Skip to content

Instantly share code, notes, and snippets.

Avatar

Duffie Cooley mauilion

View GitHub Profile
View adv-audit.yaml
# https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v4/audit/
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
# Do not log from kube-system accounts
- level: None
userGroups:
- system:serviceaccounts:kube-system
- level: None
users:
View gist:89f345507846801ef85bdebc4bd2529f
*
* ==> Audit <==
* |----------|-----------------------------------|---------|---------|---------|-------------------------------|-------------------------------|
| Command | Args | Profile | User | Version | Start Time | End Time |
|----------|-----------------------------------|---------|---------|---------|-------------------------------|-------------------------------|
| ssh | -- cat | calium | dcooley | v1.21.0 | Tue, 06 Jul 2021 12:00:38 PDT | Tue, 06 Jul 2021 12:00:39 PDT |
| | /etc/cni/net.d/10-calico.conflist | | | | | |
| ssh | -- cat | calium | dcooley | v1.21.0 | Tue, 06 Jul 2021 12:01:57 PDT | Tue, 06 Jul 2021 12:01:57 PDT |
| | /etc/cni/net.d/10-calico.conflist | | | | | |
|
View gist:8781942b54b3600075a8098964c30f18
---
# Source: cilium/templates/cilium-agent-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: "cilium"
namespace: kube-system
---
# Source: cilium/templates/cilium-operator-serviceaccount.yaml
apiVersion: v1
@mauilion
mauilion / .gitignore
Last active Feb 27, 2021
terraform to generate tls assets for etcd.
View .gitignore
*tfstate*
.terraform
etcd
certs
ca-keys
View gist:75ff97d6b4afc92cb840eacbbafb3e2a
export KIND_CLUSTER_NAME=$(whoami)
export INSTALL_K3S_VERSION=v1.19.5+k3s2
export INSTALL_K3S_EXEC="--node-label cluster=${KIND_CLUSTER_NAME} --kubelet-arg=port=10260"
export K3S_TOKEN=K100eb593c7b4dcba3df04ffc638c7133bf66677599e3c5be1daca4bb7a7dedb27d::server:0b3300e83314273d0a4ffb08d4cb0144
export K3S_URL=https://honk.jeefy.dev:6443
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
@mauilion
mauilion / etcdclient.yaml
Last active Dec 3, 2020
etcdclient static pod with all the bits configured.
View etcdclient.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: etcdclient
tier: debug
name: etcdclient
namespace: kube-system
spec:
View gist:1b89ad81ffad1f36ddc31ecb5b7ffbba
{
"AuxAudioDevice1": {
"balance": 0.5,
"deinterlace_field_order": 0,
"deinterlace_mode": 0,
"enabled": true,
"flags": 0,
"hotkeys": {
"libobs.mute": [],
"libobs.push-to-mute": [],
View kind-mn-nocni.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
disableDefaultCNI: true
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker
View calico-install.sh
#!/bin/bash
kubectl apply -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
curl -LO https://docs.projectcalico.org/manifests/custom-resources.yaml
echo "view and edit custom-reources.yaml for your clusters pod cidr and then apply."
View gist:0126a5081e4f52e55723e919a643892f
# Generated by iptables-save v1.8.4 on Wed Sep 2 12:04:55 2020
*mangle
:PREROUTING ACCEPT [203961:202662193]
:INPUT ACCEPT [107095:83508318]
:FORWARD ACCEPT [96866:119153875]
:OUTPUT ACCEPT [126202:88855983]
:POSTROUTING ACCEPT [223130:208015275]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill