oskapt

kubectl -n kube-system create serviceaccount tiller

kubectl create clusterrolebinding tiller \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:tiller

helm init --service-account tiller

oskapt

#cloud-config

package_upgrade: true
package_update: true
packages: 
  - curl
  - nfs-kernel-server
  - python3-pip
runcmd:
  - curl -s -o /var/tmp/install_docker https://releases.rancher.com/install-docker/18.09.sh

oskapt

kubectl get authorizationrolebinding.auth.containership.io \
  | tail -n +2 | awk '{ print $1 }' | while read x; do 
    kubectl get -o yaml authorizationrolebinding.auth.containership.io/$x -o json | jq '.metadata.finalizers=[]' \
    | kubectl apply -f -; 
  done

kubectl get authorizationrole.auth.containership.io \
  | tail -n +2 | awk '{ print $1 }' | while read x; do 
    kubectl get -o yaml authorizationrole.auth.containership.io/$x -o json | jq '.metadata.finalizers=[]' \
    | kubectl apply -f -; 

oskapt

##
# Individual DoH server entries, one server per resolver.
# These establish proxy ports that the upstream resolvers
# can be reached via.
##
server {
  listen 8001 default_server;
  server_name _;
  location / {
    proxy_pass https://dns.google;

oskapt

#!/usr/bin/env bash

mkdir certs my-safe-directory

cat > ca.cnf <<EOF
# OpenSSL CA configuration file
[ ca ]
default_ca = CA_default
[ CA_default ]
default_days = 365