How to add custom http headers when using kubectl tool - kubernetes

Can not find any issues.
I have to add several custom http headers to access my dedicate api-server proxy, but no clues available right now. Did I miss something?

This is a dirty hard coded hack to show you how to get the outcome your looking for it's not a fully vetted solution. This method will compile a new version of kubectl that will add your needed headers. Maybe it will at least give you a idea to run with.
The reason I wanted to do this is because I put my k8s api endpoint on the internet and safeguarded it with Cloudflare Access. To allow Cloudflare access to let me get past the steel wall I needed to pass in two headers one for my client id and the other for client secret. This ended up working like a charm and is one case someone may want to add custom headers.
Steps:
I assume you have Go installed and setup, if not go do that now.
git clone https://github.com/kubernetes/kubernetes.git (could take awhile it's pretty big)
cd kubernetes/staging/src/k8s.io/client-go/transport/
Open file round_trippers.go in your favorite code editor
Search for func (rt userAgentRoundTripper) RoundTrip(req http.Request) (*http.Response, error)
Add your needed headers by adding lines like this req.Header.Set("Bob-Is", "cool")
cd back to root folder kubernetes/
cd cmd/kubectl/
go build custom-kubectl
now test it with ./custom-kubectl get ns --v=9
in that output look for the header you added to the rest calls to K8s api, you should see -H "Bob-Is: cool" in the output
To make this not a hack maybe see if there's a way to add a kubectl plugin you create do to this for you or ask the kind folks in the k8s community how you can make this hacky method a bit cleaner or if there's a reason adding customer headers isn't a good idea. Worst case parameterize your custom kubectl build to pull in a new parameter you add --custom-request-headers and make it a bit more clean.

Related

How to clear the whole AEM dispatcher cache in a cloud manager deployment

I'd like to configure the Adobe Cloud Manager production pipeline to invalidate the whole dispatcher cache. What paths do I have to give at the production pipeline dispatcher invalidation configuration to have that done? Is it possible to give a pattern here that matches everything? The page-invalidate description talks about a path-pattern, but doesn't describe what exactly that means.
We work with statfilelevel=2. It seems the .stat files are very important for that, though the description given here is unfortunately not precise enough, not sure I understand that right.
I tried to configure /content as path - that just touches /mnt/var/www/html/.stat (/mnt/var/www/html is the docroot), which seems to apply to nodes like /* but not like /content/* .
If I give /content/oursite, that touches /mnt/var/www/html/content/.stat , too, but that does seem to apply to nodes like /content/oursite or /content/othersite, but not to pages like /content/oursite/about - for which would /mnt/var/www/html/content/oursite/.stat be relevant, if I understand that right.
Do I seriously have to enumerate a page in each site that has a .stat file, or is there a more sensible way to get everything invalidated? After all, a deployment could easily change the HTML of every page if a component has changed.
If you have ACS commons installed then you can try to use this powerful feature
https://adobe-consulting-services.github.io/acs-aem-commons/features/dispatcher-flush-rules/index.html

how to get schema for OpenShift/K8s resources, e.g. How to get schema definition for deployment config or pod

When I'm creating resources for OpenShift/K8s, I might be out of coverage area. I'd like to get schema definition being offline.
How I can get from command line a schema for a kind. For example I would like to get a generic schema for Deployment, DeploymentConfig, Pod or a Secret.
Is there a way to get schema without using google? Ideally if I could get some documentation description for it.
Posting #Graham Dumpleton comment as a community wiki answer basing on the response from OP saying that it solved his/her problem:
Have you tried running oc explain --recursive Deployment? You still
need to be connected when you generate it, so you would need to save
it to a file for later reference. Maybe also get down and read the
free eBook at openshift.com/deploying-to-openshift which mentions this
command and lots of other stuff as well. – Graham Dumpleton
Are you familiar with OpenAPI/Swagger? It is supported in OpenShift/Kubernetes. Read more here.

Clone rep:policy on AEM

I am currently working on with a solution that would be able to clone/copy/backup my existing rep:policy. 'Cause when we do some jobs it accidentally removed. I am trying to apply this kind of fix, but am failing to. It says it is an invalid path.
javax.jcr.security.AccessControlException: OakAccessControl0006: Isolated policy node. Parent is not of type [rep:AccessControllable]
final Workspace ws = session.getWorkspace();
ws.copy("/etc/commerce/products/abccompany/TvPackChannelMap/rep:policy","/tmp/nxt/TvPackChannelMap/rep:policy");
Are there other ways that I can be able to take the rep:policy thru code?
You need to make sure that your job does not touch the permissions or the rep:policy, this is the best way forward for you.
The exception could be because of /etc/commerce/products/abccompany/TvPackChannelMap/rep:policy does not exist or the user whose session you are using does not have read access to the node.
Make sure the path is correct, copy paste it to your CRX/DE to make sure it exists.
I have tried to use your code to copy a rep:policy from one node to another, works fine. But I would not* recommend copying permissions that way. The best practice is to use the Access Control Management API for all things permissions.
You can check, install and use the access control tool from netcentric. It offers a jmx interface for exporting AC entries and maybe also some APIs you could use to implement your custom solution.
The Other approach is to retrieve the ACL permissions through the query language.
For example, SELECT * FROM [rep:ACL] or SELECT * FROM [rep:ACE] where [rep:principalName] is not null should give you the results.
For more information, I would recommend you to check the ACS commons ACL Packager Implementation which is available on GitHub.
Reference Link - https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/adobe/acs/commons/packaging/impl/ACLPackagerServletImpl.java

How do relative URLs work in Sinatra?

I am hosting my Sinatra application using Apache with Passenger. It's hosted within a subfolder -- meaning, my main site is example.com, my application is at example.com/popcorn.
So I have a get '/' route, and that works fine. The problem is that my view includes a HTML form that makes a post request to upload, and the post '/upload' route isn't handling it. Instead of example.com/popcorn/upload, it's trying to get example.com/upload.
So I figure okay, not the ideal solution, but for now I'll hardcode the form action URL. But that doesn't work either -- making the action popcorn/upload fails too. This is where I get a little baffled, and my Google-fu was weak, I couldn't find help there.
Maybe I could have some kind of Apache rewrite rule, but is that the correct solution? Am I missing something? I would really appreciate a tip here because it feels like I've messed up something very simple and it's really bugging me.
You probably want the url helper method. That takes into account where the app is mounted on the server:
url('/upload')
The above code will evaluate to something like this:
http://example.com/popcord/upload
Inside your app you shouldn’t need to change anything, this will be routed to the existing post '/upload' handler.

Collecting GitHub project issues statistics programmatically?

I'm collecting GitHub issue statistics over time on our project: total number of issues, number of issues with a particular label, number of issues in a given state (open/closed). Right now, I have a Python script to parse the project webpage with the desired labeling/state for the info I want, e.g., http://github.com/<projectname>/issues?label=<label_of_interest>&state=<state_of_interest>
However, parsing the HTML is fragile since if the GitHub API changes, more often than not, my code fails.
Does someone describe how to use the GitHub API (or barring that, know of some other way, preferably in Python) to collect these statistics without relying on the underlying HTML?
May I be so forward as to suggest that you use my wrapper around the GitHub API for this? With github3.py, you can do the following:
import github3
github = github3.login("braymp", "braymp's super secret password")
repo = github.repository("owner", "reponame")
open_issues = [i for i in repo.iter_issues()]
closed_issues = [i for i in repo.iter_issues(state='closed')]
A call to refresh may be necessary because I don't honestly recall if GitHub sends all of the issue information upon the iteration like that (e.g., replace i.refresh() for i in <generator> as the body of the list comprehensions above).
With those, you can iterate over the two lists and you will be able to use the labels attribute on each issue to figure out which labels are on an issue. If you decide to merge the two lists, you can always check the status of the issue with the is_closed method.
I suspect the actual statistics you can do yourself. :)
The documentation for github3.py can be found on ReadTheDocs and you'll be particularly interested in Issue and Repository objects.
You can also ask further questions about github3.py by adding the tag for it in your StackOverflow question.
Cheers!
I'd take a look at Octokit. Which doesn't support Python currently, but does provide a supported interface to the GitHub API for Ruby.
https://github.com/blog/1517-introducing-octokit
Although this doesn't fully meet your specifications (the "preferably Python" part), Octokit is a fantastic (and official - it's developed by GitHub) way of interacting with the GitHub API. You wrote you'd like to get Issues data. It's as easy as installing, requiring the library, and getting the data (no need for authentication if the project is public).
Install:
gem install octokit
Add this to your Ruby file to require the Octokit library:
require 'octokit'
Although there are a lot of things you can get from Octokit::Client::Issues, you may want to get a paginated list of all the issues in a repository:
Octokit.list_issues('octokit/octokit.rb')
# => [Array<Sawyer::Resource>] A list of issues for a repository.
If you're really keen on using Python, you might want to have a look at the GitHub API docs for Issues. Really, it's as easy as getting a URL like: https://api.github.com/repos/octokit/octokit.rb/issues and get the JSON data (although I'm not familiar with Python, I'm sure these some JSON parsing library); no need for authentication for public repos.