DevOps Ninja

Microsoft Ldap login using python3 Install dependent packages python3 -m pip install ldap3 Sample Code to test login from ldap3 import Server, Connection, ALL, SUBTREE from ldap3.core.exceptions import LDAPException, LDAPBindError def connect_ldap_server(SERVER_URI, DN,USERNAME, PASSWORD): try: # Provide the hostname and port number of the openLDAP server = Server(SERVER_URI, get_info=ALL) # username and password can be configured during openldap setup connection = Connection(server, user='CN='+USERNAME+','+DN, password=PASSWORD) bind_response = connection.bind() # Returns True or False return bind_response except LDAPBindError as e: connection = e return False # print(connection) # print(bind_response) if connect_ldap_server('ldap://9.1.0.3','OU=Headoffice,DC=example,DC=com', 'testuser',

Approval System in Jenkins For Build Use Cases: Only Specific users must be able to approve the build Speific users should be able to run the build without Approval Approval Can be turn off and On On-Demand Jenkins Variables Needs to Created under ( Manage Jenkins > Configure System > Environment variables ) ApprovalAdmins (Value: jenkins emails comma separated) skipApprovalUsers (Value: jenkins emails comma separated) BuildApproval (Value: True, False) import jenkins.model.Jenkins def getBuildUser() { return currentBuild.getBuildCauses('hudson.model.Cause$UserIdCause')['userId'] } pipeline { agent { label 'ec2-fleet-common' } stages { stage('Approval Process') { when { expression { env.BuildApproval == 'True' || env.BuildApproval == 'true' } } steps { script {

For this you would need Few Items Endpoints Service ServiceMonitor --- apiVersion: v1 kind: Endpoints metadata: name: onprem-proxy namespace: monitoring subsets: - addresses: - ip: "192.168.10.10" - ip: "192.168.10.11" ports: - name: 'onprem-proxy-metrics' protocol: TCP port: 9100 --- apiVersion: v1 kind: Service metadata: name: onprem-proxy namespace: monitoring labels: app.kubernetes.io/name: onprem-proxy spec: ports: - name: "onprem-proxy-metrics" protocol: TCP port: 9100 targetPort: 9100 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: onprem-proxy namespace: monitoring spec: endpoints: - interval: 10s path: /metrics port: onprem-proxy-metrics namespaceSelector: matchNames: - monitoring selector: matchLabels: app.kubernetes.io/name: onprem-proxy

Use Case: I needed to create a proxy which redirects my traffic to my internal service in eks mainly to expose it publicly and i already had a nginx controller installed within my kubernetes cluster. It also supports all of the nginx features like ip whitelisting, lua scripts etc apiVersion : networking.k8s.io/v1 kind : Ingress metadata : annotations : kubernetes.io/ingress.class : nginx kubernetes.io/tls-acme : "true" meta.helm.sh/release-name : "nginx-proxy" meta.helm.sh/release-namespace : default nginx.ingress.kubernetes.io/cors-allow-headers : DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization nginx.ingress.kubernetes.io/cors-allow-origin : '*' nginx.ingress.kubernetes.io/enable-cors : "true" nginx.ingress.kubernetes.io/server-snippet : | ##### Allow Traffic from specific Ips ##### #allow x.x.x.x; #allow x.x.x.x;

This Blog would help you on how you can copy one docker image to another repository, this is useful when people want to host their own docker registry and copy the images there. FROM AWS ECR to private repo Create file copy-docker-image.sh repo="ACCOUNT_ID.dkr.ecr.ap-south-1.amazonaws.com" aws ecr get-login-password --region ap-south-1 | sudo docker login --username AWS --password-stdin $repo push_repo="172.31.1.250:5000" sudo docker pull $repo/$1 sudo docker tag $repo/$1 $push_repo/$2:$3 sudo docker push $push_repo/$2:$3 Note: Make sure you have aws cli setup with aws configure with correct credentials to pull the image DOCKER hub to private repo Create file copy-docker-image.sh repo="docker.io" push_repo="172.31.1.250:5000" sudo docker pull $repo/$1 sudo docker tag $repo/$1 $push_repo/$2:$3 sudo docker push $push_repo/$2:$3 Usage chmod +x copy-docker-image.sh ./copy-docker-image.sh nginx:1.24 nginx v1.24

Use Case: When you want to provide access to users, you must always avoid prividing admin priviledges to users. This is needed for security and audit Purpose. Kubernetes allows you to create Rbac credentials using roles and cluster roles for service accounts, users, groups. From k8s: RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamically configure policies through the Kubernetes API.   1. Lets First Create the cluster role and group Create file cluster-role-and-binding.yml --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eks-readonly-group-binding subjects: - kind: Group name: eks-readonly-group apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: eks-readonly-group-cluster-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eks-readonly-group-cluster-role rules: - apiGro