Skip to content

Instantly share code, notes, and snippets.

View weltonrodrigo's full-sized avatar
🏠
Working from home

Welton Rodrigo Torres Nascimento weltonrodrigo

🏠
Working from home
24 followers · 7 following
  • Brasília, Distrito Federal, Brasil
View GitHub Profile
@weltonrodrigo
weltonrodrigo / pixify.py
Created December 1, 2023 21:40
Pixar character generator
#!/usr/bin/env python3
import base64
import requests
import argparse
import os
import json
""" Access to gpt-4-vision and dall-e 3 is necessary """
# OpenAI API Key
@weltonrodrigo
weltonrodrigo / gerar-certificado-icp-brasil.md
Created January 24, 2023 02:50
Como gerar um certificado ICP-Brasil A3 (pessoa física) para testes

O formato do certificado ICP-Brasil está disponível nas políticas das autoridades certificadoras autorizadas pelo ICP-Brasil. Exemplo: https://repositorio.acdigital.com.br/docs/pc-a3-ac-digital-multipla.pdf

Ver item 7.1.2.3.a.

Para certificado CNPJ, o procedimento é parecido, só montar os campos de acordo com o item 7.1.2.3.b

openssl req -new -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 \
-subj '/C=BR/O=ICP-Brasil/OU=AC DIGITAL Múltipla G1/OU=33989214000191/OU=presencial/OU=Certificado PF A3/CN=Fulano de tal:58765136012' \
@weltonrodrigo
weltonrodrigo / cert-manager-ssl-com.md
Last active December 23, 2022 14:43
How to configure cert-manager to emit certificates from ssl.com?

How to configure cert-manager to emit certificates from ssl.com?

SSL.com has an ACME service for free 90-day ssl certificates.

It's pretty simple to configure cert-manager to use it, you'll need:

  1. A secret containing the HMAC key.
  2. An Issuer or ClusterIssuer configured with your user on ssl.com and their acme url
  3. A ssl.com account

SSL.com ACME credentials

@weltonrodrigo
weltonrodrigo / vm-deallocate-itself.md
Created October 29, 2022 13:54
Configure a Azure VM to deallocate itself on shutdown

How to configure an Azure VM to self deallocate on shutdown?

At the Azure Portal:

  1. Activate system identity for the vm: VM -> identity -> System assigned -> Status ON -> Save
  2. Give the VM permission to manage itself -> VM -> IAM -> Add role assignment -> Virtual Machine Contributor -> Managed Identity -> Find the VM identity you just activated

At the machine:

  1. Install azure cli with
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
@weltonrodrigo
weltonrodrigo / let's encrypt on rancher using sslip.io domains with azure application gateway.md
Created September 12, 2022 16:31
Who to configure let's encrypt on rancher using sslip.io domains with azure application gateway?

How to configure let's encrypt on rancher using sslip.io domains with azure application gateway?

When using an sslip.io domain on rancher, cert-manager gets in trouble because the hostname won't match.

You need to annotate the ingress with acme.cert-manager.io/http01-edit-in-place=true

@weltonrodrigo
weltonrodrigo / municipios_brasileiros_maiusculas_sem_acento.csv
Last active August 5, 2022 01:33
Lista de municípios brasileiros em maiúsculas sem acentos.
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
nome
ABADIA DE GOIAS
ABADIA DOS DOURADOS
ABADIANIA
ABAETE
ABAETETUBA
ABAIARA
ABAIRA
ABARE
ABATIA
@weltonrodrigo
weltonrodrigo / eventhub-auto-inflate-on-egress.md
Last active July 21, 2022 13:15
Azure eventhub auto-inflates only on ingress, not egress

Does eventhub auto-inflates on egress?

No.

Yeah, that took me a long time.

The ingress rate is what makes the eventhub namespace scale, but not the consumption (the egress). Egress don't get throttled either, you'll have to keep an eye at the rate of consumption and partition limits.

@weltonrodrigo
weltonrodrigo / kubectl_completion.md
Created March 10, 2022 16:28
`kubectl completion zsh` too slow

Believe it or not, when you do a kubectl completion zsh on your ~/.zshrc, kubectl actually tries to contact the cluster of the current-context.

This is nuts and I don't understand why it would make sense.

As this can easly take seconds to complete, you can force it to quickly give up by pointing it to a impossible HTTPS_PROXY like this:

On your ~/.zshrc…

@weltonrodrigo
weltonrodrigo / kustomization.md
Created March 10, 2022 02:26
Docker registry pull secret kustomization madness

When creating an imagePullSecret with kustomize secretGenerator, you need to set type to kubernetes.io/dockerconfigjson, not Opaque.

Like:

secretGenerator:
- files:
  - .dockerconfigjson
  name: docker-pull-secret
 type: kubernetes.io/dockerconfigjson
@weltonrodrigo
weltonrodrigo / ingress_neg.md
Created March 5, 2022 22:23
GKE ingress asks for LoadBalancer or NodePort service

This message on the GKE ingress:

Warning  Translate  42m (x25 over 63m)    loadbalancer-controller  Translation failed: invalid ingress spec: service "<namespace>/<servicename>" is type "ClusterIP",
expected "NodePort" or "LoadBalancer"; service "<namespace>/<servicename>" is type "ClusterIP", expected "NodePort" or "LoadBalancer"; service "<namespace>/<servicename>" is type "ClusterIP", expected "NodePort" or "LoadBalancer"; service "<namespace>/<servicename>" is type "ClusterIP", expected "NodePort" or "LoadBalan
cer"; service "<namespace>/<servicename>" is type "ClusterIP", expected "NodePort" or "LoadBalancer"

What this actually means is that the network endpoint groups are not being created automatically, so, without a NEG, the load balancer would need an exernal ip and port to reach the pods.

You can assert that by the absence of the NEG status annotation on the ingress and also in the backend service.