brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: cloud computing articles

Browse Source
This commit is contained in:
Michele Cereda
2023-12-20 23:17:06 +01:00
parent 65f93c9a05
commit 1abe29578a
14 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
knowledge base/cloud computing/README.placeholder Normal file
View File

@@ -0,0 +1 @@
https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-cloud-computing

56
knowledge base/cloud computing/aws/cli.md Normal file
View File

@@ -0,0 +1,56 @@
# AWS CLI
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Profiles](#profiles)
1. [Further readings](#further-readings)
## TL;DR
```sh
# Install the CLI.
brew install awscli
# Configure a profile.
aws configure
aws configure --profile work
# Use a specific profile for the rest of this shell session.
export AWS_PROFILE="work"
```
## Profiles
```sh
# Initialize the default profile.
# Not specifying a profile means to configure the default profile.
$ aws configure
AWS Access Key ID [None]: AKIA…
AWS Secret Access Key [None]: je7MtG…
Default region name [None]: us-east-1
Default output format [None]: text
# Initialize a specific profile.
$ aws configure --profile work
AWS Access Key ID [None]: AKIA…
AWS Secret Access Key [None]: LB88Mt…
Default region name [None]: us-west-1
Default output format [None]: json
# Use a specific profile for the rest of this session.
$ export AWS_PROFILE="work"
```
## Further readings
- CLI [quickstart]
- [Configure profiles] in the CLI
<!--
References
-->
<!-- Upstream -->
[quickstart]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
[configure profiles]: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

95
knowledge base/cloud computing/azure/aks.md Normal file
View File

@@ -0,0 +1,95 @@
# Azure Kubernetes Service
Managed Kubernetes solution offered by Azure.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Troubleshooting](#troubleshooting)
1. [_Subnet XXX does not have enough capacity for YY IP addresses_ while updating the credentials for an existing Service Principal](#subnet-xxx-does-not-have-enough-capacity-for-yy-ip-addresses-while-updating-the-credentials-for-an-existing-service-principal)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# List the available AKS versions.
az aks get-versions --location 'location' -o 'table'
# Show the details of an AKS cluster.
az aks show -g 'resource_group_name' -n 'cluster_name'
# Get credentials for an AKS cluster.
az aks get-credentials \
--resource-group 'resource_group_name' --name 'cluster_name'
az aks get-credentials … --overwrite-existing --admin
# Wait for the cluster to be ready.
az aks wait --created --interval 10 --timeout 1800 \
-g 'resource_group_name' -n 'cluster_name'
# Move the cluster to its goal state *without* changing its configuration.
# Can be used to move out of a non succeeded state.
az aks update --resource-group 'resource_group_name' --name 'cluster_name' --yes
# Delete AKS clusters.
az aks delete -y -g 'resource_group_name' -n 'cluster_name'
# Validate an ACR is accessible from an AKS cluster.
az aks check-acr --acr 'acr_name' \
--resource-group 'resource_group_name' --name 'cluster_name'
az aks check-acr … --node-name 'node_name'
# Add a new AKS extensions.
az aks extension add --name 'k8s-extension'
# Show the details of an installed AKS extensions.
az aks extension show --name 'k8s-extension'
# List Kubernetes extensions of an AKS cluster.
az k8s-extension list --cluster-type 'managedClusters' \
--resource-group 'resource_group_name' --name 'cluster_name'
# List Flux configurations in an AKS cluster.
az k8s-configuration flux list --cluster-type 'managedClusters' \
--resource-group 'resource_group_name' --name 'cluster_name'
# Show the details of a Feature.
az feature show -n 'AKS-ExtensionManager' --namespace 'Microsoft.ContainerService'
```
## Troubleshooting
### _Subnet XXX does not have enough capacity for YY IP addresses_ while updating the credentials for an existing Service Principal
> When you reset your cluster's credentials on an AKS cluster that uses Azure Virtual Machine Scale Sets, a Node image upgrade is performed to update your Nodes with the new credential information.
The image upgrade rollout should proceed one Node at a time unless configured differently.<br/>
Make sure you have enough space in your cluster's Subnet for at least one new Node (with all its possible containers).
## Further readings
- [Kubernetes]
- [Update or rotate the credentials for an AKS cluster]
- [Azure Service Operator]
## Sources
All the references in the [further readings] section, plus the following:
- [`az aks` command reference][az aks reference]
<!--
References
-->
<!-- Upstream -->
[az aks reference]: https://learn.microsoft.com/en-us/cli/azure/aks
[azure service operator]: https://azure.github.io/azure-service-operator/
[update or rotate the credentials for an aks cluster]: https://learn.microsoft.com/en-us/azure/aks/update-credentials
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
[kubernetes]: ../kubernetes/README.md

93
knowledge base/cloud computing/azure/bicep.md Normal file
View File

@@ -0,0 +1,93 @@
# Bicep
Domain-specific language (DSL) for Infrastructure as Code, using declarative syntax to deploy Azure resources in a consistent manner.
See the [What is Bicep?] page for more information.
The Azure CLI can use a command group (`az bicep …`) to integrate with the `bicep` utility.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Utility management](#utility-management)
1. [Installation](#installation)
1. [Upgrade](#upgrade)
1. [Further readings](#further-readings)
## TL;DR
```sh
# Install the `bicep` utility.
# Includes the utility inside the local Azure CLI installation's path.
az bicep install
az bicep install -v 'v0.2.212' -t 'linux-arm64'
# The CLI defaults to the included installation.
# External instances of the `bicep` utility *can* be used *if* the CLI is
# configured to do so.
brew install azure/bicep/bicep && \
az config set bicep.use_binary_from_path=True
# Upgrade `bicep` from the CLI.
az bicep upgrade
az bicep upgrade -t 'linux-x64'
# Validate a bicep template to create a Deployment Group.
# Leverages the `bicep` utility.
az deployment group validate \
-n 'deployment_group_name' -g 'resource_group_name' \
-f 'template.bicep' -p 'parameter1=value' parameter2="value"
```
## Utility management
### Installation
The simplest way to install the `bicep` utility is to use the CLI:
```sh
az bicep install
az bicep install -v 'v0.2.212' -t 'linux-arm64'
```
When doing so, the CLI downloads the utility inside its path.
When using a proxy (like in companies forcing connections through it), the certificate check might fail.<br/>
If this is the case, or when needed, `bicep` **can** be installed externally and used by the CLI, **if** the CLI is configured to use it with the following setting:
```sh
az config set bicep.use_binary_from_path=True
```
### Upgrade
Bicep will by default check for upgrades when run.<br/>
To avoid this, the CLI needs to be configured to as follows:
```sh
az config set bicep.version_check=False
```
When `bicep` is installed through the CLI, it can be updated from it too:
```sh
az bicep upgrade
az bicep upgrade -t 'linux-x64'
```
## Further readings
- [What is Bicep?]
- The [`az bicep` command reference][az bicep]
- The [Azure CLI]
<!--
References
-->
<!-- Upstream -->
[az bicep]: https://learn.microsoft.com/en-us/cli/azure/bicep
[what is bicep?]: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview
<!-- Knowledge base -->
[azure cli]: cli.md

542
knowledge base/cloud computing/azure/cli.md Normal file
View File

@@ -0,0 +1,542 @@
# Azure CLI
Queries (`az … --query …`) use the [JMESPath] query language for JSON.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Installation](#installation)
1. [Extensions](#extensions)
1. [Pipelines](#pipelines)
1. [AKS](#aks)
1. [APIs](#apis)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# Install the CLI.
asdf plugin add 'azure-cli' && asdf install 'azure-cli' '2.43.0'
brew install 'azure-cli'
docker run -v "${HOME}/.azure:/root/.azure" 'mcr.microsoft.com/azure-cli:2.40.0'
pip install 'azure-cli'
pipx install 'azure-cli'
# Disable certificates check upon connection.
# Use it for proxies with doubtful certificates.
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
# Login to Azure.
az login
az login -u 'username' -p 'password'
az login --identity --username 'client_id__or__object_id__or__resource_id'
az login --service-principal \
-u 'app_id' -p 'password_or_certificate' --tenant 'tenant_id'
# Check the CLI status.
az self-test
# Gather information on the current user.
az ad signed-in-user show
az ad signed-in-user list-owned-objects
# Gather information on another user.
az ad user show --id 'user@email.org'
# Check a User's permissions.
az ad user get-member-groups --id 'user@email.org'
# Get IDs of Service Principals from their Display Name.
# id => object ID, appId => client ID.
az ad sp list -o 'tsv' --display-name 'service_principal_name' --query '[].id'
az ad sp list … --query '[].appId'
# Get the Display Name of Service Principals from their object ID.
az ad sp show --query 'displayName' -o 'tsv' \
--id '12345678-abcd-0987-fedc-567890abcdef'
# Show information about an Application.
# The ID must be an application id, object id or identifier uri.
az ad app show --id '12345678-abcd-0987-fedc-567890abcdef'
# Get the Display Name of an Application from its ID.
az ad app show --query 'displayName' -o 'tsv' \
--id '12345678-abcd-0987-fedc-567890abcdef'
# Get the Principal (Object) ID of a Managed Identity from its Name.
az identity show --query 'principalId' -o 'tsv' \
--resource-group 'resource_group_name' --name 'managed_identity_name'
# Get the name of a Managed Identity from its Principal (Object) ID.
az identity list -o 'tsv' \
--query "[?(@.principalId=='managed_identity_principal_id')].name"
# Get a Resource Group's ID.
az group show 'resource_group_name'
# List Subscriptions available to the current User.
az account list --refresh --output 'table'
# Get the current User's default Subscription's ID.
az account show --query 'id' --output 'tsv'
# Get the ID of a Subscription from its Name.
az account show --query 'name' -o 'tsv' -s 'subscription_id'
# Get the Name of a Subscription from its ID.
az account show --query 'id' -o 'tsv' -n 'subscription_name'
# Get the current User's default Subscription.
az account set --subscription 'subscription_uuid__or__name'
# Set the current User's default Resource Group.
az configure --defaults 'group=resource_group_name'
# List available Locations.
az account list-locations -o 'table'
# Create an Access Token for the current User.
az account get-access-token
az account get-access-token --query 'accessToken' -o 'tsv'
# List and show role definitions.
az role definition list --name 'role_display_name'
az role definition list -g 'resource_group_name' --custom-role-only true
# Create role definitions.
az role definition create --role-definition 'full_json_definition'
# Update role definitions.
az role definition update --role-definition 'full_json_definition'
az role definition update --role-definition <( \
az role definition list -g 'resource_group_name' --name 'role_display_name' \
| jq -Mc '
.[] | .assignableScopes += [
"/subscription/subscription_id/resourceGroups/resource_group_name"
] ' - \
)
# Delete role definitions.
az role definition delete --name 'role_display_name'
# List role assignments.
az role assignment list
az role assignment list --all
az role assignment list --resource-group 'resource_group'
az role assignment list … --scope 'scope_id' --role 'role_id_or_name'
# List role assignments with scope for a User or Managed Identity.
# By default, it will only show role assignments for the current subscription.
az role assignment list --subscription 'subscription_id' \
--all --include-inherited --assignee 'user_or_managed_identity_object_id' \
--query '[].{role: roleDefinitionName, scope: scope}' -o 'tsv'
# Give Principals permissions on Key Vaults.
az keyvault set-policy -n 'key_vault_name' --object-id 'principal_object_id' \
--secret-permissions 'get' 'list' 'set' --certificate-permissions 'all'
az keyvault set-policy -n 'key_vault_name' --spn 'service_principal_name'
az keyvault set-policy -n 'key_vault_name' --upn 'user_principal_name'
# List the names of all keys in Key Vaults.
az keyvault key list --query '[].name' -o 'tsv' --vault-name 'key_vault_name'
# Create or update passwords in Key Vaults.
az keyvault secret set \
--vault-name 'key_vault_name' --name 'secret_name' --value 'plain_text'
az keyvault secret set … --expires '2024-04-10T12:19:54Z'
# Get passwords from Key Vaults.
az keyvault secret show --query 'value' \
--name 'secret_name' --vault-name 'key_vault_name'
# Show details of Disk Encryption Sets.
az disk-encryption-set show -g 'resource_group_name' -n 'des_name'
# Get Key ID and Access Policy of Disk Encryption Sets.
az disk-encryption-set show --ids 'id' \
--query "{
\"keyId\": activeKey.keyUrl,
\"accessPolicyId\": join('/', [activeKey.sourceVault.id, 'objectId', identity.principalId])
}"
# List all the available SKUs for VMs.
az vm list-skus
az vm list-skus -l 'location'
# List all the SKUs supporting an ephemeral OS disk.
az vm list-skus -l 'location' -o tsv \
--query "[?capabilities[?name=='EphemeralOSDiskSupported' && value=='True']]"
