Hack on openshift-ansible roles against a local openshift environment. We have to use an openshift-ansible container to workaround local dependencies.
NOTE: run from base of local openshift-ansible repo.
- Bring up local cluster
Aaron Weitekamp aweiteka
aweiteka
/ cluster_entity.sh
Last active
September 23, 2019 00:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IFS=' | |
| ' | |
| URL="https://api.openshift.com" | |
| for CLUSTER in $(ocm cluster list --managed --columns "name,subscription.href" --padding 70 | grep -v SUBSCRIPTION) | |
| do | |
| SUBREF=$(echo $CLUSTER | awk '{print $2}') | |
| CLUSTERNAME=$(echo $CLUSTER | awk '{print $1}') | |
| ENTITY=$(curl -s -H "Authorization: Bearer $(ocm token)" $URL/$(curl -s -H "Authorization: Bearer $(ocm token)" $URL$SUBREF | jq -r .creator.href) |jq -r .organization.name) |
aweiteka
/ sd-csv-aggregated.clusterrole.yaml
Created
January 21, 2019 17:04
Allow internal users to manage ClusterServiceVersion (CSV)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: aggregate-sd-csv-admin | |
| labels: | |
| # Add these permissions to the "dedicated-admin" role. | |
| rbac.authorization.k8s.io/aggregate-to-dedicated-admin: "true" | |
| rules: | |
| - apiGroups: ["operators.coreos.com"] | |
| resources: ["clusterserviceversions"] |
aweiteka
/ osd-clusterroles.yaml
Created
January 17, 2019 16:50
OpenShift Dedicated clusterroles -- dedicated-cluster-admin and dedicated-project-admin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: authorization.openshift.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| annotations: | |
| authorization.openshift.io/system-only: "true" | |
| creationTimestamp: null | |
| name: dedicated-cluster-admin | |
| rules: | |
| - apiGroups: |
aweiteka
/ helloworld.go
Created
October 5, 2018 16:00
Golang CLI that can also be used as an ansible binary module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/json" | |
| "fmt" | |
| "io/ioutil" | |
| "os" | |
| ) | |
| type ModuleArgs struct { |
aweiteka
/ dev_openshift-ansible.md
Created
April 5, 2018 15:44
Run arbitrary playbooks from openshift-ansible against local oc cluster up environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl http://172.31.59.87:9100/metrics | |
| # HELP go_gc_duration_seconds A summary of the GC invocation durations. | |
| # TYPE go_gc_duration_seconds summary | |
| go_gc_duration_seconds{quantile="0"} 5.7344e-05 | |
| go_gc_duration_seconds{quantile="0.25"} 0.000151705 | |
| go_gc_duration_seconds{quantile="0.5"} 0.000206746 | |
| go_gc_duration_seconds{quantile="0.75"} 0.000301577 | |
| go_gc_duration_seconds{quantile="1"} 0.079028318 | |
| go_gc_duration_seconds_sum 6.089335658 | |
| go_gc_duration_seconds_count 1461 |
aweiteka
/ etc-containers-policy.json
Last active
October 18, 2017 14:01
Example policy with 2 signatures from 2 different parties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "default": [{"type": "reject"}], | |
| "transports": { | |
| "docker": { | |
| "registry.example.com:5000/big/app": [ | |
| { | |
| "type": "signedBy", | |
| "keyType": "GPGKeys", | |
| "keyPath": "/path/to/foo.gpg" /* assumes you've already downloaded foo pubkey to host */ | |
| }, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: each 'hostname' needs to be unique | |
| # but they are simply arbitrary names for each cluster | |
| [dev] | |
| dev ansible_connection=local gather_facts=no | |
| [stage] | |
| stage ansible_connection=local gather_facts=no | |
| [prod] | |
| prod ansible_connection=local gather_facts=no |
aweiteka
/ get_occlient.sh
Created
September 1, 2017 15:12
Download and install local OpenShift client from gzip tar
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # download and install openshift client 'oc' from gzip tar | |
| if [[ $# -eq 0 ]]; then | |
| echo "No parameter provided. Use the full URL to the gzip tar oc client to download." | |
| echo "example: ${0} https://github.com/openshift/origin/releases/download/v3.6.0/openshift-origin-server-v3.6.0-c4dd4cf-linux-64bit.tar.gz" | |
| exit | |
| fi |
NewerOlder