Skip to content

Instantly share code, notes, and snippets.

@ylck
ylck / 0_kubectl related script
Created May 19, 2021 05:36 — forked from myclau/0_kubectl related script
kubectl related script
#!/bin/bash
# Scale DOWN all Turbonetes PODs to 0
function turbo_stop_all_pods {
turbo_stop_all_pods=$(kubectl get deploy -n turbonomic --no-headers=true | cut -d ' ' -f1 | xargs -I % kubectl scale --replicas=0 deployment/% -n turbonomic)
while true; do
if `kubectl get pods -n turbonomic | grep -v STATUS | wc -l` -gt 0 then
echo -e "turbo_STOP_all_pods: Waiting on Turbonetes POD(s) to TERMINATE, so far: \n`kubectl get pods -n turbonomic | grep -v NAME`"
elif
[[ "$counter" -gt 30 ]]; then;
echo "MAX Counter Reached! One or more PODs are stuck ##TERMINATING##, intervening to kill it/them"
@ylck
ylck / kubectl-root-in-host-nopriv.pks.sh
Created May 6, 2021 10:05 — forked from jjo/kubectl-root-in-host-nopriv.sh
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
#!/bin/sh
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged`
# admission controller.
# Pod command in turn runs a privileged container using node's /var/run/docker.sock.
#
# Tweaked for PKS nodes, which run their docker stuff from different
# /var/vcap/... paths
node=${1}
case "${node}" in
@ylck
ylck / autossh.service
Created December 20, 2019 08:08 — forked from thomasfr/autossh.service
Systemd service for autossh
[Unit]
Description=Keeps a tunnel to 'remote.example.com' open
After=network.target
[Service]
User=autossh
# -p [PORT]
# -l [user]
# -M 0 --> no monitoring
# -N Just open the connection and do nothing (not interactive)
@ylck
ylck / ss-redir 透明代理.md
Created October 5, 2018 11:50 — forked from wen-long/ss-redir 透明代理.md
ss-redir 透明代理.md

##ss-redir 的 iptables 配置(透明代理)

透明代理指对客户端透明,客户端不需要进行任何设置就使用了网管设置的代理规则

创建 /etc/ss-redir.json 本地监听 7777 运行ss-redir -v -c /etc/ss-redir.json

iptables -t nat -N SHADOWSOCKS
# 在 nat 表中创建新链
iptables -t nat -A SHADOWSOCKS -p tcp --dport 23596 -j RETURN
# 23596 是 ss 代理服务器的端口,即远程 shadowsocks 服务器提供服务的端口,如果你有多个 ip 可用,但端口一致,就设置这个
@ylck
ylck / centos_bstick.sh
Created October 26, 2017 06:40 — forked from vkanevska/centos_bstick.sh
Custom CentOS 7 bootable ISO / Support UEFI & Secure boot
#!/bin/bash
# create custom bootable iso for CentOS 7 with kickstart
if [ $# -lt 2 ]
then
echo "Usage1: $0 path2iso path2kickstart"
exit 1
else
if [ ! -f $1 ]
then
@ylck
ylck / .npmrc
Created August 21, 2017 15:09 — forked from tonyc726/.npmrc
河蟹加速npm/yarn的资源安装升级速度
# 注册模块镜像
registry=https://registry.npm.taobao.org
# node-gyp 编译依赖的 node 源码镜像
disturl=https://npm.taobao.org/dist
# chromedriver 二进制包镜像
chromedriver_cdnurl=https://cdn.npm.taobao.org/dist/chromedriver
# operadriver 二进制包镜像
@ylck
ylck / tmux-cheatsheet.markdown
Created August 15, 2017 00:50 — forked from ryerh/tmux-cheatsheet.markdown
Tmux 快捷键 & 速查表

Tmux 快捷键 & 速查表

启动新会话:

tmux [new -s 会话名 -n 窗口名]

恢复会话:

tmux at [-t 会话名]
@ylck
ylck / tmux-cheatsheet.markdown
Created August 15, 2017 00:50 — forked from ryerh/tmux-cheatsheet.markdown
Tmux 快捷键 & 速查表

Tmux 快捷键 & 速查表

启动新会话:

tmux [new -s 会话名 -n 窗口名]

恢复会话:

tmux at [-t 会话名]