Skip to content

Instantly share code, notes, and snippets.

View ams0's full-sized avatar
🏠
Working from home

Alessandro Vozza ams0

🏠
Working from home
355 followers · 128 following
View GitHub Profile
@ams0
ams0 / blog.md
Last active December 21, 2019 18:55
Introducing Gistlog landing pages

Welcome to my landing page for my Gistlog; I've been experimenting with blogging platforms for a while but I think I found my Nirvana. Stay tuned!

@ams0
ams0 / aks_privatecluster_dns.sh
Created December 12, 2019 09:07
A simple script to extract the private DNS IP for an AKS private cluster
‎‎​#/bin/bash
#AKS private clusters
#Setup VPN gw with OpenVPN
rg=k8s
clustername=private
az aks get-credentials -g $rg -n $clustername
@ams0
ams0 / azuredevops_agents_in_aks
Created November 25, 2019 21:49
https://github.com/Hyperfish/vsts-build.git
vsts:
enabled: true
repository: microsoft/vsts-agent
tag: "ubuntu-16.04-docker-18.06.1-ce-standard"
replicaCount: 2
pullPolicy: IfNotPresent
nodeSelector: {}
@ams0
ams0 / AKS_MSI_CSI.sh
Created November 18, 2019 00:35
#to make this instruction work: https://github.com/kubernetes-sigs/azuredisk-csi-driver
RG=k8s
AKS=csi
SUB=12c7e9d6-967e-40c8-8b3e-4659a4ada3ef
#Create the AKS cluster - NOTE! you can't use AZ until https://github.com/kubernetes-sigs/azuredisk-csi-driver/issues/183
az aks create -k 1.15.5 --enable-managed-identity --load-balancer-sku Standard --network-plugin kubenet --network-policy calico -x -c 2 -s Standard_B4ms --nodepool-name base -g $RG -n $AKS
@ams0
ams0 / remove_terminating_namespace.sh
Last active November 13, 2019 08:13
How to terminate a namespae stuck in "Terminating" state by removing the Kubernetes finalizer
NS=linkerd
kubectl get ns $NS -o json > tmp.json
sed -i '' '/kubernetes/d' tmp.json
kubectl proxy &
curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json http://127.0.0.1:8001/api/v1/namespaces/$NS/finalize
bg
<ctrl-c>
@ams0
ams0 / linkerd2_helm3.sh
Last active July 21, 2020 10:26
#Deploy Linkerd2 with helm3 and certificates
kubectl create ns linkerd
kubectl label ns linkerd config.linkerd.io/admission-webhooks=disabled
#brew install step
step certificate create identity.linkerd.cluster.local ca.crt ca.key --profile root-ca --no-password --insecure
step certificate create identity.linkerd.cluster.local issuer.crt issuer.key --ca ca.crt --ca-key ca.key --profile intermediate-ca --not-after 8760h --no-password --insecure
#install helm3-rc from https://github.com/helm/helm/releases
@ams0
ams0 / ambassador-crds.yaml
Created October 20, 2019 09:09
ambassador-crds.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: authservices.getambassador.io
spec:
group: getambassador.io
version: v1
versions:
- name: v1
served: true
@ams0
ams0 / nsenter-node
Created September 17, 2019 08:18
#!/bin/sh
#https://itnext.io/get-a-shell-to-a-kubernetes-node-9b720a15a4fe
set -x
node=${1}
nodeName=$(kubectl get node ${node} -o template --template='{{index .metadata.labels "kubernetes.io/hostname"}}')
nodeSelector='"nodeSelector": { "kubernetes.io/hostname": "'${nodeName:?}'" },'
podName=${USER}-nsenter-${node}
kubectl run ${podName:?} --restart=Never -it --rm --image overriden --overrides '
{
"spec": {
@ams0
ams0 / acme-dns-ingress-cert-manager.yaml
Created July 19, 2019 17:26
#create a secret with
# kubectl -n cert-manager create secret generic azuredns-config --from-literal=client-secret=<secret>
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: "letsencrypt"
spec:
commonName: "*.dev.cookingwithazure.com"
dnsNames:
@ams0
ams0 / descheduler_cronjob.yaml
Created June 25, 2019 16:56
A template to deploy https://github.com/kubernetes-incubator/descheduler in one go
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: descheduler-cluster-role
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods"]