KaustubhKhati

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
    ingress.kubernetes.io/auth-signin: https://$host/oauth2/start
    ingress.kubernetes.io/secure-backends: "true"
    kubernetes.io/ingress.class: nginx
  name: external-auth-oauth2
  namespace: kube-system

chrislovecnm

kops cluster config

kubeAPIServer:
  authorizationMode: RBAC
  authorizationRbacSuperUser: admin
  oidcCAFile: /srv/kubernetes/ca.crt
  oidcClientID: example
  oidcGroupsClaim: groups
  oidcIssuerURL: https://dex.example.com
  oidcUsernameClaim: email

surdy

Why I prefer CLI over UI ?

• CLI tools are Composable using pipes (great old school example http://www.youtube.com/watch?v=tc4ROCJYbm0&t=5m32s)
• Great for automation and batch processing
• Fewer mouse clicks. Can go futher using only keyboard
• Avoid cluky UIs especially over poor connections
• I'm insulated from UI changes
• Easier to debug as they are often more verbose than the UI

The DC/OS CLI (https://dcos.io/docs/1.7/usage/cli/)

valdemon

# A part of the Halyard config file declaring the ECR registries.
# There can be multiple registries, each in different AWS account.
# In this example there are 3 "stages" accounts - dev, stage & live.
# NOTE: The declared password files must exist and provide valid base64 encoded values,
#       otherwise Halayrd will endup with an exception during deployment.
#       The values can be fake, they will be updated later by the Kubernetes Job (see 2-nd attached file).
# NOTE: replace ${YOUR_DEV_AWS_ACCOUNT_ID} ${YOUR_DEV_AWS_REGION}
#       with appropriate values (same for STAGE & LIVE).

dockerRegistry:

PaulFurtado

This is a kernel 4.14.133 backport of:

[PATCH v6 1/1] sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices

From Dave Chiluk's patch here: https://lkml.org/lkml/2019/7/23/673

---

Results of Dave's fibtest reproducer (https://github.com/indeedeng/fibtest)

On a c5.9xlarge ec2 instance:

• CPU: 36 core Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz

dm0-

Download and start the CoreOS development image in a container. Make sure to bind writable directories over the kernel's build and install paths.

wget 'http://alpha.release.core-os.net/amd64-usr/current/coreos_developer_container.bin.bz2'
bzcat coreos_developer_container.bin.bz2 > coreos_developer_container.bin
mkdir boot modules src
sudo systemd-nspawn \
    --bind="$PWD/boot:/boot" \
    --bind="$PWD/modules:/lib/modules" \

--bind="$PWD/src:/usr/src" \

sebsto

import json, boto

# Connect to IAM with boto
iam = boto.connect_iam(ACCESS_KEY, SECRET_KEY)

# Create user
user_response = iam.create_user('aws-user')

# Create Policy
policy = { 'Version' : '2012-10-17'}

mdeeks

init_config:

instances:
    -   host: localhost
        port: 9999
        conf:
            # Young Gen Collectors (Minor Collections)
            - include:
                domain: java.lang
                type: GarbageCollector

arun-gupta

AWS CNI plugin is now merged with kops: kubernetes/kops#3997. This gist explains how to build kops, create a Kubernetes cluster using correct --networking option, and then test it.

Build kops

export GOPATH=`pwd`
mkdir src/k8s.io; cd src/k8s.io
git clone git@github.com:kubernetes/kops.git
cd kops
export S3_BUCKET_NAME=<some bucket you own>

dragon788

tee -a /etc/dnsmasq.conf << EOF
dhcp-match=set:ipxeclient,60,IPXEClient*
dhcp-match=set:bios,60,PXEClient:Arch:00000
dhcp-boot=tag:bios,netboot.xyz.kpxe,,192.168.8.1
dhcp-match=set:efi32,60,PXEClient:Arch:00002
dhcp-boot=tag:efi32,netboot.xyz.efi,,192.168.8.1
dhcp-match=set:efi32-1,60,PXEClient:Arch:00006
dhcp-boot=tag:efi32-1,netboot.xyz.efi,,192.168.8.1
dhcp-match=set:efi64,60,PXEClient:Arch:00007
dhcp-boot=tag:efi64,netboot.xyz.efi,,192.168.8.1