Kubernetes aliases

Added: 30-01-2022

To be used in the control plane node(s) in a K8s cluster

cat << EOF > kubectl_aliases
# Kubectl aliases
alias k=kubectl
alias kg=”k get pods”
alias kks=”k -n kube-system”
alias kgd=”k get deploy”
alias kgn=”k get nodes”
alias kgs=”k get svc”
alias kge=”k get events — sort-by=’.metadata.creationTimestamp’ |tail -8"
complete -F __start_kubectl k
EOF

cat kubectl_aliases >> ~/.bashrc
rm kubectl_aliases

source ~/.bashrc

Git: Delete all branches but master

Added: 01-02-2022

Alias to delete all but master branches (I use zsh, change ~/.zshrc to ~/.bashrc if you use bash)

echo 'alias gdb="git branch | grep -v "master" | xargs git branch -D"' >> ~/.zshrc

I read it as gbd (git branches delete)


Delete corrupted pods

Added: 02-02-2022

Deletes all pods from all namespaces marked as Failed, Evicted or Pending

kubectl get pods -A | grep Evicted | awk '{print $1}' | xargs kubectl delete pod

kubectl get pods -A | grep Failed | awk '{print $1}' | xargs kubectl delete pod

kubectl get pods -A | grep Pending | awk '{print $1}' | xargs kubectl delete pod

Find Large files in Linux

Added: 12-02-2022

Find large files in Linux

sudo find / -xdev -type f -size +100M

Clean systemd journal logs

Added: 12-02-2022

Clean (vacuum) /var/log/journal logs (produced by systemd)

# Check space used
du -hs /var/log/journal/

# Clean logs older than 1 day
sudo journalctl --vacuum-time=1d

Download SSL cert from website with openssl

Added: 14-02-2022

Save leaf/server cert to /tmp/$SERVERNAME.cert. Use -showcerts to download all certs in the chain. echo -n gives a response to the server so that connection is released

echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME | openssl x509 > /tmp/$SERVERNAME.cert

Configure git cache

Added: 17-02-2022

To avoid having to type your password/PAT all the time for HTTPS

# After you've entered the user password/PAT
git config --global credential.helper cache

Convert squid proxy logs to timestamps

Added: 02-06-2022

To convert unix.centiseconds timestamp to a more readable format

cat access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e'

Aliases to get kubernetes resources (nodes)

Added: 15-08-2022

To get CPU/Mem requests/limits from the Kubernetes nodes

alias k8snoderesources='kubectl get nodes --no-headers | awk '\''{print $1}'\'' | xargs -I {} sh -c '\''echo {} ; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- ; echo '\'''

Alias to get kubernetes resources (cpu/mem)

Added: 15-08-2022

To get CPU/Mem requests/limits from the Kubernetes pods

alias k8spodresources='kubectl get po --all-namespaces -o=jsonpath="{range .items[*]}{.metadata.namespace}:{.metadata.name}{'\n'}{range .spec.containers[*]}  {.name}:{.resources.requests}{'\n'}{end}{'\n'}{end}"'

Interactive debug pod for Kubernetes

Added: 19-08-2022

Creates an ephemeral pod based on busybox (image can be anything) that will die on exit

kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh

SSH Tunnel

Added: 24-08-2022

Create a ssh tunnel through a jump box / bastion host

On terminal 1

 ssh -i <BASTION_KEY> -N -L <PORT_TO_BIND_LOCALLY>:<HOST_ACCESSIBLE_FROM_BASTION>:<PORT_TO_LISTEN_FROM_BASTION> <USER>@<BASTION_HOST_IP_OR_DNS>

Keep this one open. This will tunnel the service at the specified port through SSH

On terminal 2 (check connection)

nc -vz localhost <PORT_TO_BIND_LOCALLY>

Get K8s resources from multiple namespaces

Added: 12-09-2022

Get kubernetes resources from multiple namespaces

eval 'kubectl --namespace='{ns1, ns2}' get pod;'

Remove finalizers from CRDs and K8s resources

Added: 22-09-2022

Remove all finalizer objects that block CRDs and K8s native resources from being terminanted

kubectl patch <RESOURCE> <NAME>  --type json -p='[{"op": "remove", "path": "/metadata/finalizers"}]';

Use ProxyJump with SSH/SCP

Added: 05-10-2022

Use a Jump machine (bastion host) to copy a file or connect

# Copy locally using JumpHost
scp -o 'ProxyJump <JUMP_HOST_USER>@<JUMP_HOST>' -i <END_HOST_KEY> <END_HOST_USER>@<END_HOST>:~/file .


# Connect using JumpHost
ssh -J <JUMP_HOST_USER>@<JUMP_HOST> -i <END_HOST_KEY> <END_HOST_USER>@<END_HOST>

Re-tag an existing AWS ECR Image using AWS cli

Added: 17-10-2022

Use a different tag on the same AWS ECR Docker image using AWS cli

# Get ECR Image manifest
MANIFEST=$(aws ecr batch-get-image --repository-name <REPO_NAME> --image-ids imageTag=<OLD_TAG> --query 'images[].imageManifest' --output text)

# Put new manifest (new tag)
aws ecr put-image --repository-name <REPO_NAME> --image-tag <NEW_TAG> --image-manifest "$MANIFEST" 

Common PSQL commands

Added: 26-10-2022

  1. Grant CONNECT to the database:

GRANT CONNECT ON DATABASE database_name TO username;

  1. Grant USAGE on schema:

GRANT USAGE ON SCHEMA schema_name TO username;

  1. Grant on all tables for DML statements: SELECT, INSERT, UPDATE, DELETE:

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA schema_name TO username;

  1. Grant all privileges on all tables in the schema:

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema_name TO username;

  1. Grant all privileges on all sequences in the schema:

GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA schema_name TO username;

  1. Grant all privileges on the database:

GRANT ALL PRIVILEGES ON DATABASE database_name TO username;

  1. Grant permission to create database:

ALTER USER username CREATEDB;

  1. Make a user superuser:

ALTER USER myuser WITH SUPERUSER;

  1. Remove superuser status:

ALTER USER username WITH NOSUPERUSER;

Those statements above only affect the current existing tables. To apply to newly created tables, you need to use alter default. For example:

ALTER DEFAULT PRIVILEGES
FOR USER username
IN SCHEMA schema_name
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO username;

Restart ALL deployments in a namespace in K8s

Added: 17-11-2022

for svc in $(k get deploy --no-headers | awk '{print $1}'); do kubectl rollout restart deploy $svc; done