Skip to content

Instantly share code, notes, and snippets.

View mauilion's full-sized avatar

Duffie Cooley mauilion

View GitHub Profile
#!/bin/bash
kubectl apply -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
curl -LO https://docs.projectcalico.org/manifests/custom-resources.yaml
echo "view and edit custom-reources.yaml for your clusters pod cidr and then apply."
# Generated by iptables-save v1.8.4 on Wed Sep 2 12:04:55 2020
*mangle
:PREROUTING ACCEPT [203961:202662193]
:INPUT ACCEPT [107095:83508318]
:FORWARD ACCEPT [96866:119153875]
:OUTPUT ACCEPT [126202:88855983]
:POSTROUTING ACCEPT [223130:208015275]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
@mauilion
mauilion / adv-audit.yaml
Last active September 14, 2021 13:52
kind audit
# https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v4/audit/
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
# Do not log from kube-system accounts
- level: None
userGroups:
- system:serviceaccounts:kube-system
- level: None
users:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:aggregated-metrics-reader
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha3
kubeadmConfigPatches:
- |
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
extraArgs:
etcd-servers-overrides: "/events#http://10.10.10.10:2379"
nodes:
apiVersion: v1
kind: Namespace
metadata:
labels:
admission.gatekeeper.sh/ignore: no-self-managing
control-plane: controller-manager
gatekeeper.sh/system: "yes"
name: gatekeeper-system
---
apiVersion: apiextensions.k8s.io/v1beta1
[
{
"Name": "kind",
"Id": "598350d8fd243335bc467d3637e9f8a1e873a1347bb74a388302003d9394b6c4",
"Created": "2020-05-11T12:55:41.17423453-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
@mauilion
mauilion / echoserver.yaml
Last active May 14, 2020 00:48
available at git.io/echoserver.yaml apply with kubectl apply -f https://git.io/echoserver.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: echoserver
name: echoserver
spec:
replicas: 1
selector:
matchLabels:
kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha4
kubeadmConfigPatches:
- |
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
evictionHard:
nodefs.available: "0%"
- |
kind: ClusterConfiguration
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: name
name: name
spec:
containers:
- command: