Skip to content

Instantly share code, notes, and snippets.

Nishi Davidson d-nishi

Block or report user

Report or block d-nishi

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View ingressController-iam-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:GetCertificate"
],
@d-nishi
d-nishi / index.ts
Last active May 8, 2019
aks index.ts
View index.ts
import * as azure from "@pulumi/azure";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
// Step 1: Parse and export configuration variables for the AKS stack.
const config = new pulumi.Config();
export const password = config.require("password");
export const location = config.get("location") || "East US";
export const failoverLocation = config.get("failoverLocation") || "East US 2";
View gist:1dbd24a4f2321ba3e72b4ea0a4cc679f
echo "Updating Pulumi Stack"
# Download dependencies and build
npm install
npm run build
# Update the stack
pulumi stack select acme/website-production
pulumi update --yes
@d-nishi
d-nishi / buildspec.yml
Created Apr 30, 2019
CodeBuild spec yaml
View buildspec.yml
version: 0.2
phases:
install:
commands:
# pulumi
- curl -L https://get.pulumi.com/ | bash -s -- --version 0.16.2
- export PATH=$PATH:$HOME/.pulumi/bin
build:
commands:
@d-nishi
d-nishi / put-service-role.json
Last active May 21, 2019
CodeBuild Put Service Role
View put-service-role.json
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "CloudWatchLogsPolicy",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
@d-nishi
d-nishi / create-service-role.json
Last active May 22, 2019
CodeBuild Service Role
View create-service-role.json
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": [
"sts:AssumeRole",
"ssm:GetParameters",
@d-nishi
d-nishi / index.ts
Last active Apr 25, 2019
EKS RBAC simplified
View index.ts
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
/*
* 1) Single step deployment of three IAM Roles
*/
function createIAMRole(name: string): aws.iam.Role {
@d-nishi
d-nishi / index.ts
Last active Apr 23, 2019
EKS RBAC - verbose index.ts
View index.ts
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
/*
* 1) Single step deployment three IAM Roles
*/
// Administrator AWS IAM clusterAdminRole with full access to all AWS resources
View external cloud-controller-manager-aws
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@d-nishi
d-nishi / ingress-tls-secret.yaml
Last active Sep 27, 2018
TLS Secret and Ingress
View ingress-tls-secret.yaml
apiVersion: v1
data:
tls.crt: base64 encoded cert
tls.key: base64 encoded key
kind: Secret
metadata:
name: testsecret
namespace: default
type: Opaque
You can’t perform that action at this time.