Mike Sparr mikesparr
mikesparr
/ example-cloud-run-tf-secret-file.tf
Last active
May 18, 2025 21:47
Example Terraform syntax for Cloud Run with Secret Manager secret as mounted file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "google" { | |
| project = var.project | |
| } | |
| data "google_project" "current" {} | |
| # Build the service agent email using the format: | |
| # service-PROJECT_NUMBER@serverless-robot-prod.iam.gserviceaccount.com | |
| locals { | |
| project_number = data.google_project.current.number |
mikesparr
/ example-google-secret-as-file.sh
Created
May 18, 2025 19:41
Google Cloud Secret Manager example secret as file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create secret as file | |
| export SECRET_ID="example-secret" | |
| export SECRET_FILE=".env" | |
| # create env file | |
| cat > $SECRET_FILE << EOF | |
| # Node environment | |
| NODE_ENV=production | |
| # Logging configuration |
mikesparr
/ example-dockerfile-entrypoint.sh
Created
May 18, 2025 19:24
Inline Dockerfile entrypoint.sh creation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a script to load environment variables from mounted secrets | |
| RUN echo '#!/bin/sh' > /app/entrypoint.sh && \ | |
| echo 'if [ -d "/secrets" ] && [ -f "/secrets/.env" ]; then' >> /app/entrypoint.sh && \ | |
| echo ' cp /secrets/.env /app/.env' >> /app/entrypoint.sh && \ | |
| echo ' echo "Loaded environment from mounted secret"' >> /app/entrypoint.sh && \ | |
| echo 'fi' >> /app/entrypoint.sh && \ | |
| echo 'exec node src/server.js' >> /app/entrypoint.sh && \ | |
| chmod +x /app/entrypoint.sh && \ | |
| chown nodeapp:nodeapp /app/entrypoint.sh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BILLING="YOUR-BILLING-ACCT" | |
| ORGANIZATION="<ORG-ID-NUMBER>" | |
| FOLDER="<FOLDER-ID-NUMBER>" | |
| CUSTOMER="<CUSTOMER-ID>" | |
| # user groups | |
| export ORG_ADMIN_GROUP="orgadmins@example.com" | |
| export BILLING_ADMIN_GROUP="billingadmins@example.com" | |
| export SECURITY_ADMIN_GROUP="securityadmins@example.com" | |
| export NETWORK_ADMIN_GROUP="networkadmins@example.com" |
mikesparr
/ docker-desktop-uninstall-colima-install.sh
Last active
February 9, 2025 22:58
Helper script to replace Docker Desktop for Mac with Colima and test networking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env bash | |
| ##################################################################### | |
| # REMOVE DOCKER DESKTOP FOR MAC (OPTIONAL: IF INSTALLED) | |
| ##################################################################### | |
| echo "" | |
| echo "Removing Docker Desktop for Mac..." | |
| # 1. make sure docker running | |
| sudo launchctl start com.docker.docker |
mikesparr
/ gke-clickhouse-operator-parquet.sh
Created
October 21, 2024 23:59
Example deploying Clickhouse database operator on Google Kubernetes Engine (GKE) Autopilot cluster and importing parquet data from storage bucket using HMAC key
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/creating-an-autopilot-cluster | |
| # - https://cloud.google.com/storage/docs/creating-buckets | |
| # - https://cloud.google.com/storage/docs/access-control/using-iam-permissions | |
| # - https://cloud.google.com/storage/docs/authentication/managing-hmackeys#command-line | |
| # - https://github.com/Altinity/clickhouse-operator/blob/master/docs/quick_start.md | |
| # - https://clickhouse.com/docs/en/getting-started/quick-start |
mikesparr
/ gcp-asset-inv-bq-feed.sh
Last active
July 17, 2024 21:24
Experiment with GCP Asset Inventory feeds publishing to Pub/Sub and importing into BigQuery using subscriptions and Avro schema
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes#organizations | |
| # - https://cloud.google.com/asset-inventory/docs/reference/rest/v1/TopLevel/batchGetAssetsHistory#temporalasset | |
| # - https://cloud.google.com/iam/docs/creating-custom-roles#creating | |
| # - https://cloud.google.com/sdk/gcloud/reference/organizations/add-iam-policy-binding | |
| # - https://gist.github.com/mikesparr/38260f9d457fc2f9452f1910213b4a71 | |
| # - https://aravind-ramaiahk.medium.com/streamlining-cloud-asset-management-automating-the-export-of-google-cloud-organization-asset-46cc8b428038 |
mikesparr
/ cloud-run-nat-serial.sh
Last active
August 29, 2024 15:07
Experiment on Google Cloud with Cloud Run, Cloud NAT, Private Google Access, and Secure Web Proxy with NAT only for external requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/sdk/gcloud/reference/compute/networks/create | |
| # - https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/create | |
| # - https://cloud.google.com/vpc/docs/configure-private-google-access | |
| # - https://cloud.google.com/network-connectivity/docs/router/how-to/create-router-vpc-network#gcloud | |
| # - https://cloud.google.com/nat/docs/set-up-manage-network-address-translation | |
| # - https://cloud.google.com/nat/docs/using-nat-rules |
mikesparr
/ cloud-next-24-demo.sh
Last active
April 8, 2024 03:57
Snippets from my Cloud Next '24 demo talk "Hello Gateway, Goodbye Ingress" in Las Vegas April 9, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing | |
| # - https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ | |
| # - https://cloud.google.com/gemini/docs/quickstart | |
| # - https://cloud.google.com/kubernetes-engine/docs/best-practices/rbac | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#group_authentication |
mikesparr
/ gcp-secure-web-proxy-1.sh
Created
March 29, 2024 18:35
Experiment using Google Cloud Secure Web Proxy and Cloud NAT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/secure-web-proxy/docs/initial-setup-steps | |
| # - https://cloud.google.com/certificate-manager/docs/deploy-google-managed-regional | |
| # - https://cloud.google.com/secure-web-proxy/docs/quickstart | |
| # - https://cloud.google.com/secure-web-proxy/docs/enable-tls-inspection (OPTIONAL) | |
| ##################################################################### |
NewerOlder