This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# https://kyverno.io/policies/best-practices/add_safe_to_evict/add_safe_to_evict/ | |
apiVersion: kyverno.io/v1 | |
kind: ClusterPolicy | |
metadata: | |
name: add-safe-to-evict | |
annotations: | |
policies.kyverno.io/description: >- | |
The Kubernetes cluster autoscaler does not evict pods that | |
use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: kyverno.io/v1 | |
kind: ClusterPolicy | |
metadata: | |
name: schedule-on-spot-vm | |
annotations: | |
policies.kyverno.io/description: >- | |
Adds nodeSelector + tolerations to cause Node Auto-provisioning | |
to use Spot VMs for selected workloads. | |
spec: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: kyverno.io/v1 | |
kind: ClusterPolicy | |
metadata: | |
name: generate-vpa-deployment | |
annotations: | |
policies.kyverno.io/description: >- | |
Creates VerticalPodAutoscaler resources for all Deployments not in the kube-system namespace. | |
Scales both CPU and Memory - assumes Pod Autoscaling not in use on these. | |
spec: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ARG PYTHON_BUILDER_IMAGE | |
ARG GOOGLE_DISTROLESS_BASE_IMAGE | |
## -------------- layer to give access to newer python + its dependencies ------------- ## | |
FROM ${PYTHON_BUILDER_IMAGE} as python-base | |
## ------------------------------- distroless base image ------------------------------ ## | |
# build from distroless C or cc:debug, because lots of Python depends on C |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl gnupg2 software-properties-common # install dependencies | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - # allows apt to trust the docker repo | |
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # adds the repo to apt's list of repositories | |
sudo apt update && apt install docker-ce docker-ce-cli containerd.io # actually install the docker daemon, containerd and the cli | |
# we then need to sort out some permissions for your user | |
sudo groupadd docker | |
sudo usermod -aG docker $(whoami) | |
sudo chown root:docker /var/run/docker.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
clusters: | |
- cluster: | |
certificate-authority-data: <<<your-cert-goes-here>>> # taken from .kube/config | |
server: <<<https://(your-apiserver-ip)>>> # taken from .kube/config | |
name: <<<name-of-context>>> # your choice of name | |
contexts: | |
- context: | |
cluster: <<<name-of-context>>> # your choice of name | |
user: gcloud-account |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- user: | |
- account: alex@prod.work | |
gcp-projects: | |
- gcp-project: | |
- name: prod | |
cluster: brie | |
- gcp-project: | |
- name: staging | |
cluster: cheddar | |
- user: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euoE pipefail | |
if [[ -z "${1:-}" ]]; then | |
echo "You did not specify a config or project" | |
exit 1 | |
fi | |
# special pre-defined project/account combinations I use a lot to save typing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
patch = { | |
"spec": { | |
"template": { | |
"spec": { | |
"containers": [ | |
{ | |
"name": "kubedns", | |
"resources": { | |
"requests": { | |
"cpu": "10m", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spec: | |
resourcePolicy: | |
containerPolicies: | |
- containerName: '*' | |
maxAllowed: | |
memory: 2Gi | |
minAllowed: | |
memory: 100Mi |
NewerOlder