Skip to content

Instantly share code, notes, and snippets.

View gbevan's full-sized avatar

Graham Lee Bevan gbevan

View GitHub Profile
@gbevan
gbevan / Dockerfile
Last active December 24, 2018 12:21
Proof-of-concept to show how Hashicorp Vault can pre-create an encrypt/decrypt key and share it with other vault instances.
################################################################################
# Proof-of-concept to show how Hashicorp Vault can pre-create an encrypt /
# decrypt key and share it with other vault instances.
#
# docker build --no-cache -t vault-keys-poc .
################################################################################
# Generate Key in Vault (1)
FROM vault:0.11.3 as generate
RUN \
@gbevan
gbevan / k8s.sh
Last active January 19, 2019 11:26
Simple kubernetes environment selector from command line
#!/bin/bash
# List your kubernetes environments here, they will each equate to a
# rc file named k8s_envname.rc in the same folder as this script:
ENVS="
openstack
k8sdev6443
"
# Prompt user to select environment:
@gbevan
gbevan / secure_microk8s_api_proxy.md
Last active February 5, 2019 05:50
Secure microk8s api via proxy

Securing Microk8s API access via kube-proxy on https port 6443 (blocking http/8080)

  1. Instead of setting iptables FORWARD default policy to ACCEPT, leave as DROP and follow this gist
  2. Configure explicit permit rules in /etc/iptables.conf (from above gist), e.g.
# Allow internal private k8s IPs to talk
-A FILTERS -m state --state NEW -s 10.0.0.0/8 -j ACCEPT

# Permit direct https/6443 access to k8s proxy from local subnet
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 6443 -s your-src-ip-subnet/24 -j ACCEPT
@gbevan
gbevan / containerd-template.toml
Created January 10, 2020 13:02
microk8s local insecure registry
...
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins.cri.registry.mirrors."local.insecure-registry.io"]
endpoint = ["http://localhost:32000"]
[plugins.cri.registry.mirrors."k8sdev:32000"]
endpoint = ["http://k8sdev:32000"]
...
@gbevan
gbevan / etc_iptables.conf
Last active January 4, 2021 11:29
Fix internet access for microk8s pods
# see https://unrouted.io/2017/08/15/docker-firewall/
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FILTERS - [0:0]
:DOCKER-USER - [0:0]
-F INPUT
-F DOCKER-USER
@gbevan
gbevan / INSTALL.md
Last active June 2, 2022 08:47
Gnuradio 3.8 on Ubuntu 18.04
@gbevan
gbevan / k8s-images-sort-bysize.sh
Created November 13, 2023 14:23
sort k8s images by size
kubectl get nodes -o json |
jq '.items[].status.images[] | [.sizeBytes, .names[0]] | @csv' -r |
sed -e 's/"//g' |
sed 's/,/ /g' |
sort -k1n

Microk8s DEV on Ubuntu LXD Container(s)

Ref: https://microk8s.io/docs/install-lxd

Microk8s LXD profile

$ lxc profile create microk8s
$ wget https://raw.githubusercontent.com/ubuntu/microk8s/master/tests/lxc/microk8s.profile -O microk8s.profile
$ cat microk8s.profile | lxc profile edit microk8s
@gbevan
gbevan / README.md
Last active August 6, 2024 20:18
PoC - Kairos Build ISO from an Installed Linux VM as a base

Notes on PoC for Building a Kairos ISO Image from an Installed Linux VM as a Base

Create the base VM

Boot from Rocky 9 ISO
Minimal image + standard + guest agents

On the booted img

dnf update -y

MMANA-GAL on Linux with Wine

Using Winetricks to install prereqs

./winetricks -f corefonts vcrun6 vb5run native_oleaut32 vcrun2010 richtx32

Running MMANA-GAL