Skip to content

Instantly share code, notes, and snippets.

View PhilipSchmid's full-sized avatar

Philip Schmid PhilipSchmid

54 followers · 17 following
View GitHub Profile
@PhilipSchmid
PhilipSchmid / cks-bookmarks.html
Last active January 16, 2022 12:30
Collection of allowed bookmarks for the Linux Foundation CKS exam (December 2021, K8s 1.22) - https://docs.linuxfoundation.org/tc-docs/certification/important-instructions-cks#resources-allowed-during-exam
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
It will be read and overwritten.
DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Bookmarks</H1>
<DL><p>
<DT><H3 ADD_DATE="1639761932" LAST_MODIFIED="1639906307" PERSONAL_TOOLBAR_FOLDER="true">Bookmarks bar</H3>
<DL><p>
@PhilipSchmid
PhilipSchmid / rke2-disable-kube-proxy.md
Created November 18, 2021 07:14

How to disable Kube-Proxy in RKE2

Example use case: Running the Cilium CNI without any kube-proxy

On all RKE2 servers (master nodes), add the following configuration to your /etc/rancher/rke2/config.yaml file:

disable-kube-proxy: "true"

Now the important step: If you already had stared the RKE2 service before (without this flag and with kube-proxy enabled), ensure to also delete the kube-proxy.yaml static pod manifest:

@PhilipSchmid
PhilipSchmid / kuard-http-testing-app.yaml
Created October 26, 2021 19:28
Deployment, Service and Ingress object for the HTTP testing app kuard - https://github.com/kubernetes-up-and-running/kuard
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kuard
name: kuard
namespace: kuard
spec:
replicas: 1
@PhilipSchmid
PhilipSchmid / reproduce_cadvisor_2947.sh
Created October 19, 2021 12:48
Bash script to reproduce https://github.com/google/cadvisor/issues/2947
# NS
kubectl create ns cadvisor-issue-test
# PV
echo "
apiVersion: v1
kind: PersistentVolume
metadata:
name: pvc-cadvisor-issue-test
spec:
@PhilipSchmid
PhilipSchmid / prometheus_alert_rules_for_certmanager.yaml
Last active April 9, 2025 08:22
4 helpful Prometheus alerting rules for Cert-Manager & its Certificate CRs
- name: custom_certmanager_monitoring
rules:
- alert: CertManagerAbsent
expr: absent(up{job="cert-manager"})
for: 1h
annotations:
message: "Cert Manager has dissapeared from Prometheus service discovery."
labels:
severity: critical
- alert: CertManagerACMEProxyReachability
@PhilipSchmid
PhilipSchmid / 0-k8s_grafana_dashboards.md
Last active November 23, 2021 08:49
@PhilipSchmid
PhilipSchmid / 0-alacritty-tmux-fish-omf-setup.md
Last active November 18, 2024 00:00
Installing Alacritty, Tmux, Fish, OMF, bobthefish

Alacritty, Tmux, Fish Setup

A short tutorial how to setup a nice terminal environment using Alacritty, Tmux, Fish, OMF and the Fish theme bobthefish.

Tested on Pop_OS 20.04.

Basic Installation

  1. Install the required packages:
sudo apt install alacritty tmux fish fonts-powerline fonts-hack-ttf
@PhilipSchmid
PhilipSchmid / prometheus-cr-test.md
Created December 9, 2020 14:39
Prometheus Operator CR Testing Manifests

Prometheus Operator Custom Resource (CR) Testing Manifests

Ever searched for a simple setup to test the exposure of a /metrics endpoint and tried to add this endpoint to Prometheus using a ServiceMonitor CR? Well, use the manifests below and you are good to go :).

Creation

---
apiVersion: v1
kind: Namespace
metadata:
  name: testing
@PhilipSchmid
PhilipSchmid / minio-upload.sh
Created November 19, 2020 13:38
Upload data to Minio using CURL
#!/bin/bash
# Usage: ./minio-upload my-bucket my-file.zip
bucket=$1
file=$2
host=minio.example.com
s3_key=svc_example_user
s3_secret=svc_example_user_password
@PhilipSchmid
PhilipSchmid / k8s-rbac-example.yaml
Created October 23, 2020 15:12
A (more or less) complete RBAC example for Kubernetes
---
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
# Attention: This PSP has quite some loose restrictions! Do not just copy & paste it!
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
allowPrivilegeEscalation: true
allowedCapabilities: