PatrLind

How to protect your ~/.kube/ configuration

I had a need to protect my Kubernetes config file on my computer against accidental or malicious change or reading, so I came up with this way of protecting the config files.

How it works

The ~/.kube folder is mounted using encfs. By using the --ondemand flag it will automatically ask for the encryption key/password when accessed and keep

f41gh7

apiVersion: operator.victoriametrics.com/v1beta1
kind: VMServiceScrape
metadata:
  name: apiserver
  namespace: monitoring-system
spec:
  endpoints:
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    bearerTokenSecret:
      key: ""

hermanbanken

This was initially posted in an kubernetes-sigs/kustomize issue.

We are using Kustomize's vars feature. Initially we didn't understand how to use it for our purpose, but it is a 100% fit. One example is our Ingress resource, which looks like this:

# file: base/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: services

fgrelak

# Config 

terraform {
  required_version = ">=0.12.0"
  required_providers {
    aws = ">= 2.0"
  }
}

provider "aws" {

svx

#!/bin/sh
# based on https://gist.github.com/ipedrazas/9c622404fb41f2343a0db85b3821275d

# delete all evicted pods from all namespaces
kubectl get pods --all-namespaces | grep Evicted | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod

# delete all containers in ImagePullBackOff state from all namespaces
kubectl get pods --all-namespaces | grep 'ImagePullBackOff' | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod

# delete all containers in ImagePullBackOff or ErrImagePull or Evicted state from all namespaces

ipbastola

Safest way to clean up boot partition - Ubuntu 14.04LTS-x64, Ubuntu 16.04LTS-x64

Reference

Case I: if /boot is not 100% full and apt is working

1. Check the current kernel version

$ uname -r 

kadel

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/tomas/.kube/ca
    server: https://kubernetes
  name: aws_kubernetes
contexts:
- context:
    cluster: aws_kubernetes
    user: aws_kubernetes

JohnMorales

#!/bin/bash

export PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
docker_pid=$(cat /var/run/docker.pid)
gdb -p $docker_pid <<< "$( ls /proc/$docker_pid/fd -l --time-style=+'%s' | grep -E 'deleted' | awk '{ printf("p close(%s)\n", $7)}')" >/dev/null


#closing evenfds that do not have a corresponding memory.oom_control
eventfds="$(for eventfd in $(ls /proc/$docker_pid/fd -l --time-style=+'%s' | grep -E 'eventfd'| awk '{print $7}'); do 
        memory_pid=$((eventfd - 1))

alexedwards

CREATE TABLE books (
  isbn    char(14) NOT NULL,
  title   varchar(255),
  author  varchar(255),
  price   decimal(5,2)
);

INSERT INTO books (isbn, title, author, price) VALUES
('978-1503261969', 'Emma', 'Jayne Austen', 9.44),
('978-1514274873', 'Journal of a Soldier', NULL, 5.49),

eeichinger

def gettags = ("git ls-remote -t -h ssh://jenkins@<mygitpath>/repo/some.git feature/*").execute()

return gettags.text.readLines()
         .collect { it.split()[1].replaceAll('refs/heads/', '')  }
         .unique()
         .findAll { it.startsWith('<some more pattern>') }