AWS Credentials

Get the role name wget http://169.254.169.254/latest/meta-data/iam/info will get something like: { “Code” : “Success”, “LastUpdated” : “2020-03-06T20:34:08Z”, “InstanceProfileArn” : “arn:aws:iam::3940394039403:instance-profile/ProfileName”, “InstanceProfileId” : “kasdjaksjakjsa” } or better yet, get the role name from: wget http://169.254.169.254/latest/meta-data/iam/security-credentials It will be the name of the only entry returned. then get credentials with: wget http://169.254.169.254/latest/meta-data/iam/security-credentials/ProfileName Read more…

WireGuard VPN

Install on ubuntu 18.04: sudo add-apt-repository ppa:wireguard/wireguard sudo apt-get update sudo apt-get install wireguard Create keys Create keys for server in /etc/wireguard: umask 077; wg genkey | tee privatekey | wg pubkey > publickey Forward traffic To use this box as jumpbox to the LAN: sysctl -w net.ipv4.ip_forward=1 To survive Read more…

ArgoCD

Install kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml https://argoproj.github.io/argo-cd/getting_started/ Proxy connection to server kubectl port-forward svc/argocd-server -n argocd 8080:443 You can access the argocd server at http://localhost:8080 Until we configure SSL you will get a certificate error in the browser. Click continue and use the default credentials Read more…

MongoDB SRV

The mongo SRV connection string allow mongo clients to resolve the individual server names using DNS. If you need to debug connection problems or simply are curious about the hosts used, you find them by making DNS queries using dig or even https://dns.google.com/ The Connection Format mongodb+srv://USER:PASSWORD@CLUSTER.mongodb.net/DATABASENAME The replica set Read more…

RabbitMQ metrics in Elasticsearch

In this example we are using Elastic Cloud managed elasticsearch and will deploy the metricbeat to a k8s cluster. Create Secret apiVersion: v1 data: ELASTICSEARCH_AUTH: [base64_encoded_auth] ELASTICSEARCH_CLOUD_ID: [base64_encoded_cloudid] ELASTICSEARCH_RABBITMQ_PASSWORD: [base64_encoded_password] ELASTICSEARCH_RABBITMQ_USER: [base64_encoded_user] kind: Secret metadata: name: metricbeat type: Opaque Create DNS pointing to RabbitMQ apiVersion: v1 kind: Service metadata: name: Read more…

Microk8s – Private Registry

Docker Private Registry To setup Microk8s, see previous post Enable required microk8s add-ons: In order to push images from your development machine to a Microk8s docker private registry, you may want to expose it outside of the host. Note: these instructions can easily be adapted to expose a docker private Read more…