kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
Michael Goodness mgoodness
mgoodness
/ fish_right_prompt.fish
Created
October 11, 2016 13:45
Add the current Kubernetes context to the right-hand side of your Fish Shell prompt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function fish_right_prompt | |
| set -l k8s_color (set_color blue) | |
| set -l k8s_context (kubectl config current-context) | |
| echo -e -n -s $k8s_color "($k8s_context)" | |
| end |
mgoodness
/ kube-rotate.sh
Last active
November 11, 2017 09:13
Bash script for draining & terminating EC2 Kubernetes nodes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| k8s_node=$(echo $1 | cut -f2 -d '/') | |
| kubectl drain --force --ignore-daemonsets --delete-local-data ${k8s_node} | |
| if [[ $? -eq 0 ]]; then | |
| kubectl delete node ${k8s_node} | |
| fi |
mgoodness
/ fluentd-config.yaml
Last active
April 7, 2019 04:47
Fluentd configuration for shipping systemd & Kubernetes logs to CloudWatch Logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| labels: | |
| app: fluentd | |
| name: fluentd-cloudwatch-logs | |
| namespace: kube-system | |
| data: | |
| aws-region: us-east-1 |
mgoodness
/ helm-rbac.md
Last active
October 30, 2021 17:04
Helm RBAC setup for K8s v1.6+ (tested on minikube)
mgoodness
/ kube-dns-rbac.md
Last active
June 7, 2019 18:33
kube-dns RBAC setup for K8s v1.6+ (tested on minikube)
kubectl -n kube-system create sa kube-dns
kubectl -n kube-system patch deploy/kube-dns -p '{"spec": {"template": {"spec": {"serviceAccountName": "kube-dns"}}}}'
mgoodness
/ git-rebase-preserve-author.fish
Created
September 4, 2017 23:37
mgoodness
/ heapster-user-rbac.yaml
Created
October 13, 2017 20:37
Minimal RBAC to enable `kubectl top`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: Role | |
| metadata: | |
| name: heapster-user | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resourceNames: | |
| - "http:heapster:" |
mgoodness
/ update-tectonic-license.fish
Created
November 13, 2017 18:03
Fish shell function for updating the CoreOS Tectonic license Secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function update-tectonic-license -d 'Updates the Tectonic license secret' -a license_file contexts | |
| set -l license_secrets tectonic-license tectonic-license-secret | |
| set -l current_context (kubectl config current-context) | |
| if test -z "$license_file" | |
| echo "usage: update-tectonic-license <path/to/license_file> [<contexts>]" | |
| end | |
| if test -z "$contexts" | |
| set contexts (kubectl config view -o go-template="{{ range .contexts }}{{ .name | println }}{{ end }}") |
mgoodness
/ count-ingress.fish
Created
December 14, 2017 16:37
Outputs the number of Ingresses (>=5) in each Namespace, plus Annotations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function count-ingress | |
| for namespace in (kubectl get ns -o name | cut -d/ -f2) | |
| set -l product_name (kubectl get ns $namespace -o json | jq -r '.metadata.annotations."ticketmaster.com/name"') | |
| set -l tech_owners (kubectl get ns $namespace -o json | jq -r '.metadata.annotations."ticketmaster.com/tech-owner"') | |
| set -l count (kubectl -n $namespace get ing --no-headers --ignore-not-found | wc -l | tr -d ' ') | |
| if test $count -ge 5; echo $namespace \($product_name - $tech_owners\): $count; end | |
| end | |
| end |
mgoodness
/ kubernetes-dashboard-rbac.md
Created
December 21, 2017 20:30
kubernetes-dashboard RBAC setup for K8s v1.8+ (tested on minikube) Raw
kubectl -n kube-system create sa kubernetes-dashboard
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
kubectl -n kube-system patch rc/kubernetes-dashboard -p '{"spec": {"template": {"spec": {"serviceAccountName": "kubernetes-dashboard"}}}}'
kubectl -n kube-system delete po -l app=kubernetes-dashboard