Skip to content

Instantly share code, notes, and snippets.

View shpwrck's full-sized avatar
🌎

Jason Skrzypek shpwrck

🌎
40 followers · 148 following
View GitHub Profile
@shpwrck
shpwrck / gist:ee7096121cf96e5fe19f70076bcd5d71
Last active June 2, 2020 02:30
Multi Cluster Service Mesh

Multi Cluster Service Mesh

This repository covers an opinionated approach to multicluster service mesh.

Most of the content for this proof of concept will be housed in the source repositories for specific projects.

Background

Use the right tool for the right job. Just because this is an option, doesn't mean that it is the right option!

@shpwrck
shpwrck / RancherDemo.md
Created August 14, 2020 15:01
Full Demo Outline
@shpwrck
shpwrck / secrets.md
Created August 21, 2020 14:43 — forked from js422/secrets.md
k8s secrets

Basics

kubernetes secret basics

aquasec security analysis

The two documents above outline the basic secrets framework provided by kubernetes and its limitations. Make special note that:

  • Secrets are not encrypted by default from kubernetes.
  • Secrets are not reloaded upon change.
@shpwrck
shpwrck / example
Created February 24, 2021 19:55
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
@shpwrck
shpwrck / envoyResources.md
Last active April 20, 2021 22:16
envoyfilters.networking.istio.io

LINK

The following list is sorted from general to specific.

(i.e. A listener contains a filter_chain which has either network filters or http filters...etc)

LISTENER:

What is a listener?

proto

@shpwrck
shpwrck / demo-annotation-owner.yaml
Created April 9, 2021 21:11
OPA Examples
apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: AssignMetadata
metadata:
name: demo-annotation-owner
spec:
match:
scope: Namespaced
location: "metadata.annotations.owner"
parameters:
assign:
@shpwrck
shpwrck / ambassador.md
Last active July 29, 2021 14:12
Rancher/EKS/Ambassador/Istio

Ambassador CRDs

# GENERATED FILE: edits made by hand will not be preserved.
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.4.1
@shpwrck
shpwrck / cloud-config.yaml
Created November 11, 2021 18:21
#cloud-config
# Add additional users or set the password/ssh keys for root
users:
- name: "rancher"
passwd: "rancher"
groups: "users"
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwXYZqUFZ49QQZ1gqM5oxPCCdUNBsHkTM8SbTSVfycMKYXoQpYNMyNJqTsnIToVB0gt5q3yxYaqJPWxT2H0Z3d63pgb73MbDunCQxEFNvfKPThITJPZm4IO4HTvXbJEAI2Bq1d5CEjEms2k9I9C9tyP3Nnm4EGNI3uRyZav2/02YjlNoJa9nd7z+rOgQ1BsGS4K2t9YNWij1k3X+ADAekfRq+Wy2k5kEGy+0FWgLb6MDflc8NaA31r7OJYZByce7IqEASijTBfrcGCr0n+EeZ0NYBWZg5vGNMTrqf+FfwFTz1jFH9gipz/3lsP9TvsSAk3YUmKRY/VNRvJkqCj8OdHIpTvhkM1SP2D68PBJgRW7JHiAvPd4AtkPjmBSdjp5QX1iLNONun6MKr3n+5V6dW6TGFlOhCyNh2UZg4PrZ+xpb0x41mLdXkPP4BPB51v2rMur+qLQChLBahS4ex7CRm/A4g9g0u4HoEAOml0HtWSekHWMPVBql9uWd1i8+hKrHM= jskrz@DESKTOP-H9LS01S
@shpwrck
shpwrck / .bashrc
Created March 7, 2022 21:17
Alias to get kubeconfigs from Rancher
export RANCHER_SERVER_URL=<< insert server url here >>
export RANCHER_ACCESS_KEY=<< insert access key here >>
export RANCHER_SECRET_KEY=<< insert secret key here >>
export RANCHER_LOCAL_CONTEXT=<< insert local cluster context here >>
function get-kubeconfigs () {
# Authenticate to Rancher Server
rancher login $RANCHER_SERVER_URL --token $RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY --context $RANCHER_LOCAL_CONTEXT
# Delete previous configs (only if Rancher is your primary Kubernetes interface)
rm -rf ~/.kube/*
@shpwrck
shpwrck / workflow.yaml
Created March 7, 2022 21:40
Rancher Git Hub Action
name: Build Video
on: push
jobs:
create-cluster:
runs-on: self-hosted
steps:
- name: Checkout Contents
uses: actions/checkout@v2
- name: Create Kind Cluster