Snippets
Kubernetes aliases⌗
Added: 30-01-2022
To be used in the control plane node(s) in a K8s cluster
cat << EOF > kubectl_aliases
# Kubectl aliases
alias k=kubectl
alias kg=”k get pods”
alias kks=”k -n kube-system”
alias kgd=”k get deploy”
alias kgn=”k get nodes”
alias kgs=”k get svc”
alias kge=”k get events — sort-by=’.metadata.creationTimestamp’ |tail -8"
complete -F __start_kubectl k
EOF
cat kubectl_aliases >> ~/.bashrc
rm kubectl_aliases
source ~/.bashrc
Git: Delete all branches but master⌗
Added: 01-02-2022
Alias to delete all but master branches (I use zsh, change ~/.zshrc to ~/.bashrc if you use bash)
echo 'alias gdb="git branch | grep -v "master" | xargs git branch -D"' >> ~/.zshrc
I read it as gbd (git branches delete)
Delete corrupted pods⌗
Added: 02-02-2022
Deletes all pods from all namespaces marked as Failed, Evicted or Pending
kubectl get pods -A | grep Evicted | awk '{print $1}' | xargs kubectl delete pod
kubectl get pods -A | grep Failed | awk '{print $1}' | xargs kubectl delete pod
kubectl get pods -A | grep Pending | awk '{print $1}' | xargs kubectl delete pod
Find Large files in Linux⌗
Added: 12-02-2022
Find large files in Linux
sudo find / -xdev -type f -size +100M
Clean systemd journal logs⌗
Added: 12-02-2022
Clean (vacuum) /var/log/journal logs (produced by systemd)
# Check space used
du -hs /var/log/journal/
# Clean logs older than 1 day
sudo journalctl --vacuum-time=1d
Download SSL cert from website with openssl⌗
Added: 14-02-2022
Save leaf/server cert to /tmp/$SERVERNAME.cert. Use -showcerts to download all certs in the chain. echo -n gives a response to the server so that connection is released
echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME | openssl x509 > /tmp/$SERVERNAME.cert
Configure git cache⌗
Added: 17-02-2022
To avoid having to type your password/PAT all the time for HTTPS
# After you've entered the user password/PAT
git config --global credential.helper cache
Convert squid proxy logs to timestamps⌗
Added: 02-06-2022
To convert unix.centiseconds timestamp to a more readable format
cat access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e'
Aliases to get kubernetes resources (nodes)⌗
Added: 15-08-2022
To get CPU/Mem requests/limits from the Kubernetes nodes
alias k8snoderesources='kubectl get nodes --no-headers | awk '\''{print $1}'\'' | xargs -I {} sh -c '\''echo {} ; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- ; echo '\'''
Alias to get kubernetes resources (cpu/mem)⌗
Added: 15-08-2022
To get CPU/Mem requests/limits from the Kubernetes pods
alias k8spodresources='kubectl get po --all-namespaces -o=jsonpath="{range .items[*]}{.metadata.namespace}:{.metadata.name}{'\n'}{range .spec.containers[*]} {.name}:{.resources.requests}{'\n'}{end}{'\n'}{end}"'
Interactive debug pod for Kubernetes⌗
Added: 19-08-2022
Creates an ephemeral pod based on busybox (image can be anything) that will die on exit
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
SSH Tunnel⌗
Added: 24-08-2022
Create a ssh tunnel through a jump box / bastion host
On terminal 1
ssh -i <BASTION_KEY> -N -L <PORT_TO_BIND_LOCALLY>:<HOST_ACCESSIBLE_FROM_BASTION>:<PORT_TO_LISTEN_FROM_BASTION> <USER>@<BASTION_HOST_IP_OR_DNS>
Keep this one open. This will tunnel the service at the specified port through SSH
On terminal 2 (check connection)
nc -vz localhost <PORT_TO_BIND_LOCALLY>
Get K8s resources from multiple namespaces⌗
Added: 12-09-2022
Get kubernetes resources from multiple namespaces
eval 'kubectl --namespace='{ns1, ns2}' get pod;'
Remove finalizers from CRDs and K8s resources⌗
Added: 22-09-2022
Remove all finalizer objects that block CRDs and K8s native resources from being terminanted
kubectl patch <RESOURCE> <NAME> --type json -p='[{"op": "remove", "path": "/metadata/finalizers"}]';
Use ProxyJump with SSH/SCP⌗
Added: 05-10-2022
Use a Jump machine (bastion host) to copy a file or connect
# Copy locally using JumpHost
scp -o 'ProxyJump <JUMP_HOST_USER>@<JUMP_HOST>' -i <END_HOST_KEY> <END_HOST_USER>@<END_HOST>:~/file .
# Connect using JumpHost
ssh -J <JUMP_HOST_USER>@<JUMP_HOST> -i <END_HOST_KEY> <END_HOST_USER>@<END_HOST>
Re-tag an existing AWS ECR Image using AWS cli⌗
Added: 17-10-2022
Use a different tag on the same AWS ECR Docker image using AWS cli
# Get ECR Image manifest
MANIFEST=$(aws ecr batch-get-image --repository-name <REPO_NAME> --image-ids imageTag=<OLD_TAG> --query 'images[].imageManifest' --output text)
# Put new manifest (new tag)
aws ecr put-image --repository-name <REPO_NAME> --image-tag <NEW_TAG> --image-manifest "$MANIFEST"
Common PSQL commands⌗
Added: 26-10-2022
- Grant CONNECT to the database:
GRANT CONNECT ON DATABASE database_name TO username;
- Grant USAGE on schema:
GRANT USAGE ON SCHEMA schema_name TO username;
- Grant on all tables for DML statements: SELECT, INSERT, UPDATE, DELETE:
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA schema_name TO username;
- Grant all privileges on all tables in the schema:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema_name TO username;
- Grant all privileges on all sequences in the schema:
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA schema_name TO username;
- Grant all privileges on the database:
GRANT ALL PRIVILEGES ON DATABASE database_name TO username;
- Grant permission to create database:
ALTER USER username CREATEDB;
- Make a user superuser:
ALTER USER myuser WITH SUPERUSER;
- Remove superuser status:
ALTER USER username WITH NOSUPERUSER;
Those statements above only affect the current existing tables. To apply to newly created tables, you need to use alter default. For example:
ALTER DEFAULT PRIVILEGES
FOR USER username
IN SCHEMA schema_name
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO username;
Restart ALL deployments in a namespace in K8s⌗
Added: 17-11-2022
for svc in $(k get deploy --no-headers | awk '{print $1}'); do kubectl rollout restart deploy $svc; done