Skip to content

Instantly share code, notes, and snippets.

View williamcaban's full-sized avatar

William Caban Babilonia williamcaban

63 followers · 40 following
View GitHub Profile
@williamcaban
williamcaban / api-access-from-jumphost.yaml
Last active April 5, 2024 01:17
Example of limiting the access to OpenShift control-plane, Kube API and SSH to control plane nodes using the Ingress Node Firewall Operator
---
apiVersion: ingressnodefirewall.openshift.io/v1alpha1
kind: IngressNodeFirewallConfig
metadata:
name: ingressnodefirewallconfig
namespace: openshift-ingress-node-firewall
spec:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
---
@williamcaban
williamcaban / 00-Redis Cluster in OpenShift.md
Last active June 3, 2022 03:55
  • Installing the Redis Operator
# create namespace for operator
oc create ns redis-operator

# register Helm repo
helm repo add ot-helm https://ot-container-kit.github.io/helm-charts/

# install redis-operator using helm
helm upgrade redis-operator ot-helm/redis-operator \
@williamcaban
williamcaban / Static Routes MacOS.md
Last active May 28, 2022 12:53

Static routes in MacOS

  • Find the name of the network adapters
# List network interface name
networksetup -listallnetworkservices

An asterisk (*) denotes that a network service is disabled.
USB 10/100/1000 LAN
@williamcaban
williamcaban / unsupported-nic-ids.yaml
Created February 28, 2022 16:34
---
# Using unsupported SR-IOV NICs w/OpenShift
apiVersion: v1
kind: ConfigMap
metadata:
name: unsupported-nic-ids
namespace: openshift-sriov-network-operator
data:
X520: 8086 154d 10ed
X540: 8086 154d 10ee
@williamcaban
williamcaban / check-api-latency-and-speed.sh
Created September 17, 2021 12:34
Script to test latency and speed towards OpenShift Kubernetes API Server
# If $USERNAME and $PASSWORD are not defined
# in the environment prompt for them
if [ -z "${USERNAME+x}" ]; then
read -p 'Username: ' USERNAME
fi
if [ -z "${PASSWORD+x}" ]; then
read -sp 'Password: ' PASSWORD
fi
echo -e "\nAttempting to find the K8s API Server and token"
@williamcaban
williamcaban / 00-README.md
Last active September 14, 2021 23:08
podman-based systemd container registry

Stand-alone Container Registry

  • Complete 01-prerequisites.md
  • Copy pod-registry.service to /etc/systemd/system/poc-registry.service
  • chmod 664 to /etc/systemd/system/poc-registry.service
  • systemctl daemon-reload
  • podman pull docker.io/library/registry:2
  • systemctl enable --now poc-registry
  • systemctl status poc-registry
  • Update pull-secret to have access to local registry 02-create-pull-secret.md
@williamcaban
williamcaban / downwards-api-pod.yaml
Created September 5, 2021 21:50
Example of Pod using downwards API
---
# Example of Pod using downwards API
apiVersion: v1
kind: Pod
metadata:
name: dapi-envars-fieldref
spec:
containers:
- name: test-container
image: registry.access.redhat.com/ubi8/ubi:latest
@williamcaban
williamcaban / 00-lab.conf
Last active September 5, 2021 22:03
Example of dnsmasq for OpenShift lab
# /etc/dnsmasq.d/lab.conf
###############################################################################
# DNS Server (simple)
###############################################################################
#log-facility=-
log-facility=/opt/dnsmasq/dnsmasq.log
log-async=25
# default to 150
dns-forward-max=500
@williamcaban
williamcaban / 00-README.md
Last active August 19, 2021 18:20

Example (Privileged deployment with privileges to modify network)

  1. Create namespace & ServiceAccount (see 01-create-ns.yaml)

  2. Assign privileges to ServiceAccount

# Move to the project
oc project net-pod-sa
# assign privileged SCC to SA
@williamcaban
williamcaban / OVN IPSec East-West.md
Last active June 11, 2021 19:36

OVN IPSec for east-west traffic

With OCP 4.7 IPSec for east-west traffic is a day-1 configuraiton. With OCP 4.8 this can also be applied as a day-2 configuration.

  • Setup install-config.yaml to use IPSec
networking:
  networkType: OVNKubernetes