Skip to content

Instantly share code, notes, and snippets.

View icheko's full-sized avatar

Jose Pacheco icheko

11 followers · 8 following
View GitHub Profile
@icheko
icheko / medium-podman-sa-scc-binding.yaml
Created September 14, 2022 04:21
apiVersion: v1
kind: ServiceAccount
metadata:
name: nonrootbuilder-sa
namespace: jenkins-sandbox
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nonrootbuilder
@icheko
icheko / medium-podman-scc.yaml
Created September 14, 2022 04:17
apiVersion: security.openshift.io/v1
metadata:
name: nonrootbuilder
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
@icheko
icheko / medium-podman.Dockerfile
Created September 14, 2022 04:15
FROM registry.redhat.io/rhel8/podman:8.6
USER root
RUN chown -Rfv podman:podman /home/podman/.config
RUN chown -Rfv podman:podman /home/podman/.local
# 1001
USER podman
@icheko
icheko / medium-podman.Jenkinsfile
Last active September 14, 2022 04:28
pipeline{
agent {
kubernetes {
yaml '''
apiVersion: v1
kind: Pod
metadata:
labels:
label: jenkins-build
spec:
@icheko
icheko / medium-ubi8-chrome-Dockerfile
Created August 19, 2022 07:15
FROM registry.access.redhat.com/ubi8/nodejs-14:1
USER root
# Setup to download updates from RH
COPY ./rhsm-entitlement /etc/pki/entitlement
RUN rm /etc/rhsm-host
# Install Chrome
RUN dnf upgrade --refresh rpm glibc && \
@icheko
icheko / medium-git-subtree.sh
Created April 24, 2022 01:16
#!/bin/bash
SOURCE_BRANCH="helmcharts-source"
STAGING_BRANCH="helmcharts-staging"
echo
echo "Fetch new changes from helmcharts"
echo -----------------------------------------
git fetch helmcharts master
HELMCHARTS_LATEST_COMMIT=`git ls-remote helmcharts | grep "refs/heads/master" | awk '{ print $1}'`
@icheko
icheko / medium-jenkins-agent-probe.sh
Created March 16, 2022 21:27
#!/bin/bash
#
# A probe to check current CPU and RAM capacity before scheduling jobs
#
CURRENT_CPU=$(uptime | awk -F'load average:' '{ print $2 }' | awk -F',' '{print $2}' | tr -d " \t")
THRESHOLD_CPU=12.0
THRESHOLD_RAM=4096
CURRENT_AVAILABLE_RAM=$(free -m | grep "Mem:" | awk '{print $7}')
if [ "$(echo "$CURRENT_CPU > $THRESHOLD_CPU" | bc -l)" -eq 1 ]; then
@icheko
icheko / medium-k8sbackupfiles-full.yaml
Created February 21, 2022 07:37
kind: CronJob
apiVersion: batch/v1
metadata:
name: cjoc-backup
namespace: cloudbees-ci
spec:
schedule: 0 2 * * *
startingDeadlineSeconds: 120
concurrencyPolicy: Forbid
suspend: false
@icheko
icheko / medium-k8sbackupfiles-01.yaml
Last active February 21, 2022 07:35
Medium - Backup files on Kubernetes with kube-tasks
containers:
- name: jenkins-backup
image: 'maorfr/kube-tasks:0.2.0'
env:
...
command: ["/bin/sh","-c"]
args:
- kube-tasks simple-backup -n $MY_POD_NAMESPACE --selector app.kubernetes.io/name=cloudbees-core --container jenkins --path /var/jenkins_home/ --dst k8s://$MY_POD_NAMESPACE/$MY_POD_NAME/jenkins-backup/backup;
echo;
echo Backups;
@icheko
icheko / bash_for_loop.sh
Last active September 13, 2021 23:56
for i in {0..60}
do
sleep 5
done