Author: seungsoo

$ git remote add upstream https://github.com/accuknox/KubeArmor.git
$ git fetch upstream
$ git merge upstream/master
$ git push

delete from network_flow; delete from discovered_policy;

select count(*) from discovered_policy where rule like '%CIDR%';
select count(*) from discovered_policy where status="latest";
select count(*) from discovered_policy where status="outdated";
select * from discovered_policy where status="outdated"\G
select * from discovered_policy where name="autopol-egress-vxitcdpetakyjtx"\G
select count(*) from discovered_policy where (rule not like '%FQDN%' and rule not like '%CIDR%');
select count(*) from network_flow;

desc network_flow;

select * from network_flow limit 1\G
select * from discovered_policy WHERE name="autopol-egress-mvoiglopbuopedk"\G
select * from discovered_policy WHERE name="autopol-egress-hgcmdflittqwlue"\G
select * from network_flow WHERE name=autopol-egress-hgcmdflittqwlue\G
select * from discovered_policy limit 1\G

SELECT * FROM network_flow ORDER BY id DESC LIMIT 1\G
SELECT time FROM network_flow ORDER BY id DESC\G
SELECT count(*) FROM network_flow where time >= 0 and time < 1607601663\G

$ kubectl port-forward kafka-0 -n kafka 9094

$ kafkacat -b localhost:9094 -L

$ kafkacat -P -b localhost:9094 -t topic1
$ kafkacat -C -b localhost:9094 -t topic1

$ kafkacat -C -b localhost:9094 -t topic1 \
 -f 'Key is %k, and message payload is: %s \n'

https://github.com/Yolean/kubernetes-kafka

$ dpkg -l | grep -i docker

$ sudo apt-get purge -y docker-engine docker docker.io docker-ce docker-ce-cli
$ sudo apt-get autoremove -y --purge docker-engine docker docker.io docker-ce

$ sudo rm -rf /var/lib/docker /etc/docker
$ sudo rm /etc/apparmor.d/docker
$ sudo groupdel docker
$ sudo rm -rf /var/run/docker.sock

NAMESPACE=<namespace to be deleted>
kubectl get namespace $NAMESPACE -o json > $NAMESPACE.json
sed -i -e 's/"kubernetes"//' $NAMESPACE.json
kubectl replace --raw "/api/v1/namespaces/$NAMESPACE/finalize" -f ./$NAMESPACE.json

The port-forward command, Forwards one (or more) local ports to a pod.

This command is very useful for example in blue/green deployments where you would want to troubleshoot a misbehaving pod.

To take things even further, you could even execute some preliminary tests to the pods you feel could be more error-prone right inside your CI/CD pipeline in Jenkins by using multiple conditions, declarative pipeline.

Usage examples:

Listen on port 8888 locally, forwarding to 5000 in the pod

kubectl port-forward pod/mypod 8888:5000

Listen on port 8888 on all addresses, forwarding to 5000 in the pod

kubectl port-forward --address 0.0.0.0 pod/mypod 8888:5000

Listen on a random port locally, forwarding to 5000 in the pod

kubectl port-forward pod/mypod :5000

Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod

kubectl port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000

Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod

kubectl port-forward pod/mypod 5000 6000

Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the deployment

kubectl port-forward deployment/mydeployment 5000 6000

Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the service

kubectl port-forward service/myservice 5000 6000

$ vi ~/.gitconfig

[alias]
    co = checkout
    rb = rebase -i
    st = status
    ci = commit
    pl = pull
    ps = push
    lg = log --graph --abbrev-commit --decorate --format=format:'%C(cyan)%h%C(reset) - %C(green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(yellow)%d%C(reset)' --all
    ad = add
    tg = tag -n
    df = diff
    br = branch

char fmt[] = "skb %p len %d\n";
bpf_trace_printk(fmt, sizeof(fmt), skb, len);

cat /sys/kernel/debug/tracing/trace_pipe

no Auth Provider found for name "gcp"

Add

_ “k8s.io/client-go/plugin/pkg/client/auth/gcp”