Tim Ebert timebertt

## fix-kube-proxy-psp.sh
#!/bin/bash

# create PSP and relating RBAC rules for kube-proxy containing the fix
# this will be chosen over the faulty `gardener.kube-system.kube-proxy`
# as the PSP admission plugin chooses the lexicographically first PSP.
kubectl apply -f - <<EOF
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  labels:

## README.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                timebertt
                / README.md
            
            
              Last active
              September 14, 2021 10:01
            
              
                Dump gardenlet profile
              
          
    Dump gardenlet profile

Use the following manifest to dump the {heap,allocs,goroutine} profile of a running gardenlet every 10 minutes:
$ k apply -f profile-dump.yaml
deployment.apps/profile-dump created
persistentvolumeclaim/profile-dump created

$ kg get po,pvc -l app=profile-dump

  
## rebootstrap-seed.sh
#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

if [ -z "${SEED_KUBECONFIG:-}" ] ; then
  >&2 echo "Please point the SEED_KUBECONFIG env var to the kubeconfig for the seed you want to fix"
  exit 1
fi

## client_go.go
var (
  ctx        context.Context
  c          kubernetes.Interface // "k8s.io/client-go/kubernetes"
  deployment *appsv1.Deployment   // "k8s.io/api/apps/v1"
)

updatedDeployment, err := c.AppsV1().Deployments("default").Update(ctx, deployment, metav1.UpdateOptions{})

## generated_clientset.go
var (
  ctx   context.Context
  c     gardencoreclientset.Interface // "github.com/gardener/gardener/pkg/client/core/clientset/versioned"
  shoot *gardencorev1beta1.Shoot      // "github.com/gardener/gardener/pkg/apis/core/v1beta1"
)

updatedShoot, err := c.CoreV1beta1().Shoots("garden-eden").Update(ctx, shoot, metav1.UpdateOptions{})

## controller_runtime_client.go
var (
  ctx        context.Context
  c          client.Client            // "sigs.k8s.io/controller-runtime/pkg/client"
  deployment *appsv1.Deployment       // "k8s.io/api/apps/v1"
  shoot      *gardencorev1beta1.Shoot // "github.com/gardener/gardener/pkg/apis/core/v1beta1"
)

err := c.Update(ctx, deployment)
// or
err = c.Update(ctx, shoot)

## metadata_only_client.go
var (
  ctx     context.Context
  c       client.Client                         // "sigs.k8s.io/controller-runtime/pkg/client"
  podList = &metav1.PartialObjectMetadataList{} // "k8s.io/apimachinery/pkg/apis/meta/v1"
)
podList.SetGroupVersionKind(corev1.SchemeGroupVersion.WithKind("PodList")) // "k8s.io/api/core/v1"

if err := c.List(ctx, podList, client.InNamespace("my-namespace"), client.Limit(1)); err != nil {
  return err
}

## conflict_error.json
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "Operation cannot be fulfilled on configmaps \"foo\": the object has been modified; please apply your changes to the latest version and try again",
  "reason": "Conflict",
  "details": {
    "name": "foo",
    "kind": "configmaps"

## update_patches.go
var (
  ctx   context.Context
  c     client.Client
  shoot *gardencorev1beta1.Shoot
)

// update
shoot.Spec.Kubernetes.Version = "1.22"
err := c.Update(ctx, shoot)

## patch_optimistic_locking.go
// json merge patch + optimistic locking
patch := client.MergeFromWithOptions(shoot.DeepCopy(), client.MergeFromWithOptimisticLock{})
// ...

// strategic merge patch + optimistic locking
patch = client.StrategicMergeFrom(shoot.DeepCopy(), client.MergeFromWithOptimisticLock{})
// ...
	#!/bin/bash

	# create PSP and relating RBAC rules for kube-proxy containing the fix
	# this will be chosen over the faulty `gardener.kube-system.kube-proxy`
	# as the PSP admission plugin chooses the lexicographically first PSP.
	kubectl apply -f - <<EOF
	apiVersion: policy/v1beta1
	kind: PodSecurityPolicy
	metadata:
	labels:
	#!/usr/bin/env bash

	set -o errexit
	set -o nounset
	set -o pipefail

	if [ -z "${SEED_KUBECONFIG:-}" ] ; then
	>&2 echo "Please point the SEED_KUBECONFIG env var to the kubeconfig for the seed you want to fix"
	exit 1
	fi
	var (
	ctx context.Context
	c kubernetes.Interface // "k8s.io/client-go/kubernetes"
	deployment *appsv1.Deployment // "k8s.io/api/apps/v1"
	)

	updatedDeployment, err := c.AppsV1().Deployments("default").Update(ctx, deployment, metav1.UpdateOptions{})
	var (
	ctx context.Context
	c gardencoreclientset.Interface // "github.com/gardener/gardener/pkg/client/core/clientset/versioned"
	shoot *gardencorev1beta1.Shoot // "github.com/gardener/gardener/pkg/apis/core/v1beta1"
	)

	updatedShoot, err := c.CoreV1beta1().Shoots("garden-eden").Update(ctx, shoot, metav1.UpdateOptions{})
	var (
	ctx context.Context
	c client.Client // "sigs.k8s.io/controller-runtime/pkg/client"
	deployment *appsv1.Deployment // "k8s.io/api/apps/v1"
	shoot *gardencorev1beta1.Shoot // "github.com/gardener/gardener/pkg/apis/core/v1beta1"
	)

	err := c.Update(ctx, deployment)
	// or
	err = c.Update(ctx, shoot)
	{
	"kind": "Status",
	"apiVersion": "v1",
	"metadata": {},
	"status": "Failure",
	"message": "Operation cannot be fulfilled on configmaps \"foo\": the object has been modified; please apply your changes to the latest version and try again",
	"reason": "Conflict",
	"details": {
	"name": "foo",
	"kind": "configmaps"
	var (
	ctx context.Context
	c client.Client
	shoot *gardencorev1beta1.Shoot
	)

	// update
	shoot.Spec.Kubernetes.Version = "1.22"
	err := c.Update(ctx, shoot)
	// json merge patch + optimistic locking
	patch := client.MergeFromWithOptions(shoot.DeepCopy(), client.MergeFromWithOptimisticLock{})
	// ...

	// strategic merge patch + optimistic locking
	patch = client.StrategicMergeFrom(shoot.DeepCopy(), client.MergeFromWithOptimisticLock{})
	// ...