Skip to content

Instantly share code, notes, and snippets.

😩
knowledge

Koichi Shiraishi zchee

😩
knowledge
Block or report user

Report or block zchee

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@zchee
zchee / ANSI.md
Created Feb 13, 2020 — forked from fnky/ANSI.md
ANSI Escape Codes
View ANSI.md

ANSI Escape Sequences

Standard escape codes are prefixed with Escape:

  • Ctrl-Key: ^[
  • Octal: \033
  • Unicode: \u001b
  • Hexadecimal: \x1b
  • Decimal: 27
View cuetype.go
/*
Command cuetype like the front-end of a CUE compiler, parses and
type-checks a single CUE package. Errors are reported if the analysis
fails; otherwise cuetype is quiet (unless -v is set).
Without a list of paths, cuetype reads from standard input, which
must provide a single CUE source file defining a complete package.
With a single directory argument, cuetype checks the CUE files in
that directory, comprising a single package. Use -t to include the
@zchee
zchee / spinnaker-rbac.yaml
Created Dec 10, 2019 — forked from rantav/spinnaker-rbac.yaml
Kubernetes RBAC for Spinnaker
View spinnaker-rbac.yaml
# Authorize read-write in the default namespace. Add this Role and the below RoleBinding to every namespace spinnaker deploys artifacts to
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: spinnaker-role
namespace: default
rules:
- apiGroups: [""]
resources: ["namespaces", "events", "replicationcontrollers", "serviceaccounts", "pods/logs"]
@zchee
zchee / disable.sh
Created Dec 5, 2019 — forked from pwnsdx/disable.sh
Disable bunch of #$!@ in Catalina
View disable.sh
#!/bin/bash
# IMPORTANT: Don't forget to logout from your Apple ID in the settings before running it!
# IMPORTANT: You will need to run this script from Recovery. In fact, macOS Catalina brings read-only filesystem which prevent this script from working from the main OS.
# This script needs to be run from the volume you wish to use.
# E.g. run it like this: cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh
# WARNING: It might disable things that you may not like. Please double check the services in the TODISABLE vars.
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
@zchee
zchee / go_1.13_error_migration.bash
Created Oct 16, 2019 — forked from Peltoche/go_1.13_error_migration.bash
Go 1.13 error format migration script
View go_1.13_error_migration.bash
#!/bin/bash
FILES=$@
echo "Migrate: $FILES"
sed -i "s/errors.Wrapf(\(.*\), \"\(.*\)\", \(.*\))/fmt.Errorf(\"\2: %w\", \3, \1)/g" $FILES
sed -i "s/errors.Wrap(\(.*\), \"\(.*\)\")/fmt.Errorf(\"\2: %w\", \1)/g" $FILES
sed -i "s/errors.Errorf/fmt.Errorf/g" $FILES
goimports -w .
View Kubernetes Master Nodes Backup for Kops on AWS - A step-by-step Guide.md

Kubernetes Master Nodes Backup for Kops on AWS - A step-by-step Guide

For those who have been using kops for a while should know the upgrade from 1.11 to 1.12 poses a greater risk, as it will upgrade etcd2 to etcd3.

Since this upgrade is disruptive to the control plane (master nodes), although brief, it's still something we take very seriously because nearly all the Buffer production services are running on this single cluster. We felt a more thorough backup process than the currently implemented Heptio Velero was needed.

To my surprises, my Google searches didn't yield any useful result on how to carry out the backup steps. To be fair, there are a few articles that are specifically for backing up master nodes created by kubeedm but nothing too concrete for `kop

@zchee
zchee / kubectl-root-in-host-nopriv.pks.sh
Created Sep 9, 2019 — forked from jjo/kubectl-root-in-host-nopriv.pks.sh
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
View kubectl-root-in-host-nopriv.pks.sh
#!/bin/sh
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged`
# admission controller.
# Pod command in turn runs a privileged container using node's /var/run/docker.sock.
#
# Tweaked for PKS nodes, which run their docker stuff from different
# /var/vcap/... paths
node=${1}
case "${node}" in
@zchee
zchee / foo.md
Created Jul 31, 2019 — forked from sdstrowes/foo.md
Reverse Engineering the Speedtest.net Protocol, Gökberk Yaltıraklı
View foo.md

Source: https://web.archive.org/web/20141216073338/https://gkbrk.com/blog/read?name=reverse_engineering_the_speedtest_net_protocol Author: Gökberk Yaltıraklı

Reverse Engineering the Speedtest.net Protocol

After finishing my command line speed tester written in Rust, I didn't have a proper blog to document this process. A few days ago I wrapped up a simple blogging script in Python so hopefully it works good enough to explain how everything works.

By now I have already figured out the whole protocol for performing a speed test but I will write all the steps that I took so you can learn how to reverse engineer a simple protocol.

The code that I wrote can be found at https://github.com/gkbrk/speedtest-rust.

View The_Site_Reliability_Workbook.ch11.md

負荷の管理

  • 100%の時間 利用可能なサービスはない
    • 配慮のないクライアント
    • 50倍の要求
      • (訳注: 上記2つはPokemon Goのことでもある)
    • スラフィックのスパイク
    • 海底ケーブルの切断
  • 私達のサービスに依存するユーザーがいる
View grpc.Codec-csv.go
package codec
import "error"
type CSV struct{}
func (c CSV) String() string {
return "csv"
}
You can’t perform that action at this time.