Joost Buskermolen JoooostB
☁️
JoooostB
/ external-secrets-key-prefix.yaml
Last active
January 11, 2023 14:02
Gatekeeper ConstraintTemplate that validates if the prefix of a namespace (all characters until first -) is equal to spec.dataFrom.*.extract.key or spec.data.*.remoteRef.key from an ExternalSecret. This ensures teams can only access their own prefixed secrets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ConstraintTemplate | |
| apiVersion: templates.gatekeeper.sh/v1beta1 | |
| metadata: | |
| name: externalsecretskeyprefix | |
| annotations: | |
| argocd.argoproj.io/sync-wave: "2" | |
| argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true | |
| description: >- | |
| Validates if the prefix of a namespace (all characters until first -) is equal to spec.dataFrom.*.extract.key or spec.data.*.remoteRef.key from an ExternalSecret. | |
| This ensures teams can only access their own secrets. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| if [ -d ~/.kube/configs ]; then | |
| if [ -z "$KUBECONFIG_MANUAL" ]; then | |
| export KUBECONFIG=$(find -L ~/.kube/configs -name "*.yaml" -type f 2>/dev/null | xargs -I % echo -n ":%") | |
| fi | |
| fi | |
| ... |
JoooostB
/ servicemonitor-kubelet.yaml
Created
December 28, 2023 09:58
Scrape kubelet & cAdvisor metrics using ServiceMonitor below
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| labels: | |
| app: kubelet | |
| scraper: prometheus-agent | |
| name: kubelet | |
| spec: | |
| endpoints: | |
| - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token |
JoooostB
/ force-delete-ns.sh
Created
January 15, 2024 15:07
You've tried anything, and still can't delete one or multiple namespaces that are stuck in Terminating? Try this after starting a kubectl proxy instead:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for NAMESPACE in list of namespaces; do kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >${NAMESPACE}.json; curl -k -H "Content-Type: application/json" -X PUT --data-binary @${NAMESPACE}.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize; done |
JoooostB
/ esphome-tesla-ble-cc1101.yaml
Created
March 4, 2025 19:20
esphome configuration for tesla-ble with support for opening the chargeport via 433Mhz and a CC1101 module
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| substitutions: | |
| espidf_version: 5.3.0 | |
| platformio_version: 6.8.1 | |
| board: esp32dev | |
| variant: esp32 | |
| flash_size: 4MB | |
| device_description: "https://github.com/yoziru/esphome-tesla-ble" | |
| ble_mac_address: !secret ble_mac_address # vehicle BLE MAC address | |
| tesla_vin: !secret tesla_vin | |
| charging_amps_max: "16" |
OlderNewer