# List the Virtual Machine images available in Azure Marketplace.
# Or check https://az-vm-image.info .
# Suggested to use '--all' to avoid useless filtering at MSFT side.
az vm image list --all
az vm image list -l 'westus' --offer 'RHEL' -p 'RedHat' -s '8_5' --all
# Show a Virtual Machine's details.
az vm show -g 'resource_group_name' -n 'vm_name'
# Delete a Virtual Machine.
az vm delete -g 'resource_group_name' -n 'vm_name'
# Assess updates in a Linux Virtual Machine.
az vm assess-patches -g 'resource_group_name' -n 'vm_name'
# Install security updates in a Linux Virtual Machine.
# Do not reboot.
# Max 4h of operation.
az vm install-patches -g 'resource_group_name' -n 'vm_name' \
--maximum-duration 'PT4H' --reboot-settings 'Never' \
--classifications-to-include-linux 'Security'
# Get the status of the Agent in a Virtual Machine.
az vm get-instance-view -g 'resource_group_name' -n 'vm_name' \
--query 'instanceView.vmAgent.statuses[]' -o 'table'
# Wait until a Virtual Machine satisfies a condition.
az vm wait -g 'resource_group_name' -n 'vm_name' --created
az vm wait … --updated --interval '5' --timeout '300'
az vm wait … --custom "instanceView.statuses[?code=='PowerState/running']"
az vm wait … --custom "instanceView.vmAgent.statuses[?code!='ProvisioningState/Updating']"
# Wait for a Virtual Machine Agent to be Ready.
az vm wait -g 'resource_group_name' -n 'vm_name' \
--custom "instanceView.vmAgent.statuses[?code=='ProvisioningState/succeeded']"
# List all the available SKUs for PostgreSQL flexible DB servers.
az postgres flexible-server list-skus --location 'westeurope' -o 'table'
# List LogAnalytics' Workspaces.
az monitor log-analytics workspace list --query '[].name' \
--resource-group 'resource_group_name'
# List available Resource Providers.
az provider list
az provider list --expand
# Enable a Resource Provider.
az provider register -n 'Microsoft.Confluent' --accept-terms
az provider register -n 'Microsoft.Automation' -m 'management_group_id'
# List the available properties of the 'ContainerService' Resource Provider.
az provider show -o 'tsv' --namespace 'Microsoft.ContainerService' \
--expand 'resourceTypes/aliases' --query 'resourceTypes[].aliases[].name'
# Disable a Resource Provider.
az provider unregister -n 'Microsoft.Confluent'
# List available CLI extensions.
az extension list-available --output 'table'
# Add extensions to the CLI.
az extension add --name 'extension_name'
az extension add --source 'url__or__local_path'
# Update extensions.
az extension update --name 'extension_name'
az extension add --source 'updated__url__or__local_path'
# Remove installed extensions.
az extension remove --name 'extension_name'
# Validate a bicep template to create a Deployment Group.
# Leverages the `bicep` utility.
az deployment group validate \
-n 'deployment_group_name' -g 'resource_group_name' \
-f 'template.bicep' -p 'parameter1=value' parameter2="value"
# Check what a bicep template would do.
az deployment group what-if …
# Create a Deployment Group from a template.
az deployment group create …
# Cancel the current operation on a Deployment Group.
az deployment group cancel \
-n 'deployment_group_name' -g 'resource_group_name'
# Delete a Deployment Group.
az deployment group delete \
-n 'deployment_group_name' -g 'resource_group_name'
# Delete Log Analytics Workspaces.
az monitor log-analytics workspace delete -y -f 'y' \
-g 'resource_group_name' -n 'law_name'
# Delete Disk Encryption Sets.
az disk-encryption-set delete -g 'resource_group_name' -n 'des_name'
# Login to an ACR.
az acr login --name 'acr_name'
# Diagnose container registry connectivity issues.
# Requires Docker being running.
# Will run a hello-world image locally.
az acr check-health -n 'acr_name' -s 'subscription_uuid_or_name'
# List helm charts in an ACR.
az acr helm list -n 'acr_name' -s 'subscription_uuid_or_name'
# Get the 5 latest versions of a helm chart in an ACR.
az acr helm list -n 'acr_name' -s 'subscription_uuid_or_name' -o 'json' \
| jq \
--arg CHART_REGEXP 'chart_name_or_regex' \
'to_entries
| map(select(.key|test($CHART_REGEXP)))[].value[]
| { version: .version, created: .created }' - \
| yq -sy 'sort_by(.created) | reverse | .[0:5]' -
# Push a helm chart to an ACR.
az acr helm push -n 'acr_name' 'chart.tgz' --force
# List the available Features in a Subscription.
az feature list
# Show the details of a Feature.
az feature show -n 'AKS-ExtensionManager' --namespace 'Microsoft.ContainerService'
# List Policies.
az policy definition list
az policy definition list -o 'tsv' --query "[?(@.name=='policy_name')]"
az policy definition list -o 'tsv' --query "[?(@.displayName=='policy_display_name')].name"
# Show a Policy's definition.
az policy definition show -n 'policy_name'
# List Policies metadata.
az policy metadata list
# List Policy Initiatives.
az policy set-definition list
az policy set-definition list -o 'tsv' --query "[?(@.name=='initiative_name')]"
az policy set-definition list --management-group 'management_group_id' \
-o 'tsv' --query "[?(@.displayName=='initiative_display_name')].name"
# Show an Initiative's definition.
az policy set-definition show -n 'initiative_name'
# Show the servers in the default HTTP backend of an Application Gateway.
az network application-gateway show-backend-health -o 'table' \
-g 'resource_group_name' -n 'agw_name' \
--query 'backendAddressPools[].backendHttpSettingsCollection[].servers[]'
# Check if the current User is member of a given Group.
az rest -u 'https://graph.microsoft.com/v1.0/me/checkMemberObjects' \
-m post -b '{"ids":["group_id"]}'
# Check if a Service Principal is member of a given Group.
az rest -u 'https://graph.microsoft.com/v1.0/servicePrincipals/service_principal_id/checkMemberObjects' \
-m post -b '{"ids":["group_id"]}'
# Query the Graph APIs for a specific Member in a Group.
az rest -m 'get' \
-u 'https://graph.microsoft.com/beta/groups/group_id/members?$search="displayName:group_display_name"&$select=displayName' \
--headers 'consistencylevel=eventual'
