Amir Mofasser amimof

## pfelk-config.sh
echo "Enter elasticsearch username"
read ELASTIC_USERNAME
echo "Enter elasticsearch password"
read ELASTIC_PASSWORD

echo "→ PUT _component_template/pfelk-settings"
curl http://$ELASTIC_USERNAME:$ELASTIC_PASSWORD@localhost:9200/_component_template/pfelk-settings -X PUT -H "Content-Type: application/json" -d '{
  "version": 8,
  "template": {
    "settings": {

## home-assistant.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: home-assistant
  labels:
    name: home-assistant
spec:
  accessModes:
    - "ReadWriteOnce"

## root-and-intermediate-ca-chain.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                amimof
                / root-and-intermediate-ca-chain.md
            
            
              Last active
              June 2, 2020 07:25
            
              
                How to create an intermediate certificate authority to issue server certificates using OpenSSL
              
          
    OpenSSL Configuration

Use this configuration with OpenSSL. You may add real IP and DNS SAN´s (Subject Alternative Name) below under [ alt_names ].
cat <<EOF > openssl.conf 
[ req ]
distinguished_name = req_distinguished_name
[req_distinguished_name]

[ v3_ca ]
basicConstraints = critical, CA:TRUE


## node-problem-detector.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: node-problem-detector
  namespace: node-problem-detector
---
apiVersion: v1
kind: ConfigMap
metadata:

## traefik-v2.yaml
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutes.traefik.containo.us
spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRoute

## coredns.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
data:
  Corefile: |-

## enable-apparmor.sh
#!/bin/bash
apt-get update
apt-get install apparmor apparmor-utils
mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"' | sudo tee /etc/default/grub.d/apparmor.cfg
update-grub
echo 'Reboot required for the changes to take effect. After reboot, verify AppArmor status by issuing `aa-status`'

## podsecuritypolicy.yaml
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: restricted
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'

## prometheus.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: prometheus
    component: kube-state-metrics
  name: kube-state-metrics
  namespace: prometheus
---
	echo "Enter elasticsearch username"
	read ELASTIC_USERNAME
	echo "Enter elasticsearch password"
	read ELASTIC_PASSWORD

	echo "→ PUT _component_template/pfelk-settings"
	curl http://$ELASTIC_USERNAME:$ELASTIC_PASSWORD@localhost:9200/_component_template/pfelk-settings -X PUT -H "Content-Type: application/json" -d '{
	"version": 8,
	"template": {
	"settings": {
	---
	kind: PersistentVolumeClaim
	apiVersion: v1
	metadata:
	name: home-assistant
	labels:
	name: home-assistant
	spec:
	accessModes:
	- "ReadWriteOnce"
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: node-problem-detector
	namespace: node-problem-detector
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: ingressroutes.traefik.containo.us
	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: IngressRoute
	#!/bin/bash
	apt-get update
	apt-get install apparmor apparmor-utils
	mkdir -p /etc/default/grub.d
	echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"' \| sudo tee /etc/default/grub.d/apparmor.cfg
	update-grub
	echo 'Reboot required for the changes to take effect. After reboot, verify AppArmor status by issuing `aa-status`'
	---
	apiVersion: policy/v1beta1
	kind: PodSecurityPolicy
	metadata:
	name: restricted
	annotations:
	seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
	apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
	seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
	apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'