Jan Toth

I have been in DevOps related jobs for past 6 years dealing mainly with Kubernetes in AWS and on-premise as well. I spent quite a lot of time with integrating Kubernetes in both Cloud environment as well as in on-premise (Elastic Kubernetes Service in AWS, AKS, GKE, Kops and Rancher - RKE, K3S, kubeadm). I have dealt with ELK stack (Elasticsearch, Logshash and Kibana) to a complex infrastructure monitoring. I’m dealing with dockerized Grafana and Prometheus setup in Kubernetes. Postgraduate student in a field of Optoelectronics (Free Space Optics communications). Engineer graduated in field of Info-electronics with five years of experience on System Administration and application administration as well as other related fields.

March 16, 2024

My Tmux setup

I have been using tmux for quite a while now. Despite the fact that, I sometimes felt weird because of all the other colleagues use VSCODE I never thought of coming back to one of these fameous IDEs.

March 5, 2024

Azure az behind corporate proxy

Url that solves that problem https://docs.microsoft.com/en-us/cli/azure/use-cli-effectively?tabs=bash%2Cbash2 # https://docs.microsoft.com/en-us/cli/azure/use-cli-effectively?tabs=bash%2Cbash2 cat ~/Documents/proxyCA.crt >> /usr/local/Cellar/azure-cli/2.

March 4, 2024

Oneliner to compare software versions

export _tags=$(git tag --list | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+') export _current=$(curl -s https://api.

February 23, 2024

How to use Google AppScript for docs templating at presonal Google Drive

I have recently had a requirement to create write quite a bit of letters.

February 21, 2024

How to replace text in lots of file via sed and find

I have recently decided to change the way how my code blocks look like at this blog.

February 21, 2024

How to use jq as PRO

curl -s \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.

October 25, 2022

Drone CICD on Rancher Desktop MAC Kubernetes

Drone CICD at Rancher on Desktop at Mac Setup /etc/hosts file vim /etc/hosts .

August 29, 2022

CKS testing mock

kube-apiserver manifest with PodSecurityPolicy, ImagePolicyWebhook, Auditing cat /etc/kubernetes/manifests/kube-apiserver.yaml apiVersion: v1 kind: Pod metadata: annotations: kubeadm.

August 19, 2022

How to ommit optional block in terrafrom resource based on input variable

The goal is to create azurerm_virtual_hub_connection which might or might not have an optional block called static_vnet_route section under routing {} block.

August 12, 2022

CKS Istio notes

Work in progress on Istio Do not forget to restart CoreDNS after you install Callico since there was already crio basic CNI activated!

August 8, 2022

Hwo to change wrong author within last git commit

git commit --amend --author="Surname Name CCCCC <name.surname@external.company.com>"

August 3, 2022

CKS Kubernetes CNI

Container infor passed by kubelet to stdin of CNI bash plugin CNI_CONTAINERID=b552f9.

July 26, 2022

Podman commands

Assuming there are more containers running in a single Podman pod some backend service 9011 phpMyAmdin at port 80 (interpreted by Apache2 inside container) podman create --restart=always --pod=some-pod-name --name=phpmyadmin -e PMA_ABSOLUTE_URI="https://some.

July 18, 2022

How to transfer gitlab calculated variable into trigger section

One has to used artifacts section combined with reports child keyword and save a variable with its value to build.

July 4, 2022

Kaniko

Kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.

June 28, 2022

CKS run kubernetes with cri-o

How to run Kubernetes with cri-o https://computingforgeeks.com/install-cri-o-container-runtime-on-ubuntu-linux/ OS=xUbuntu_20.04 CRIO_VERSION=1.23 echo "deb https://download.

June 13, 2022

CKS simulator

k get pods -A -o jsonpath='{range .items[*]}{.spec.nodeName}{"\t\t\t\t"}{.spec.containers[*].image}{"\t"}{"\n"}{end}' | sort | grep cluster1-worker1

June 12, 2022

CKS Reduce Attack Surface

Overview only purpose (remove unneceassary services) node recycling (should be ephemeral, created from images) ubuntu, centos systemctl list-units | grep <service-name> systemctl list-units --type=service | grep <service-name> systemctl list-units --type=service --state=running | grep <service-name>

June 10, 2022

CKS Kernel Hardening Tools

Requirements for Apparmor container runtime needs to support Apparmor Apparmor needs to be installed on every node Apparmor profiles need to be available on every node Apparmor profiles are specified per container (done via annotations) not per pod!

June 9, 2022

CKS Audit logging via kube-api server

Important Kubernetes request stages What events should be recorded Audit log from Mushad course

June 9, 2022

CKS Immutability of containers at runtime

advanced deployment methods easy rollback more reliability better security (on container level) Interesting example of how ‘‘startupProbe’’ can be used to make container a bit more secure root@cks-master:~# cat immutable.

June 7, 2022

CKS behavioral analytics falco

Explore strace root@scw-k8s:~# strace -cw ls / bin etc initrd.

June 7, 2022

CKS Secure supply chain - ImagePolicyWebhook

If you want to pull from a docker registry you need to docker login first.

June 5, 2022

CKS Trivy and Clair - Vulnerability Scanner for Containers and other Artifacts

There are Clair and Trivy trivy (run one command - very convinient)

June 5, 2022

CKS Kubesec - Security risk analysis for Kubernetes resources

Static Analysis manual approach kubesec OPA Conftest Notes can be incorporated in CI/CD system looks at source code and text files check against rules enforce rules e.

June 4, 2022

CKS Image Footprint

run specific version do not run as root not shell read only filesystem This would be an ideal example of Dockerfile

June 3, 2022

OPA - Gatekeeper

OPA is not Kubenretes specific general purpose policy engine An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized.

June 3, 2022

CKS mTLS

mTLS - Mutual TLS mutual authentication two-way (bilateral) authentication two parties authenticating each other at the same time

May 24, 2022

CKS OS Level Security Domains

Define privilege and access control for Pod/Container userID and GroupID run privileged or unprivileged Linux Capabilities Run a simple container and check user and group root@scw-k8s:~# k run pod --image=busybox --command -oyaml --dry-run=client -- sh -c 'sleep 1d' > bb.

May 24, 2022

How to pre-commit hook

How to create pre-commit hooks in git repos: - repo: https://github.

May 18, 2022

CKS container runtimes

# go inside of a container and call root@scw-k8s:~# k exec -it pod -- sh / # uname -r 5.

April 29, 2022

CKS secrets

k create secret generic secret1 --from-literal=jano=jano k create secret generic

April 26, 2022

CKS upgrade kubernetes

major minor patch 1 . 24 . 0 Upgrade Master Node procedure drain and cordon (make it unschedulable) node kubeadm kube-apiserver controller-manager scheduler then:

April 5, 2022

CKS Restrict API server

There is an flag when starting kube-aoiserver called: kube-apiserver --anonymous-auth=true|false The default value for this option is true because some liveness and readiness probes needs it.

March 15, 2022

Jenkins seed

sudo nerdctl run --name jenkins -p 8080:8080 -v $PWD/initial.xml:/var/jenkins_home/jobs/seed/config.xml -v $PWD/controller-configuration-jobDSL-orig.

March 7, 2022

CKS serviceaccount

SesrviceAccount (SA) are namespaces SA “default” in every namespace automatically mounted to a pod can be used to talk to Kubernetes API k create sa accessor k run accessor --image=nginx:alpine -o yaml --dry-run=client > accessor.

February 24, 2022

Kubernetes RBAC

There are namespaced and non namespaced resources in Kubernetes. Role (namespaced) -> RoleBinding ClusterRole (non namespaced) -> ClusterRoleBinding Be extra careful with ClusterRole and ClusterRoleBinding because these are not only assigned to currently existing namespaces but also to namespaces created in future.

February 22, 2022

Verify binaries

One has to compare the binary version which is currently running at the Kubernetes master and later on find out the PID of kubelet process.

February 22, 2022

cks-benchmakring.md

CSI Kubernetes Benchmark 1.6.0 (at the time) Make sure to check CSI vs.

February 21, 2022

Protect Kubernetes node metadata

Deny all traffic to google’s metadata server Study this rule carefully - it takes time to understand it :)

February 21, 2022

Kubernetes dashboard

Kubectl proxy creates a proxy server between localhost and the Kubernetes API Server uses connection as configured in the kubeconfig Run kubectl proxy command at your master node cks-master Kubectl port-forward Install kubenretes dashboard kubectl apply -f https://raw.

February 21, 2022

Kubernetes Ingress

Services in Kubernetes ClusterIP (points to a pod via labels selectors) NodePort (in addition a port is exported at each node) Loadbalancer (in addition creates LB at cloud provider) Deploy Nginx ingress controller # Install NGINX Ingress kubectl apply -f https://raw.

February 21, 2022

Lima

# Deploy kubernetes via kubeadm. # $ limactl start ./k8s.yaml # $ limactl shell k8s sudo kubectl # It can be accessed from the host by exporting the kubeconfig file; # the ports are already forwarded automatically by lima: # # $ export KUBECONFIG=$PWD/kubeconfig.

February 9, 2022

How to count numbers from pdf

user@machine tax2021 % for i in $(ls *.pdf); do \ pdftotext $i - | grep -E '^\+.

February 9, 2022

How to recover keyvault

A simple way how to recover Azrue keyvault if needed

February 8, 2022

My NVIM init file

" plugins" curl -fLo ~/.config/nvim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vimcall plug#begin("~/.config/nvim/plugged")" Plugin SenohlsearchctionPlug 'ryanoasis/vim-devicons'Plug 'morhetz/gruvbox'Plug 'neoclide/coc.

February 7, 2022

My zshrc file

HISTFILE=~/.zsh_history HISTSIZE=10000 SAVEHIST=10000 setopt appendhistory # source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh # source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.

January 17, 2022

Kubernetes network policies

Here is an example of network policies k taint node scw-k8s-cks node-role.

January 14, 2022

CKS setup Scaleway kubernetes cluster at Ubuntu 18.04

Create SSH key pair to be used for Kubernetes master and node machine

January 14, 2022

Linux Namespaces

Namespaces isolates processess restricts what processes can see. PID namespace:

January 13, 2022

Kubernetes SSL certificates

There are many SSL certificates used by different Kubenretes components.

January 11, 2022

How to preview images in Ranger file manager with iTerm and Tmux

I have been avare of ranger as a file system browser for quite some time.

January 7, 2022

Tanicka a jej vyroky

Sa hnevam, ze mi dal jednu piskotku, mi mal dat vela ten kocur mi zjedol vsetky piskoty do vecera budem stastna (Tato mi dal piskotku)

January 7, 2022

How to open support ticket at Udemy

Please use link below: https://support.udemy.com/hc/en-us/requests/new https://www.viewmyforms.com/account mail/L…tax

January 7, 2022

Git clone with private key

git clone git@github.com:autocloudmaniacs/red-queen-appl.git --config core.sshCommand="ssh -i ~/.ssh/erste" Create ~/.ssh/config file

January 7, 2022

Ansible debug variables

- name: xyz vars: msg: | Module Variables ("vars"): -------------------------------- {{ vars | to_nice_json }} Environment Variables ("environment"): -------------------------------- {{ environment | to_nice_json }} GROUP NAMES Variables ("group_names"): -------------------------------- {{ group_names | to_nice_json }} GROUPS Variables ("groups"): -------------------------------- {{ groups | to_nice_json }} HOST Variables ("hostvars"): -------------------------------- {{ hostvars | to_nice_json }} debug: msg: "{{ msg.

January 7, 2022

Ansible k3sup installation

Setup DD WRT /etc/hosts ssh root@192.168.1.1 ~ vi /etc/hosts .

January 7, 2022

Destroy terrafrom project -backend-config

export AWS_SECRET_ACCESS_KEY="..." export AWS_ACCESS_KEY_ID="..." export AWS_DEFAULT_REGION="us-west-2" export TF_VAR_project_name=hruska cd terraform/k3s terraform init -backend-config="path=/home/jantoth/Documents/sbx/ml/data/hruska/terraform.

January 7, 2022

docker ansible

export CI_REGISTRY=docker.io docker login -u "devopsinuse" -p "..." $CI_REGISTRY docker push devopsinuse/ansible-ml:v2.

January 7, 2022

Install Raspberry Pi OS (Raspberry Pi 3)

https://www.raspberrypi.org/documentation/installation/installing-images/linux.md Check SD card presence at your laptop lsblk -p NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT /dev/sda 8:0 0 1G 0 disk /var/lib/kubelet/pods/d6fe24f2-3dc7-4291-90f5-8c7dbb4e8382/volu /dev/mmcblk0 179:0 0 14.

January 7, 2022

Install Ubuntu 20.04 (Raspberry Pi 3)

Install Ubuntu at Raspberry Pi 3 xz --decompress --stdout ~/Downloads/ubuntu-20.04.1-preinstalled-server-arm64+raspi.img.xz | sudo dd of=/dev/mmcblk0 bs=4M conv=fsync status=progress Ubuntu at Raspberry Pi WIFI setup vim /run/media/jantoth/system-boot/network-config .

January 7, 2022

Install Ubuntu 20.04 (Raspberry Pi 4 8GB)

1. Install Ubuntu at Raspberry Pi 3 xz --decompress --stdout ~/Downloads/ubuntu-20.

January 7, 2022

IPSec Tunnel

# LAPTOP cat /etc/ipsec.conf config setup conn laptop authby=secret pfs=yes auto=start keyingtries=3 dpddelay=30 dpdtimeout=120 dpdaction=clear ikelifetime=8h ikev2=no keylife=1h #phase2alg=aes128-sha1;modp1024 #ike=aes128-sha1;modp1024 type=tunnel left=%defaultroute leftsubnet=192.

January 7, 2022

List VirtualBox bridge family interfaces names

List VirtualBox bridge family interfaces names VBoxManage list bridgedifs

January 7, 2022

Nvidia Jetson installation

Download SD card image https://developer.download.nvidia.com/assets/embedded/downloads/jetson-nano-4gb-jp441-sd-card-image/jetson-nano-4gb-jp441-sd-card-image.zip Create SD card for NVIDIA Jetson Nano unzip -p ~/Downloads/jetson-nano-4gb-jp441-sd-card-image.

January 7, 2022

OpenVPN (Site to Site)

‘‘Setup’’ routing table at EC2 ubuntu@ip-172-31-49-24:/etc/openvpn/server$ ip r default via 172.

January 7, 2022

Apache Spark

helm3 install spark \ --set master.webPort=8081 bitnami/spark NAME: spark LAST DEPLOYED: Mon Sep 7 15:25:26 2020 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1.

January 7, 2022

AWS EKS aws-auth configmap mapUsers

Take a backup of ‘‘aws-auth’’ config map in ‘‘kube-system’’ namespace kubectl get cm aws-auth -n kube-system -o yaml > aws-auth.

January 7, 2022

AWS EKS ML

aws eks --region us-west-2 update-kubeconfig --name ml-eks --profile jan-toth-ml kubectl apply -f https://raw.

January 7, 2022

Create more configMaps via Go templating

{{ range $path, $_ := .Files.Glob "dashboards/*.json" }} {{- $dashboardName := trimSuffix ".

January 7, 2022

Create Pod on the fly

kubectl run -i --tty busybox --image=gcr.io/kubernetes-e2e-test-images/dnsutils:1.3 --restart=Never -- sh kubectl run -i --tty busybox --image=busybox --restart=Never -- sh

January 7, 2022

Dask

https://docs.dask.org/en/latest/setup/kubernetes-helm.html#launch-kubernetes-cluster cat extra-config.yaml worker: replicas: 4 resources: limits: cpu: 1 memory: 0.

January 7, 2022

Delete AWS ENI via cmd

echo $t error waiting for EKS Node Group (eks-mlflow:eks-mlflow-cpu-ng) deletion: Ec2SecurityGroupDeletionFailure: DependencyViolation - resource has a dependent object.

January 7, 2022

Drain node from K3S

Deleted node from K8s kubectl drain k3s-ubuntu-18-04 --ignore-daemonsets --delete-local-data kubectl delete node k3s-ubuntu-18-04

January 7, 2022

Drill

helm package drill curl -XPOST --data-binary "@drill-1.1.0.tgz" http://127.0.0.1:31458/api/charts NAME="archlinux" RANCHER_URL="https://$NAME:30111" APITOKEN=$(curl -sk "${RANCHER_URL}/v3-public/localProviders/local?

January 7, 2022

Force delete pods

kubectl delete pod drillcluster1-drillbit-0 zk-0 --grace-period=0 --force kubectl patch pod drillcluster1-drillbit-0 zk-0 -p '{"metadata":{"finalizers":null}}'

January 7, 2022

Grafana dashboard loading

helm repo add grafana https://grafana.github.io/helm-charts helm template \ --show-only templates/configmap-dashboard-provider.yaml \ --show-only templates/deployment.

January 7, 2022

Grafana dashboard via curl

do not forget to add “id: null” encapsulate to {“dashboard”: …} curl -L \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -X POST \ -uadmin \ --data @/tmp/path/dashboards/dashboard.

January 7, 2022

Install K3S with Rancher UI

Adjust your /etc/hosts file # Adjust your /etc/hosts file cat /etc/hosts .

