Igor Cicimov icicimov
icicimov
/ tomcat.service
Created
August 21, 2018 06:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Apache Tomcat Web Application Container | |
| Documentation=http://tomcat.apache.org/tomcat-9.0-doc/ | |
| After=syslog.target network.target | |
| After=network-online.target | |
| Wants=network-online.target | |
| [Service] | |
| User=tomcat | |
| Group=tomcat |
icicimov
/ etc-default-tomcat
Created
August 21, 2018 06:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JAVA_OPTS="-Djava.awt.headless=true -server \ | |
| -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/tomcat/java_pid%p.hprof \ | |
| -XX:MetaspaceSize=256m -XX:MaxMetaspaceSize=512m \ | |
| -XX:+UseCompressedClassPointers \ | |
| -XX:CompressedClassSpaceSize=256m -XX:+AggressiveOpts \ | |
| -XX:-UseCompressedOops -XX:+UseStringDeduplication \ | |
| -XX:+UseG1GC -XX:MaxGCPauseMillis=300 \ | |
| -XX:InitiatingHeapOccupancyPercent=45 -XX:G1ReservePercent=15 \ | |
| -Xms4G -Xmx4G -Des.cluster.name=encsearchtupoc" |
icicimov
/ ingress-ns.yml
Last active
October 25, 2018 10:06
Nginx ingress controller for external service access in K8S clusters in AWS. Includes RBAC, HPA, PDB and Prometheus ServiceMonitor.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: ingress | |
| labels: | |
| name: ingress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: cert-manager | |
| labels: | |
| name: cert-manager |
icicimov
/ set_ec2_ephemeral_drive.sh
Created
November 1, 2018 02:09
Use EC2 ephemeral drive as swap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| TGTDEV="/dev/xvdb" | |
| # Umount/Cleanup | |
| [[ $(grep -wc "$TGTDEV" /proc/mounts) -eq 1 ]] && { fuser -km $TGTDEV; umount -f ${TGTDEV} 2>/dev/null || { echo "Can't unmount ${TGTDEV}"; exit 1; } } | |
| [[ -e "${TGTDEV}2" ]] && [[ $(grep -wc "${TGTDEV}2" /proc/mounts) -eq 1 ]] && { fuser -km "${TGTDEV}2"; { umount -f "${TGTDEV}2" 2>/dev/null || { echo "Can't unmount ${TGTDEV}2"; exit 1; } } } | |
| [[ -e "${TGTDEV}1" ]] && { swapoff "${TGTDEV}1" 2>/dev/null || { echo "Can't remove swap on ${TGTDEV}1 device"; exit 1; } } | |
| # Partition the ephemeral disk |
icicimov
/ kube_cluster-autoscaler_rbac.yml
Created
November 5, 2018 23:00
Kubernetes cluster-autoscaler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| labels: | |
| k8s-addon: cluster-autoscaler.addons.k8s.io | |
| app: cluster-autoscaler | |
| name: cluster-autoscaler | |
| namespace: kube-system | |
| --- |
icicimov
/ external-dns.yml
Created
November 30, 2018 05:39
Kubernetes external-dns deployment with RBAC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| labels: | |
| app: external-dns | |
| name: external-dns | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run kubelet with "--cluster-dns 169.254.20.10" | |
| # In Kops we need to update the cluster spec: | |
| #spec: | |
| # kubelet: | |
| # clusterDNS: 169.254.20.10 | |
| # | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: |
icicimov
/ haproxy-modsecurity-compile.sh
Created
December 16, 2019 23:32
ModSecurity setup for Haproxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| set -o pipefail | |
| #HAPROXY_MAJOR="1.8" | |
| #HAPROXY_VERSION="1.8.23" | |
| #HAPROXY_MD5="6c35b83a9969449c4b79783a2119551e" | |
| #HAPROXY_MAJOR="1.9" |