Skip to content

Instantly share code, notes, and snippets.

View sanchezl's full-sized avatar

Luis Sanchez sanchezl

  • Red Hat
  • Raleigh, NC
View GitHub Profile
#!/usr/bin/env bash
set -e
operator=kube-apiserver-operator
org=sanchezl
repository=${org}/origin-cluster-${operator}
tag=$(date --utc +%Y%m%d_%H%M%SZ)
echo "Building ${repository} image..."
@sanchezl
sanchezl / New Operator.md
Last active July 6, 2022 02:48
New Operator Guide

New Operator Guide

Minimal Directory Structure

new-operator/
├── bindata ➊
│   └── new-operand/
│       └── resource.yaml
├── manifests/ ➋
@sanchezl
sanchezl / cleanup-records-sets.sh
Last active January 30, 2020 20:56
Cleanup Route 53 resource record sets when deleting an OpenShift Cluster. Requires `jq` and `aws`.
#!/usr/bin/env bash
cluster_name=$1
hosted_zone_dns_name=$2
hosted_zone_id=$(
aws route53 list-hosted-zones-by-name \
--dns-name ${hosted_zone_dns_name} \
--query HostedZones[0].Id \
--output text

What does the //indirect comment mean?

Not directly imported by the module code. Either imported by another dependency, or added manually with go get (in which case would disappear after go tidy if never used).

What does a pseudo version that ends in +incompatible mean?

The dependecy has a semver tag (vM.m.p), but the package name does not end with /vM, implying that it is not really a go module.

@sanchezl
sanchezl / .Cluster Scripts.md
Last active May 23, 2024 14:22
Cluster Creation Scripts

Cluster Creation Scripts

Scripts to use as inspiration for your own OpenShift clusters.

Setup

  1. Create a directory with the name of the cluster you want to create.
  2. Generate an install-config.yaml (for example, using openshift-install create install-configs).
  3. Copy your install-config.yaml to install-config.yaml.save. This ensures you still have a copy after the installer deletes install-config.yaml. Add a bin/ subdirectory and add it to the begining of your PATH. I recommend you use [direnv][1] to manage this (sudo dnf install direnv).
@sanchezl
sanchezl / imagebuilder
Created October 8, 2021 14:27
imagebuilder adapter for buildah
#!/usr/bin/env bash
for arg in "$@"; do
shift
case "$arg" in
--version) echo 1.2.1 ; exit ;;
--allow-pull) ;;
*) set -- "$@" "$arg" ;;
esac
done
buildah bud "$@"
@sanchezl
sanchezl / by-namespace.jq
Last active April 4, 2024 19:54
OpenShift Deprecated API Queries
# This jq filter takes as input a List of APIRequestCounts and outputs
# json objects with the following properties:
# - namespace: the namespace of the request
# - api: the api that the request invoked
# - requestCount: how many request were made in the current hour
# WARNING: There is no actual namespace information in the APIRequestCount.
# The namespace outputted by this filter is derived from the username
# that ServiceAccounts present as in the requests, which are of the
# form: system:serviceaccount:<namespace>:<sa-name>.
# This tool will not report any non-service account usage.
@sanchezl
sanchezl / alerts.sh
Created July 7, 2022 04:16
Watch OpenShift alerts from CLI
#!/usr/bin/env bash
prometheus_host="$1"
token="$2"
prometheus_rules_url="https://${prometheus_host}/api/v1/rules"
curl --silent --insecure --header "Authorization: Bearer ${token}" "$prometheus_rules_url" \
| jq -r '.data.groups[]|.rules[]|select(.name==("APIRemovedInNextReleaseInUse","APIRemovedInNextEUSReleaseInUse"))|.alerts[]|[.labels.alertname,.state,(.labels|.resource+"."+.version+"."+.group)]|@tsv' \
| sort \
| column -t -N ALERT,STATUS,API\
| sed \
-e "1!s/^\S*/$(tput setaf 6)\0$(tput sgr0)/" \
@sanchezl
sanchezl / list-patches-to-rebase.sh
Last active September 7, 2022 16:49
List OpenShift patches for upstream that need to be rebased onto the latest upstream.
#!/usr/bin/env bash
openshiftMasterRef="openshift/master"
kubernetesRef="v1.25.0"
mergeBase=$(git merge-base ${openshiftMasterRef} ${kubernetesRef})
# Generates a list (tab separated values) of the OpenShift commits
# that will need to be rebased onto the target kubernetes version.
#
# Assumes the following steps have already been executed in your
@sanchezl
sanchezl / legacy-token-report.jq
Last active April 5, 2024 14:33
Summarize legacy token audit log events
reduce (inputs | select(.annotations|has("authentication.k8s.io/legacy-token"))) as $e ({};
$e.annotations."authentication.k8s.io/legacy-token" as $sa
| $e.userAgent as $workload
| ( $e.requestURI | split("?")[0] | if ($e.verb == "get" or $e.verb == "update") then (split("/")[:-1]|join("/")) else . end) as $path
| .[$sa][$workload][$path].count +=1
| .[$sa][$workload][$path].verbs |= ((. + [$e.verb])|unique)
| .[$sa][$workload][$path].names |= ((. + [$e.objectRef.name // empty])|unique)
| .[$sa][$workload][$path].names |= if . | length == 0 then empty else . end
)