Skip to content

Instantly share code, notes, and snippets.

Avatar

Kelsey Hightower kelseyhightower

View GitHub Profile
View gist:2d7bf31040f7401b1e2474538f78b2b5
INFO: 2020/06/10 09:16:26 [xds-bootstrap] Got bootstrap file location from GRPC_XDS_BOOTSTRAP environment variable: xds-bootstrap.json
INFO: 2020/06/10 09:16:26 [xds-bootstrap] Bootstrap content: {
"xds_servers": [
{
"server_uri": "trafficdirector.googleapis.com:443",
"channel_creds": [
{
"type": "google_default"
}
]
View service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: helloworld-uwsgi
name: helloworld-uwsgi
spec:
ports:
- port: 80
protocol: TCP
View config.yaml
static_resources:
listeners:
- name: health_check_listener
address:
socket_address:
address: 0.0.0.0
port_value: 80
filter_chains:
- filters:
- name: envoy.http_connection_manager
View generic ingress
apiVersion: v1
kind: Service
metadata:
labels:
app: helloworld-uwsgi
name: helloworld-uwsgi
spec:
ports:
- port: 80
protocol: TCP
View gist:151f28bebfce9a59b7a563d93f4c50ce
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- vault
View vault-tokenreview-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: vault-tokenreview-binding
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
View index.js
function denyenv (req, res) {
 // Extract the Kubernetes Pod resource and reject it if any of the containers
 // are using environment variables.
}
View index.js
'use strict';
exports.denyenv = function denyenv (req, res) {
var admissionRequest = req.body;
// Get a reference to the pod spec
var object = admissionRequest.request.object;
console.log(`validating the ${object.metadata.name} pod`);
View pod.yaml
Name: nginx-8586cf59-4mjmd
Namespace: default
Start Time: Thu, 08 Feb 2018 11:10:18 -0800
Status: Running
IP: 10.28.0.12
Controlled By: ReplicaSet/nginx-8586cf59
Containers:
nginx:
Image: nginx
State: Running
View gist:597bbfe5df8d945c2ced58783c0fd6bc
apiVersion: apps/v1beta1
kind: Deployment
metadata:
labels:
app: app
customer: customer2
name: app-customer-2
spec:
template:
metadata: