This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl get role -A -o json | jq '.items[] | . as $role | .rules[] | .resources | if any(. == "podsecuritypolicies") then $role else empty end' \ | |
| jq --arg psp $PSP 'try . as $role | .rules[] | .resourceNames | if any(. == $PSP) then $role else empty end' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl get psp -o json | jq -r '.items[] | if .spec.privileged or .spec.allowPrivilegeEscalation then .metadata.name else empty end' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (vSphere w/ Tanzu) allow any service account to run pods with restricted privileges. | |
kubectl create clusterrolebinding all:psp:restricted \ | |
--clusterrole=psp:vmware-system-restricted \ | |
--group=system:serviceaccounts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ETCDCTL_API=3 /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/18/fs/usr/local/bin/etcdctl \ | |
--cacert=/etc/kubernetes/pki/etcd/ca.crt \ | |
--cert=/etc/kubernetes/pki/etcd/server.crt \ | |
--key=/etc/kubernetes/pki/etcd/server.key \ | |
get /registry/secrets/default/secret1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yq e '.. | select(has("repository")) | .repository + "/" + .name + ":" + .tag' values.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl get nodes -o=go-template --template='{{range .items}}{{range .status.addresses}}{{if eq .type "ExternalIP" }}{{.address}}{{printf "\n"}}{{end}}{{end}}{{end}}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
labels: | |
run: debug | |
name: debug | |
namespace: default | |
spec: | |
containers: | |
- args: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clusterctl --config=clusterctl.yaml config cluster k8s-quickstart \ | |
--infrastructure vsphere:v0.6.0-rc.2 \ | |
--kubernetes-version v1.17.3 \ | |
--control-plane-machine-count 1 --worker-machine-count 3 > cluster.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## -- Controller settings -- ## | |
VSPHERE_USERNAME: "k8s-admin@vsphere.local". # The username used to access the remote vSphere endpoint | |
VSPHERE_PASSWORD: "Demo123!" # The password used to access the remote vSphere endpoint | |
## -- Required workload cluster default settings -- ## | |
VSPHERE_SERVER: "vcenter.lab.spodon.com" # The vCenter server IP or FQDN | |
VSPHERE_DATACENTER: "Datacenter" # The vSphere datacenter to deploy the management cluster on | |
VSPHERE_DATASTORE: "ssd01" # The vSphere datastore to deploy the management cluster on | |
VSPHERE_NETWORK: "VM Network" # The VM network to deploy the management cluster on | |
VSPHERE_RESOURCE_POOL: "*/Resources" # The vSphere resource pool for your VMs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind create cluster --name=clusterapi | |
clusterctl --config=clusterctl.yaml init \ | |
--core cluster-api:v0.3.0-rc.3 \ | |
--bootstrap kubeadm:v0.3.0-rc.3 \ | |
--control-plane kubeadm:v0.3.0-rc.3 \ | |
--infrastructure vsphere:v0.6.0-rc.2 |
NewerOlder