dims

Folks, Leave me a comment / URL if something you like is missing!

Beginner Resources

Resource	Description
Kube Academy	https://kube.academy/
kuernetes-101	https://kube.academy/courses/kubernetes-101/
Docs Home	https://kubernetes.io/docs/home/
CKS CKA CKAD Simulator	https://killer.sh/

svrc

What does this GIST do or not do

1. Shows you how to use Istio 1.4.0 - 1.4.2 on Kubernetes 1.14+ with a modicum of runtime security for your workloads.
2. Specifically it installs Istio with CNI support, and allows the use of restrictive PodSecurityPolicies for your workloads. Istio 1.4.3 fixes this issue. However, this may still be useful due to a need to add a PSP privileged role to the Istio helm charts!
3. It is designed for VMware PKS, but doesn't require it ... (just change the CNI bin dir and excluded namespaces in values-cni.yml, also swap the ClusterRole pks-privileged and pks-restricted mentioned throughout these files with your own PSP roles).
4. It doesn't fix the need for Istio itself to run as root, but that should be fixed in a future Istio release as it's already fixed in trunk.
5. Update I've also included a workaround for the CNI race condition bug in Istio CNI if you're using a DaemonSet-based CNI. See istio/istio#14327

Prerequisites

voor

#!/bin/bash
set -e
set -o pipefail

# Add user to k8s using service account or build kubeconfig for existing service account, no RBAC (must create RBAC after this script)
if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$3" ]]; then
 echo "usage: $0 <service_account_name> <namespace> <target_folder>"
 exit 1
fi

micahhausler

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws/endpoints"
	"gopkg.in/gcfg.v1"
)

type CloudConfig struct {

dlinsley

#!/bin/bash
#
# In the local directory 3 files are required
#    new_cert.crt - new machine certificate
#    new_cert.key - private key for certificate
#    intermediary.crt - certificate chain of the signing authority for new_cert.crt
#
# Run commands on the vCSA shell:

# import intermediary authority cert:

rosskukulinski

Short name	Full name
csr	certificatesigningrequests
cs	componentstatuses
cm	configmaps
ds	daemonsets
deploy	deployments
ep	endpoints
ev	events
hpa	horizontalpodautoscalers

srathbone

#2F343F,#2C3849,#5294E2,#FFFFFF,#494D58,#FFFFFF,#94E864,#78AF8F

soarez

How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA. Here is what I learned.

First things first

Lets get some context first.

plentz

# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

benmj

/*global angular: true, google: true, _ : true */

'use strict';

angular.module('geocoder', ['ngStorage']).factory('Geocoder', function ($localStorage, $q, $timeout) {
  var locations = $localStorage.locations ? JSON.parse($localStorage.locations) : {};

  var queue = [];

  // Amount of time (in milliseconds) to pause between each trip to the