Skip to content

Instantly share code, notes, and snippets.

View treacher's full-sized avatar

Michael Treacher treacher

20 followers · 2 following
View GitHub Profile
@treacher
treacher / main.go
Last active October 15, 2017 20:11
kubernetes-namespace-rolebinding-operator-main
func main() {
// Set logging output to standard console out
log.SetOutput(os.Stdout)
sigs := make(chan os.Signal, 1) // Create channel to receive OS signals
stop := make(chan struct{}) // Create channel to receive stop signal
signal.Notify(sigs, os.Interrupt, syscall.SIGTERM, syscall.SIGINT) // Register the sigs channel to receieve SIGTERM
wg := &sync.WaitGroup{} // Goroutines can add themselves to this to be waited on so that they finish
@treacher
treacher / rolebinding.yaml
Created August 29, 2017 09:45
Example Team Namespace Access RoleBinding
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kubernetes-team-1
namespace: team-1
subjects:
- kind: Group
name: kubernetes-team-1
apiGroup: rbac.authorization.k8s.io
@treacher
treacher / controller.go
Last active September 12, 2017 11:17
Namespace Rolebinding Operator
// NamespaceController watches the kubernetes api for changes to namespaces and
// creates a RoleBinding for that particular namespace.
type NamespaceController struct {
namespaceInformer cache.SharedIndexInformer
kclient *kubernetes.Clientset
}
// NewNamespaceController creates a new NewNamespaceController
func NewNamespaceController(kclient *kubernetes.Clientset) *NamespaceController {
namespaceWatcher := &NamespaceController{}
@treacher
treacher / controller.go
Created August 29, 2017 10:14
// NamespaceController watches the kubernetes api for changes to namespaces and
// creates a RoleBinding for that particular namespace.
type NamespaceController struct {
namespaceInformer cache.SharedIndexInformer
kclient *kubernetes.Clientset
}
// Run starts the process for listening for namespace changes and acting upon those changes.
func (c *NamespaceController) Run(stopCh <-chan struct{}, wg *sync.WaitGroup) {
// When this function completes, mark the go function as done
@treacher
treacher / controller.go
Created August 29, 2017 11:43
func (c *NamespaceController) createRoleBinding(obj interface{}) {
namespaceObj := obj.(*v1.Namespace)
namespaceName := namespaceObj.Name
roleBinding := &v1beta1.RoleBinding{
TypeMeta: metav1.TypeMeta{
Kind: "RoleBinding",
APIVersion: "rbac.authorization.k8s.io/v1beta1",
},
ObjectMeta: metav1.ObjectMeta{
@treacher
treacher / controller.go
Created August 29, 2017 11:52
// Run starts the process for listening for namespace changes and acting upon those changes.
func (c *NamespaceController) Run(stopCh <-chan struct{}, wg *sync.WaitGroup) {
// When this function completes, mark the go function as done
defer wg.Done()
// Increment wait group as we're about to execute a go function
wg.Add(1)
// Execute go function
go c.namespaceInformer.Run(stopCh)
@treacher
treacher / pod-with-secrets.yaml
Last active September 17, 2017 09:07
apiVersion: v1
kind: Pod
metadata:
  name: container-with-secrets
spec:
  containers:
  - name: container-with-secrets
  image: redis
  env:
  - name: SECRET_PASSWORD
@treacher
treacher / secrets.txt
Created September 17, 2017 09:46
DB_PASSWORD=foobar123
DB_USER=foo
API_KEY=12345abcd
SERVICE_PASSWORD=bbaabb45
@treacher
treacher / kms.yaml
Last active May 28, 2021 15:53
AWSTemplateFormatVersion: 2010-09-09
Resources:
# KMS Key which we'll be using to encrypt our environment variables
Key:
Type: AWS::KMS::Key
Properties:
Description: kube-kms-example application secrets key
KeyPolicy:
Version: 2012-10-17
Id: allow-root-access-to-key
@treacher
treacher / install-shush
Created September 17, 2017 09:56
curl -sL -o /usr/local/bin/shush \
https://github.com/realestate-com-au/shush/releases/download/v1.3.0/shush_linux_amd64 \
&& chmod +x /usr/local/bin/shush