Tanel Mae tanelmae

## test-kube-auth-cmd.sh
#!/usr/bin/env bash
set -ue

# Resolve config to be used
export KUBECONFIG=${KUBECONFIG:-$HOME/.kube/config}
export CLUSTER=${1:-$(kubectl config current-context)}
echo "Running against ${CLUSTER}"

# Read auth command from the kubeconfig and use it to get the auth token
CMD_PATH=$(yq '.users | map(select(.name == env(CLUSTER))) | .[] | .user.exec.command' "${KUBECONFIG}")

## ddosify-kubernetes.sh
#!/usr/bin/env bash
set -ue

# Resolve config to be used
export KUBECONFIG=${KUBECONFIG:-$HOME/.kube/config}
export CLUSTER=${1:-$(kubectl config current-context)}
echo "Running against ${CLUSTER}"

# Read auth command from the kubeconfig and use it to get the auth token
CMD_PATH=$(yq '.users | map(select(.name == env(CLUSTER))) | .[] | .user.exec.command' "${KUBECONFIG}")

## ses_password.go
package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"fmt"
)

// AWS documentation: https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-convert

## sendmail.go
package main

import (
	"flag"
	"fmt"
	"log"
	"net/smtp"
)

func main() {

## gen-kubeconfig.sh
#!/usr/bin/env bash

# When you really need kubeconfig file inside the pod

cat << EOF
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: $(base64 -w 0 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
    server: https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT

## ingresses-by-class.sh
function ingress-by-class() {
	echo "Namespace >> Ingress name"
	echo "-------------------------"
	kubectl get ingresses \
		-o=jsonpath="{range .items[?(@.metadata.annotations.kubernetes\.io/ingress\.class==\"${1}\")]}{@.metadata.namespace}{\" >> \"}{@.metadata.name}{\"\n\"}{end}" --all-namespaces
}

## ingress-report.sh
# Lists:
#   - number of ingresses
#   - number of ingress classes used
#   - ingress classes used
#   - ingresses without explicit ingress class with name and namespace
#   - ingresses by class with name and namespace
# Dependencies: kubectl, jq
function ingress-report() {
	echo "Loading ingresses from the cluster"
	local INGRESSES=$(kubectl get ingresses -o json --all-namespaces)

## aws-pod-host-ssm.sh
function aws-pod-host-ssm() {
	local NODE_NAME=$(kubectl get pods ${1} -o go-template='{{.spec.nodeName}}')
	local PROVIDER_ID=$(kubectl get node $NODE_NAME -o go-template='{{.spec.providerID}}')

	local INSTANCE_ID=${PROVIDER_ID#*//*/*/}

	aws ssm start-session --target $INSTANCE_ID
}

## find-secret-usage.sh
# Depends on kubectl and jq
function find-secret-usage() {
	local SECRET_CONTENT=${1}

	echo "Fetching cluster secrets"
	# Spaces removed to ensure each loop iteration gets a valid json object.
	# Fields that matter don't have spaces.
	local SECRETS=$(kubectl get secrets --all-namespaces -o json | sed -e 's/ //g')

	for secret in $(echo ${SECRETS} | jq -rc '.items[]'); do

## asdf-m1.txt
# asdf issue ref: https://github.com/asdf-vm/asdf/issues/834

# Switch to x86_64 shell.
# Change the /usr/bin/env bash --login to match whatever shell you use.
/usr/bin/arch -x86_64 /usr/bin/env bash --login

# Install some legacy binaries like this old version of Terraform:
asdf install terraform 0.12.31

# Exit the x86_64 shell and continue using asdf and Terraform as the above never happened :)
	#!/usr/bin/env bash
	set -ue

	# Resolve config to be used
	export KUBECONFIG=${KUBECONFIG:-$HOME/.kube/config}
	export CLUSTER=${1:-$(kubectl config current-context)}
	echo "Running against ${CLUSTER}"

	# Read auth command from the kubeconfig and use it to get the auth token
	CMD_PATH=$(yq '.users \| map(select(.name == env(CLUSTER))) \| .[] \| .user.exec.command' "${KUBECONFIG}")
	package main

	import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"fmt"
	)

	// AWS documentation: https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-convert
	package main

	import (
	"flag"
	"fmt"
	"log"
	"net/smtp"
	)

	func main() {
	#!/usr/bin/env bash

	# When you really need kubeconfig file inside the pod

	cat << EOF
	apiVersion: v1
	clusters:
	- cluster:
	certificate-authority-data: $(base64 -w 0 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt)
	server: https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT
	function ingress-by-class() {
	echo "Namespace >> Ingress name"
	echo "-------------------------"
	kubectl get ingresses \
	-o=jsonpath="{range .items[?(@.metadata.annotations.kubernetes\.io/ingress\.class==\"${1}\")]}{@.metadata.namespace}{\" >> \"}{@.metadata.name}{\"\n\"}{end}" --all-namespaces
	}
	# Lists:
	# - number of ingresses
	# - number of ingress classes used
	# - ingress classes used
	# - ingresses without explicit ingress class with name and namespace
	# - ingresses by class with name and namespace
	# Dependencies: kubectl, jq
	function ingress-report() {
	echo "Loading ingresses from the cluster"
	local INGRESSES=$(kubectl get ingresses -o json --all-namespaces)
	function aws-pod-host-ssm() {
	local NODE_NAME=$(kubectl get pods ${1} -o go-template='{{.spec.nodeName}}')
	local PROVIDER_ID=$(kubectl get node $NODE_NAME -o go-template='{{.spec.providerID}}')

	local INSTANCE_ID=${PROVIDER_ID#///*/}

	aws ssm start-session --target $INSTANCE_ID
	}
	# Depends on kubectl and jq
	function find-secret-usage() {
	local SECRET_CONTENT=${1}

	echo "Fetching cluster secrets"
	# Spaces removed to ensure each loop iteration gets a valid json object.
	# Fields that matter don't have spaces.
	local SECRETS=$(kubectl get secrets --all-namespaces -o json \| sed -e 's/ //g')

	for secret in $(echo ${SECRETS} \| jq -rc '.items[]'); do
	# asdf issue ref: https://github.com/asdf-vm/asdf/issues/834

	# Switch to x86_64 shell.
	# Change the /usr/bin/env bash --login to match whatever shell you use.
	/usr/bin/arch -x86_64 /usr/bin/env bash --login

	# Install some legacy binaries like this old version of Terraform:
	asdf install terraform 0.12.31

	# Exit the x86_64 shell and continue using asdf and Terraform as the above never happened :)