Skip to content

Instantly share code, notes, and snippets.

jamcole / haproxy.cfg
Created March 19, 2021 22:25
simple tcp example (only the frontend and backend sections are meaningful)
View haproxy.cfg
log local2
chroot /var/lib/haproxy
pidfile /var/run/
maxconn 4000
user haproxy
group haproxy
jamcole / files_keepalived_ping.te
Created August 12, 2020 20:37
keepalived selinux module
View files_keepalived_ping.te
module keepalived_ping 1.0;
require {
type ping_exec_t;
type ifconfig_exec_t;
type keepalived_t;
class process setcap;
class file { execute execute_no_trans getattr open read };
class capability { setuid net_raw };
class rawip_socket { getopt create setopt write read };
class netlink_socket create;
jamcole / chk_masters
Last active August 12, 2020 20:34
keepalived ocp vrrp unicast poc
View chk_masters
if [ $(ss -nlt4H '( sport = :8443 )'|wc -c) -eq 0 ]; then exit 1; fi
jamcole / alertmanager-main
Created August 10, 2020 21:39
alertmanager-main simple for openshift
View alertmanager-main
resolve_timeout: 5m
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: default
- match:
alertname: DeadMansSwitch
jamcole / example-dc.yaml
Last active July 30, 2020 14:16
Seamlessly Load CAs from ConfigMap into k8s Pods with InitContainer
View example-dc.yaml
- args:
- -c
- cp
/usr/share/pki/ca-trust-source/anchors/k8s && mkdir -p
/etc/pki/ca-trust/extracted/java && update-ca-trust
jamcole / configurations.yaml
Created March 23, 2020 22:12
Kustomize OCP Objects (configurations)
View configurations.yaml
# set labels at metadata.labels for all types
- path: metadata/labels
# create metadata.labels if it doesn't exist
create: true
- path: spec/template/metadata/labels
kind: DeploymentConfig
create: true
jamcole / .sops.yaml
Created February 25, 2020 21:58
SOPS POC - Run before and after 'kustomize' commands... Secret files are named *.secret.*, files are renamed to *.encrypted.*
View .sops.yaml
# Config file for Mozilla SOPS:
# find files to decrypt with `find . -name '*.encrypted.*'
# find files to encrypt with `find . -name '*.secret.*'
# creation rules are evaluated sequentially, the first match wins
# all files that match pattern *.secret.* or *.encrypted.*
- path_regex: \.(secret|encrypted)\.
pgp: '166586CD6F1A906D0786BE50C26EFAE7B312A5D8'
jamcole / OpenShiftCredentials.groovy
Created February 25, 2020 21:17
OpenShift Token Credentials Creator Jenkins Library
View OpenShiftCredentials.groovy
import jenkins.model.*
import com.cloudbees.hudson.plugins.folder.*;
import com.cloudbees.plugins.credentials.impl.*;
import com.cloudbees.plugins.credentials.*;
import com.openshift.jenkins.plugins.OpenShiftTokenCredentials;
import hudson.util.Secret;
jamcole / setup-router.yml
Created February 25, 2020 18:20
OCP 3.11 Playbook to enable extended logging, disable tls 1.0, and enable modern ciphers
View setup-router.yml
- name: Configure OpenShift Router
hosts: bastion
gather_facts: no
any_errors_fatal: yes
- oc_host
- ocp_login_master
# Configure router
- name: Pause router rollout
View gist:6d2cf8578a0e695bf0f291112b528b4b
### Keybase proof
I hereby claim:
* I am jamcole on github.
* I am ch4lox ( on keybase.
* I have a public key ASAhP_SmJGPJRcOfaybF6XOgvBa_L2Ri33BqZCUtEy22wQo
To claim this, I am signing this object: