Skip to content

Instantly share code, notes, and snippets.

View ams0's full-sized avatar
🏠
Working from home

Alessandro Vozza ams0

🏠
Working from home
244 followers · 64 following
View GitHub Profile
@ams0
ams0 / check_storage_account_public_access_containers.sh
Last active January 7, 2021 01:03
Checks the current subscription for public access containers in all storage accounts
#!/bin/bash
red=`tput setaf 1`
reset=`tput sgr0`
subscription=$(az account show -o tsv --query id)
echo "Checking subscription $subscription"
for account in `az storage account list -o tsv --query [].name`
@ams0
ams0 / kubenet-azurecni-comparison.txt
Last active December 28, 2020 16:08
#Kubenet vs AzureCNI for Cilium investigation
az aks create -k 1.19.3 --enable-managed-identity -g k8s --network-plugin kubenet -s Standard_B4ms -c 2 -n kubenet --no-wait
az aks create -k 1.19.3 --enable-managed-identity -g k8s --network-plugin azure -s Standard_B4ms -c 2 -n cilium --no-wait
AzureCNI
# cat /etc/systemd/system/kubelet.service
[Unit]
Description=Kubelet
ConditionPathExists=/usr/local/bin/kubelet
@ams0
ams0 / kubeadm-containerd-audit.md
Last active January 29, 2021 13:36

Configure audit logging & troubleshooting containerd-based kubeadm

First, we'll need a VM. In one simple command, you can create a VM in azure and pass a cloud-init script that will install containerd and kubeadm, and will deploy a single node Kubernetes cluster:

wget https://gist.githubusercontent.com/ams0/0e57d15d53782c2c2259cce8545caa70/raw/d4e0686e4dc068ea146717af5d5a7be3dab97a4c/kubeadm-containerd.sh

az group create -n cks
az vm create -g cks -n cks --image  UbuntuLTS --ssh-key-values ~/.ssh/id_rsa.pub --admin-username cks --size Standard_B4ms --custom-data kubeadm-containerd.sh
@ams0
ams0 / azure-vote-all.yaml
Created December 23, 2020 22:35
apiVersion: apps/v1
kind: Deployment
metadata:
name: azure-vote-back
spec:
replicas: 1
selector:
matchLabels:
app: azure-vote-back
template:
@ams0
ams0 / kubeadm-containerd.sh
Last active December 22, 2020 23:53
#!/bin/bash
# Install kubeadm with containerd https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ & https://kubernetes.io/docs/setup/production-environment/container-runtimes/
#Prepare system for containerd
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
@ams0
ams0 / ## CKS notes December 2020.md
Last active November 12, 2021 10:51

CKS notes December 2020

General

Backup config files!!

alias k=kubectl

sudo runc --root /run/containerd/runc/k8s.io list

@ams0
ams0 / simple-ingress-nginx.yaml
Created December 17, 2020 22:00
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
namespace: default
spec:
containers:
- image: nginx
@ams0
ams0 / GlobalNetworkPolicy-blockmetadata.yaml
Last active December 11, 2020 11:50
apiVersion: crd.projectcalico.org/v1
kind: GlobalNetworkPolicy
metadata:
name: default-deny
spec:
selector: all()
types:
- Egress
egress:
- action: Deny
@ams0
ams0 / block-metadata-globalnetworkpolicy.yaml
Created December 9, 2020 16:21
apiVersion: crd.projectcalico.org/v1
kind: GlobalNetworkPolicy
metadata:
name: default-deny
spec:
selector: all()
types:
- Egress
egress:
- action: Deny
@ams0
ams0 / capi-system-pods
Created December 5, 2020 11:36
NAMESPACE NAME READY STATUS
capi-kubeadm-bootstrap-system capi-kubeadm-bootstrap-controller-manager-6b69dc7fc8-76vjs Running
capi-kubeadm-control-plane-system capi-kubeadm-control-plane-controller-manager-5b8cf46bb6-wxvhg Running
capi-system capi-controller-manager-b9b6cf5d9-sdwzq Running
capi-webhook-system capi-controller-manager-cdf6fbb98-lkfvc Running
capi-webhook-system capi-kubeadm-bootstrap-controller-manager-7b7c457d85-zmrz6 Running
capi-webhook-system capi-kubeadm-control-plane-controller-manager-86c44777c5-vtdp5 Running
capi-webhook-system capz-controller-manager-88c95756d-87rt8 Running
capz-system capz-controller-manager-857dc9578d-6t7sx Running