3ng1n33r
3ng1n33r
/ ingress.yaml
Created
June 9, 2024 16:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: bluegreen-demo | |
| annotations: | |
| nginx.ingress.kubernetes.io/rewrite-target: /$1 | |
| spec: | |
| rules: | |
| - host: bluegreen-demo.lvh.me | |
| http: |
3ng1n33r
/ bluegreen-demo.yaml
Created
June 9, 2024 15:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Rollout | |
| metadata: | |
| name: bluegreen-demo | |
| labels: | |
| app: bluegreen-demo | |
| spec: | |
| replicas: 3 | |
| revisionHistoryLimit: 1 | |
| selector: |
3ng1n33r
/ ingress.yaml
Created
June 9, 2024 15:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: canary-demo | |
| annotations: | |
| nginx.ingress.kubernetes.io/rewrite-target: /$1 | |
| spec: | |
| rules: | |
| - host: canary-demo.lvh.me | |
| http: |
3ng1n33r
/ canary-demo.yaml
Created
June 9, 2024 15:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Rollout | |
| metadata: | |
| name: canary-demo | |
| spec: | |
| replicas: 5 | |
| revisionHistoryLimit: 1 | |
| selector: | |
| matchLabels: | |
| app: canary-demo |
3ng1n33r
/ .gitlab-ci.yml
Last active
November 18, 2023 10:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stages: | |
| - vault | |
| read_secrets: | |
| stage: vault | |
| image: hashicorp/vault:1.14 | |
| variables: | |
| VAULT_ADDR: https://vault.default.svc.cluster.local:8200 | |
| VAULT_SKIP_VERIFY: 'true' | |
| VAULT_AUTH_ROLE: myproject-production |
3ng1n33r
/ gist:0b7154d5652107dfb0a3b96124fc67c1
Created
November 11, 2023 12:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault write auth/jwt/config \ | |
| oidc_discovery_url="https://gitlab.com" \ | |
| bound_issuer="https://gitlab.com" |
3ng1n33r
/ gist:e5daea627b49d7306429c8672d4c1daa
Created
November 11, 2023 12:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault write auth/jwt/role/myproject-staging - <<EOF | |
| { | |
| "role_type": "jwt", | |
| "policies": ["myproject-staging"], | |
| "token_explicit_max_ttl": 60, | |
| "user_claim": "user_email", | |
| "bound_claims": { | |
| "project_id": "51459829", | |
| "ref": "staging*", | |
| "ref_type": "branch" |
3ng1n33r
/ gist:321d4c71dbba8875414eac4ca203e247
Created
November 11, 2023 12:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault policy write myproject-staging - <<EOF | |
| # Policy name: myproject-staging | |
| # | |
| # Read-only permission on 'secret/myproject/staging/*' path | |
| path "secret/data/myproject/staging/*" { | |
| capabilities = [ "read" ] | |
| } | |
| EOF | |
3ng1n33r
/ gitlab-runner-sa.yaml
Created
November 5, 2023 04:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: gitlab-user | |
| namespace: gitlab-runner | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: gitlab-user |
3ng1n33r
/ hello-secrets.yaml
Created
October 22, 2023 06:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: hello-secrets | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: hello-secrets | |
| template: |
NewerOlder