jrnt30

Export your public key:

keybase pgp export > keybase-public.key

Export your private key:

keybase pgp export --secret > keybase-private.key

jrnt30

Here are several different ways to test a TCP port without telnet.

BASH (man page)

$ cat < /dev/tcp/127.0.0.1/22
SSH-2.0-OpenSSH_5.3
^C

$ cat &lt; /dev/tcp/127.0.0.1/23

jrnt30

FROM mirror-hub.docker.tech.lastmile.com/alpine:3.5

RUN apk add --no-cache curl jq

RUN curl -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.5.3/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl

COPY rmpeers /

CMD ["/rmpeers"]

jrnt30

#!/bin/bash
interfaces=( $(netstat -in | egrep 'utun\d .*\d+\.\d+\.\d+\.\d+' | cut -d ' ' -f 1) )
rulefile="rules.tmp"
echo "" > $rulefile
sudo pfctl -a com.apple/tun -F nat
for i in "${interfaces[@]}"
do
  RULE="nat on ${i} proto {tcp, udp, icmp} from 192.168.64.0/24 to any -> ${i}"
  echo $RULE >> $rulefile
done

jrnt30

Run this in order to backup all you k8s cluster data. It will be saved in a folder bkp. To restore the cluster, you can run kubectl apply -f bkp.

Please note: this recovers all resources correctly, including dynamically generated PV's. However, it will not recover ELB endpoints. You will need to update any DNS entries manually, and manually remove the old ELB's.

Please note: This has not been tested with all resource types. Supported resource types include:

• services
• replicationcontrollers
• secrets
• deployments
• horizontal pod autoscalers

jrnt30

node {
    // https://registry.hub.docker.com/_/maven/
    def maven32 = docker.image('maven:3.2-jdk-7-onbuild');
    
    stage 'Mirror'
    // First make sure the slave has this image.
    // (If you could set your registry below to mirror Docker Hub,
    // this would be unnecessary as maven32.inside would pull the image.)
    maven32.pull()
    // We are pushing to a private secure docker registry in this demo.

jrnt30

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

jrnt30

kops cluster config

kubeAPIServer:
  authorizationMode: RBAC
  authorizationRbacSuperUser: admin
  oidcCAFile: /srv/kubernetes/ca.crt
  oidcClientID: example
  oidcGroupsClaim: groups
  oidcIssuerURL: https://dex.example.com
  oidcUsernameClaim: email

jrnt30

kubernetes.click-ops

1. Generalizing to your own Kubernetes cluster
2. A note on non-standard kops and nodeup binaries
3. Installing required binaries
4. Setting up "permanent" resources
5. Creating the cluster
6. Administering the cluster
7. Other operations on the cluster
8. Updating your local state

jrnt30

Keybase proof

I hereby claim:

• I am jrnt30 on github.
• I am jrnt30 (https://keybase.io/jrnt30) on keybase.
• I have a public key whose fingerprint is 4B25 5AB4 7FBF 8F11 9B67 A1E9 C299 3AC5 C99B 431C

To claim this, I am signing this object: