Skip to content

Instantly share code, notes, and snippets.

View jseiser's full-sized avatar

Justin Seiser jseiser

  • Ohio
View GitHub Profile
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailCreateLogStream2014110",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream"
],
@jseiser
jseiser / README.md
Created June 26, 2018 17:08 — forked from iMilnb/README.md
AWS Terraform configuration: Stream CloudWatch Logs to ElasticSearch

Rationale

This snippet is a sample showing how to implement CloudWatch Logs streaming to ElasticSearch using terraform. I wrote this gist because I didn't found a clear, end-to-end example on how to achieve this task. In particular, I understood the resource "aws_lambda_permission" "cloudwatch_allow" part by reading a couple of bug reports plus this stackoverflow post.

The js file is actually the Lambda function automatically created by AWS when creating this pipeline through the web console. I only added a endpoint variable handling so it is configurable from terraform.

@jseiser
jseiser / app.py
Last active February 25, 2021 14:39
Delete Empty Cloudwatch Log Groups
#!/usr/bin/env python3
import botocore
from botocore.config import Config
import boto3
config = Config(retries=dict(max_attempts=10))
client = boto3.client("logs", config=config)
@jseiser
jseiser / gist:1b42f103de868b51924e3fddac5471fa
Created March 24, 2021 22:56
Get URLS of Ball Chase Rocket League Replays by Certain Pros
import requests
headers = {'Authorization': 'TOKEN_HERE'}
payload = {'playlist': 'ranked-duels', 'pro': 'true'}
r = requests.get('https://ballchasing.com/api/replays', params=payload, headers=headers)
jsonResponse = r.json()
PROS = ['AYYJAY', 'Daniel', 'Wizz']
for replay in jsonResponse['list']:
apiVersion: karpenter.sh/v1alpha5
kind: Provisioner
metadata:
name: default
namespace: karpenter
spec:
consolidation:
enabled: true
ttlSecondsUntilExpired: 2592000
weight: 10
@jseiser
jseiser / fb.yaml
Created July 18, 2023 16:12
Fluent Bit Config Map
custom_parsers.conf: |
[PARSER]
Name syslog
Format regex
Regex ^(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
[PARSER]
Name container_firstline
```
{"level":"info","ts":1733944417.9884586,"msg":"Copyright 2020-2023 the Vouch Proxy Authors"}
{"level":"warn","ts":1733944417.9884808,"msg":"Vouch Proxy is free software with ABSOLUTELY NO WARRANTY."}
{"level":"info","ts":1733944417.9891627,"msg":"Vouch Proxy configuration set from Environmental Variables"}
{"level":"warn","ts":1733944417.989181,"msg":"generating random session.key"}
{"level":"info","ts":1733944417.9892192,"msg":"configuring oidc OAuth with Endpoint https://auth.trex.network/oauth2/v1/authorize"}
{"level":"debug","ts":1733944417.9892244,"msg":"cfg.RootDir: /"}
{"level":"debug","ts":1733944417.9892552,"msg":"Cfg {LogLevel:debug Listen:0.0.0.0 Port:9090 SocketMode:432 SocketGroup: DocumentRoot: WriteTimeout:15 ReadTimeout:15 IdleTimeout:15 Domains:[] WhiteList:[] TeamWhiteList:[] AllowAllUsers:true PublicAccess:false TLS:{Cert: Key: Profile:intermediate} JWT:{SigningMethod:HS256 MaxAge:240 Issuer:Vouch Secret:XXXXXXXX PrivateKeyFile: PublicKeyFile: Compress:true} Cookie:{Name:VouchCookie Dom
```
Environment:
VOUCH_PORT: 9090
VOUCH_LOGLEVEL: info
VOUCH_TESTING: false
VOUCH_ALLOWALLUSERS: true
# Configuration checksum: 5462546966217761004
# setup custom paths that do not require root access
pid /tmp/nginx/nginx.pid;
load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
daemon off;
nginx.ingress.kubernetes.io/auth-response-headers: X-Vouch-User
nginx.ingress.kubernetes.io/auth-signin: https://vouch-ops-dev.my.tld/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err
nginx.ingress.kubernetes.io/auth-snippet: |
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
nginx.ingress.kubernetes.io/auth-url: https://vouch-ops-dev.my.tld/validate