- Create your kind cluster (suit yourself https://kind.sigs.k8s.io/docs/user/configuration/)
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
Ondrej Vaško Lirt
Lirt
/ nginx-proxy-to-alertmanager.yaml
Created
May 6, 2021 18:42
Nginx proxy for basic-auth from Loki to AlertManager
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: nginx-proxy-to-alertmanager | |
| namespace: kube-system | |
| labels: | |
| app: nginx-proxy-to-alertmanager | |
| group: monitoring | |
| component: loki |
ernoaapa
/ list-failing-pods.sh
Last active
June 19, 2024 10:50
Script to list all Kubernetes Pods what are NOT ready
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Print Pods which are Pending or not Ready for some reaosn | |
| # | |
| kubectl get pods --all-namespaces -o go-template='{{ range $item := .items }}{{ range .status.conditions }}{{ if (or (and (eq .type "PodScheduled") (eq .status "False")) (and (eq .type "Ready") (eq .status "False"))) }}{{ $item.metadata.name}} {{ end }}{{ end }}{{ end }}' |
xeoncross
/ base64.go
Created
July 6, 2018 18:21
Base 64 encode and decode a byte array in Golang. https://play.golang.org/p/X4z9zq0nXlW
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "encoding/base64" | |
| ) | |
| func main() { | |
| str := "Hello, playground :)" | |
Lirt
/ vbox-mod-sign.sh
Last active
February 3, 2019 10:54
Sign VirtualBox kernel modules to run with SecureBoot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Script for guide: | |
| # https://gorka.eguileor.com/vbox-vmware-in-secureboot-linux-2016-update/ | |
| # | |
| # Verification: | |
| # dmesg | grep "EFI:.*cert.*${cert_name}" | |
| # | |
| set -eu | |
| set -o pipefail |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: echoserver | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: echoserver | |
| namespace: echoserver |
jaytaylor
/ delete-from-v2-docker-registry.md
Last active
June 10, 2024 13:57
One liner for deleting images from a v2 docker registry
Just plug in your own values for registry and repo/image name.
registry='localhost:5000'
name='my-image'
curl -v -sSL -X DELETE "http://${registry}/v2/${name}/manifests/$(
curl -sSL -I \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
innovia
/ kubernetes_add_service_account_kubeconfig.sh
Last active
January 29, 2024 23:00
Create a service account and generate a kubeconfig file for it - this will also set the default namespace for the user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| set -o pipefail | |
| # Add user to k8s using service account, no RBAC (must create RBAC after this script) | |
| if [[ -z "$1" ]] || [[ -z "$2" ]]; then | |
| echo "usage: $0 <service_account_name> <namespace>" | |
| exit 1 | |
| fi |
djspiewak
/ how-gpg.md
Last active
May 30, 2024 14:21
tl;dr Generate a GPG key pair (exercising appropriate paranoia). Send it to key servers. Create a Keybase account with the public part of that key. Use your keypair to sign git tags and SBT artifacts.
GPG is probably one of the least understood day-to-day pieces of software in the modern developer's toolshed. It's certainly the least understood of the important pieces of software (literally no one cares that you can't remember grep's regex variant), and this is a testament to the mightily terrible user interface it exposes to its otherwise extremely simple functionality. It's almost like cryptographers think that part of the security comes from the fact that bad guys can't figure it out any more than the good guys can.
Anyway, GPG is important for open source in particular because of one specific feature of public/private key cryptography: signing. Any published software should be signed by the developer (or company) who published it. Ideally, consu
tsandall
/ k8s_authz.rego
Last active
September 14, 2020 14:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example authorization policy for kubernetes. | |
| # | |
| # Configure kube-apiserver with the following command line arguments: | |
| # | |
| # --authorization-mode=Webhook | |
| # --authorization-webhook-config-file=<path-to-kubeconfig-file> | |
| # | |
| # The kubeconfig file must locate OPA. For example: | |
| # | |
| # clusters: |
NewerOlder