-
Create local cluster
kind create cluster
-
Barebones flux2 install for demo
# Source: https://gist.github.com/9e8c8a78d669c84a803aac2d5446127c | |
###################################################################### | |
# Monitor and Manage Cost Of Kubernetes Clusters And Cloud Resources # | |
# https://youtu.be/GpChs_4exxQ # | |
###################################################################### | |
# Additional Info: | |
# - Kubecost: https://kubecost.com | |
# - Cost-Aware Kubernetes Cluster Autoscaling With Cast AI: https://youtu.be/r2VS8DV1Lpk |
Registering Rancher managed clusters in Argo CD doesn't work out of the box unless the Authorized Cluster Endpoint is used. Many users will prefer an integration of Argo CD via the central Rancher authentication proxy (which shares the network endpoint of the Rancher API/GUI). So let's find out why registering clusters via Rancher auth proxy fails and how to make it work.
Hint: If you are just looking for the solution scroll to the bottom of this page.
Sample config files to demonstrate seup that creates and updates free SSL certificates from Let's Encrypt given that the domains are maintained at CloudFlare service.
Certbot verifies domains ownership by accessing CloudFlare API that adds temporary TXT DNS records. To enable it You must provide your CloudFlare API token. More details in documentation for dns-cloudflare Certbot plugin.
Certbot saves created certificates in Docker volume certbot_etc
. Pay attention to output of the certbot run - it mentions path to the created certificates.
# ~/.config/starship.toml | |
[battery] | |
full_symbol = "🔋" | |
charging_symbol = "🔌" | |
discharging_symbol = "⚡" | |
[[battery.display]] | |
threshold = 30 | |
style = "bold red" |
Steps to deploy a Node.js app to DigitalOcean using PM2, NGINX as a reverse proxy and an SSL from LetsEncrypt
If you use the referal link below, you get $10 free (1 or 2 months) https://m.do.co/c/5424d440c63a
I will be using the root user, but would suggest creating a new user
apiVersion: networking.istio.io/v1alpha3 | |
kind: EnvoyFilter | |
metadata: | |
name: security-by-default-header-filter | |
spec: | |
filters: | |
- listenerMatch: | |
listenerType: GATEWAY | |
filterType: HTTP | |
filterName: envoy.lua |
version: '2.2' | |
services: | |
elasticsearch: | |
image: docker.elastic.co/elasticsearch/elasticsearch:6.4.1 | |
container_name: elasticsearch | |
environment: | |
- cluster.name=docker-cluster | |
- bootstrap.memory_lock=true | |
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
ulimits: |
version: "3" | |
services: | |
mongo1: | |
hostname: mongo1 | |
container_name: localmongo1 | |
image: mongo:4.0-xenial | |
expose: | |
- 27017 | |
ports: | |
- 27011:27017 |
#!/bin/bash | |
# Get directory of script | |
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |
if [[ $# -ne 1 ]] | |
then | |
echo "ERROR: This script expects the namespace name to be given as an argument" | |
echo "e.g. ./ecr-cred-updater.sh my-namespace" | |
exit 1 |