Random

Openssl

Request a selfsigned cert

openssl req -new -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -subj '/CN=my-test-elb.btech.aws.com/OU=int/L=Zornding/ST=Bayern/C=de' -nodes

Telepresence

Prerequisites

Install telepresence

$ brew update
...
You have 14 outdated formulae installed.
You can upgrade them with brew upgrade
or list them with brew outdated.

$ brew cask install osxfuse
$ brew install datawire/blackbird/telepresence

kubernetes context

If the kube-config file is not created please follow up the AZ CLI GUIDE to log in. After you logged in do the following:

 $ az account  set --subscription 8b20XXXX-XXXX-XXXX-XXXX-e255
 $ az group list --query '[].name' -o tsv
rgp-p-we1-dsp1-keyvault
rgp-p-we1-dsp1-terraform
rgp-p-we1-dsp1-networking
dsp-key-vault
gdpvideotuto
dsp-tutorials
dsp-central-log
dsp-central-acr
gitlab-runner-static-rg
DefaultResourceGroup-WEU
dsp-key-vault-bak
cloud-shell-storage-westeurope
mth-debug
alz-gdp-dp-rg
mth-tests
tfstates
dsp-docs
gdp-k8s-dsp-central-aks-rg
MC_gdp-k8s-dsp-central-aks-rg_gdp-k8s-dsp-central-aks_westeurope
NetworkWatcherRG
$ AZ_RG_NAME='gdp-k8s-dsp-central-aks-rg'
$ az aks list --resource-group $AZ_RG_NAME --query '[].name' -otsv
$ AZ_AKS_CL_NAME='gdp-k8s-dsp-central-aks'
$ mkdir .kube-dsp-central
$ az aks get-credentials --resource-group $AZ_RG_NAME --name $AZ_AKS_CL_NAME --admin -f ~/.kube-dsp-central/config

Start telepresence

KUBECONFIG=${HOME}/.kube-dsp-central/config telepresence --logfile="/tmp/telepresence.log" --also-proxy 44.0.0.0/8 --also-proxy jira.gda.allianz --also-proxy gitlab.gda.allianz --namespace kube-system

Telepresence is obsoleted and replaced with

> brew install sshuttle
> KUBECONFIG=${HOME}/.kube-dsp-central/config kns tbo
> KUBECONFIG=${HOME}/.kube-dsp-central/config k run -n tbo tbokuttle --image=python -- sh -c 'exec tail -f /dev/null'
❯ KUBECONFIG=${HOME}/.kube-dsp-central/config kgp
NAME        READY   STATUS    RESTARTS   AGE
tbokuttle   1/1     Running   0          5h3m
> alias vpnalz="KUBECONFIG=${HOME}/.kube-dsp-central/config sshuttle --dns -r tbokuttle -e kuttle 44.0.0.0/8 10.0.0.0/8"
> vpnalz

Kafka scripts binaries

sudo docker run --rm -it --name deleteme confluentinc/cp-kafka bash

Traceroute tracepath to port

sudo mtr -4 -w -n -T -P 443 10.250.21.140

Getting jenkins kubeconfig

kjenkins='az aks get-credentials --overwrite-existing --resource-group rg-devops-services-we1-p-main-akscluster --name aks-devops-services-we1-p-main --subscription devops-services-prod --file /Users/o86jnt5/work/adp-jenkins.kube && export KUBECONFIG=${HOME}/work/adp-jenkins.kube && kubectl config set-context --current --namespace=adp-tools-dsp'

Geting jenkins pass

 az keyvault secret list --vault-name CentralKeyVaultDsp \
  --subscription dsp1-westeurope-prod \
  --query "[?contains(name, 'alz-gdp-infra-jenkins-sp')].{name:name}" \
  -o tsv | xargs -I {secret} -P2 az keyvault secret show \
  --subscription dsp1-westeurope-prod --vault-name CentralKeyVaultDsp \
  --name {secret} | eval $(jq -r '.name +"="+ .value')

Move terraform resources from one stage to another

terraform state mv -state=prod-04-gdp-customer.tfstate -state-out=prod-03-gdp-base.tfstate 'module.aks_customer_node_pools["spark"].azurerm_kubernetes_cluster_node_pool.nodep

Get list of all customer- repositories

On a jenkins pod execute the following:

for n in {1..6}; do curl -sLH "Authorization: token GITHUB_TOKEN"  "https://github.AZ_DEV_PUBLIC_DOMAIN/api/v3/orgs/global-data-platform/repos?per_page=100&page=${n}&type=all" | jq -r '.[]| select((.name | startswith("customer-")) and (.archived == false )).name'; done | sort

Fix deprecated apis via helm

helm mapkubeapis --dry-run --namespace ns chart

helm plugin install https://github.com/helm/helm-mapkubeapis

Dig to check DNS

while true; do time dig +noall +nsid +question +answer +tries=1 +time=1 +multiline proxy-devops-services-p.AZ_CLOUD_DOMAIN ; sleep 1; done

A private terraform registry provider

How to create a private terraform provider registry using ... - Binx https://binx.io › blog › 2021/03/20

Getting cadvisor metrics from kubernetes

kubectl proxy 

curl -v http://127.0.0.1:8001/api/v1/nodes/<NODE_NAME>/proxy/metrics/cadvisor

Resolve multiple dns records listed in a csv file

(Import-csv '..\..\Downloads\dpbenelux IPs that differ.txt' -Delimiter `t).'Privatelink record' | Resolve-DnsName | ft -AutoSize

Generate AZ GitHub MFA - ghe-refresh

az login --allow-no-subscriptions
git_bearer=$(az account get-access-token --resource api://58f6XXXXXXXXXXXXXXX76be8 --output tsv --query accessToken)
git config --global http.https://github.AZ_DEV_PUBLIC_DOMAIN.extraHeader "MFA:bearer ${git_bearer}"
unset git_bearer

Cloning multiple repositories with a prefix from a single GitHub Enterprise Organization

ghorg clone  global-data-platform --match-prefix="customer-" --base-url=https://github.developer.allianz.io/ -t <PersonalAccessToken> --output-dir <PATH_TO_TARGET_DIR>