January 7, 2022

K3S with Nvidia GPU

mkdir $HOME/.kube/ curl -sfL https://get.k3s.io | sh -s - --docker --write-kubeconfig-mode 644 --write-kubeconfig $HOME/.

January 7, 2022

kubectl sort by

kubectl get pods -o wide -n prod --sort-by=.spec.nodeName

January 7, 2022

Login to Rancher

NAME="rancher.web.ui" RANCHER_URL="https://$NAME:10443" APITOKEN=$(curl -sk "${RANCHER_URL}/v3-public/localProviders/local?action=login" \ -H "content-type: application/json" \ --data-binary "{\"username\":\"admin\",\"password\":\"admin\"}" 2>/dev/null | jq -r .

January 7, 2022

PostgreSQL RDS AWS

psql -h mldb-postgres.cgpyiy4kedtv.us-west-2.rds.amazonaws.com -U postgres -d mldb kubectl exec pod-demo-0 -it -- \ sh -c "echo 'DROP DATABASE fgh;' | PGPASSWORD=$PGPASSWORD /usr/bin/psql -h 127.

January 7, 2022

Remove taint

kubectl taint node archlinux node.kubernetes.io/disk-pressure:NoSchedule-

January 7, 2022

Superset

helm install superset --set service.type=NodePort stable/superset values.yaml initFile: |- if [ "$1" == "development-mode" ]; then /usr/local/bin/superset-init --username admin --firstname admin --lastname user --email admin@fab.

January 7, 2022

Delete database entries via bash alias

alias delprn='psql "host=127.0.0.1 port=5432 sslmode=disable user=rednetwork password=password" <<< "delete from port_range_networks where id between 1 and 10000;"'

January 7, 2022

flask commands

with app.app_context(): # needed to make CLI commands work @app.cli.command("reset") def reset_db(): """Drops and Creates fresh database""" db.

January 7, 2022

newman

newman run \ -d postman/vlans-post.json \ --reporters=cli,htmlextra \ --env-var access_token=$TOKEN \ --folder '/vlans-post' \ --reporter-htmlextra-export newman/network.

January 7, 2022

newman open html reports

open "$(greadlink -f "$(ls -tr newman/* | tail -n 1 )")"

January 7, 2022

Concat mp4 file with ffmpeg

**Concatenated'' video files (e.g. *.mp4) specified in *.txt file ‘‘created’’ on the file

January 7, 2022

Determine the length of mp4 file

for i in file1.mp4 file2.mp4 file3.mp4 ; do t=$(ffmpeg -i $i 2>&1 | grep Duration | awk '{print $2}' | tr -d ,); echo " $t: $i"; done

January 7, 2022

How to cut a portion of video

ffmpeg \ -t 4:12 \ -i <input-file>.mp4 \ -ss 4:07 \ <output-file>.

January 7, 2022

kickstart Centos 8

**Centos 8 ISO location'' wget http://merlin.fit.vutbr.cz/mirrors/centos/8.2.2004/isos/x86_64/CentOS-8.2.2004-x86_64-dvd1.iso **Run this command''

January 6, 2022

Connecting to PostgreSQL via Cloud SQL Proxy

**Download a postgresql cloud sql proxy binary'' https://cloud.google.com/sql/docs/postgres/connect-admin-proxy?authuser=1&_ga=2.119700096.-903944264.1624478760 wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy chmod +x cloud_sql_proxy **Open this tunnel in one terminal window''

January 6, 2022

Google cloud

**Terraform in my wadzpay-dev'' GOOGLE_APPLICATION_CREDENTIALS=/home/jantoth/.google-cloud-keys/wadzpay-dev-cdb0bf1613d2.json gcloud auth list gcloud config set account jan.

January 6, 2022

Google cloud pipeline example

**cloudbuild.yaml'' steps: - id: 'Get wadzpay docker image tag from build.

January 6, 2022

Access Google's metadata

Access Google’s metadata curl http://metadata.google.internal/computeMetadata/v1/instance/id -H "Metadata-Flavor: Google"

January 6, 2022

All syscalls

**Learn about syscalls and seccomp'' # Each and every syscall explained grep -w 35 /usr/include/asm/unistd_64.

January 6, 2022

Authentication forms

**Authentication'' against KUBE-API server --basic-auth-file=/path/to/some.csv and use this flag for ‘‘kubeapi-server’’ configuration (not recommended)

January 6, 2022

Backup ETCD

export ETCDCTL_API=3 etcdctl snapshot save /opt/snapshot-pre-boot.db --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --key=/etc/kubernetes/pki/etcd/server.key

January 6, 2022

ckad study materials

Make sure you check out these tips and tricks from other students who have cleared the exam:

January 6, 2022

CKS - Mock test 1

controlplane $ cat 1.yaml apiVersion: v1 kind: Pod metadata: labels: run: nginx name: frontend-site namespace: omni annotations: container.

January 6, 2022

CKS Mock test 2 - Q1

**1. A pod called redis-backend has been created in the prod-x12cs namespace.

January 6, 2022

CKS Mock test 2 - Q2

**A few pods have been deployed in the apps-xyz namespace. There is a pod called redis-backend which serves as the backend for the apps app1 and app2.

January 6, 2022

CKS Mock test 2 - Q3

**3. A pod has been created in the gamma namespace using a service account called cluster-view.

January 6, 2022

CKS Mock test 2 - Q4

**4. A pod in the sahara namespace has generated alerts that a shell was opened inside the container.

January 6, 2022

Container Runtimes

docker run --runtime kata -d nginx docker run --runtime runsc -d nginx ~ [img[container-runtime.

January 6, 2022

Create John user in Kuberentes

kubectl create role developer --verb=create,list,get,update,delete --resource pods --namespace development kubectl create rolebinding john-role-binding --role developer --user john --namespace development apiVersion: certificates.

January 6, 2022

DaemonSet

controlplane $ cat ds.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: elasticsearch namespace: kube-system labels: app: elasticsearch spec: selector: matchLabels: name: elasticsearch template: metadata: labels: name: elasticsearch spec: tolerations: # this toleration is to have the daemonset runnable on master nodes # remove it if your masters can't run pods - key: node-role.

January 6, 2022

Deployments

kubectl set image deployment/frontend *=kodekloud/webapp-color:v2 --dry-run=server --record controlplane $ kubectl rollout history deployment frontend deployment.

January 6, 2022

Docker layers

cat Dockerfile FROM ubuntu ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update -y && apt-get install golang-go -y COPY app.

January 6, 2022

Game of Pods - App Gallery

for i in $(ls *.yaml); do echo filename: $i;echo "---" ;cat $i; done filename: ingress.

January 6, 2022

Game of Pods - Redis cluster

for i in {1..6}; do ssh node01 mkdir /redis0${i}; done ssh node01 ls /redis* for i in $(ls *.

January 6, 2022

Game of Pods - Tyro

kubectl config set-context --current --cluster=kubernetes --namespace=development --user=drogo kubectl config use-context developer --cluster=kubernetes --namespace=development --user=drogo kubectl config current-context cat ~/.

January 6, 2022

Game of Pods - Voting app

for i in $(ls *.yaml); do echo filename: $i;echo "---" ;cat $i; done filename: db-depl.

January 6, 2022

Immutable infrastructure (readOnlyRootFilesystem,privileged)

Set ‘‘UID’’ and ‘‘GID’’ within ‘‘securityContext’’ for pod and verify results (‘‘runAsUser’’ and ‘‘runAsGroup’')

January 6, 2022

Jobs and CronJobs

Job # Create job skeleton kubectl create job throw-dice-job --image=kodekloud/throw-dice --dry-run=client -o yaml > job.

January 6, 2022

JSON PATH

kubectl get deploy -o custom-columns=DEPLOYMENT:.metadata.name,CONTAINER_IMAGE:.spec.template.spec.containers[*].image,READY_REPLICAS:.status.readyReplicas,NAMESPACE:.metadata.namespace --sort-by=.metadata.name > /opt/admin2406_data kubectl get nodes -o jsonpath="{range .

January 6, 2022

kubectl commands

kubectl sort by kubectl get pods -A --sort-by=.metadata.name NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-854c77959c-m972h 1/1 Running 0 5h38m kube-system helm-install-traefik-hx29s 0/1 Completed 0 5h38m kube-system local-path-provisioner-7c458769fb-s2xww 1/1 Running 3 5h38m kube-system metrics-server-86cbb8457f-ndxlz 1/1 Running 0 5h38m default nginx 1/1 Running 0 3m11s kube-system svclb-traefik-gb64t 2/2 Running 0 5h38m kube-system traefik-6f9cbd9bd4-xlslc 1/1 Running 0 5h38m Custom columns kubectl get pod -A -o=custom-columns="YZZ:.

January 6, 2022

Kubernetes docker-registry like secret

**Create a Secret by providing credentials on the command line''

January 6, 2022

Lightening Lab - CKA

Some other notes kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE alpha-claim Bound alpha-pv 1Gi RWO slow 4s controlplane $ kubectl get pods NAME READY STATUS RESTARTS AGE alpha-mysql-74ffffd5df-k55wj 0/1 ContainerCreating 0 9s controlplane $ watch kubectl get pods controlplane $ controlplane $ controlplane $ controlplane $ controlplane $ controlplane $ watch kubectl get pods^C controlplane $ cat 5.

January 6, 2022

Lightening lab 1

apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: nginx-deploy name: nginx-deploy spec: replicas: 4 selector: matchLabels: app: nginx-deploy strategy: {} template: metadata: creationTimestamp: null labels: app: nginx-deploy spec: containers: - image: nginx:1.

January 6, 2022

Lightening lab 2

**Commands'': controlplane $ for i in $(ls *.yaml); do echo filename: $i;echo "---" ;cat $i; done filename: 2.

January 6, 2022

Linux Capabilities

You cannot change system time even though you are not using APPARMOR or SECCOMP.

January 6, 2022

Metric server

wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml sed -iE 's/^(.*--kubelet-use-node-status-port)/\1 \n - --kubelet-insecure-tls/' components.yaml kubectl create -f components.

January 6, 2022

Mock exam 2

controlplane $ for i in $(ls *.yaml); do echo filename: $i;echo "---" ;cat $i; done filename: 1svc.

January 6, 2022

MOCK EXAM 2 CKA

kubectl run dns -it --image=busybox:1.28 --restart Never -- nslookup resolver-service.default.svc > CKA/nginx.

January 6, 2022

MOCK TEST 3 CKA

controlplane $ for i in $(ls *.yaml); do echo -e "$i\n\n"; cat $i; done 03.

January 6, 2022

Multi-Container Pods

apiVersion: v1 kind: Pod metadata: labels: name: app name: app namespace: elastic-stack spec: containers: - image: kodekloud/event-simulator name: app volumeMounts: - mountPath: /log name: log-volume - mountPath: /var/run/secrets/kubernetes.

January 6, 2022

networkPolicy

# allow incoming traffic to pod "run: np-test-1" to port 80 from everywhere apiVersion: networking.

January 6, 2022

Node Affinity

Match node ‘‘label’’ app: blue strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: blue spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: color operator: In values: - blue containers: - image: nginx imagePullPolicy: Always name: nginx resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File

January 6, 2022

PodSecurityPolicy

**Setup API server to allow PodSecurityPolicy Admission controller'' cat /etc/kubernetes/manifests/kube-apiserver.yaml apiVersion: v1 kind: Pod metadata: annotations: kubeadm.

January 6, 2022

ReadOnlyRootFilesystem

root@cks-master:~# k delete po immutable --grace-period 0 --force root@cks-master:~# k create -f immutable.

