#https://github.com/Hyperfish/vsts-build.git
# values.yaml
vsts:
enabled: true
repository: microsoft/vsts-agent
tag: "ubuntu-16.04-docker-18.06.1-ce-standard"
replicaCount: 2
ams0
/ Istio with istio-cni and helm3.sh
Last active
September 17, 2019 07:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl create ns istio-system | |
| kubectl config set-context $(kubectl config current-context) --namespace=istio-system | |
| alias h3='helm3' | |
| h3 repo add istio https://storage.googleapis.com/istio-release/releases/1.1.7/charts/ | |
| h3 repo update | |
| #install istio-cni | |
| h3 upgrade --install istio-cni istio/istio-cni --set istio_cni.enabled=true |
ams0
/ create_kiali_grafana_secret.sh.txt
Last active
June 1, 2019 05:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| GRAFANA_USERNAME=$(echo -n "grafana" | base64) | |
| GRAFANA_PASSPHRASE=$(echo -n "grafana" | base64) | |
| cat <<EOF | kubectl apply -f - | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: grafana |
ams0
/ Helm3 - nginx ingress and cert-manager.txt
Last active
February 12, 2020 16:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alias h3='helm3' | |
| #I can only make it work in kube-system | |
| kubectl config set-context $(kubectl config current-context) --namespace=kube-system | |
| #to be replaced with helm? | |
| kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml | |
| h3 upgrade --install cert-manager \ | |
| --version v0.8.0 jetstack/cert-manager \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: istio-init-psp | |
| spec: | |
| privileged: true | |
| allowPrivilegeEscalation: true | |
| allowedCapabilities: | |
| - '*' | |
| volumes: |
ams0
/ Create a privileged Deployment with PSP.md
Last active
May 1, 2019 11:14
Create a SA and a binding to the psp:privileged role, then creates a deployment with hostmount
PSP are evaluated only when a pod is created directly; when a Deployment or a Daemonset creates a pod, does so using the default serviceaccount of that namespace. Thus, you need to give that SA (or a purposefully create SA) a binding to the appropriate PSP.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| name: apt-get-install | |
| spec: | |
| selector: | |
| matchLabels: | |
| name: apt-get-install | |
| template: | |
| metadata: |
ams0
/ service-mesh-demo.md
Last active
March 20, 2019 09:14
#Istio demo #https://docs.microsoft.com/en-us/azure/aks/istio-scenario-routing
https://docs.microsoft.com/en-us/azure/aks/istio-install
ISTIO_VERSION=1.0.4
curl -sL "https://github.com/istio/istio/releases/download/$ISTIO_VERSION/istio-$ISTIO_VERSION-osx.tar.gz" | tar xz
cd istio-\$ISTIO_VERSION
ams0
/ kiali-grafana-fix.yaml
Created
March 19, 2019 00:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: kiali | |
| namespace: istio-system | |
| labels: | |
| app: kiali | |
| type: Opaque | |
| data: | |
| username: YWRtaW4= |
ams0
/ create_sa_and_kubeconfig.sh
Created
February 20, 2019 21:15
create a serviceaccount and its kubeconfig (works on macOS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| $saname=$1 | |
| k create sa $saname | |
| #works on Mac OS X | |
| server=`kubectl cluster-info | sed $'s,\x1b\\[[0-9;]*[a-zA-Z],,g'| grep master | awk '{print $6}'` | |
| name=`kubectl get secret | grep $saname|awk '{print $1}'` |