Skip to content

Instantly share code, notes, and snippets.

Avatar
🍻

Jon Keam jkeam

🍻
View GitHub Profile
View mad_roadshow_links.md
@jkeam
jkeam / rootful-priv.yaml
Created March 3, 2023 02:17
Privileged Podman Pod
View rootful-priv.yaml
apiVersion: v1
kind: Pod
metadata:
name: podman-priv
spec:
containers:
- name: priv
image: quay.io/podman/stable:v4.4.1
args:
- sleep
@jkeam
jkeam / setup-gitlab-with-rancher-and-ocp.md
Last active March 3, 2023 02:20
Setup for Demo for GitLab with Rancher and OpenShift runners
View setup-gitlab-with-rancher-and-ocp.md

Setup for Demo for GitLab with Rancher and OpenShift runners

Git Repo

The code for this project is here git@github.com:jkeam/spring-petclinic-pac.git and the file we should be using is .gitlab-ci-kube.yml so in the repo that's in GitLab, make sure to blow away the original .gitlab-ci.yml and rename .gitlab-ci-kube.yml to .gitlab-ci.yml.

GitLab Variables

Something like below:

@jkeam
jkeam / gitlab-with-rancher-and-ocp.md
Last active March 3, 2023 02:01
Demo for GitLab with Rancher and OpenShift runners
View gitlab-with-rancher-and-ocp.md

Demo for GitLab with Rancher and OpenShift runners

Pre Demo

  1. Generate new KUBE_CONFIG with fresh OCP token

Demo

@jkeam
jkeam / psa.txt
Created February 7, 2023 21:55
Pod Security Admission Demo Script
View psa.txt
# Pod Security Admission Demo
## Part 1 - What is this
1. New Project:
oc new-project psa-test
2. Create deployment
oc create -f https://raw.githubusercontent.com/radikaled/psa/main/deploy/psa-test-deployment.yaml
@jkeam
jkeam / openshift-project-request-template.md
Created January 31, 2023 03:16
OpenShift Project Request Template - EgressNetworkPolicy
View openshift-project-request-template.md

OpenShift Project Request Template

Automatically create an EgressNetworkPolicy (note this is for OpenShiftSDN, for OVNKubernetes use EgressFirewall)

Before

oc new-project before
oc get EgressNetworkPolicy  # notice nothing is returned
@jkeam
jkeam / podman_share_dir.sh
Created January 25, 2023 15:13
Podman share directory
View podman_share_dir.sh
#!/bin/bash
# create dir for container
mkdir -p /tmp/work
# give permissions to container user
podman unshare chown -R 1001:1001 /tmp/work
# relabel
sudo semanage fcontext -a -t container_file_t '/tmp/work(/.*)?'
@jkeam
jkeam / generate-csr.sh
Created December 23, 2022 04:54
Generate CSR
View generate-csr.sh
#!/bin/bash
openssl genrsa -des3 -out server.pass.key 2048
openssl rsa -in server.pass.key -out server.key
openssl req -nodes -new -key server.key -out server.csr
@jkeam
jkeam / running_stern.sh
Created December 9, 2022 20:48
Simple stern usage
View running_stern.sh
#!/bin/bash
stern --selector=app=sticky-sessions-app
# add timestamps: stern -t --selector=app=sticky-sessions-app
@jkeam
jkeam / create-digital-ocean-droplet.sh
Created December 8, 2022 18:42
Create Digital Ocean Droplet
View create-digital-ocean-droplet.sh
#!/bin/bash
# Types of Droplets
# s-2vcpu-4gb
# s-4vcpu-8gb
#
# Creation Params
# doctl compute ssh-key list
# doctl compute droplet list
#