Let's play around with persistent volumes on GKE.
$ gcloud init
<output_omitted>
Romulo Santos soeirosantos
soeirosantos
/ gke_persistent_volumes.md
Last active
March 27, 2024 00:25
Playing around with persistent volumes on Google Kubernetes Engine
soeirosantos
/ Vagrantfile
Last active
December 17, 2022 12:09
Docker, Linux, containers, containerized processes, namespaces, cgroups etc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vagrant.configure("2") do |config| | |
| config.vm.box = "bento/ubuntu-18.04" | |
| config.vm.hostname = "node1" | |
| config.vm.provision "shell", inline: <<-SHELL | |
| # https://docs.docker.com/engine/install/ubuntu/ | |
| apt-get update | |
| apt-get install -y \ | |
| apt-transport-https \ | |
| ca-certificates \ |
soeirosantos
/ k8s-audit-policy.yaml
Last active
December 17, 2022 12:09
https://github.com/kubernetes/kubernetes/blob/f170ef66340f6355d331ed90902574ff0532a20a/cluster/gce/gci/configure-helper.sh#L741
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: audit.k8s.io/v1 | |
| kind: Policy | |
| rules: | |
| # high-volume and low-risk | |
| - level: None | |
| users: ["system:kube-proxy"] | |
| verbs: ["watch"] | |
| resources: | |
| - group: "" # core | |
| resources: ["endpoints", "services", "services/status"] |
soeirosantos
/ csi-driver.yaml
Last active
December 17, 2022 12:09
Vault CSI configuration generated from helm.sh/chart: vault-0.23.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: vault-secrets-store-csi-driver-upgrade-crds | |
| namespace: default | |
| labels: | |
| app.kubernetes.io/instance: "csi" | |
| app.kubernetes.io/name: "secrets-store-csi-driver" | |
| app.kubernetes.io/version: "1.2.4" |
soeirosantos
/ Workload Identity in Practice.md
Last active
August 29, 2021 13:41
302 :) This tutorial has been permanently moved to https://deployment.properties/posts/devsecops/workload-identity-getting-started/
soeirosantos
/ vault-aws-auth-eks.md
Last active
August 23, 2021 14:29
HashiCorp Vault AWS Auth with EKS and IAM Roles for Service Accounts
This content has been permanently moved to https://deployment.properties/posts/devsecops/vault-eks-irsa/
soeirosantos
/ 00_README.md
Last active
July 2, 2021 14:38
This gist is the Terraform configuration for the previous tutorial on HashiCorp Vault AWS Auth with Amazon EKS and IAM Roles for Service Accounts.
This Terraform configuration replaces all the AWS and Vault CLI commands in the previous tutorial.
Before running the next steps make sure you have started Vault and ngrok locally. Take a look at the previous tutorial for more details.
soeirosantos
/ README.md
Last active
April 8, 2021 04:04
This is an example of how to create a GKE cluster with some sensible defaults and best practices for security.
This is an example of how to create a GKE cluster with some sensible defaults and best practices for security.
Please, notice that this example contains the minimum security configuration that you can get without impacting other features, requiring additional network config, or the installation of third-party tools.
Security items covered in this example:
- Auto upgrades using regular release channel
- Shielded GKE Nodes
- Hardened node image with the containerd runtime
soeirosantos
/ Shared VPC with GKE and Cloud Memorystore.md
Last active
November 6, 2020 01:32
Note: You can see an improved version of this tutorial on the Google Cloud community website: https://cloud.google.com/community/tutorials/shared-vpc-gke-cloud-memorystore
In this lab we are going to configure a Shared VPC between two service projects. One project will contain a GKE cluster and the other one will contain managed services that would be accessed from applications deployed to the GKE cluster.
soeirosantos
/ TwitterEngagement.kt
Last active
July 2, 2020 19:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package br.com.soeirosantos.twitter | |
| import com.github.kittinunf.fuel.Fuel | |
| import com.github.kittinunf.fuel.core.ResponseDeserializable | |
| import com.google.gson.Gson | |
| import org.slf4j.Logger | |
| import org.slf4j.LoggerFactory | |
| import twitter4j.* | |
| import java.io.File | |
| import kotlin.math.roundToInt |
NewerOlder