This is a demo of creating the subnets needed for a GKE Cluster
chrislovecnm
/ gke-ip-aliasing-networking-example.asc
Last active
April 30, 2021 14:18
GKE IP Aliasing Example
chrislovecnm
/ kops-iam-installer.txt
Created
April 18, 2017 20:08
IAM roles for kops kubernetes installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //All the resource "*" we can prune down to a | |
| //"Resource": "arn:aws:iam::ACCOUNTNUMBER:role/ROLENAME" | |
| // which is tied to a VPC | |
| // This is a list of the permissions that our installer tools | |
| // use. | |
| // There are multiple modes that our installer uses, we | |
| // will not need the perms for VPC creation as we | |
| // will be using a pre installed VPC | |
| // Will need all of these |
kops cluster config
kubeAPIServer:
authorizationMode: RBAC
authorizationRbacSuperUser: admin
oidcCAFile: /srv/kubernetes/ca.crt
oidcClientID: example
oidcGroupsClaim: groups
oidcIssuerURL: https://dex.example.com
oidcUsernameClaim: email
chrislovecnm
/ kubetest-gce.sh
Last active
March 25, 2018 16:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| test-kubetest() { | |
| export GOPATH=$HOME/Workspace | |
| KOPS_FEATURE_FLAGS=+SpecOverrideFlag | |
| KOPS_STATE_STORE=gs://chlove-state-store/ | |
| cd $GOPATH/src/k8s.io/kubernetes | |
| MYIP=$(curl ipinfo.io | jq -r .ip) | |
| RELEASE="ci/latest" | |
| VERSION=$(gsutil cat gs://kubernetes-release-dev/$RELEASE.txt) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| WORK=Workspace | |
| U=chlove | |
| echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list | |
| curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install -y openjdk-8-jdk bazel jq git build-essential |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -o vi | |
| export GOPATH=~/Workspace | |
| export PATH=$PATH:$GOPATH/bin | |
| export KOPS_FEATURE_FLAGS=+SpecOverrideFlag | |
| export KOPS_STATE_STORE=s3://clove-test-cncf | |
| test-kubetest() { | |
| cd $GOPATH/src/k8s.io/kubernetes | |
| MYIP=$(curl ipinfo.io | jq -r .ip) | |
| WORKSPACE=/tmp | |
| LOG_DUMP_SSH_USER=admin |
chrislovecnm
/ gist:1b5fa67825b76c89f7ee4ceef840e0f1
Created
February 1, 2018 02:45
testing failures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Summarizing 2 Failures: | |
| [Fail] [sig-network] Network [It] should set TCP CLOSE_WAIT timeout | |
| /go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/network/kube_proxy.go:194 | |
| [Fail] [sig-apps] Job [It] should run a job to completion when tasks sometimes fail and are not locally restarted | |
| /go/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/apps/job.go:86 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .PHONY: ${DIST}/windows/amd64/kops | |
| 227 ${DIST}/windows/amd64/kops: ${BINDATA_TARGETS} | |
| 228 mkdir -p ${DIST} | |
| 229 GOOS=windows GOARCH=amd64 go build -a ${EXTRA_BUILDFLAGS} -o $@ -ldflags "${EXTRA_LDFLAGS} -X k8s.io/kops.Version=${VE RSION} -X k8s.io/kops.GitVersion=${GITSHA}" k8s.io/kops/cmd/kops |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:DescribeInstances" | |
| ], | |
| "Resource": [ | |
| "*" |
chrislovecnm
/ kops-admin.json
Last active
October 3, 2017 15:36
Permissions Needed By a Kops Administrator - No VPC network perms included.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:AttachVolume", | |
| "ec2:AuthorizeSecurityGroupEgress", | |
| "ec2:AuthorizeSecurityGroupIngress", | |
| "ec2:CreateSecurityGroup", |
NewerOlder