Dmz
DMZ Access Testing
There have been questions about what access an application has from a DMZ zone. By default an application has no access to resources outside the cluster. This includes both internal (*.dhl.com) and external (the internet).
No ELR, No Proxies Used
Internal Target
# curl -Lv https://whatismyip.dhl.com *Hangs "forever"*
* Trying 2.253.218.60...
* TCP_NODELAY set
* connect to 2.253.218.60 port 443 failed: Connection timed out
* Failed to connect to whatismyip.dhl.com port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to whatismyip.dhl.com port 443: Connection timed out
With Proxy:
Genai
The Book of Knowledge
GenAI.md
Tips for Prompting GenAI Hub Effectively
Be Specific
Provide clear and detailed questions. Instead of asking “Tell me about logistics,” try “What are the latest trends in logistics for 2025?”
Contextual Information
Include relevant context to your query. For example, “I’m working on a presentation about sustainable logistics practices. Can you provide some recent examples?”
Clarify your Needs
If you have a particular focus or requirement, mention it. For instance, “I need information on DHL Group’s recent sustainability initiatives.”
Gittips
The Book of Knowledge
GitTips.md
Odds and Ends for GIT
List all Files in Repo
If you want to list all the files currently being tracked under the branch master, you could use this command:
git ls-tree -r master --name-only
If you want a list of files that ever existed (i.e. including deleted files):
git log --pretty=format: --name-only --diff-filter=A | sort - | sed '/^$/d'
Proxy and Certificates
-
If you’re using a proxy and get an SSL warning, try:
Greathtml
The Book of Knowledge
GreatHtml.md
100 Bytes of CSS to look great everywhere
html {
max-width: 70ch;
padding: 3em 1em;
margin: auto;
line-height: 1.75;
font-size: 1.25rem;
}
and 100 more bytes
h1,h2,h3,h4,h5,h6 {
margin-bottom: 1em;
margin-top: 3em;
}
p,ul,ol {
margin-bottom: 2em;
color: #1d1d1d;
font-family: sans-serif;
}
Responsive Grid
The following code gives us a responsive grid where the number of columns is determined by the amount of available space, based on a minimum item width which is either 350px or 100%, whichever is smaller (using the min() function — so when the container size is below 350px the cards will be stacked vertically):
Kerberos
The Book of Knowledge
Kerberos Tips and Tricks
Determining the KDCs (Kerberos Distribution Centers)
nslookup -type=srv _kerberos._tcp.PRG-DC.DHL.COM
Tracing Kerberos Traffic
You can run kinit with logging or track network traffic with tcpdump. KDC uses port 88.
KRB5_TRACE=/dev/stdout kinit -V
Using principal: srv_expdac-icp@PRG-DC.DHL.COM
[995] 1690227514.959301: Getting initial credentials for
srv_expdac-icp@PRG-DC.DHL.COM
[995] 1690227515.60083: Sending unauthenticated request
[995] 1690227515.60084: Sending request (226 bytes) to PRG-DC.DHL.COM
[995] 1690227515.60085: Resolving hostname prg-dc.dhl.com
kinit: Cannot contact any KDC for realm 'PRG-DC.DHL.COM' while getting initial
credentials
Using NMAP
Use nmap to check for port access.
Prom Examples
The Book of Knowledge
- The Book of Knowledge
- Prom.examples.md
- Prometheus Query Examples
- Infra Nodes
- Number of containers by cluster and namespace without CPU limits
- Count of pods per cluster and namespace
- CPU USage per namespace
- CPU Usage per selected pod by Namespace
- CPU overcommit
- Kafka Disk Space Available
- Network by workload: pod, namespace, interface
- CPU Usage in OpenShift
- Find Pods killed by OOM
- Find Highest PVC Utilization
Prom.examples.md
Prometheus Query Examples
Infra Nodes
sort_desc(sum by (cpu,id,pod_name,container_name) (rate(container_cpu_usage_seconds_total{type="infra"}[5m])))
Number of containers by cluster and namespace without CPU limits
count by (namespace)(sum by (namespace,pod,container)(kube_pod_container_info{container!=""}) unless sum by (namespace,pod,container)(kube_pod_container_resource_limits{resource="cpu"})
Count of pods per cluster and namespace
sum by (namespace) (kube_pod_info)))
CPU USage per namespace
sort_desc(sum by (namespace) (rate(container_cpu_usage_seconds_total[5m])))
CPU Usage per selected pod by Namespace
sum by (pod) (rate (container_cpu_usage_seconds_total{container!="",pod=~"service-label-generator.+",namespace=~"ecs-am-ramp-webapps-prd"}[1m]))
CPU overcommit
CPU limits over the capacity of the cluster is a scenario you need to avoid. Otherwise, you’ll end up with CPU throttling issues. You can detect CPU overcommit with the following query.
Scc
The Book of Knowledge
SCC.md
OpenShift Container Platform Security Context Constraint (SCC)
Working With SCCs
Use the oc adm policy commands to work with SCC assignments
Available Commands:
add-scc-to-group Add a security context constraint to groups
add-scc-to-user Add a security context constraint to users or a service account
remove-scc-from-group Remove a group from a security context constraint
remove-scc-from-user Remove a user from a security context constraint
Use the oc adm policy commands to check SCC assignments
Splunk
The Book of Knowledge
Splunk.md
Splunk Tricks
Roles
What roles do I have?
| rest /services/authentication/current-context splunk_server=local | table title roles
List Indices
To omit internal indices, remove index=_*.
| eventcount summarize=false index=* index=_* | dedup index | fields index
# To limit the output to a pattern:
| eventcount summarize=false index=* index=_* | dedup index | fields index | where like(index,"%ecs%")
List Sourcetype for each Index
| tstats count WHERE index=* OR sourcetype=* by index,sourcetype |
stats values(sourcetype) AS sourcetypes by index
if you only need it from one index, use
Vimtables
The Book of Knowledge
VimTables.md
Working with Markdown Tables in Vim
These macros assume a Markdown table in the following format.
1. Header Line
2. Table Description Line
- Any Easy Way To Create This:
- Put cursor on Header Line
- `:.t.` To Duplicate It
- `:s/[^|]/-/g` To Replace All Non-Pipes With '-'.
3. One Or More Table Lines
Each line must begin and end with the Pipe character (|).
| Header1 | Header2 |
|----|-|
| Col1 Item1 | Col2 Item1 |
| Col1 Item2 | Col2 Item2 |
After running \ta:
| Header1 | Header2 |
|------------|------------|
| Col1 Item2 | Col2 Item2 |
| Col1 Item1 | Col2 Item1 |
Note that either is a valid Markdown table. The Second example is more readable.
Vimtricks
The Book of Knowledge
VimTricks.md
- The Book of Knowledge
Vim Tips and Tricks
Using Vim as a Pipe
vim - -es +'g/foo/p' +'qa!' --not-a-term
vim < /dev/tty <(cat)
Simple Math
CTRL-A - increment number under cursor
CTRL-X - decrement number under cursor
Bouncing
Matchit - use g% to find next/previous match
use % to find match to construct under cursor (if, (, ), {, } etc.
Checking Variables
:verbose set variable?
OR
:echo "Variable:" &variable
Formatting
gq*direction* will format a line, paragraph, etc. based on direction. You
can also pipe to fmt using range!}fmt. Add the -tu or -c to control
indenting, and -p prefix to add a prefix.