January 6, 2022

ResourceQuota

kubectl create quota myrq --hard=cpu=1,memory=1G,pods=2 -o yaml --dry-run=client apiVersion: v1 kind: ResourceQuota metadata: creationTimestamp: null name: myrq spec: hard: cpu: "1" memory: 1G pods: "2" status: {}

January 6, 2022

RuntimeClass GAdvisor and Kata containers

**Prepare runtimeClass yaml specification'' k get runtimeclasses.node.k8s.io -A NAME HANDLER AGE gvisor runsc 2m58s kata-containers kata-runtime 2m57s vim runtimeclass.

January 6, 2022

Securing docker daemon

**Best practices'' export DOCKER_HOST=192.1681.2 <---- insecure /var/run/docker.sock < --- secure export DOCKER_TLS=true

January 6, 2022

ServiceAccount token from inside of pod

curl https://kubernetes -k -H "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)"

January 6, 2022

taint and tolerations

taints are set to ‘‘Nodes’’ toleration are set to ‘‘PODS’’ taints: kubectl taint nodes arch app=blue:NoSchedule node/arch tainted Other ‘‘taint’’ options:

January 6, 2022

Useful links

**Istio'': [[https://istio.io/latest/blog/2019/data-plane-setup/|Istio]]

January 6, 2022

Volumes

at file.yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: webapp name: webapp spec: volumes: - name: my-volume hostPath: path: /var/log/webapp containers: - image: kodekloud/event-simulator name: webapp resources: {} volumeMounts: - name: my-volume mountPath: /log dnsPolicy: ClusterFirst restartPolicy: Always status: {} Storage classes controlplane $ for i in `ls *.

January 6, 2022

Copy store.php to websupport linuxinuse.com via sftp

scp -o PubkeyAuthentication=no store.php linuxinuse.com@linuxinuse.com:web/tw/ sftp -o HostKeyAlgorithms=ssh-rsa devopsinuse.com@devopsinuse.com

January 6, 2022

Generate SSH kyes for websupport gitlab

ssh-keygen -t rsa -b 4096 -f ~/.ssh/websupport-ssh -C "toth.janci@gmail.com" git remote add sshorigin git@gitlab.

January 6, 2022

Keep SSH active

**Make this part of your SSH config file'' worker ~ $ cat ~/.

January 6, 2022

Remove tiddlywiki backup files from websupport

sftp linuxinuse.com@linuxinuse.com << EOF rm web/tw/index.20200430.153755.html exit EOF Take an advantage of ‘‘regular expressions’’

January 6, 2022

SSH config examples

vim ~/.ssh/config ... Host git-codecommit.*.amazonaws.com User A...SVRJMWFPY IdentityFile ~/.ssh/kops-aws Host 1.

January 6, 2022

SSH to AWS instances - use SSH tunnel 30111

How to ‘‘SSH’’ and open a tunnel for port 30111

January 6, 2022

SSH tunnel to Samba server via hron

How to ‘‘SSH’’ to river eval `ssh-agent` # add SSH key to keering ssh-add ~/.

January 6, 2022

Go apply and applyProcess hands on 11

package main import ( "net/http" "html/template" ) var tpl *template.Template func init() { tpl = template.

January 6, 2022

Go arrays <TITLE><TITLE> slices

package main import ( "fmt" // "strconv" // "math" ) func arrays() { grade1 := 97 grade2 := 85 grade3 := 93 grades := [3]int{11,22,33} // [.

January 6, 2022

Go concurency

// package main // import ( // "fmt" // // "strconv" // // "math" // // "reflect" // // "net/http" // // "log" // ) // // define interface // type Writer interface { // Write([]byte) (int, error) // } // type ConsoleWriter struct {} // func (cw ConsoleWriter) Write(data []byte) (int, error) { // n, err := fmt.

January 6, 2022

Go constants

func constants() { // it is a constant because it should not change its value !

January 6, 2022

Go cookies

package main import ( "fmt" "io" "net/http" "strconv" ) func main() { http.

January 6, 2022

Go create file on server

package main import ( "fmt" "html/template" "io/ioutil" "net/http" "os" "path/filepath" ) var tpl *template.

January 6, 2022

Go defer

package main import ( "fmt" // "strconv" // "math" // "reflect" // "math" "io/ioutil" "log" "net/http" ) func simpleFunc() { fmt.

January 6, 2022

Go explore ResponseWriter and Request

package main import ( "fmt" "html/template" "log" "net/http" "net/url" ) var tpl *template.

January 6, 2022

Go funcMaps

package main import ( "os" // "io" "fmt" "log" "strings" "text/template" ) var tpl *template.

January 6, 2022

Go functions

package main import ( "fmt" // "strconv" // "math" // "reflect" // "net/http" // "log" ) func sayMessage(msg string, idx int) { greetings := "Hello" fmt.

January 6, 2022

Go HandlerFunc()

package main import ( "io" "net/http" ) func dogs(w http.ResponseWriter, r *http.

January 6, 2022

Go HandlerFunc() review

package main import ( "html/template" "net/http" ) var tpl *template.Template func init() { tpl = template.

January 6, 2022

Go http.FileServer()

import ( "io" "net/http" ) func main() { http.Handle("/", http.FileServer(http.Dir("."))) http.

January 6, 2022

Go http.NewServerMux()

package main import ( "io" "net/http" ) type pageDog int func (pd pageDog) ServeHTTP(w http.

January 6, 2022

Go http.Redirect(...) http.StatusMovedPermanently 301

package main import ( "fmt" "net/http" ) // Redirects: // - StatusMultipleChoices = 300 // RFC 7231, 6.

January 6, 2022

Go http.Redirect(...) http.StatusSeeOther 303

package main import ( "fmt" "html/template" "net/http" ) // Redirects: // - StatusMultipleChoices = 300 // RFC 7231, 6.

