alexdmoss

---
# https://kyverno.io/policies/best-practices/add_safe_to_evict/add_safe_to_evict/
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: add-safe-to-evict
  annotations:
    policies.kyverno.io/description: >-
      The Kubernetes cluster autoscaler does not evict pods that 
      use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation 

alexdmoss

---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: schedule-on-spot-vm
  annotations:
    policies.kyverno.io/description: >-
      Adds nodeSelector + tolerations to cause Node Auto-provisioning
      to use Spot VMs for selected workloads.
spec:

alexdmoss

---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: generate-vpa-deployment
  annotations:
    policies.kyverno.io/description: >-
      Creates VerticalPodAutoscaler resources for all Deployments not in the kube-system namespace.
      Scales both CPU and Memory - assumes Pod Autoscaling not in use on these.
spec:

alexdmoss

ARG PYTHON_BUILDER_IMAGE
ARG GOOGLE_DISTROLESS_BASE_IMAGE

## -------------- layer to give access to newer python + its dependencies ------------- ##

FROM ${PYTHON_BUILDER_IMAGE} as python-base

## ------------------------------- distroless base image ------------------------------ ##

# build from distroless C or cc:debug, because lots of Python depends on C

alexdmoss

sudo apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl gnupg2 software-properties-common      # install dependencies
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -                                                    # allows apt to trust the docker repo
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"                   # adds the repo to apt's list of repositories
sudo apt update && apt install docker-ce docker-ce-cli containerd.io                                                            # actually install the docker daemon, containerd and the cli

# we then need to sort out some permissions for your user

sudo groupadd docker
sudo usermod -aG docker $(whoami)
sudo chown root:docker /var/run/docker.sock

alexdmoss

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <<<your-cert-goes-here>>> # taken from .kube/config
    server: <<<https://(your-apiserver-ip)>>>             # taken from .kube/config
  name: <<<name-of-context>>>                             # your choice of name
contexts:
- context:
    cluster: <<<name-of-context>>>                        # your choice of name
    user: gcloud-account

alexdmoss

- user:
  - account: alex@prod.work
    gcp-projects:
    - gcp-project:
      - name: prod
        cluster: brie
    - gcp-project:
      - name: staging
        cluster: cheddar
- user:

alexdmoss

#!/usr/bin/env bash
set -euoE pipefail

if [[ -z "${1:-}" ]]; then 
  echo "You did not specify a config or project"
  exit 1
fi


# special pre-defined project/account combinations I use a lot to save typing

alexdmoss

patch = {
        "spec": {
            "template": {
                "spec": {
                    "containers": [
                        {
                            "name": "kubedns",
                            "resources": {
                                "requests": {
                                    "cpu": "10m",

alexdmoss

spec:
  resourcePolicy:
    containerPolicies:
    - containerName: '*'
      maxAllowed:
        memory: 2Gi
      minAllowed:
        memory: 100Mi