kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller --history-max 30
Jolene Engo jengo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Application | |
| metadata: | |
| name: mysql-operator | |
| namespace: argocd | |
| spec: | |
| destination: | |
| namespace: mysql-operator | |
| server: https://kubernetes.default.svc | |
| project: default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Export all ArgoCD applications stripping out all Kubernetes internal fields | |
| # Requires yq | |
| # Written by Jolene Engo <dev.toaster@gmail.com> | |
| NAMESPACE="argocd" | |
| for app in `kubectl -n ${NAMESPACE} get applications -o name --no-headers -o custom-columns=":metadata.name"`; do | |
| kubectl -n ${NAMESPACE} get application $app -o yaml | yq eval 'del(.metadata.managedFields,.status,.metadata.creationTimestamp,.metadata.generation,.metadata.resourceVersion,.metadata.selfLink,.metadata.uid)' - > $app.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Jolene Engo <dev.toaster@gmail.com> | |
| # This is a script that you can use with your MFA token to get an STS token from AWS. | |
| # Example way to run: source sts.sh <token> | |
| # You MUST source this file or the environment varibles will not be set | |
| export AWS_ACCESS_KEY_ID= | |
| export AWS_DEFAULT_REGION= | |
| export AWS_SECRET_ACCESS_KEY= |
jengo
/ postgres-operator.yaml
Last active
July 10, 2021 08:28
ArgoCD deploy zalando/postgres-operator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This manifest written by Jolene Engo <dev.toaster@gmail.com> | |
| kind: Application | |
| metadata: | |
| name: postgres-operator | |
| namespace: argocd | |
| spec: | |
| destination: | |
| namespace: postgres-operator | |
| server: https://kubernetes.default.svc | |
| project: infrastructure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This manifest written by Jolene Engo <dev.toaster@gmail.com> | |
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Application | |
| metadata: | |
| name: cert-manager | |
| namespace: argocd | |
| spec: | |
| destination: | |
| namespace: cert-manager | |
| server: https://kubernetes.default.svc |
jengo
/ gist:2080cb07228a0b8aafb9ea54858e70c5
Last active
May 25, 2019 18:47
Modify all Kubernetes Persistent Volume to Retain policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for f in $(kubectl get pv --no-headers -o custom-columns=NAME:.metadata.name); \ | |
| do kubectl patch pv $f -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'; done |
jengo
/ s3-delay-sync.sh
Created
March 8, 2019 22:45
Sync for s3cmd put with skip existing and delay after upload each file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Jolene Engo <dev.toaster@gmail.com> | |
| # This script is useful for syncing files to an S3 bucket with a delay | |
| # Great for situations where a remote process is grabbing files after upload | |
| # and you don't want to overwhelm the remote system | |
| # The delay will slow the syncing | |
| # If the file already exists, it will be skippped. This allows a resume | |
| # that s3cmd wouldn't normally support for put |
jengo
/ helm-rbac.md
Last active
June 6, 2018 18:34
— forked from mgoodness/helm-rbac.md
Helm RBAC setup for K8s v1.6+ (tested on minikube)
jengo
/ gist:2a410aa68b12dcb08b123c38909ccd49
Created
August 4, 2017 01:38
docker ffmpeg inspire 1 footage to prores 422
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export FILE=DJI_0027.MOV | |
| docker run -v `pwd`:/workspace jrottenberg/ffmpeg -i /workspace/$FILE -vcodec prores_ks -threads 4 -profile:v 3 -vcodec copy /workspace/prores422-$FILE |
jengo
/ gist:4d4257258c10db6ade8bd819c0d30796
Created
June 6, 2017 08:39
Generate self signed TLS / SSL certificate as a Kubernetes secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export HOSTNAME=localhost | |
| export NAMESPACE=default | |
| export SECRET_NAME=test-ssl-secret | |
| openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=${HOSTNAME}/" | |
| kubectl --namespace ${NAMESPACE} create secret tls ${SECRET_NAME} --key /tmp/tls.key --cert /tmp/tls.crt |
NewerOlder