# Remove a Member from an AAD Group.
# If '/$ref' is missing from the request, the user will be **deleted from AAD**
# if the appropriate permissions are used, otherwise a '403 Forbidden' error is
# returned.
az rest -m 'delete' \
-u 'https://graph.microsoft.com/beta/groups/group_id/members/member_id/$ref'
# List a User's PATs.
# 'displayFilterOptions' are 'active' (default), 'all', 'expired' or 'revoked'.
# 'displayFilterOptions' can be negated ('!revoked').
# If more then 20, or up to 100 using the '$top' url parameter, results are
# paged and a 'continuationToken' will be returned.
az rest -m 'get' \
--headers Authorization='Bearer ey…pw' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats?api-version=7.1-preview.1'
az rest … -u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats?api-version=7.1-preview.1&displayFilterOption=revoked&isSortAscending=false'
az rest … -u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats' \
--url-parameters 'api-version=7.1-preview.1' 'displayFilterOption=expired' continuationToken='Hr…in='
# Create PATs.
az rest -m 'post' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats' \
--url-parameters 'api-version=7.1-preview.1' \
--headers Authorization='Bearer ey…pw' Content-Type='application/json' \
-b '{
"displayName": "new-pat",
"scope": "pat-scope",
"validTo": "2021-12-31T23:46:23.319Z",
"allOrgs": false
}'
# Extend PATs.
# Works with expired PATs too, but not revoked ones.
az rest -m 'put' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats' \
--url-parameters 'api-version=7.1-preview.1' \
--headers Authorization='Bearer ey…pw' Content-Type='application/json' \
-b '{
"authorizationId": "01234567-abcd-0987-fedc-0123456789ab",
"validTo": "2021-12-31T23:46:23.319Z"
}'
az rest … -b @'file.json'
# Revoke PATs.
az rest -m 'delete' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats' \
--url-parameters \
'api-version=7.1-preview.1' \
'authorizationId=01234567-abcd-0987-fedc-0123456789ab' \
--headers Authorization='Bearer ey…pw'
# Automatically renew the first 100 non revoked Devops PATs.
# The others are in the next pages and not being able to deactivate pagination
# just su*ks bad.
# Assumes the command uses the GNU version of each tool (see `date`).
ORGANIZATION_NAME='organization_name' \
TOKEN="$(az account get-access-token --query 'accessToken' -o 'tsv')" \
VALID_TO="$(date -d '+13 days' '+%FT%T.00Z')" \
&& az rest -m 'get' \
-u "https://vssps.dev.azure.com/${ORGANIZATION_NAME}/_apis/tokens/pats" \
--url-parameters \
'api-version=7.1-preview.1' \
'displayFilterOption=!revoked' \
'$top=100' \
--headers "Authorization=Bearer ${TOKEN}" \
--query 'patTokens[].authorizationId' \
-o 'tsv' \
| parallel -qr -j '100%' \
az rest -m 'put' \
-u "https://vssps.dev.azure.com/${ORGANIZATION_NAME}/_apis/tokens/pats" \
--url-parameters \
'api-version=7.1-preview.1' \
--headers \
"Authorization=Bearer ${TOKEN}" \
'Content-Type=application/json' \
-b "{ \"authorizationId\": \"{}\", \"validTo\": \"${VALID_TO}\" }"
```
## Installation
```sh
pip install 'azure-cli'
brew install 'azure-cli'
asdf plugin add 'azure-cli' && asdf install 'azure-cli' '2.43.0'
docker run -it -v "${HOME}/.ssh:/root/.ssh" 'mcr.microsoft.com/azure-cli'
```
## Extensions
The Azure CLI can load _extensions_, practically Python wheels that aren't shipped as part of the CLI itself but run as CLI commands.<br/>
You could create your own CLI interface.
```sh
# List available CLI extensions.
az extension list-available --output 'table'
# Add extensions to the CLI.
az extension add --name 'extension_name'
az extension add --source 'url__or__local_path'
# Update extensions.
az extension update --name 'extension_name'
az extension add --source 'updated__url__or__local_path'
# Remove installed extensions.
az extension remove --name 'extension_name'
```
When you run a command for an extension which is not currently installed, CLI recognizes it and tries to automatically install the extension. This feature is called _dynamic install_, and is enabled by default since version 2.12.0.
```sh
# Configure if and how to use the 'dynamic install' feature.
az config set 'extension.use_dynamic_install=yes_prompt'
az config set 'extension.use_dynamic_install=yes_without_prompt'
az config set 'extension.use_dynamic_install=no'
az config set 'extension.run_after_dynamic_install=no'
```
## Pipelines
See [DevOps].
## AKS
See [AKS].
