Skip to content

Instantly share code, notes, and snippets.

View areed's full-sized avatar

Andrew Reed areed

11 followers · 0 following
  • Smallstep
  • Evanston, IL USA
View GitHub Profile
@areed
areed / howto.md
Created October 24, 2022 23:36
Connect to Kubernetes API with a yubikey on Ubuntu

Add a keypair to yubikey slot 82

step kms create yubikey:slot-id=82

Verify you can create an attestation certificate

step kms attest yubikey:slot-id=82
@areed
areed / README.md
Last active October 24, 2022 23:03

  1. Create a team on smallstep.com https://smallstep.com/docs/certificate-manager/getting-started

  2. Create two authorities under your team. The first authority will be used to issue certificates for etcd. The second authority will issue certificates for all other components in the cluster.

  3. Add a JWK provisioner to both of them with the same name and password

  4. Get an Ubuntu 22.04 vm and get a shell

  5. Add the password for your provisioners to /home/ubuntu/password.txt

@areed
areed / ami.md
Last active December 12, 2020 05:06
  1. Launch an Ubuntu 20 instance with 20GB boot disk size
  2. sudo hostnamectl set-hostname kotsbox && sudo reboot
  3. Add docker and the IP of the docker0 interface as the private address in your kurl spec
spec:
  docker:
    version: latest
  kurl:
    privateAddress: 172.17.0.1
@areed
areed / shared.sh
Created February 26, 2020 03:03
#!/bin/bash
namespace=replicated-$(replicatedctl app inspect --template="{{ .ID }}" | sed 's/\r//')
function list_pods_with_shared_fs_mount() {
kubectl -n $namespace get pods -ojsonpath="{ range .items[*]}{ .metadata.name } { .spec.volumes[?(@.flexVolume.options.fsName)]}{'\n'}{ end }" | grep rook-shared-fs | awk '{ print $1 }'
}
function find_pods_with_failed_shared_fs_mount() {
while read -r pod; do
@areed
areed / velero.yaml
Last active February 11, 2020 03:18
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: backups.velero.io
spec:
group: velero.io
names:
@areed
areed / keybase.md
Created June 26, 2019 18:14

Keybase proof

I hereby claim:

  • I am areed on github.
  • I am andrewreed (https://keybase.io/andrewreed) on keybase.
  • I have a public key ASBNmLc3cQvZVXzCOKQtV59xwK5lLZJpXL5JCe4f1Q3EMwo

To claim this, I am signing this object:

@areed
areed / Debug Metrics in Swarm
Created January 12, 2018 21:41
Check the application's processor service and the statsd service are both in the same overlay network.
```
docker service inspect processor
```
Then look under the `Networks` section to see all the networks each service is attached to.
If both services are in the same network, check for DNS or network issues.
```
docker exec -it processor bash
apt-get update
@areed
areed / gist:85d3614a58400e417027
Last active August 29, 2015 14:05
Rob Pike's integer multiplication overflow tests from golang-nuts mailing list
func mulOverflows(a, b uint64) bool {
if a <= 1 || b <= 1 {
return false
}
c := a * b
return c/b != a
}
const mostNegative = -(mostPositive + 1)
const mostPositive = 1<<63 - 1