Skip to content

Instantly share code, notes, and snippets.

View abdennour's full-sized avatar
🌴
On vacation

abdennour abdennour

🌴
On vacation
View GitHub Profile
@abdennour
abdennour / README.md
Last active May 19, 2024 21:25
Nginx Reverse Proxy for Nexus Docker Registries

Overview

This is a solution of a common problem with Nexus Docker repositories. The administrator has to expose port for "pull", another port for "push", other ports for each hosted repository. This solution is about leveraging Nginx reverse proxy to avoid using these ports.

How it works ?

Given :

  • Nexus hostname is "nexus.example.com"
  • Nexus web port is 8081
@abdennour
abdennour / 00-infra.yaml
Last active May 7, 2024 20:58
Jenkins declarative Pipeline in Kubernetes with Parallel and Sequential steps
apiVersion: v1
kind: Pod
spec:
# dnsConfig:
# options:
# - name: ndots
# value: "1"
containers:
- name: dind
image: abdennour/docker:19-dind-bash
@abdennour
abdennour / README.md
Created May 27, 2022 10:46
Redirect all HTTP to HTTPS - Ingress Traefik k3s
@abdennour
abdennour / vault-auth-k8s-method.sh
Last active January 16, 2024 19:00
Vault - Enable Kubernetes Auth Method
# $1: vault namespace
# $2: Vault Token Reviewer Service Account
vault_namespace=${1:-"vault"}
token_reviewer_sa=${2:-"vault"}
if [ -z "${VAULT_TOKEN}" ] || [ -z "${VAULT_ADDR}" ]; then
echo "ERROR: VAULT_TOKEN and VAULT_ADDR env vars are required"
exit 404
fi
cat <<EOF | kubectl apply -f -
@abdennour
abdennour / acs-clean.sh
Last active January 9, 2024 08:00
Clean ACS Operator from SecuredCluster in Openshift
oc -n stackrox delete securedcluster --all
oc -n stackrox delete pvc --all
oc delete ns stackrox
oc get clusterrole,clusterrolebinding,role,rolebinding -o name | grep stackrox | xargs oc delete --wait
oc delete ValidatingWebhookConfiguration stackrox
oc delete scc -l "app.kubernetes.io/name=stackrox"
oc project rhacs-operator
oc delete sub rhacs-operator
@abdennour
abdennour / USAGE.md
Created July 4, 2020 11:06
Generate Load with Apache Benchmark - AB - thru Kubernetes
chmod +x ab;
./ab -n 10000 -c 900 -s 300 ${url}

-n : total number of requests -c : concurrent requests ( 900 simultaneously ) -s : timeout in second

@abdennour
abdennour / ingress-kube-apiserver.yaml
Created April 18, 2021 00:50
expose kube-apiserver thru ingress
kind: Ingress
metadata:
name: kubeapi
namespace: default
annotations:
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: "api.devops.example.com"
@abdennour
abdennour / 00-about.html
Last active March 23, 2023 15:09
Vault AppRole Auth Method - Grant Access To App (Jenkins) to get secrets from Vault
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAysAAAFUCAYAAAAkvKNhAAAAAXNSR0IArs4c6QAAQABJREFUeAHsnQeAFMXSgIuckyJJRESfAUQUlIwkQREUJUlQAUHMOef0zPmZE4qBjAqKJFEQJCmKYlYEURAVERAkM3997d/L3HJ3XNi9292r1mVnZ3o6fDM309UVulCgSSwZASNgBIyAETACRsAIGAEjYAQSjEDhBGuPNccIGAEjYASMgBEwAkbACBgBI+AImLBiN4IRMAJGwAgYASNgBIyAETACCUnAhJWEvCzWKCNgBIyAETACRsAIGAEjYARMWLF7wAgYASNgBIyAETACRsAIGIGEJGDCSkJeFmuUETACRsAIGAEjYASMgBEwAias2D1gBIyAETACRsAIGAEjYASMQEISMGElIS9LajXq119/le+++0527NiRWh3T3vz222/y9ddfy/bt2+Patz/++EO++uor2bZtW0zq2bRpk8yePVumTJki33zzjezcuTMm5VohRsAIGAEjYASMgBGIJYGisSwskcv6+eef3WDvhx9+kH79+knFihVj0lzK/fDDD+Wzzz6T33//Xfbaay857LDD5Oijj5b69etLoUKFYlJPMhfy4IMPyoQJExynffbZR7Zu3SpTp06VGjVqSMOGDZO5a/LUU0/Jc889JwsXLpRq1arFrS/Dhg2Tu+66S7744gvHLTcVrV69Wvr06ePu2UqVKsl+++0nr7/+upQvXz43xdq5RsAIGAEjYASMgBGIOYGUF1YYGA8YMEDmzJkjzPAzODv11FNzLawwE/3aa6/J1Vdf7QbfCCYVKlSQzz//XJ555hmpXbu2zJs3T0qXLh3zi5ZegcyUFy9eXIoUKZLe4Xzd988//8i6devErz/6999/S+/evaV79+7CIDyZE9zXrl0bd83E5s2bY1bP2LFj5d1335WZM2fKkUceKWvWrMmz+zSZr7W13QgYASNgBIyAEch7Aikv
@abdennour
abdennour / parallel_tars.sh
Created January 6, 2023 05:12
In Parallel TAR Archive Subfolders - Bash
src=$1
dest=$2
cd ${src}
for i in *
do
(
if [ -d "$i" ];then
tar czvf "${dest}/$i.tar.gz" -C "$i" .
else
echo skiping $i as it is not folder
@abdennour
abdennour / firewalld_rhel_k3s.yml
Created April 26, 2019 20:53
Attempt to make k3s work on RHEL by an Ansible Playbook
- name: k3s readiness
hosts: localhost
become: yes
tasks:
- name: firewalld is installed
yum:
name: firewalld
state: latest
- name: service is started
service: