| kubectl get deployments.apps -o name | xargs -I {} kubectl patch {} --patch "$(cat patch.yml)" | |
| kubectl get nodes --no-headers | awk '{print $1}' | xargs -I {} sh -c 'echo {}; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- ; echo' | |
| kubectl describe daemonset aws-node --namespace kube-system | grep Image | cut -d "/" -f 2 ( to find out the cni) | |
| kubectl run busybox --restart=Never --image=busybox:1.28 -- sleep 3600 | |
| kubectl exec busybox -- nslookup google.com |
Using openssl to test an SSL connection to google.com, using a CA file that's been pulled out from a Java keystore. For those days when you want to verify that you've got the right certificate in the store:
openssl to test an SSL connection to Google with that cert
| #download certificate | |
| echo -n | openssl s_client -connect server:port | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/server.cert | |
| #verify cert against CA | |
| openssl verify -verbose -CAfile /etc/pki/ca-trust/source/anchors/<ca>.crt /tmp/server.cert | |
| #inspect cert to see issuer | |
| openssl x509 -in /tmp/server.crt -text -noout |
| #To be able to deploy the app as service in openshift we can follow various routes. | |
| #I have follwed the binary build and deployment method.. | |
| https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html/red_hat_java_s2i_for_openshift/get_started#source_to_image_s2i_build | |
| #Other methods are also discussed in the recoommened guide above for being able to do deployment. for private source repository | |
| Image secret is need while doing s2i builds from the repo | |
| #https://developers.redhat.com/blog/2017/02/23/getting-started-with-openshift-java-s2i/ provides other useful ways of deployment |
| NORMAL="\[\e[00m\]" # Normal | |
| BLACK="\[\e[0;30m\]" # Black | |
| RED="\[\e[1;31m\]" # Red | |
| GREEN="\e[0;32m" # Green | |
| YELLOW="\[\e[0;33m\]" # Yellow | |
| BLUE="\[\e[0;34m\]" # Blue | |
| PURPLE="\[\e[0;35m\]" # Purple | |
| CYAN="\[\e[0;36m\]" # Cyan | |
| WHITE="\[\e[0;37m\]" # White | |
| BLACKRED="\e[41;1;30m" |
| from pyspark import SparkConf, SparkContext | |
| from collections import namedtuple | |
| import re | |
| conf = SparkConf().setAppName("ESTest") | |
| sc = SparkContext(conf=conf) | |
| es_read_conf = { | |
| "es.nodes" : "es-server", | |
| "es.port" : "19200", | |
| "es.resource" : "paasapp-2018.07.31/access_log", |
| ----Dockerfile----- | |
| FROM registry.access.redhat.com/rhel7/rhel:latest | |
| MAINTAINER Sudhir Pandey <sudhir2pandey@gmail.com> | |
| COPY oc /usr/local/bin/oc | |
| ENV HOME /apps | |
| RUN mkdir -p /apps &&\ | |
| chown -R 1001:0 ${HOME} &&\ | |
| chmod -R g+rwX ${HOME} | |
| COPY scripts/ /apps | |
| WORKDIR ${HOME} |
| # Example scrape config for pods | |
| # | |
| # The relabeling allows the actual pod scrape endpoint to be configured via the | |
| # following annotations: | |
| # | |
| # * `prometheus.io/scrape`: Only scrape pods that have a value of `true` | |
| # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. This | |
| # will be the same for every container in the pod that is scraped. | |
| # * this will scrape every container in a pod with `prometheus.io/scrape` set to true and the | |
| port is name `metrics` in the container |
| #expose console from 443 | |
| oc create route reencrypt master --service kubernetes --port 443 -n default | |
| #nested loops , tags count in IS | |
| oc get is --template='{{range $i, $is:=.items}}{{ $total :=0 }}{{ range $index, $element :=$is.status.tags }}{{if eq $element.tag "latest"}}{{$is.metadata.name}}{{"\t"}}{{ $index }}{{end}}{{end}}{{"\n"}}{{end}}' | |
| get complex labels | |
| oc get nodes --template='{{ with $i := index .items 0 }}{{ index $i.metadata.labels "failure-domain.beta.kubernetes.io/region" }}{{ end }}' | |
| #patchin resource limits |