Skip to content

Instantly share code, notes, and snippets.

View shawnho1018's full-sized avatar

Shawnho shawnho1018

14 followers · 6 following
  • Google
View GitHub Profile
@shawnho1018
shawnho1018 / f5-std-role.yaml
Created February 11, 2019 01:53
F5 Role
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: bigip-ctlr-clusterrole
rules:
- apiGroups: ["", "extensions"]
resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
resources: ["configmaps", "events", "ingresses/status"]
@shawnho1018
shawnho1018 / f5-bigip-ctlr.yaml
Last active February 11, 2019 02:02
f5 bigip-ctlr
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment
namespace: kube-system
spec:
# DO NOT INCREASE REPLICA COUNT
replicas: 1
template:
metadata:
@shawnho1018
shawnho1018 / nginx-f5-integration.yml
Created February 11, 2019 02:04
Nginx service, integrated with F5 Big-IP
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: f5-nginx
spec:
replicas: 1
template:
metadata:
labels:
run: f5-nginx
@shawnho1018
shawnho1018 / f5-bigip-ctlr-cluster.yaml
Created February 12, 2019 07:36
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment
namespace: kube-system
spec:
# DO NOT INCREASE REPLICA COUNT
replicas: 1
template:
metadata:
@shawnho1018
shawnho1018 / gist:d7a3ef65794d617005bcafe3ac5d269a
Last active May 5, 2019 00:27
Contour-Example-Blue-Green
apiVersion: contour.heptio.com/v1beta1
kind: IngressRoute
metadata:
name: root-blog
namespace: default
spec:
virtualhost:
fqdn: test.syspks.com
#tls:
#secretName: containersteve-com
@shawnho1018
shawnho1018 / ingress.yaml
Created May 26, 2019 01:34
Test NSX-T Layer7 LoadBalancer
#nginx/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
spec:
rules:
- host: [replace-with-your-fqdn]
http:
paths:
@shawnho1018
shawnho1018 / NSX-T #Update Virtual Server's Setting
Created May 26, 2019 01:45
更新Virtual Server的設定
curl -k https://nsxmgr.syspks.com/api/v1/loadbalancer/virtual-servers/{virtual-server-id} \
-X PUT -u admin:VMware1! -i -H "X-Allow-Overwrite:true" -H "Content-Type:application/json" \
-H "Accept:application/json" \
-d '{
"resource_type" : "LbVirtualServer",
"id" : "03af0505-3db4-4a31-b619-7b0ff72d6f0f",
"display_name" : "pks-4cb3e155-a084-4af2-8513-34077fde1a17-http",
"tags" : [ {
"scope" : "ncp/version",
"tag" : "1.2.0"
@shawnho1018
shawnho1018 / namespace-admin-role.yaml
Created May 26, 2019 14:00
This is to provide namespace privilege to a user.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: default
name: namespace-admin
rules:
- apiGroups: ["*"] # 空字符串""表明使用core API group
resources: ["*"]
verbs: ["*"]
@shawnho1018
shawnho1018 / sa-admin.yaml
Created June 23, 2019 08:07
create serviceaccount with cluster-admin privilege
# sa-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: gimbal-sa
---
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: gimbal-admin-cb
@shawnho1018
shawnho1018 / create-kubecfg.sh
Created June 23, 2019 08:09
快速生成kubeconfig方法
context=$1 #後端K8S Cluster的名稱
kubectl apply -f ./sa-admin.yaml # 執行
name=$(kubectl describe sa gimbal-sa --context=$context | grep Tokens | awk '{print $2}')
ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}' --context=$context)
token=$(kubectl get secret/$name -o jsonpath='{.data.token}' --context=$context | base64 --decode)
namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' --context=$context | base64 --decode)
echo "
apiVersion: v1