## APIs
One can directly call the APIs with the `rest` command:
```sh
az rest \
-m 'post' \
-u 'https://graph.microsoft.com/v1.0/me/checkMemberObjects' \
--headers Authorization='Bearer ey…pw' \
-b '{"ids": ["group_id"]}'
az rest \
-m 'delete' \
-u 'https://graph.microsoft.com/beta/groups/group_id/members/member_id/$ref'
az rest \
-m 'put' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats?api-version=7.1-preview.1' \
--headers \
'Authorization=Bearer ey…pw' \
'Content-Type=application/json' \
-b '{
"authorizationId": "01234567-abcd-0987-fedc-0123456789ab",
"validTo": "2021-12-31T23:46:23.319Z"
}'
az rest \
-m 'get' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats' \
--url-parameters \
'api-version=7.1-preview.1' \
'displayFilterOption=expired' \
'continuationToken=Hr…in='
```
## Further readings
- [PAT APIs]
- The [`az` command reference][az reference]
- The [`az bicep` command group][az bicep]
- [Devops CLI extension]
## Sources
All the references in the [further readings] section, plus the following:
- [Install Azure CLI on macOS]
- [Get started with Azure CLI]
- [Sign in with Azure CLI]
- [How to manage Azure subscriptions with the Azure CLI]
- [Authenticate with an Azure container registry]
- [Remove a member]
- [Create and manage Azure Pipelines from the command line]
<!--
References
-->
<!-- Upstream -->
[authenticate with an azure container registry]: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli
[az reference]: https://learn.microsoft.com/en-us/cli/azure/reference-index
[get started with azure cli]: https://learn.microsoft.com/en-us/cli/azure/get-started-with-azure-cli
[how to manage azure subscriptions with the azure cli]: https://learn.microsoft.com/en-us/cli/azure/manage-azure-subscriptions-azure-cli
[install azure cli on macos]: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-macos
[pat apis]: https://learn.microsoft.com/en-us/rest/api/azure/devops/tokens/pats
[remove a member]: https://learn.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0&tabs=http
[sign in with azure cli]: https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
[aks]: aks.md
[az bicep]: bicep.md#tldr
[devops]: devops.md
[devops cli extension]: devops.md#tldr
[jmespath]: ../jmespath.md
<!-- Others -->
[create and manage azure pipelines from the command line]: https://devblogs.microsoft.com/devops/create-and-manage-azure-pipelines-from-the-command-line/

165
knowledge base/cloud computing/azure/devops.md Normal file
View File

@@ -0,0 +1,165 @@
# Azure Devops
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Pipelines](#pipelines)
1. [Predefined variables](#predefined-variables)
1. [Loops](#loops)
1. [Azure CLI extension](#azure-cli-extension)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# Login to Azure DevOps with a PAT.
az devops login --organization 'https://dev.azure.com/organization_name'
# Clone a repository using a PAT.
git clone 'https://pat_value@dev.azure.com/organization_name/project_name/_git/repo_name'
# Create new repositories.
az repos create --name 'repo_name' \
--org 'https://dev.azure.com/organization_name' --project 'project_name'
# Delete repositories.
az repos delete --yes --id 'repo_id' \
--org 'https://dev.azure.com/organization_name' --project 'project_name'
# Create pipelines from YAML definition files.
az pipelines create --name 'pipeline_name' \
--org 'https://dev.azure.com/organization_name' --project 'project_name' \
--repository 'repo_name' --repository-type 'tfsgit' \
--folder-path '\\path\\to\\folder' --yaml-path '/path/in/repo.yaml' \
--skip-first-run 'true'
# Get the names of all the Pipelines the current user has access to.
az pipelines list --organization 'organization_id_or_name'
az pipelines list --detect 'true' --query '[].name' -o 'tsv'
# Show a specific Pipeline information.
az pipelines show --id 'pipeline_id'
az pipelines show --name 'pipeline_name'
# Start a Pipeline run.
az pipelines run --name 'pipeline_name' \
--parameters 'system.debug=True' agent.diagnostic="True"
# Get the status of a Pipeline's build run.
az pipelines build show --id 'pipeline_id'
az pipelines build show --detect 'true' -o 'tsv' \
--project 'project_name' --id 'pipeline_id' --query 'result'
# Download an artifact uploaded during a Pipeline's run.
az pipelines runs artifact download --path 'local_path' \
--organization 'organization_id_or_name' --project 'project_name' \
--artifact-name 'artifact_name' --run-id 'run_id'
# Delete pipelines.
az pipelines delete --yes --id 'pipeline_id'
# List DevOps' Service Endpoints.
az devops service-endpoint list \
--organization 'https://dev.azure.com/organization_name' --project 'project'
az rest -m 'get' \
-u 'https://dev.azure.com/organization_name/project_name/_apis/serviceendpoint/endpoints' \
--url-parameters 'api-version=7.1-preview.4' \
--headers Authorization='Bearer ey…pw'
# Get the ID of a Service Endpoint from its name.
az devops service-endpoint list -o 'tsv' \
--organization 'https://dev.azure.com/organization_name' --project 'project' \
--query "[?name=='service_endpoint_name'].id"
# Get the name of a Service Endpoint from its id.
az devops service-endpoint list -o 'tsv' \
--organization 'https://dev.azure.com/organization_name' --project 'project' \
--query "[?id=='service_endpoint_id'].name"
# Get the id of the Service Principals linked to Service Endpoints.
az devops service-endpoint list -o 'tsv' \
--organization 'https://dev.azure.com/organization_name' --project 'project' \
--query "[?name=='service_endpoint_name'].authorization.parameters.servicePrincipalId"
# Filter out users whose Principal Name starts for X and access Y.
az devops user list --org 'https://dev.azure.com/organizationName' \
--query "
items[?
startsWith(user.principalName, 'yourNameHere') &&
\! contains(accessLevel.licenseDisplayName, 'Test plans')
].user.displayName"
# Get Teams' information.
az devops team show \
--org 'https://dev.azure.com/organizationName' --project 'project' \
--team 'display_name'
```
## Pipelines
Give the `--organization` parameter, or use `--detect true` if running the command from a git repository to have it guessed automatically.
`--detect` already defaults to `true`.
### Predefined variables
See [Use predefined variables] for more information.
### Loops
See [Expressions] for more information.
Use the `each` keyword to loop through **parameters of the object type**:
```yaml
parameters:
- name: listOfFruits
type: object
default:
- fruitName: 'apple'
colors: ['red','green']
- fruitName: 'lemon'
colors: ['yellow']
steps:
- ${{ each fruit in parameters.listOfFruits }} :
- ${{ each fruitColor in fruit.colors}} :
- script: echo ${{ fruit.fruitName}} ${{ fruitColor }}
```
## Azure CLI extension
Devops offers the [`az devops`][az devops] extension to the Azure CLI.<br/>
The extension will automatically install itself the first time you run an `az devops` command.
## Further readings
- [Expressions]
- [Use predefined variables]
- [Azure CLI]
- [`az devops`][az devops]
## Sources
All the references in the [further readings] section, plus the following:
- [Loops in Azure DevOps Pipelines]
<!--
References
-->
<!-- Upstream -->
[expressions]: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/expressions
[use predefined variables]: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables
[az devops]: https://learn.microsoft.com/en-us/cli/azure/devops?view=azure-cli-latest
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
[azure cli]: azure%20cli.md
<!-- Others -->
[loops in azure devops pipelines]: https://pakstech.com/blog/azure-devops-loops/

85
knowledge base/cloud computing/azure/kubelogin.md Normal file
View File

@@ -0,0 +1,85 @@
# Azure Kubelogin
Client-go credential (exec) plugin for `kubectl` 1.11+ implementing Azure authentication.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
## TL;DR
```sh
# Installation.
brew install 'Azure/kubelogin/kubelogin'
# Leverage the already logged-in context used by Azure CLI.
# The token will be issued in the same Azure AD tenant as in `az login` and be
# managed by the Azure CLI.
kubelogin convert-kubeconfig -l 'azurecli'
# Use service principals to login.
# The token will **not** be cached on the filesystem.
# Only works with managed AAD.
# The service principal can be member of up to 200 AAD groups.
# Provide password-based credentials via command flags.
kubelogin convert-kubeconfig -l 'spn' \
--client-id 'spn_client_id' --client-secret 'spn_client_secret'
# Provide password-based credentials via environment variables.
kubelogin convert-kubeconfig -l 'spn' && export \
AAD_SERVICE_PRINCIPAL_CLIENT_ID='spn_client_id' \
AAD_SERVICE_PRINCIPAL_CLIENT_SECRET='spn secret'
kubelogin convert-kubeconfig -l 'spn' && export \
AZURE_CLIENT_ID='spn_client_id' AZURE_CLIENT_SECRET='spn secret'
# Provide pfx client certificate-based credentials via environment variables.
kubelogin convert-kubeconfig -l 'spn' && export \
AAD_SERVICE_PRINCIPAL_CLIENT_ID='spn_client_id' \
AAD_SERVICE_PRINCIPAL_CLIENT_CERTIFICATE='path/to/cert.pfx' \
AAD_SERVICE_PRINCIPAL_CLIENT_CERTIFICATE_PASSWORD='pfx_password'
kubelogin convert-kubeconfig -l 'spn' && export \
AZURE_CLIENT_ID='spn_client_id' \
AZURE_CLIENT_CERTIFICATE_PATH='path/to/cert.pfx' \
AZURE_CLIENT_CERTIFICATE_PASSWORD='pfx_password'
# Use managed identities to login.
# The token will **not** be cached on the filesystem.
kubelogin convert-kubeconfig -l 'msi'
kubelogin convert-kubeconfig -l 'msi' --client-id 'msi_client_id'
# Use workload identities to login.
# The token will **not** be cached on the filesystem.
export \
AZURE_CLIENT_ID='applicationId_federated_with_workload_identity' \
AZURE_TENANT_ID='tenantId' \
AZURE_FEDERATED_TOKEN_FILE='file_containing_the_signed_assertion_of_workload_identity' \
AZURE_AUTHORITY_HOST='base_url_of_an_azure_active_directory_authority' \
&& kubelogin convert-kubeconfig -l 'workloadidentity'
# Remove cached tokens.
kubelogin remove-tokens
```
## Further readings
- [Website]
- [Azure CLI]
- [`kubectl`][kubectl]
<!--
References
-->
<!-- Upstream -->
[website]: https://azure.github.io/kubelogin/
<!-- Knowledge base -->
[azure cli]: cli.md
[kubectl]: ../kubernetes/kubectl.md

1
knowledge base/cloud computing/dapr.placeholder Normal file
View File

@@ -0,0 +1 @@
https://dapr.io/

158
knowledge base/cloud computing/gcp/cli.md Normal file
View File

@@ -0,0 +1,158 @@
# The `gcloud` utility
CLI for the Google Cloud Platform.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# Login.
gcloud auth login
gcloud … --brief
gcloud … "email@example.com"
# Print access tokens.
gcloud auth print-access-token
gcloud … "email@example.com"
# List all credentialed accounts.
# Also identify the current active account.
gcloud auth list
# Revoke credentials.
# A.K.A. logout.
gcloud auth revoke "email@example.com"
gcloud auth revoke --all
# Setup applications.
gcloud auth application-default login
gcloud … --no-launch-browser
# Activate service accounts.
gcloud auth activate-service-account \
"serviceaccount@gcpproject.iam.gserviceaccount.com" \
--key-file "/path/to/sa.credentials.json"
# Configure the CLI.
gcloud config set 'account' "serviceaccount@gcpproject.iam.gserviceaccount.com"
gcloud … 'project' "project_id"
gcloud … 'compute/region' "europe-west1"
gcloud config unset 'project'
# List current settings.
gcloud config list
gcloud … --configuration "profile_name"
# Create new profiles.
gcloud config configurations create "new_active_profile"
gcloud … --no-activate "new_inactive_profile"
# List available profiles.
gcloud config configurations list
# Switch to different configurations.
gcloud config configurations activate "old_profile"
# List all project the current user has access to.
gcloud projects list --sort-by='projectId'
# Delete projects.
gcloud projects delete "project_name"
# Undo delete project.
# Available for a limited period of time only.
gcloud projects undelete "project_name"
# Add the 'pubsub.admin' IAM Role to the 'awesome-sa' service account in the
# 'gcp-project' project.
gcloud projects add-iam-policy-binding "project_name" \
--member "serviceAccount:awesome-sa@gcp-project.iam.gserviceaccount.com" \
--role 'roles/pubsub.admin'
# Remove the 'pubsub.subscriber' IAM Role from the 'awesome-sa' service account
# in the 'gcpproject' project.
gcloud projects remove-iam-policy-binding "project_name" \
--member="serviceAccount:awesome-sa@gcp-project.iam.gserviceaccount.com" \
--role='roles/pubsub.subscriber'
