Kubernetes aliases#

Added: 30-01-2022

To be used in the control plane node(s) in a K8s cluster

cat << EOF > kubectl_aliases
# Kubectl aliases
alias k=kubectl
alias kg=”k get pods”
alias kks=”k -n kube-system”
alias kgd=”k get deploy”
alias kgn=”k get nodes”
alias kgs=”k get svc”
alias kge=”k get events — sort-by=’.metadata.creationTimestamp’ |tail -8"
complete -F __start_kubectl k
EOF

cat kubectl_aliases >> ~/.bashrc
rm kubectl_aliases

source ~/.bashrc

Git: Delete all branches but master#

Added: 01-02-2022

Alias to delete all but master branches (I use zsh, change ~/.zshrc to ~/.bashrc if you use bash)

echo 'alias gdb="git branch | grep -v "master" | xargs git branch -D"' >> ~/.zshrc

I read it as gbd (git branches delete)


Delete corrupted pods#

Added: 02-02-2022

Deletes all pods from all namespaces marked as Failed, Evicted or Pending

kubectl get pods -A | grep Evicted | awk '{print $1}' | xargs kubectl delete pod

kubectl get pods -A | grep Failed | awk '{print $1}' | xargs kubectl delete pod

kubectl get pods -A | grep Pending | awk '{print $1}' | xargs kubectl delete pod

Find Large files in Linux#

Added: 12-02-2022 Updated: 11-10-2023

Find large files in Linux

sudo find / -xdev -type f -size +100M
# Go to a folder then get top 10 biggest files
sudo du -hsx -- * | sort -rh | head -10

Clean systemd journal logs#

Added: 12-02-2022

Clean (vacuum) /var/log/journal logs (produced by systemd)

# Check space used
du -hs /var/log/journal/

# Clean logs older than 1 day
sudo journalctl --vacuum-time=1d

Download SSL cert from website with openssl#

Added: 14-02-2022

Save leaf/server cert to /tmp/$SERVERNAME.cert. Use -showcerts to download all certs in the chain. echo -n gives a response to the server so that connection is released

echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME | openssl x509 > /tmp/$SERVERNAME.cert

Configure git cache#

Added: 17-02-2022

To avoid having to type your password/PAT all the time for HTTPS

# After you've entered the user password/PAT
git config --global credential.helper cache

Convert squid proxy logs to timestamps#

Added: 02-06-2022

To convert unix.centiseconds timestamp to a more readable format

cat access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e'

Aliases to get kubernetes resources (nodes)#

Added: 15-08-2022

To get CPU/Mem requests/limits from the Kubernetes nodes

alias k8snoderesources='kubectl get nodes --no-headers | awk '\''{print $1}'\'' | xargs -I {} sh -c '\''echo {} ; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- ; echo '\'''

Alias to get kubernetes resources (cpu/mem)#

Added: 15-08-2022

To get CPU/Mem requests/limits from the Kubernetes pods

alias k8spodresources='kubectl get po --all-namespaces -o=jsonpath="{range .items[*]}{.metadata.namespace}:{.metadata.name}{'\n'}{range .spec.containers[*]}  {.name}:{.resources.requests}{'\n'}{end}{'\n'}{end}"'

Interactive debug pod for Kubernetes#

Added: 19-08-2022

Creates an ephemeral pod based on busybox (image can be anything) that will die on exit

kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh

# curl in busybox
kubectl run -i --tty --rm debug --image=yauritux/busybox-curl --restart=Never -- sh

# dns util
kubectl run -i --tty --rm dnsdebug --image=registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3 --restart=Never -- nslookup <svc>


SSH Tunnel#

Added: 24-08-2022

Create a ssh tunnel through a jump box / bastion host

On terminal 1

 ssh -i <BASTION_KEY> -N -L <PORT_TO_BIND_LOCALLY>:<HOST_ACCESSIBLE_FROM_BASTION>:<PORT_TO_LISTEN_FROM_BASTION> <USER>@<BASTION_HOST_IP_OR_DNS>

Keep this one open. This will tunnel the service at the specified port through SSH

On terminal 2 (check connection)

nc -vz localhost <PORT_TO_BIND_LOCALLY>

Get K8s resources from multiple namespaces#

Added: 12-09-2022

Get kubernetes resources from multiple namespaces

eval 'kubectl --namespace='{ns1, ns2}' get pod;'

Remove finalizers from CRDs and K8s resources#

Added: 22-09-2022

Remove all finalizer objects that block CRDs and K8s native resources from being terminanted

kubectl patch <RESOURCE> <NAME>  --type json -p='[{"op": "remove", "path": "/metadata/finalizers"}]';

Use ProxyJump with SSH/SCP#

Added: 05-10-2022

Use a Jump machine (bastion host) to copy a file or connect

# Copy locally using JumpHost
scp -o 'ProxyJump <JUMP_HOST_USER>@<JUMP_HOST>' -i <END_HOST_KEY> <END_HOST_USER>@<END_HOST>:~/file .


# Connect using JumpHost
ssh -J <JUMP_HOST_USER>@<JUMP_HOST> -i <END_HOST_KEY> <END_HOST_USER>@<END_HOST>

Re-tag an existing AWS ECR Image using AWS cli#

Added: 17-10-2022

Use a different tag on the same AWS ECR Docker image using AWS cli

# Get ECR Image manifest
MANIFEST=$(aws ecr batch-get-image --repository-name <REPO_NAME> --image-ids imageTag=<OLD_TAG> --query 'images[].imageManifest' --output text)

# Put new manifest (new tag)
aws ecr put-image --repository-name <REPO_NAME> --image-tag <NEW_TAG> --image-manifest "$MANIFEST" 

Common PSQL commands#

Added: 26-10-2022

  1. Grant CONNECT to the database:

GRANT CONNECT ON DATABASE database_name TO username;

  1. Grant USAGE on schema:

GRANT USAGE ON SCHEMA schema_name TO username;

  1. Grant on all tables for DML statements: SELECT, INSERT, UPDATE, DELETE:

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA schema_name TO username;

  1. Grant all privileges on all tables in the schema:

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema_name TO username;

  1. Grant all privileges on all sequences in the schema:

GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA schema_name TO username;

  1. Grant all privileges on the database:

GRANT ALL PRIVILEGES ON DATABASE database_name TO username;

  1. Grant permission to create database:

ALTER USER username CREATEDB;

  1. Make a user superuser:

ALTER USER myuser WITH SUPERUSER;

  1. Remove superuser status:

ALTER USER username WITH NOSUPERUSER;

Those statements above only affect the current existing tables. To apply to newly created tables, you need to use alter default. For example:

ALTER DEFAULT PRIVILEGES
FOR USER username
IN SCHEMA schema_name
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO username;

Restart ALL deployments in a namespace in K8s#

Added: 17-11-2022

for svc in $(k get deploy --no-headers | awk '{print $1}'); do kubectl rollout restart deploy $svc; done

Terraform: Destroy all but desired module#

Added: 12-12-2022

# Create destroy.plan without desired module
terraform plan -destroy $(for r in `terraform state list | fgrep -v module.save_me_from_obliteration` ; do printf " -target ${r} "; done) -out destroy.plan

# Apply destruction
terraform apply "destroy.plan"

Credit to cmacrae

Install various Java versions with Homebrew in macOS#

Added: 13-12-2022

Install homebrew

bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Use AdoptOpenJDK

brew tap adoptopenjdk/openjdk

brew install --cask adoptopenjdk8
brew install --cask adoptopenjdk11

Modify your ~/.zshrc or ~/.bashrc

alias j11="export JAVA_HOME=`/usr/libexec/java_home -v 11`"
alias j8="export JAVA_HOME=`/usr/libexec/java_home -v 1.8`"

Reload

source ~/.zshrc

Switch easily typing j8 or j11


Get size of top docker storage layers#

Added: 04-01-2023

Get in a k8s worker node.

# Find top storage layers
TOP_STORAGE=$(du -hs /var/lib/docker/overlay2/* | grep -Ee '^[0-9]{3}[M]+|[0-9]G' | sort -h |tail -n 10 |tee -a /dev/stderr |awk '{print $2}'|xargs|sed 's/ /|/g')

# See which containers they belong to
docker inspect $(docker ps -q) | jq '.[]|.Config.Hostname,.Config.Labels."io.kubernetes.pod.name",.GraphDriver.Data.MergedDir,.hovno' | egrep -B2 "$TOP_STORAGE"

Credit to rharshad.com


Compress a large PDF with ghostscript#

Added: 22-03-2023

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook \
-dNOPAUSE -dQUIET -dBATCH -sOutputFile=output.pdf input.pdf

Convert a SSL certificate/privatekey to a 1 line string#

Added: 16-06-2023

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ca.pem

Add linux user and add it sudo#

Added: 27-07-2023

# Add user
sudo useradd -m -d /home/<username> -s /bin/bash <username>

# Change its password
sudo passwd <username>

# Add it to sudo access
sudo usermod -a -G sudo <username>
EXTRA: Create ssh key and add it to the newly created user#
# Switch user
sudo su - <username>

# Create .ssh dir (in case it's not there)
mkdir ~/.ssh

# Create ed25519 ssh key
ssh-keygen -t ed25519 -C <username> -f ~/.ssh/<username> 

## Make sure to save the private key ~/.ssh/<username> 

# Make sure you can see public key
cat ~/.ssh/<username>.pub

# Add ssh key for user in authorized_keys
echo $(cat ~/.ssh/<username>.pub) >> ~/.ssh/authorized_keys

# Change mode for ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

# Logout and try to login with private key you saved earlier
ssh -i ~/.ssh/<username> <username>@<ip-address>

Write a file in a machine where the folder doesn’t belong to the ssh user (scp workaround)#

Added: 29-11-2023

Suppose you have the ssh key for the ubuntu user, which can sudo, but inside the machine you want to put a file in the folder /does/not/belong/to/ubuntu/ which belongs to user oscar

Solution (only works if ssh user can use sudo) is to use tee and then reassign ownership

cat <<EOF > secret
RQNQKvlJIj8rvktFi7SjqnTx1hHwGxXgkKfwljowLUo= # dummy data
EOF

cat secret | ssh -i ~/.ssh/key ubuntu@<IP> "sudo tee /does/not/belong/to/ubuntu/secret; sudo chown -R oscar:oscar /does/not/belong/to/ubuntu/secret"

Check connectivity for TCP and UDP using netcat#

Added: 07-12-2023

# TCP
nc -vz  <IP> <PORT>

# UDP
nc -vuzw 3  <IP> <PORT>

Kill process listening on specific port#

Added: 08-01-2024

PORT=8080; lsof -i TCP:${PORT} | grep LISTEN | awk '{print $2}' | xargs kill -9

Delete k8s namespace stuck in Terminating#

https://stackoverflow.com/a/53661717 Added: 20-02-2024

(
    NAMESPACE=<NAMESPACE>
    kubectl proxy &
    kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
    curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
)

Install Docker on Ubuntu 22.04#

docs.docker.com/engine/install/ubuntu/

Added: 29-02-2024

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install docker
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Test
sudo docker run hello-world