From Twitter by Doc Norton (@DocOnDev)
A: How long will it take to build this simple feature?
B: Well, how should this part work?
A: We don't know yet.
B: And in this situation...?
A: We don't know yet.
B: And Here?
A: We don't know yet.
Steve Coffman StevenACoffman
StevenACoffman
/ job.yaml
Created
July 22, 2018 23:41
— forked from alexellis/job.yaml
Use a Kubernetes Job and Kaniko to build an OpenFaaS function from Git
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Alex Ellis 2018 | |
| # Example from: https://blog.alexellis.io/quick-look-at-google-kaniko/ | |
| # Pre-steps: | |
| # kubectl create secret generic docker-config --from-file $HOME/.docker/config.json | |
| # Other potential optimizations (suggested by @errordeveloper) | |
| # - Store "templates" in a permanent volume | |
| # - Download source via "tar" instead of git clone |
At this point, we have set up Microsoft AD to control authentication to the AWS SSO user portal. We have also set up partial authorization by specifying which AD group has been assigned access to Account B (where the EKS cluster resides). However, access control (i.e., the level of permissions granted to the AD users) has not yet been specified. In this section, we will demonstrate how Kubernetes RBAC can be configured to define access control for AD users/groups via federation through an AWS IAM role.
Before proceeding with the steps below, be sure that that:
- You have a working Kubernetes cluster with worker nodes.
-
K8s CRD vs. javascript execution service
-
Declarative YAML vs. javascript
-
Argo has built-in artifact support for input/output handling
-
Argo does not have event handling yet (working on it :-)
As of dec 2017
StevenACoffman
/ kubernetes_add_service_account_kubeconfig.sh
Last active
November 1, 2019 21:12
— forked from innovia/kubernetes_add_service_account_kubeconfig.sh
Create a service account and generate a kubeconfig file for it - this will also set the default namespace for the service account, and RBAC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # NOTE: CHANGE THE S3_PREFIX!!! | |
| # Add user to k8s 1.6+ using service account, RBAC for jobs and extensions only | |
| if [[ -z "$1" ]] || [[ -z "$2" ]];then | |
| echo "usage: $0 <service-account> <namespace (stg|prod)>" | |
| exit 1 | |
| fi | |
| SERVICE_ACCOUNT_NAME=$1 |
StevenACoffman
/ delete_unused_launch_configurations.sh
Last active
May 15, 2018 20:41
— forked from brauliobo/delete_unused_launch_configurations.sh
Delete unused Launch Configuration. Based on http://www.markomedia.com.au/delete-launch-config-programatically-aws/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if a value exists in an array | |
| # @param $1 mixed Needle | |
| # @param $2 array Haystack | |
| # @return Success (0) if value exists, Failure (1) otherwise | |
| # Usage: in_array "$needle" "${haystack[@]}" | |
| # See: http://fvue.nl/wiki/Bash:_Check_if_array_element_exists | |
| in_array() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NAME := acmecorp/foo | |
| TAG := $$(git log -1 --pretty=%!H(MISSING)) | |
| IMG := ${NAME}:${TAG} | |
| LATEST := ${NAME}:latest | |
| build: | |
| @docker build -t ${IMG} . | |
| @docker tag ${IMG} ${LATEST} | |
| push: |
That being said, I think that, as engineers, we tend to discount the complexity we build ourselves vs. complexity we need to learn.
— Joe Beda
Don't spend more time discussing a reversible change than it would take to make (& potentially reverse) the change
StevenACoffman
/ golang_kinesis.go
Created
May 9, 2018 00:16
— forked from coboshm/golang_kinesis.go
Golang + Kinesis firehose
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "log" | |
| "encoding/json" | |
| "fmt" | |
| "os" | |
| "math/rand" |