AWS Credentials

Get the role name wget http://169.254.169.254/latest/meta-data/iam/info will get something like: { “Code” : “Success”, “LastUpdated” : “2020-03-06T20:34:08Z”, “InstanceProfileArn” : “arn:aws:iam::3940394039403:instance-profile/ProfileName”, “InstanceProfileId” : “kasdjaksjakjsa” } or better yet, get the role name from: wget http://169.254.169.254/latest/meta-data/iam/security-credentials It will be the name of the only entry returned. then get credentials with: wget http://169.254.169.254/latest/meta-data/iam/security-credentials/ProfileName Read more…

WireGuard VPN

Install on ubuntu 18.04: sudo add-apt-repository ppa:wireguard/wireguard sudo apt-get update sudo apt-get install wireguard Create keys Create keys for server in /etc/wireguard: umask 077; wg genkey | tee privatekey | wg pubkey > publickey Forward traffic To use this box as jumpbox to the LAN: sysctl -w net.ipv4.ip_forward=1 To survive Read more…

ArgoCD

Install kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml https://argoproj.github.io/argo-cd/getting_started/ Proxy connection to server kubectl port-forward svc/argocd-server -n argocd 8080:443 You can access the argocd server at http://localhost:8080 Until we configure SSL you will get a certificate error in the browser. Click continue and use the default credentials Read more…

MongoDB SRV

The mongo SRV connection string allow mongo clients to resolve the individual server names using DNS. If you need to debug connection problems or simply are curious about the hosts used, you find them by making DNS queries using dig or even https://dns.google.com/ The Connection Format mongodb+srv://USER:PASSWORD@CLUSTER.mongodb.net/DATABASENAME The replica set Read more…

AWS: VPC DNS Server

From a running ec2, as long as the vpc has DNS support enabled, you can use the vpc dns server to resolve DNS names. It will resolve public AWS names to private IPs if within the VPC. DNS Server 169.254.169.253 References: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

RabbitMQ metrics in Elasticsearch

In this example we are using Elastic Cloud managed elasticsearch and will deploy the metricbeat to a k8s cluster. Create Secret apiVersion: v1 data: ELASTICSEARCH_AUTH: [base64_encoded_auth] ELASTICSEARCH_CLOUD_ID: [base64_encoded_cloudid] ELASTICSEARCH_RABBITMQ_PASSWORD: [base64_encoded_password] ELASTICSEARCH_RABBITMQ_USER: [base64_encoded_user] kind: Secret metadata: name: metricbeat type: Opaque Create DNS pointing to RabbitMQ apiVersion: v1 kind: Service metadata: name: Read more…

Kubernetes on a Mac

Enable auto-completion Upgrade bash, install autocompletion and enable them: https://medium.com/merapar/fixing-bash-autocompletion-on-macos-for-kubectl-and-kops-e87f019652e8 List all pod (sorted by node) kubectl get pods -o wide –sort-by=”{.spec.nodeName}” –all-namespaces