Skip to content

Instantly share code, notes, and snippets.

@Syerram
Syerram / audit-k8s-config.md
Last active June 11, 2020 16:42
Audit of final cf-for-k8s deployment

Findings

  • cf-api-kpack-watcher deployment uses admin_client_secret non secret
  • cloud-controller-ng-yaml configmap consumes postgres password
  • cloud-controller-ng-yaml is just a huge yaml dump. can this be broken down into key-value config map
  • cloud-controller-ng-yaml bunch of other secrets that are unused but still in the configmap
  • cloud-controller-ng-yaml configmap consumes blobstore password
  • cloud-controller-ng-yaml configmap consumes uaa password as plain text cloud_controller_username_lookup_client_secret
  • eirini config-map consumes secret name app-registry-credentials as config yaml (instead of secret).
  • Will kapp rotate CRDs that reference secret names e.g. Gateway.istio-ingressgateway.credentialName
@Syerram
Syerram / Dockerfile
Last active February 20, 2020 06:09
multi-stage-dockerfile
# accept base image versions or an entire base image for all stages
ARG BASE_IMAGE_VERSION
ARG BASE_IMAGE
FROM busybox:$BASE_IMAGE_VERSION as builder
ARG LABEL_1
COPY hello.txt hello.txt
RUN echo "in builder"
RUN echo $LABEL_1
LABEL org.opencontainers.image.revision=$LABEL_1
@Syerram
Syerram / .sh
Created December 10, 2019 21:34
prototype-2
#! /bin/bash
# SET ENV VARIABLES HERE FOR minikube (e.g. minikube ip)
cf-k8s/deploy.sh overlay.yml
cf-k8s/test.sh
cf-k8s/destroy.sh
---
components:
- name: capi
version: 0.0.1
config: github.com/cf-k8s/.../yaml-config
values:
uaa_url: uaa.((top-level-stuff.system_namespace)).svc.cluster.local
ssl_cert: (())
client_secret: (())
@Syerram
Syerram / test-teardown-failure-option-b.log
Created July 1, 2019 15:33
Teardown Failure - Option B
• Failure in Spec Teardown (AfterEach) [94.883 seconds]
[windows]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:345
An application printing a bunch of output
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:351
doesn't die when printing 32MB [AfterEach]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/windows/output_volume.go:37
Timed out after 30.000s.
Expected process to exit. It did not.
@Syerram
Syerram / test-teardown-failure-option-a.log
Created July 1, 2019 15:32
Teardown Failure - Option A
• Failure in Spec Teardown (AfterEach) [94.883 seconds]
[windows]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:345
An application printing a bunch of output
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:351
doesn't die when printing 32MB [AfterEach]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/windows/output_volume.go:37
Timed out after 30.000s.
Expected process to exit. It did not.
@Syerram
Syerram / setup-failure-option-c.log
Created July 1, 2019 15:32
Setup failure - Option C
• Failure in Spec Setup (BeforeEach) [85.028 seconds]
[routing]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:164
Zipkin Tracing
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:174
when zipkin tracing is enabled [BeforeEach]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/routing/zipkin_tracing.go:44
when zipkin headers are not in the request
/go/src/github.com/cloudfoundry/cf-acceptance-tests/routing/zipkin_tracing.go:45
the sleuth error response has no error
@Syerram
Syerram / setup-failure-option-b.log
Created July 1, 2019 15:31
Setup failure - Option B
• Failure in Spec Setup (BeforeEach) [85.028 seconds]
[routing]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:164
Zipkin Tracing
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:174
when zipkin tracing is enabled [BeforeEach]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/routing/zipkin_tracing.go:44
when zipkin headers are not in the request
/go/src/github.com/cloudfoundry/cf-acceptance-tests/routing/zipkin_tracing.go:45
the sleuth error response has no error
@Syerram
Syerram / setup-failure-option-a.log
Created July 1, 2019 15:31
Setup failure - Option A
• Failure in Spec Setup (BeforeEach) [85.028 seconds]
[routing]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:164
Zipkin Tracing
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:174
when zipkin tracing is enabled [BeforeEach]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/routing/zipkin_tracing.go:44
when zipkin headers are not in the request
/go/src/github.com/cloudfoundry/cf-acceptance-tests/routing/zipkin_tracing.go:45
the sleuth error response has no error
@Syerram
Syerram / test-failure-option-c.log
Created July 1, 2019 15:26
Test failure - Option C
• Failure [253.063 seconds]
[route_services]
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:108
Route Services
/go/src/github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers/cats_suite_helpers.go:114
when a route binds to a service
/go/src/github.com/cloudfoundry/cf-acceptance-tests/route_services/route_services.go:25
when service broker returns a route service url
/go/src/github.com/cloudfoundry/cf-acceptance-tests/route_services/route_services.go:26
a request to the app is routed through the route service [It]