Ami Mahloof innovia

## vault-pod-runner.py
#!/env python
import os
import json
import logging
import tarfile
import requests
import sys

CA_PATH = "/etc/tls/ca.pem"
VAULT_URL = "https://vault.default.svc.cluster.local:8200"

## setup-vault-reviewer.sh
#!/bin/bash

echo "Openning vault in backgournd via kubectl port forwarding."
kubectl port-forward deployment/vault 8200:8200 &
vault_connection_pid=$!
echo "Re-auth kubernetes with vault"
VAULT_SA_TOKEN_NAME=$(kubectl get sa vault-reviewer -o jsonpath="{.secrets[*]['name']}")
SA_JWT_TOKEN=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data.token}" | base64 --decode; echo)
SA_CA_CRT=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data['ca\.crt']}" | base64 --decode; echo)

## vault-reviewer.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault-reviewer
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: role-tokenreview-binding

## cfssl-toolkit-install.sh
curl https://pkg.cfssl.org/R1.2/cfssl_darwin-amd64 -o /usr/local/bin/cfssl
curl https://pkg.cfssl.org/R1.2/cfssljson_darwin-amd64 -o /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson

## set_s3_acl.py
#!/usr/bin/env python
import argparse
import sys

import boto3

client = boto3.client('s3')

def main(args):
    bucket = args.bucket

## create_role.sh
# Set these names before you start.
CLUSTER_NAME={{cluster name}}
GROUP={{group name}}

# Get your account ID
ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')

# Build a role name
ROLE_NAME="Kubernetes${CLUSTER_NAME}${GROUP_NAME}Group

## tiller_role_binding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: tiller-binding
  namespace: stg
subjects:
- kind: ServiceAccount
  name: tiller
  namespace: stg
roleRef:

## nvidia-plugin-deamonset.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: nvidia-device-plugin-daemonset
  namespace: kube-system
spec:
  template:
    metadata:
      # Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
      # reserves resources for critical add-on pods so that they can be rescheduled after

## ig.yaml
apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
  labels:
    name: p3.2xlarge
spec:
  image: My-k8s-1.9-debian-stretch-2018-05-03
  kubelet:
    featureGates:
      DevicePlugins: "true"

## pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: gpu-pod
spec:
  containers:
    - name: cuda-container
      image: nvidia/cuda:9.0-devel
      resources:
        limits:
	#!/env python
	import os
	import json
	import logging
	import tarfile
	import requests
	import sys

	CA_PATH = "/etc/tls/ca.pem"
	VAULT_URL = "https://vault.default.svc.cluster.local:8200"
	#!/bin/bash

	echo "Openning vault in backgournd via kubectl port forwarding."
	kubectl port-forward deployment/vault 8200:8200 &
	vault_connection_pid=$!
	echo "Re-auth kubernetes with vault"
	VAULT_SA_TOKEN_NAME=$(kubectl get sa vault-reviewer -o jsonpath="{.secrets[*]['name']}")
	SA_JWT_TOKEN=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data.token}" \| base64 --decode; echo)
	SA_CA_CRT=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data['ca\.crt']}" \| base64 --decode; echo)
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: vault-reviewer
	namespace: default
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	name: role-tokenreview-binding
	curl https://pkg.cfssl.org/R1.2/cfssl_darwin-amd64 -o /usr/local/bin/cfssl
	curl https://pkg.cfssl.org/R1.2/cfssljson_darwin-amd64 -o /usr/local/bin/cfssljson
	chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson
	#!/usr/bin/env python
	import argparse
	import sys

	import boto3

	client = boto3.client('s3')

	def main(args):
	bucket = args.bucket
	# Set these names before you start.
	CLUSTER_NAME={{cluster name}}
	GROUP={{group name}}

	# Get your account ID
	ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')

	# Build a role name
	ROLE_NAME="Kubernetes${CLUSTER_NAME}${GROUP_NAME}Group
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: tiller-binding
	namespace: stg
	subjects:
	- kind: ServiceAccount
	name: tiller
	namespace: stg
	roleRef:
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	name: nvidia-device-plugin-daemonset
	namespace: kube-system
	spec:
	template:
	metadata:
	# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
	# reserves resources for critical add-on pods so that they can be rescheduled after
	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	labels:
	name: p3.2xlarge
	spec:
	image: My-k8s-1.9-debian-stretch-2018-05-03
	kubelet:
	featureGates:
	DevicePlugins: "true"
	apiVersion: v1
	kind: Pod
	metadata:
	name: gpu-pod
	spec:
	containers:
	- name: cuda-container
	image: nvidia/cuda:9.0-devel
	resources:
	limits: