Pages

Wednesday, January 29, 2020

Azure AD integration to GCP Cloud for SSO

Idea is to enable SSO to GCP cloud with Azure AD configuration

Make sure cloud identity is subscripted in GCP account and we have a super admin user in that account.
Also the same domain is verified in both Azure and GCP.
Note: If Same domain is verified in any other Gsuit or GCP account, that should be used.

Base Document Followed



Process.
In GCP: Create 1 Super admin in Google env (Super admin is only available in admin.google.com which is available only if Gsuite or if Cloud Identity is register.)
In Azure:  Create 1 Application for the User Provisioning.
Make sure the user has been created in GCP user portal. Admin.google.com

In Azure Create Second App
We will face login error after configuring as per the GCP document.  Errors have been listed below. To solve we need add the Identifier and Reply URL.




Errors faced

Error1:
AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: 01303a13-8322-4e06-bee5-80d612907131.
Solution :  In SAML Config : add Identifier (Entity ID) :  google.com/a/<Domain Name>

Error2:
AADSTS900561: The endpoint only accepts POST requests. Received a GET request.
Solution :  In SAML Config : add Reply URL :  https://google.com/a/*
Posted by at No comments:
Labels: , ,

Friday, December 20, 2019

Exposè/Mission Control Not Working Mac 10.15.2

The issue of Exposè/Mission Control not working in Mac 10.15.2 can be fixed by applying a defaults write command. First, open Terminal app and type or copy the following command:

defaults write com.apple.dock mcx-expose-disabled -bool FALSE

After running this command, restart the OSX Dock by typing the following command in Terminal:

killall Dock

This will enable the Exposè/Mission Control feature and fix the issue.
Posted by at No comments:
Labels:

Tuesday, January 15, 2019

Kubernetes Sample Commands

Below is a Kubernetes cheat sheet, which lists various useful commands that can be used with kubectl command-line interface to manage Kubernetes clusters. These commands cover a range of tasks, such as creating and managing deployments, pods, and services, querying resource usage, deleting resources, and more. Examples include running tests using temporary pods, checking node and pod resource usage, and deleting resources by labels. Additionally, the cheat sheet also provides tips on how to enable shell autocompletion for kubectl, and how to open a bash terminal in a pod.


Run curl test temporarily 
kubectl run --rm mytest --image=yauritux/busybox-curl -it
Run wget test temporarily 
kubectl run --rm mytest --image=busybox -it
Run nginx deployment with 2 replicas 
kubectl run my-nginx --image=nginx --replicas=2 --port=80
List everything 
kubectl get all --all-namespaces
List pods with nodes info 
kubectl get pod -o wide
Show nodes with labels
kubectl get nodes --show-labels
Validate yaml file with dry run
kubectl create --dry-run --validate -f pod-dummy.yaml
Start a temporary pod for testing
kubectl run --rm -i -t --image=alpine test-$RANDOM -- sh
kubectl run shell command
kubectl exec -it mytest -- ls -l /etc/hosts
Get system conf via configmap
kubectl -n kube-system get cm kubeadm-config -o yaml
Explain resource kubectl explain pods
kubectl explain svc
Get all services
kubectl get service --all-namespaces
Watch pods
kubectl get pods -n wordpress --watch
Query healthcheck endpoint
curl -L http://127.0.0.1:10250/healthz
Open a bash terminal in a pod
kubectl exec -it storage sh
Check pod environment variables
kubectl exec redis-master-ft9ex env
Enable kubectl shell autocompletion
echo "source <(kubectl completion bash)" >>~/.bashrc, and reload
Get services sorted by name
kubectl get services –sort-by=.metadata.name
Get pods sorted by restart count
kubectl get pods –sort-by=’.status.containerStatuses[0].restartCount’
Get node resource usage
kubectl top node
Get pod resource usage
kubectl top pod
Get resource usage for a given pod
kubectl top <podname> --containers
List resource utilization for all containers
kubectl top pod --all-namespaces --containers=true
Delete pod
kubectl delete pod/<pod-name> -n <my-namespace>
Delete pod by force
kubectl delete pod/<pod-name> --grace-period=0 --force
Delete pods by labels
kubectl delete pod -l env=test
Delete deployments by labels
kubectl delete deployment -l app=wordpress
Delete all resources filtered by labels
kubectl delete pods,services -l name=myLabel
Delete resources under a namespace
kubectl -n my-ns delete po,svc --all
Delete persist volumes by labels
kubectl delete pvc -l app=wordpress
Delete statefulset only (not pods)
kubectl delete sts/<stateful_set_name> --cascade=false
List all pods
kubectl get pods
List pods for all namespace
kubectl get pods -all-namespaces
List all critical pods
kubectl get -n kube-system pods -a
List pods with more info
kubectl get pod -o wide, kubectl get pod/<pod-name> -o yaml
Get pod info
kubectl describe pod/srv-mysql-server
List all pods with labels
kubectl get pods --show-labels
List running pods
kubectl get pods –field-selector=status.phase=Running
Get Pod initContainer status
kubectl get pod --template '{{.status.initContainerStatuses}}' <pod-name>
kubectl run command
kubectl exec -it -n “$ns” “$podname” – sh -c “echo $msg >>/dev/err.log”

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)