jsctl auth login
jsctl config set organization <ORG_NAME> # e.g. gallant-wright
jsctl registry auth output 2>&1 > /dev/null # force an image pull secret to be created as necessary
Alan McGinlay amcginlay
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Cognito User Pool Demo with Chalice> | |
| PART 1 | |
| - Create a new user pool (e.g. apm-demo-user-pool), click Review Defaults and create pool | |
| - Show User and groups -> (empty) | |
| - Show Policies -> deselect all password checkboxes (keep things simple) and save changes | |
| - Show General settings / App clients -> | |
| --- Add | |
| --- set App client name (e.g. apm-demo-app-client) | |
| --- Disable Generate client secret (so later call to "aws cognito-idp initiate-auth" doesn't barf) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #################################### | |
| # cert-manager/kind/letsencrypt demo | |
| #################################### | |
| # cloudshell | |
| # - Navigate to: https://us-west-2.console.aws.amazon.com/cloudshell | |
| # - create SSM-enabled EC2 instance with ports 80/443 open | |
| aws cloudformation create-stack \ | |
| --stack-name cert-manager-k8s \ | |
| --template-url https://amcginla-public.s3.amazonaws.com/cfn/cfn-ssm-jumpbox.yaml \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ####################### | |
| # cert-manager/eks demo | |
| ####################### | |
| # to start, complete everything up to and including: | |
| # https://github.com/amcginlay/eks-demos/blob/main/doc/06-build-cluster/README.md | |
| # create ROOT PCA | |
| # set variables |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # when you pass the "--debug" flag to the AWS CLI you can see which endpoint is being invoked. | |
| # you can do something similar with kubectl when you pass the "-v6" flag as follows. | |
| # documentation here: https://kubernetes.io/docs/reference/kubectl/cheatsheet/#kubectl-output-verbosity-and-debugging | |
| kubectl get nodes -v6 | |
| # the opening lines of the response reveal the endpoint | |
| # strip out the hostname and pass what remains to kubectl as follows to see the original response which was previously prettified for you | |
| kubectl get --raw /api/v1/nodes | |
| # more examples as follows ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # -------------------------------- | |
| # from standard Cloud9 environment | |
| # -------------------------------- | |
| which aws cdk | |
| npm install --force -g aws-cdk # upgrade | |
| python -m pip install aws-cdk-lib | |
| cdk doctor # status check | |
| mkdir ~/environment/cdk-app && cd $_ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # the following docker command mounts the current directory from a new alpine container | |
| # on macos/linux | |
| docker run -it --net host -v ${HOME}/.kube/:/root/.kube -v ${PWD}:/work -w /work alpine sh | |
| # on windows | |
| docker run -it --net host -v ${USERPROFILE}/.kube/:/root/.kube -v ${CD}:/work -w /work alpine sh | |
| # TODO - Dockerfile | |
| # FROM ubuntu:latest |
amcginlay
/ cert-manager-certificate.yaml
Created
October 28, 2022 15:40
cert-manager-certificate.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl -n demos apply -f - << EOF | |
| apiVersion: cert-manager.io/v1 | |
| kind: Certificate | |
| metadata: | |
| name: demo-cert-tls | |
| spec: | |
| dnsNames: | |
| - demo-cert.jetstack.mcginlay.net | |
| issuerRef: | |
| group: cert-manager.io |
amcginlay
/ kind-cluster-enterprise-tlspk.md
Last active
February 16, 2023 11:42
Adding a new cluster to Enterprise Jetstack Secure
amcginlay
/ policy.yaml
Last active
November 11, 2022 12:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: policy.cert-manager.io/v1alpha1 | |
| kind: CertificateRequestPolicy | |
| metadata: | |
| name: accept-all | |
| spec: | |
| allowed: | |
| dnsNames: | |
| values: | |
| - "*" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: ClusterIssuer | |
| metadata: | |
| name: self-signed | |
| spec: | |
| selfSigned: {} |