Skip to content

Instantly share code, notes, and snippets.

View joejulian's full-sized avatar
🕶️
working without pants.

Joe Julian joejulian

🕶️
working without pants.
73 followers · 2 following
View GitHub Profile
@joejulian
joejulian / -
Created October 12, 2017 13:44
/usr/local/lib/python3.6/site-packages/celery/platforms.py:795: RuntimeWarning: You're running the worker with superuser privileges: this is
absolutely not recommended!
Please specify a different user using the -u option.
User information: uid=0 euid=0 gid=0 egid=0
uid=uid, euid=euid, gid=gid, egid=egid,
[2017-10-12 04:54:05,078: DEBUG/MainProcess] | Worker: Preparing bootsteps.
[2017-10-12 04:54:05,080: DEBUG/MainProcess] | Worker: Building graph...
@joejulian
joejulian / -
Created October 16, 2017 20:29
diff --git a/Dockerfile b/Dockerfile
index 8b49567..10c3f4d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,21 +16,21 @@ ENV PATH $PATH:/google-cloud-sdk/bin
ENV ETCD_VERSION=v3.2.5
ENV ETCDCTL_API=3
-ENV K8S_VERSION=v1.7.6
-ENV K8S_HELM_VERSION=v2.6.1
@joejulian
joejulian / Dockerfile
Created October 16, 2017 20:29
FROM alpine:3.6
MAINTAINER Michael Venezia <mvenezia@gmail.com>
ENV TERRAFORM_VERSION=0.8.6
ENV TF_COREOSBOX_VERSION=v0.0.3
ENV TF_DISTROIMAGE_VERSION=v0.0.1
ENV TF_PROVIDEREXECUTE_VERSION=v0.0.4
ENV GCLOUD_SDK_VERSION=162.0.0
ENV GCLOUD_FILE_NAME=google-cloud-sdk-${GCLOUD_SDK_VERSION}-linux-x86_64.tar.gz
@joejulian
joejulian / jjtiny.yaml
Created November 21, 2017 01:20
---
version: v1
# These are the new definitions which are used throughout the configuration.
definitions:
dnsConfig:
- &defaultDns
name: defaultDns
kind: dns
kubedns:
cluster_ip: 10.32.0.2
@joejulian
joejulian / canal.yaml
Last active December 22, 2017 05:34
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
annotations:
labels:
k8s-app: canal
name: canal
namespace: kube-networking
spec:
selector:
@joejulian
joejulian / Makefile
Created January 12, 2018 22:39
# Mgmt
# Copyright (C) 2013-2018+ James Shubin and the project contributors
# Written by James Shubin <james@shubin.ca> and the project contributors
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@joejulian
joejulian / vault_test_with_k8s.sh
Last active February 2, 2018 22:04
#!/bin/bash -e
# Setup a Root CA in vault
# Generate and sign an Intermediate cert
#
# Requires:
# * A running vault server already initialzed and unsealed
# * Environment variable VAULT_TOKEN is set
# * vault cli (https://www.vaultproject.io)
# * httpie (https://github.com/jkbrzt/httpie)
@joejulian
joejulian / vault-pki.md
Created February 7, 2018 19:11

Vault as a PKI service for Kubernetes authentication

Kubernetes can be configured to use SSL certificates to authenticate users allowing kubernetes internals (RBAC and events) to be used for authorization and accounting. To do this efficiently it's best to use a pki server to manage the issuance, revocation and maintenance of certificates.

Vault is not only a great tool for storing secrets in Kubernetes, it can also be used as a pki server, managing user certificates on a per-group basis, allowing a hierarchical authorization model as well as hierarchical management of user certificates.

A practical example Vault Kubernetes Authentication

Prerequisites

@joejulian
joejulian / example.c
Last active February 26, 2018 20:01
#include <stdio.h>
#include \<stdlib.h\>
#include \<string.h\>
typedef struct thing
{
float height;
char * body;
} Thing;
@joejulian
joejulian / bindata.go
Created February 28, 2018 19:09
package bindata
import (
"bytes"
"compress/gzip"
"fmt"
"io"
"strings"
)