Skip to content

Instantly share code, notes, and snippets.

View ccollicutt's full-sized avatar

curtis ccollicutt

90 followers · 109 following
View GitHub Profile
@ccollicutt
ccollicutt / ISTIO 1.4 on PKS with PSPs.md
Created December 6, 2019 18:42 — forked from svrc/ISTIO 1.4 on PKS with PSPs.md
Installing Istio 1.4 on PKS with restrictive Pod Security Policy

What does this GIST do or not do

  1. Shows you how to use Istio 1.4 on Kubernetes 1.14+ with a modicum of runtime security for your workloads.
  2. Specifically it installs Istio with CNI support, and allows the use of restrictive PodSecurityPolicies for your workloads.
  3. It is designed for VMware PKS, but doesn't require it ... (just change the CNI bin dir and excluded namespaces in values-cni.yml, also swap the ClusterRole pks-privileged and pks-restricted mentioned throughout these files with your own PSP roles).
  4. It doesn't fix the need for Istio itself to run as root, but that should be fixed in a future Istio release as it's already fixed in trunk.

Prerequisites

  1. You are logged into your cluster as a cluster admin, K8s 1.14 at least
@ccollicutt
ccollicutt / kubedingdong.md
Created September 27, 2018 18:59 — forked from herpiko/kubedingdong.md
Kubernetes notes for CKA exam preparation 💪

This notes applied to Kubernetes version 1.9.1-00 on Ubuntu Xenial.

Basic concept

TO BE WRITTEN

Installation and starting up 🏁

Installation

  • Swap should be disabled (see /etc/fstab)
@ccollicutt
ccollicutt / kubernetes_commands.md
Created September 26, 2018 17:24 — forked from edsiper/kubernetes_commands.md
Kubernetes Useful Commands