# SSH into compute instances.
# Includes GKE clusters' compute instances.
gcloud compute ssh "instance-name" --zone "zone_name"
gcloud … --zone "zone_name" "instance_name" --project "project_name"
# Get all Kubernetes versions available for use in GKE clusters.
gcloud container get-server-config --format 'yaml(validNodeVersions)'
gcloud … --format 'yaml(validMasterVersions)' --zone "compute_zone_name"
gcloud … --flatten='channels' --filter='channels.channel=RAPID' \
--format='yaml(channels.channel,channels.validVersions)'
# Generate 'kubeconfig' entries for GKE clusters.
gcloud container clusters get-credentials "cluster_name"
gcloud … "cluster_name" --region "region_name"
# Show operations.
# Filters are suggested.
gcloud container operations list --filter='NOT status:DONE'
gcloud compute … --filter='region:europe-west4 AND -status:DONE'
gcloud container … \
--filter='name:operation-1513320920760-9c26cff5 AND status:RUNNING'
gcloud compute … \
--filter='region:(europe-west4 us-east2)' \
--filter='status!=DONE'
# Connect to cloud SQL instances.
gcloud sql connect "instance_name" --user="root" --quiet
# Use specific service accounts for an operation.
# The service account must have been already activated.
gcloud config set account "serviceaccount@gcpproject.iam.gserviceaccount.com" \
&& gcloud auth application-default login --no-launch-browser \
&& gcloud compute instances list
```
## Further readings
- [Creating and managing projects]
- [Install kubectl and configure cluster access]
- [`gcloud config configurations`][gcloud config configurations]
## Sources
All the references in the [further readings] section, plus the following:
- [Reference]
- [Cheat-sheet]
- [How to run gcloud command line using a service account]
- [How to change the active configuration profile in gcloud]
<!--
References
-->
<!-- Upstream -->
[cheat-sheet]: https://cloud.google.com/sdk/gcloud/reference/cheat-sheet
[creating and managing projects]: https://cloud.google.com/resource-manager/docs/creating-managing-projects
[gcloud config configurations]: https://cloud.google.com/sdk/gcloud/reference/config/configurations
[install kubectl and configure cluster access]: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl
[reference]: https://cloud.google.com/sdk/gcloud/reference/
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Others -->
[how to change the active configuration profile in gcloud]: https://stackoverflow.com/questions/35744901/how-to-change-the-active-configuration-profile-in-gcloud#35750001
[how to run gcloud command line using a service account]: https://pnatraj.medium.com/how-to-run-gcloud-command-line-using-a-service-account-f39043d515b9

100
knowledge base/cloud computing/gcp/cloud sql.md Normal file
View File

@@ -0,0 +1,100 @@
# Cloud SQL
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Connect to a cloud SQL instance](#connect-to-a-cloud-sql-instance)
1. [Create users in a SQL instance from the MySQL shell](#create-users-in-a-sql-instance-from-the-mysql-shell)
1. [Use Terraform to manage users in a cloud SQL instance](#use-terraform-to-manage-users-in-a-cloud-sql-instance)
1. [Gotchas](#gotchas)
## TL;DR
```sh
# Connect to cloud SQL instances.
gcloud sql connect 'instance-name' --user='root' --quiet
# Connect to cloud SQL instances trough local proxy.
# brew install 'cloud_sql_proxy'
cloud_sql_proxy -instances=project-name:region:instance-name=tcp:3306
cloud_sql_proxy -instances=project-name:region:instance-name -dir=/tmp \
-verbose -log_debug_stdout
```
## Connect to a cloud SQL instance
```sh
$ gcloud sql connect 'instance-name' --user=root --quiet
Allowlisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [root].Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 293
Server version: 8.0.18-google (Google)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
```
## Create users in a SQL instance from the MySQL shell
1. Create an administrative user for the instance using `gcloud`, the APIs or the console;
1. Use this administrative user to connect to the MySQL console:
```sh
mysql -h 'host' -u 'admin' -p
```
1. Create the new users from there.
## Use Terraform to manage users in a cloud SQL instance
- Make sure the SQL instance has been created (using a IaC tool or not, it doesn't matter);
- Install `cloud_sql_proxy` on your machine:
```sh
brew install 'cloud_sql_proxy'
```
- Start the proxy and point it to the SQL instance the code needs to connect to:
```sh
$ cloud_sql_proxy -instances=myAwesomeProject:europe-west4:sqlInstance=tcp:3306 -verbose -log_debug_stdout
2021/04/20 10:49:03 Rlimits for file descriptors set to {Current = 8500, Max = 9223372036854775807}
2021/04/20 10:49:05 Listening on 127.0.0.1:3306 for myAwesomeProject:europe-west4:sqlInstance
2021/04/20 10:49:05 Ready for new connections
# or, using sockets
$ cloud_sql_proxy -instances=myAwesomeProject:europe-west4:sqlInstance -dir=/tmp -verbose -log_debug_stdout
2021/05/19 23:13:40 Rlimits for file descriptors set to {Current = 8500, Max = 9223372036854775807}
2021/05/19 23:13:41 Listening on /tmp/myAwesomeProject:europe-west4:sqlInstance for myAwesomeProject:europe-west4:sqlInstance
2021/05/19 23:13:41 Ready for new connections
```
- Point the Terraform SQL provider to localhost:
```hcl
provider "mysql" {
# endpoint = google_sql_database_instance.sqlInstance.first_ip_address
# endpoint = "127.0.0.1"
endpoint = "/tmp/myAwesomeProject:europe-west4:sqlInstance"
username = "admin"
password = var.sql_password
version = "~> 1.9"
}
```
- Execute `terraform plan` or whatever other action from your machine.
Terraform will use the provider to connect to the proxy and operate on the SQL instance.
## Gotchas
- As of 2021-05-18 the `root` user will **not be able** to create other users from the MySQL shell because it will lack `CREATE USER` permissions.<br/>
- The documentation says that SQL users created using `gcloud`, the APIs or the cloud console will have the same permissions of the `root` user; in reality, those administrative entities will be able to create users only from the MySQL shell.

66
knowledge base/cloud computing/gcp/config connector.md Normal file
View File

@@ -0,0 +1,66 @@
# Config Connector
Kubernetes addon to manage Google Cloud resources from inside Kubernetes clusters.
