Skip to content

Instantly share code, notes, and snippets.

View JohnStrunk's full-sized avatar

John Strunk JohnStrunk

View GitHub Profile
@JohnStrunk
JohnStrunk / Dockerfile
Last active September 15, 2022 16:29
What capabilities are needed to manipulate files
FROM registry.access.redhat.com/ubi9:latest
RUN rpm -i http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/attr-2.5.1-3.el9.x86_64.rpm
ADD script.sh /
RUN chmod a+rx /script.sh
CMD [ "/script.sh" ]
@JohnStrunk
JohnStrunk / trivy-scan-image.sh
Created April 21, 2022 14:07
Using trivy to scan a container
#! /bin/bash
docker run -it --rm --pull always aquasec/trivy image --ignore-unfixed --exit-code 1 "$@"
@JohnStrunk
JohnStrunk / rename-pvc.sh
Last active May 31, 2024 20:13
"Rename" a bound PVC
#! /bin/bash
set -e -o pipefail
function usage {
cat - <<USAGE
Usage:
$0 -n namespace -s source -d destination
USAGE
}
@JohnStrunk
JohnStrunk / csi-driver.yaml
Created December 12, 2019 19:38
EBS CSI yamls
# Taken from kubectl create -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/?ref=master" --dry-run -oyaml
# Changes:
# Change secret info
# Set hostNetwork for controller
# Remove liveness probe container
# Remove healthz ports from controller
---
apiVersion: v1
kind: ServiceAccount
@JohnStrunk
JohnStrunk / cluster.yaml
Last active August 14, 2019 01:17
Are resources and placement working in devicesets?
---
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
cephVersion:
image: ceph/ceph:v14
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: block-pv
spec:
accessModes:
- ReadWriteOnce
volumeMode: Block
@JohnStrunk
JohnStrunk / gluster-cluster.yml
Last active October 19, 2018 20:51
Anthill CRD scratch space
---
apiVersion: "operator.gluster.org/v1alpha1"
kind: GlusterCluster
metadata:
# Name for the Gluster cluster that will be created by the operator
name: my-cluster
# CRD is namespaced
namespace: gcs
spec:
@JohnStrunk
JohnStrunk / bd-priv-poc.yml
Last active May 10, 2024 00:30
Block access to privileged container
---
# PVC for a block device we want to access
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: block-pvc
spec:
storageClassName: local-block
accessModes: