Seth Jennings sjenning

## get-igntion.sh
#!/bin/bash

set -eux

HC_NAMESPACE=sjenning
HC_NAME=sjenning-mgmt
NP_NAME=sjenning-mgmt-us-east-1a

IGNITION_ROUTE=$(oc get route -n $HC_NAMESPACE-$HC_NAME ignition-server -ojsonpath='{.status.ingress[0].host}')
NODEPOOL_TOKEN_SECERT=$(oc get secret | cut -f1 -d' ' | grep ^token-$NP_NAME)

## auth.json
{
  "kind": "AuthenticationConfiguration",
  "apiVersion": "apiserver.k8s.io/v1alpha1",
  "jwt": [
    {
      "issuer": {
        "url": "https://login.microsoftonline.com/fa5d3dd8-b8ec-4407-a55c-ced639f1c8c5/v2.0",
        "audiences": [
          "fdd45692-2aa8-4c30-b472-b86b84e5ed1d"
        ],

## main.go
package main

import (
	"bufio"
	"encoding/json"
	"log"
	"os"
	"strings"
)

## services.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                sjenning
                / services.md
            
            
              Last active
              November 10, 2022 17:24
            
          
    hypershift create cluster aws --endpointAccess=PublicAndPrivate --external-dns-domain=service.ci.hypershift.devcluster.openshift.com
  services:
  - service: APIServer
    servicePublishingStrategy:
      route:
        hostname: api-sjenning-guest.service.ci.hypershift.devcluster.openshift.com
      type: Route
  - service: OAuthServer


## sjenning-ci-cluster-config.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: sjenning
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: hypershift
  namespace: sjenning

## extract-ignition.sh
#!/bin/bash

set -eux

NODEPOOL=${NODEPOOL:-'example'}
SECRET=$(oc get secret | grep ^token-${NODEPOOL} | cut -f1 -d' ')
TOKEN=$(oc get secret ${SECRET} -ojsonpath='{.data.token}')
IGNPOD=$(oc get pod | grep ignition-server | cut -f1 -d' ')
oc rsh ${IGNPOD} /bin/curl --insecure -H "Accept: application/vnd.coreos.ignition+json; version=3.2.0" -H "Authorization: Bearer ${TOKEN}" -k https://127.0.0.1:9090/ignition | jq > ${NODEPOOL}.ign

## aws-private-clusters.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                sjenning
                / aws-private-clusters.md
            
            
              Last active
              December 1, 2021 15:16
            
              
                Deploying AWS Private Cluster with Hypershift
              
          
    Deploying AWS Private Cluster with Hypershift

Create a hypershift-operator IAM user in the management account

NOTE: An IAM Role can also be used but this is the simpliest method to document
Create the policy document
# cat << EOF >> policy.json
{


## oc-nuke
#!/bin/bash

# This script is a kubectl/oc plugin that will start namespace deletion,
# watch the namespace conditions for resources blocking on finalizers,
# and remove those finalizers from the blocking resources

# TODO: Does not yet work against core resource types.  The regex doesn't get them.

NAMESPACE=$1
if ! oc get ns ${NAMESPACE} &>/dev/null; then

## heb-to-go.sh
#!/bin/bash

#set -eux

TOKEN=""
ID=""
STATE_FILE="/root/heb-to-go/.state"
#curl https://api.telegram.org/bot$TOKEN/getUpdates | jq .message.chat.id

notify() {

## upstream-kubelet-backports.sh
#!/bin/sh

set -eu

cd $GOPATH/src/k8s.io/kubernetes
for release in "1.15" "1.16" "1.17"; do
  echo "=== v${release} ==="
  git log --oneline --no-merges v${release}.0..upstream/release-${release} -- pkg/kubelet cmd/kubelet
done
	#!/bin/bash

	set -eux

	HC_NAMESPACE=sjenning
	HC_NAME=sjenning-mgmt
	NP_NAME=sjenning-mgmt-us-east-1a

	IGNITION_ROUTE=$(oc get route -n $HC_NAMESPACE-$HC_NAME ignition-server -ojsonpath='{.status.ingress[0].host}')
	NODEPOOL_TOKEN_SECERT=$(oc get secret \| cut -f1 -d' ' \| grep ^token-$NP_NAME)
	{
	"kind": "AuthenticationConfiguration",
	"apiVersion": "apiserver.k8s.io/v1alpha1",
	"jwt": [
	{
	"issuer": {
	"url": "https://login.microsoftonline.com/fa5d3dd8-b8ec-4407-a55c-ced639f1c8c5/v2.0",
	"audiences": [
	"fdd45692-2aa8-4c30-b472-b86b84e5ed1d"
	],
	package main

	import (
	"bufio"
	"encoding/json"
	"log"
	"os"
	"strings"
	)
	apiVersion: v1
	kind: Namespace
	metadata:
	name: sjenning
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: hypershift
	namespace: sjenning
	#!/bin/bash

	set -eux

	NODEPOOL=${NODEPOOL:-'example'}
	SECRET=$(oc get secret \| grep ^token-${NODEPOOL} \| cut -f1 -d' ')
	TOKEN=$(oc get secret ${SECRET} -ojsonpath='{.data.token}')
	IGNPOD=$(oc get pod \| grep ignition-server \| cut -f1 -d' ')
	oc rsh ${IGNPOD} /bin/curl --insecure -H "Accept: application/vnd.coreos.ignition+json; version=3.2.0" -H "Authorization: Bearer ${TOKEN}" -k https://127.0.0.1:9090/ignition \| jq > ${NODEPOOL}.ign
	#!/bin/bash

	# This script is a kubectl/oc plugin that will start namespace deletion,
	# watch the namespace conditions for resources blocking on finalizers,
	# and remove those finalizers from the blocking resources

	# TODO: Does not yet work against core resource types. The regex doesn't get them.

	NAMESPACE=$1
	if ! oc get ns ${NAMESPACE} &>/dev/null; then
	#!/bin/bash

	#set -eux

	TOKEN=""
	ID=""
	STATE_FILE="/root/heb-to-go/.state"
	#curl https://api.telegram.org/bot$TOKEN/getUpdates \| jq .message.chat.id

	notify() {
	#!/bin/sh

	set -eu

	cd $GOPATH/src/k8s.io/kubernetes
	for release in "1.15" "1.16" "1.17"; do
	echo "=== v${release} ==="
	git log --oneline --no-merges v${release}.0..upstream/release-${release} -- pkg/kubelet cmd/kubelet
	done