Skip to content

Instantly share code, notes, and snippets.

View ams0's full-sized avatar
🏠
Working from home

Alessandro Vozza ams0

🏠
Working from home
315 followers · 94 following
View GitHub Profile
@ams0
ams0 / dashboard-viewonly.yaml
Created January 10, 2019 22:42
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dashboard-viewonly
rules:
- apiGroups:
- ""
resources:
- configmaps
@ams0
ams0 / docker-root-ds.yaml
Created February 4, 2019 08:27
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: docker-root
spec:
selector:
matchLabels:
name: docker-root
template:
metadata:
@ams0
ams0 / create_sa_and_kubeconfig.sh
Created February 20, 2019 21:15
create a serviceaccount and its kubeconfig (works on macOS)
#!/bin/bash
$saname=$1
k create sa $saname
#works on Mac OS X
server=`kubectl cluster-info | sed $'s,\x1b\\[[0-9;]*[a-zA-Z],,g'| grep master | awk '{print $6}'`
name=`kubectl get secret | grep $saname|awk '{print $1}'`
@ams0
ams0 / kiali-grafana-fix.yaml
Created March 19, 2019 00:24
apiVersion: v1
kind: Secret
metadata:
name: kiali
namespace: istio-system
labels:
app: kiali
type: Opaque
data:
username: YWRtaW4=
@ams0
ams0 / service-mesh-demo.md
Last active March 20, 2019 09:14
@ams0
ams0 / apt-get-install.yaml
Created May 1, 2019 10:05
Installs a package on a node
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: apt-get-install
spec:
selector:
matchLabels:
name: apt-get-install
template:
metadata:
@ams0
ams0 / Create a privileged Deployment with PSP.md
Last active May 1, 2019 11:14
Create a SA and a binding to the psp:privileged role, then creates a deployment with hostmount

PSP are evaluated only when a pod is created directly; when a Deployment or a Daemonset creates a pod, does so using the default serviceaccount of that namespace. Thus, you need to give that SA (or a purposefully create SA) a binding to the appropriate PSP.

@ams0
ams0 / istio-psp.yaml
Created May 18, 2019 12:24
istio-psp.yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: istio-init-psp
spec:
privileged: true
allowPrivilegeEscalation: true
allowedCapabilities:
- '*'
volumes:
@ams0
ams0 / aks-agent.md
Created May 29, 2019 16:03
Run VSTS agents in AKS 
#https://github.com/Hyperfish/vsts-build.git

# values.yaml
vsts:
  enabled: true
  repository: microsoft/vsts-agent
  tag: "ubuntu-16.04-docker-18.06.1-ce-standard"
 replicaCount: 2
@ams0
ams0 / Helm3 - nginx ingress and cert-manager.txt
Last active February 12, 2020 16:20
alias h3='helm3'
#I can only make it work in kube-system
kubectl config set-context $(kubectl config current-context) --namespace=kube-system
#to be replaced with helm?
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml
h3 upgrade --install cert-manager \
--version v0.8.0 jetstack/cert-manager \