January 6, 2022

Go http.Redirect(...) http.StatusTemporaryRedirect 307

package main import ( "fmt" "html/template" "net/http" ) // Redirects: // - StatusMultipleChoices = 300 // RFC 7231, 6.

January 6, 2022

Go http.Redirect(...) set redirection manually with headers

package main import ( "fmt" "html/template" "net/http" ) // Redirects: // - StatusMultipleChoices = 300 // RFC 7231, 6.

January 6, 2022

Go if else statements

package main import ( "fmt" // "strconv" // "math" // "reflect" ) func ifelsestatements() { statePopulation := make(map[string]int) statePopulation = map[string]int{ "California": 2341232, "Texas": 3341232, "Florida": 4341232, "New York": 5341232, "Illinois": 6341232, "Ohio": 7341232, } fmt.

January 6, 2022

Go include template

package main import ( "os" // "time" "fmt" "log" // "math" "text/template" ) var tpl *template.

January 6, 2022

Go interfaces

January 6, 2022

Go loop

package main import ( "fmt" // "strconv" // "math" // "reflect" // "math" ) func basicLoop() { for i := 0; i < 5; i++ { fmt.

January 6, 2022

Go maps

func maps() { statePopulation := make(map[string]int) statePopulation = map[string]int{ "California": 2341232, "Texas": 3341232, "Florida": 4341232, "New York": 5341232, "Illinois": 6341232, "Ohio": 7341232, } fmt.

January 6, 2022

Go methods

package main import ( "fmt" // "strconv" // "math" // "reflect" // "net/http" // "log" ) type greeter struct { greeting string name string } func (g greeter) greet() { fmt.

January 6, 2022

Go methods templates and composition

package main import ( "log" "os" "text/template" ) type person struct { Name string Age int } // Start -Let's define several methods for struct person func (p person) SomeProcessing() int { return 7 } func (p person) AgeDbl() int { return p.

January 6, 2022

Go NotFoundHandler()

package main import ( "fmt" "io" "net/http" ) func main() { http.

January 6, 2022

Go panic() recover() and defer()

package main import ( "fmt" // "strconv" // "math" // "reflect" "net/http" "log" ) func simplePanic() { a, b := 1, 0 ans := a/b fmt.

January 6, 2022

Go pointers

package main import ( "fmt" // "strconv" // "math" // "reflect" // "net/http" // "log" ) func simple() { a := 42 // b will be a brand new variable with it's place in memory b := a fmt.

January 6, 2022

Go primitives

// Primitives func primitives() { var n bool = true v := 1 == 1 x := 3 == 2 // signed int16 (-65 535, 65 535) var c int16 = 2 // unsigned int16 (0, 65 535) var f uint16 = 10 fmt.

January 6, 2022

Go r.Body.Read()

package main import ( "net/http" "html/template" "log" ) var tpl *template.

January 6, 2022

Go request.FormValue('x') with ExecuteTemplate(...)

package main import ( "net/http" "html/template" "log" ) var tpl *template.

January 6, 2022

Go request.FormValue('xyz')

package main import ( "fmt" "io" "net/http" ) func main() { http.

January 6, 2022

Go rune type

func arrays() { // !!! if declating string -> use double quotes "" s := "this is a string" b := []byte(s) fmt.

January 6, 2022

Go serve files

package main import ( "io" "log" "net/http" "os" ) func main() { http.

January 6, 2022

Go serving files hands on 1

package main import ( "html/template" "io" "log" "net/http" ) func main() { http.

January 6, 2022

Go serving files with StripPrefix() hands on

package main import ( "html/template" "log" "net/http" ) func main() { http.

January 6, 2022

Go sessions

package main import ( "fmt" "html/template" "io" "log" "net/http" uuid "github.

January 6, 2022

Go simple multiplexer by me

package main import ( "fmt" "log" "net" "bufio" "strings" ) func main() { li, err := net.

January 6, 2022

Go simple mux

package main import ( "io" // "html/template" "log" "net/http" // "net/url" ) // var tpl *template.

January 6, 2022

Go simple TCP hands on

package main import ( "bufio" "fmt" "log" "net" "time" "strings" ) func main() { li, err := net.

January 6, 2022

Go simple TCP server

package main import ( "fmt" "time" "log" "net" "bufio" ) func main() { li, err := net.

January 6, 2022

Go StripPrefix()

package main import ( "io" "net/http" ) func main() { http.

January 6, 2022

Go StripPrefix() cumbersome one hands on 9

package main import ( "html/template" "log" "net/http" ) var tpl *template.

January 6, 2022

Go structs

package main import ( "fmt" // "strconv" // "math" "reflect" ) // general way how to define struct type Doctor struct { // if you capitalize key names -> these will be visible for all the other packages Number int ActorName string Companion []string } // anonymous struct // bDoctor := struct{name string}{name: "John Dou"} func structs() { a := Doctor{ Number: 3, ActorName: "Jon Dou", Companion: []string{ "one", "two", "three", }, } fmt.

January 6, 2022

Go switch statement

package main import ( "fmt" // "strconv" // "math" // "reflect" // "math" ) func simpleSwitch() { switch 212 { case 1: fmt.

January 6, 2022

Go template

package main import ( "os" // "io" "fmt" "log" // "strings" "text/template" ) var tpl *template.

January 6, 2022

Go template hotels

package main import ( "os" "log" "text/template" ) type hotel struct { Name string Address string City string Zip []int Region string } var tpl *template.

January 6, 2022

Go templates pipelines

package main import ( "os" "time" "fmt" "log" "math" "text/template" ) var tpl *template.

January 6, 2022

Go upload file

package main import ( "fmt" "io" "io/ioutil" "net/http" ) func main() { http.

January 6, 2022

Go using DefaultMux with nil

package main import ( "io" "net/http" ) type pageDog int func (pd pageDog) ServeHTTP(w http.

