Skip to content

Instantly share code, notes, and snippets.

View aweiteka's full-sized avatar

Aaron Weitekamp aweiteka

  • Red Hat
  • Boston, MA
View GitHub Profile
#!/bin/bash
IFS='
'
URL="https://api.openshift.com"
for CLUSTER in $(ocm cluster list --managed --columns "name,subscription.href" --padding 70 | grep -v SUBSCRIPTION)
do
SUBREF=$(echo $CLUSTER | awk '{print $2}')
CLUSTERNAME=$(echo $CLUSTER | awk '{print $1}')
ENTITY=$(curl -s -H "Authorization: Bearer $(ocm token)" $URL/$(curl -s -H "Authorization: Bearer $(ocm token)" $URL$SUBREF | jq -r .creator.href) |jq -r .organization.name)
@aweiteka
aweiteka / sd-csv-aggregated.clusterrole.yaml
Created January 21, 2019 17:04
Allow internal users to manage ClusterServiceVersion (CSV)
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: aggregate-sd-csv-admin
labels:
# Add these permissions to the "dedicated-admin" role.
rbac.authorization.k8s.io/aggregate-to-dedicated-admin: "true"
rules:
- apiGroups: ["operators.coreos.com"]
resources: ["clusterserviceversions"]
@aweiteka
aweiteka / osd-clusterroles.yaml
Created January 17, 2019 16:50
OpenShift Dedicated clusterroles -- dedicated-cluster-admin and dedicated-project-admin
---
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
metadata:
annotations:
authorization.openshift.io/system-only: "true"
creationTimestamp: null
name: dedicated-cluster-admin
rules:
- apiGroups:
@aweiteka
aweiteka / helloworld.go
Created October 5, 2018 16:00
Golang CLI that can also be used as an ansible binary module
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
)
type ModuleArgs struct {
@aweiteka
aweiteka / dev_openshift-ansible.md
Created April 5, 2018 15:44
Run arbitrary playbooks from openshift-ansible against local oc cluster up environment

Goal

Hack on openshift-ansible roles against a local openshift environment. We have to use an openshift-ansible container to workaround local dependencies.

Steps

NOTE: run from base of local openshift-ansible repo.

  1. Bring up local cluster
@aweiteka
aweiteka / node_exporter.metrics
Last active January 10, 2018 14:02
node exporter metrics AWS
$ curl http://172.31.59.87:9100/metrics
# HELP go_gc_duration_seconds A summary of the GC invocation durations.
# TYPE go_gc_duration_seconds summary
go_gc_duration_seconds{quantile="0"} 5.7344e-05
go_gc_duration_seconds{quantile="0.25"} 0.000151705
go_gc_duration_seconds{quantile="0.5"} 0.000206746
go_gc_duration_seconds{quantile="0.75"} 0.000301577
go_gc_duration_seconds{quantile="1"} 0.079028318
go_gc_duration_seconds_sum 6.089335658
go_gc_duration_seconds_count 1461
@aweiteka
aweiteka / etc-containers-policy.json
Last active October 18, 2017 14:01
Example policy with 2 signatures from 2 different parties
{
"default": [{"type": "reject"}],
"transports": {
"docker": {
"registry.example.com:5000/big/app": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/path/to/foo.gpg" /* assumes you've already downloaded foo pubkey to host */
},
@aweiteka
aweiteka / inventory
Created September 13, 2017 18:46
Ansible inventory to manage multiple OpenShift clusters
# NOTE: each 'hostname' needs to be unique
# but they are simply arbitrary names for each cluster
[dev]
dev ansible_connection=local gather_facts=no
[stage]
stage ansible_connection=local gather_facts=no
[prod]
prod ansible_connection=local gather_facts=no
@aweiteka
aweiteka / miq-ocp.md
Last active September 7, 2017 20:10
MIQ+OpenShift laptop demo

Running ManageIQ and OpenShift on Laptop

Prereq

Assumes oc cluster up or similar workflow.

Deploy MIQ

Run via docker

@aweiteka
aweiteka / get_occlient.sh
Created September 1, 2017 15:12
Download and install local OpenShift client from gzip tar
#!/bin/bash
# download and install openshift client 'oc' from gzip tar
if [[ $# -eq 0 ]]; then
echo "No parameter provided. Use the full URL to the gzip tar oc client to download."
echo "example: ${0} https://github.com/openshift/origin/releases/download/v3.6.0/openshift-origin-server-v3.6.0-c4dd4cf-linux-64bit.tar.gz"
exit
fi