xandout

Kubernetes DaemonSet: Automated YUM Security Updates

This Kubernetes DaemonSet, named yum-update, is designed to perform automatic security updates using YUM on nodes within a Kubernetes cluster. It leverages a privileged container to gain necessary system access, ensuring that your nodes are regularly updated with the latest security patches. This is particularly useful for maintaining the security and stability of your Kubernetes nodes without manual intervention.

Overview

• DaemonSet Name: yum-update
• Container Image: alexeiled/nsenter:2.38.1
• Purpose: To automatically apply YUM security updates on each node in a Kubernetes cluster.

xandout

66Third-party cookie will be blocked. Learn more in the Issues tab.
RcVCite_v00_04.js:463 RcVCite.cite() took 4 milliseconds to cite https://app.restream.io/settings/billing
RcVCite_v00_04.js:463 RcVCite.cite() took 0 milliseconds to cite https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=https%3A%2F%2Fapp.restream.io%2Fsettings%2Fbilling&title=&referrer=https%3A%2F%2Frestream.io%2F&muid=4ad4106a-12fe-4008-8b27-825be2a02c34e1a6ff&sid=6d96ebac-d59b-471f-b76c-3d708a39a2f3ff1d8b&version=6&preview=false
main.59407c54.js:2 
        
        
       GET https://connect.facebook.net/en_US/fbevents.js net::ERR_BLOCKED_BY_CLIENT
(anonymous) @ index.js:58
y.run @ browser.js:153
d @ browser.js:123

xandout

FFmpeg helpers

Requirements: ffmpeg 4.3+ for crossfade. All commands tested on 4.4.1-3ubuntu1+20.04

I think that it is required that all videos(maybe audios) need to be the same resolution, framerate and all that. For my use case this is solved by pixabay

My specific goal here is to be able to use a site such as https://pixabay.com videos and mp3s to make long form videos with multiple songs

Obviously, you don't have to use pixabay. You probably don't have to use mp4s or mp3s, untested but ffmpeg should be able to figure it out, the commands do not use any codec specific flags.

xandout

---
apiVersion: v1
kind: Service
metadata:
  labels:
    kubernetes.io/name: "fun-apache"
  name: "fun-apache-svc"
  namespace: "{{ namespace }}"
spec:
  type: LoadBalancer # NodePort might work for your lab as well. 

xandout

MongoDB User Management

This is a simple script that will keep the database users in sync with a defined JSON document.

My ultimate use case is in a K8S environment so the files will be templated and I will add and remove users from my databases that way.

This is the test rig and shows how to manage the creation, updating and deletion of MongoDB users.

Parts

xandout

Keybase proof

I hereby claim:

• I am xandout on github.
• I am xandout (https://keybase.io/xandout) on keybase.
• I have a public key ASD9c-9ULRwQ39Vui5bIy83SFVBzQ4JRe7YMwMxLQZ8XDgo

To claim this, I am signing this object:

xandout

<div id="app"></div>

xandout

Script to use TOTP tokens as passwords for OpenVPN auth

The user will be prompted for a username and password.

The username is the client username and the password is generated by their MFA app such as Authy or Google Authenticator.

OpenVPN server config

Add the following flags to your OpenVPN server config

xandout

Getting a shell on each node

I run several K8S cluster on EKS and by default do not setup inbound SSH to the nodes. Sometimes I need to get into each node to check things or run a one-off tool.

Rather than update my terraform, rebuild the launch templates and redeploy brand new nodes, I decided to use kubernetes to access each node directly.

Alternative option

https://github.com/alexei-led/nsenter

xandout

#!/bin/env python

import boto3
import os
import time
from datetime import datetime

cluster_name = os.environ["CLUSTER_NAME"]
dest_bucket = os.environ["DEST_BUCKET"]
env_name = os.environ["ENV"]