January 6, 2022

Go variables

package main import ( "fmt" "strconv" ) // if declaring vatiable over here // you can't use a := 10 var ( a int = 42 actorName string = "Elisabeth Salden" companion string = "Sarah Elisabeth Salden" // example of acronym theHTTP string = "https://google.

January 6, 2022

Go write to file

package main import ( "os" "io" "fmt" "log" "strings" ) func main() { // strongly typed channel name := "Jan" tpl := ` <html> <body> <h1>Hi, this is:` + name + ` </h1> </body> </html> ` fmt.

January 6, 2022

Get Storage Account Keys

az storage account keys list --resource-group erste-dev-slack-rg --account-name erstedevstorage

January 6, 2022

PowerShell

Connet to Azure via PowerShell # Connet to Azure via PowerShell Connect-AzAccount

January 4, 2022

AWS ENV Credentials

export AWS_ACCESS_KEY_ID="..." export AWS_SECRET_ACCESS_KEY="..." export AWS_DEFAULT_REGION="eu-central-1"

January 4, 2022

create ACM certificate

https://medium.com/@Ahmed_Ansar/how-to-setup-aws-vpn-endpoint-8b15e78fd8b0 git clone https://github.com/OpenVPN/easy-rsa.git cd easy-rsa/easyrsa3 ./easyrsa init-pki ./easyrsa build-ca nopass .

January 4, 2022

Delete AWS ENI via cmd

echo $t error waiting for EKS Node Group (eks-mlflow:eks-mlflow-cpu-ng) deletion: Ec2SecurityGroupDeletionFailure: DependencyViolation - resource has a dependent object.

January 4, 2022

How to aws cli with SSO

(venv) [arch:Downloads ] aws configure sso SSO start URL [None]: https://devopsinuse.

January 4, 2022

SSH to AWS instances - use SSH tunnel 30111

How to ‘‘SSH’’ and open a tunnel for port 30111

January 4, 2022

Docker push to remote registry via self signed SSL certificate

‘‘CA (Certificate Authority)’’ to your local and copy/paste it to a proper location download from your server scp root@vm027.

January 4, 2022

EID

yay -S pcsc-tools pcsc-light pcsc_scan sudo systemctl start pcscd.service ~/bin/eid/opt/disig/websigner/bin/WebSignerTray & ~/bin/eid/usr/bin/EAC_MW_klient ~/bin/eid/opt/QSign_eSigner/esigner keby neslo spustit tak doinstaluj este aur/eidklient Ohlasovanie voľnej, remeselnej a viazanej živnosti - fyzická osoba

January 4, 2022

How to trust self-signed SSL/TLS certificates linux

How to enable system wide trust for the private Docker registry: create the symlink:

January 4, 2022

How to use cryptsetup while installing archlinux

Kriskoviny # boot arch iso and set root passwd passwd systemctl start sshd ssh -l root 192.

January 4, 2022

Notebook serial number

Ak by ste chceli vediet model a seriove cislo svojho notebooku: Serial Number: PF24KS2B $ sudo dmidecode | grep -i serial Serial Number: 00000000 Serial Number: 2C153768 Serial Number: None Serial services are supported (int 14h) Serial Number: PF24KS2B Serial Number: L1HF0B201Z7 Serial Number: PF24KS2B SBDS Serial Number: 0A4A Model: ThinkPad T15 Gen 1 $ sudo dmidecode | grep -i sku Consumer SKU SKU Number: LENOVO_MT_20S6_BU_Think_FM_ThinkPad T15 Gen 1 SKU Number: Not Specified

January 4, 2022

Pacman setup mirrors and refresh keys

# refresh gpg keys if needed sudo pacman-key --refresh-keys sudo pacman-key --populate archlinux # setup closest mirrors reflector --country Slovakia --country Czechia --protocol https --age 12 --sort rate --save

January 4, 2022

Ranger preview images

https://unix.stackexchange.com/questions/632529/alacritty-ranger-w3m-images-are-not-showing-or-disappear-after-few-seconds?newreg=05e6c4f5bf2345e48c22340fd7bee222 I got it working with ueberzug, even inside tmux set preview_images true set use_preview_script true set preview_images_method ueberzug yay -S alacritty sudo pacman -S ueberzug

January 4, 2022

Search

//... // define globale variables var idx, searchInput, searchResults = null var documents = [] function renderSearchResults(results){ if (results.

January 4, 2022

Setup Ubuntu Mono font

yay -S ttf-ubuntu-font-family ln -s /usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d/ ln -s /usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.

January 4, 2022

VPN in Archlinux

sudo pacman -S networkmanager-openconnect openconnect openssl

January 4, 2022

Day 1

package main import ( "fmt" "io/ioutil" "os" "strconv" "strings" ) func main() { content, err := ioutil.

January 4, 2022

Day 2

package main import ( "fmt" "io/ioutil" "strconv" "strings" ) type Password struct { min int // max int // letter string // pass string // } func (p Password) Check() bool { occurance := strings.

January 4, 2022

Day 3

package main import ( "fmt" "io/ioutil" "strings" ) func HitTrees(data []string, right int, down int) int { var treesCount int = 0 for nr, v := range data { //fmt.

January 4, 2022

Day 4

package main import ( "fmt" "io/ioutil" "os" "regexp" "strconv" "strings" ) func IsValidPartOne(p map[string]interface{}) bool { items := []string{"byr", "iyr", "eyr", "hgt", "hcl", "ecl", "pid"} var count int for _, i := range items { if _, ok := p[i]; ok { count++ } } if count == 7 { return true } return false } func IsValidPartTwo(p map[string]interface{}) bool { items := []string{"byr", "iyr", "eyr", "hgt", "hcl", "ecl", "pid"} var count int for _, i := range items { //fmt.

December 31, 2021