Edit /etc/pam.d/sudo add after header:
auth sufficient pam_tid.so
File should look like this in the end:
Sebastian Widmer bastjan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "log" | |
| "github.com/google/go-jsonnet" | |
| "github.com/google/go-jsonnet/ast" | |
| ) |
bastjan
/ braindump.jira
Created
December 17, 2021 15:49
openshift logging elasticsearch tenant log size retention braindump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| h2. Summary | |
| *As* a VSHN customer user | |
| *I want* to search and visualise my logs | |
| *So that* I can check my application health and be aided with debugging it.- | |
| h2. Context | |
| APPUiO Public has 2.4TB Log Volumes for ~10 days retention. |
bastjan
/ release4.8-4.9.diff
Created
November 15, 2021 15:23
Full diff between OCP 4.8 and 4.9 monitoring rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -rub compiled-4.8/openshift4-monitoring/openshift4-monitoring/prometheus_rules.yaml compiled/openshift4-monitoring/openshift4-monitoring/prometheus_rules.yaml | |
| --- compiled-4.8/openshift4-monitoring/openshift4-monitoring/prometheus_rules.yaml 2021-11-15 16:12:31.000000000 +0100 | |
| +++ compiled/openshift4-monitoring/openshift4-monitoring/prometheus_rules.yaml 2021-11-15 16:13:35.000000000 +0100 | |
| @@ -156,8 +156,10 @@ | |
| syn: 'true' | |
| - alert: SYN_SamplesTBRInaccessibleOnBoot | |
| annotations: | |
| - message: 'Samples operator could not access ''registry.redhat.io'' during | |
| - its initial installation and it bootstrapped as removed. | |
| + message: 'One of two situations has occurred. Either |
bastjan
/ kyverno-merge-cm.yaml
Last active
November 3, 2021 09:33
Merge two config maps using kyverno
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: merge-configmap | |
| labels: | |
| test: insert-merged | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: |
bastjan
/ find-clusterroles.sh
Last active
September 7, 2021 07:46
Find clusterroles with permissions to create/edit namespaces
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| kubectl --as=cluster-admin get clusterrole -ojson | jq '[ .items[] | |
| | select( | |
| .rules[]? | |
| | select( | |
| (.apiGroups[]? == "" or .apiGroups[]? == "*") | |
| and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: readiness-test-ready | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: readiness-test-ready | |
| pdb: readiness-test | |
| template: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| &http.Transport{ | |
| Proxy: http.ProxyFromEnvironment, | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tk eval environments/default | jq --raw-output '[paths(scalars) as $$p | select($$p[-1] == "image") | getpath($$p)] | unique[]' | tee -a images.txt |
Commands to use where no docker is available e.g. in a container.
https://github.com/google/go-containerregistry/tree/master/cmd/crane
crane append -f jail.tar --new_tag jail:latest --output jail-latest.tarNewerOlder