/kube-env

curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_CERT | awk '{print $2}' | base64 -d > kubelet.crt
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_KEY | awk '{print $2}' | base64 -d > kubelet.key
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && chmod 755 ./kubectl

KUBERNETES_MASTER_NAME=$(curl -s -H "Metadata-flavor: Google" http://1