This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/env python | |
import os | |
import json | |
import logging | |
import tarfile | |
import requests | |
import sys | |
CA_PATH = "/etc/tls/ca.pem" | |
VAULT_URL = "https://vault.default.svc.cluster.local:8200" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "Openning vault in backgournd via kubectl port forwarding." | |
kubectl port-forward deployment/vault 8200:8200 & | |
vault_connection_pid=$! | |
echo "Re-auth kubernetes with vault" | |
VAULT_SA_TOKEN_NAME=$(kubectl get sa vault-reviewer -o jsonpath="{.secrets[*]['name']}") | |
SA_JWT_TOKEN=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data.token}" | base64 --decode; echo) | |
SA_CA_CRT=$(kubectl get secret "$VAULT_SA_TOKEN_NAME" -o jsonpath="{.data['ca\.crt']}" | base64 --decode; echo) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: vault-reviewer | |
namespace: default | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: role-tokenreview-binding |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl https://pkg.cfssl.org/R1.2/cfssl_darwin-amd64 -o /usr/local/bin/cfssl | |
curl https://pkg.cfssl.org/R1.2/cfssljson_darwin-amd64 -o /usr/local/bin/cfssljson | |
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import argparse | |
import sys | |
import boto3 | |
client = boto3.client('s3') | |
def main(args): | |
bucket = args.bucket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set these names before you start. | |
CLUSTER_NAME={{cluster name}} | |
GROUP={{group name}} | |
# Get your account ID | |
ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account') | |
# Build a role name | |
ROLE_NAME="Kubernetes${CLUSTER_NAME}${GROUP_NAME}Group |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: RoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: tiller-binding | |
namespace: stg | |
subjects: | |
- kind: ServiceAccount | |
name: tiller | |
namespace: stg | |
roleRef: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
name: nvidia-device-plugin-daemonset | |
namespace: kube-system | |
spec: | |
template: | |
metadata: | |
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler | |
# reserves resources for critical add-on pods so that they can be rescheduled after |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: kops/v1alpha2 | |
kind: InstanceGroup | |
metadata: | |
labels: | |
name: p3.2xlarge | |
spec: | |
image: My-k8s-1.9-debian-stretch-2018-05-03 | |
kubelet: | |
featureGates: | |
DevicePlugins: "true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: gpu-pod | |
spec: | |
containers: | |
- name: cuda-container | |
image: nvidia/cuda:9.0-devel | |
resources: | |
limits: |