Provides a collection of Custom Resource Definitions and controllers.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Installation](#installation)
1. [Resources management](#resources-management)
1. [Gotchas](#gotchas)
1. [Further readings](#further-readings)
## TL;DR
```sh
# List gcp resources one can create using config connector.
# Requires config connector to be installed.
kubectl get crds --selector 'cnrm.cloud.google.com/managed-by-kcc=true'
```
## Installation
1. Refer to:
- the [installation howto] for details and updated instructions if you are using GKE;
- the [installation types] page for details and updated instructions for other K8S clusters.
1. Enable the Resource Manager API:
```sh
gcloud services enable 'cloudresourcemanager.googleapis.com'
```
## Resources management
List what Google Cloud [resources] you can create with Config Connector:
```sh
kubectl get crds --selector cnrm.cloud.google.com/managed-by-kcc=true
```
## Gotchas
- Service accounts can be granted _editor_ access by replacing `--role="roles/owner"` with `--role="roles/editor"`; this allows **most** Config Connector functionality, except project and organization wide configurations such as IAM modifications.
- When creating a resource, Config Connector creates it if it doesn't exist; if a resource already exists with the same name, then Config Connector acquires and manages it instead.
## Further readings
- [Website]
- [Getting started]
<!--
References
-->
<!-- Upstream -->
[getting started]: https://cloud.google.com/config-connector/docs/how-to/getting-started
[installation howto]: https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall
[installation types]: https://cloud.google.com/config-connector/docs/concepts/installation-types
[overview]: https://cloud.google.com/config-connector/docs/overview
[resources]: https://cloud.google.com/config-connector/docs/reference/overview
[stackdriver]: https://cloud.google.com/stackdriver/docs/solutions/gke
[website]: https://cloud.google.com/config-connector
[workload identity]: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

116
knowledge base/cloud computing/gcp/gke.md Normal file
View File

@@ -0,0 +1,116 @@
# Google Kubernetes Engine
Managed Kubernetes solution offered by the Google Cloud Platform.
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Gotchas](#gotchas)
1. [SSH into GKE clusters' compute instances](#ssh-into-gke-clusters-compute-instances)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# Generate 'kubeconfig' entries for gke clusters.
gcloud container clusters get-credentials 'cluster-name'
gcloud container clusters get-credentials 'cluster-name' --region 'region'
# Get all Kubernetes versions available for use in gke clusters.
gcloud container get-server-config --format "yaml(validNodeVersions)"
gcloud container get-server-config --format "yaml(validMasterVersions)" --zone 'compute-zone'
gcloud container get-server-config --flatten="channels" --filter="channels.channel=RAPID" --format="yaml(channels.channel,channels.validVersions)"
# SSH into gke clusters' compute instances.
gcloud compute ssh 'instance-name' --zone 'zone'
```
## Gotchas
- When creating admission webhooks, either make sure to expose your webhook service and deployments on port 443 or poke a hole in the firewall for the port they are listening to.<br/>
By default, firewall rules restrict the cluster's masters communication to nodes only on ports 443 (HTTPS) and 10250 (kubelet). Additionally, GKE enables the `enable-aggregator-routing` option by default, which makes the master to bypass the service and communicate straight to pods.
## SSH into GKE clusters' compute instances
Use the same procedure to connect to any other compute instance:
```sh
$ gcloud compute ssh 'gke-euwe4-my-instance'
WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/you/.ssh/google_compute_engine.
Your public key has been saved in /Users/you/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:cbYuJKZROlbzX2wuzzN4zd3OGu6m7CupYKJHdiYOxVw you@machine
The key's randomart image is:
+---[RSA 3072]----+
| |
| E |
| o .+ . o |
| ++ o + o |
| .= o S . + |
| ..+=oo o + |
| =o+o . +o.o...|
| .oo . .+=+.+oo|
| .. .. +BB+oo|
+----[SHA256]-----+
No zone specified. Using zone [europe-west4-c] for instance: [gke-euwe4-my-instance].
External IP address was not found; defaulting to using IAP tunneling.
Updating project ssh metadata...⠹Updated [https://www.googleapis.com/compute/v1/projects/gcp-project].
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Warning: Permanently added 'compute.4401449885042934396' (ED25519) to the list of known hosts.
Enter passphrase for key '/Users/you/.ssh/google_compute_engine':
Enter passphrase for key '/Users/you/.ssh/google_compute_engine':
Welcome to Kubernetes v1.16.15-gke.6000!
You can find documentation for Kubernetes at:
http://docs.kubernetes.io/
The source for this release can be found at:
/home/kubernetes/kubernetes-src.tar.gz
Or you can download it at:
https://storage.googleapis.com/kubernetes-release-gke/release/v1.16.15-gke.6000/kubernetes-src.tar.gz
It is based on the Kubernetes source at:
https://github.com/kubernetes/kubernetes/tree/v1.16.15-gke.6000
For Kubernetes copyright and licensing information, see:
/home/kubernetes/LICENSES
[instance]$
```
## Further readings
- [How to Master Admission Webhooks In Kubernetes]
- [Kubectl cluster access]
## Sources
All the references in the [further readings] section, plus the following:
- [Connect to a compute instance]
- [Preparing a Google Kubernetes Engine environment for production]
<!--
References
-->
<!-- Upstream -->
[connect to a compute instance]: https://cloud.google.com/compute/docs/instances/connecting-to-instance
[kubectl cluster access]: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl
[preparing a google kubernetes engine environment for production]: https://cloud.google.com/solutions/prep-kubernetes-engine-for-prod
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Others -->
[how to master admission webhooks in kubernetes]: https://digizoo.com.au/1376/mastering-admission-webhooks-in-kubernetes-gke-part-1/

22
knowledge base/cloud computing/gcp/gsutil.md Normal file
View File

@@ -0,0 +1,22 @@
# Gsutil
## TL;DR
```sh
# delete a bucket and all its contents
gsutil rm -r gs://${BUCKET_NAME}
# delete a bucket only if empty
gsutil rb gs://${BUCKET_NAME}
```
## Further readings
- [Deleting buckets]
<!--
References
-->
<!-- Upstream -->
[deleting buckets]: https://cloud.google.com/storage/docs/deleting-buckets

2
knowledge base/cloud computing/radius.placeholder Normal file
View File

@@ -0,0 +1,2 @@
https://azure.microsoft.com/en-us/blog/the-microsoft-azure-incubations-team-launches-radius-a-new-open-application-platform-for-the-cloud/
https://radapp.io/