Skip to content

Instantly share code, notes, and snippets.

View chadmcrowell's full-sized avatar
🏠
Working from home

Chad M. Crowell chadmcrowell

🏠
Working from home
369 followers · 65 following
View GitHub Profile
@chadmcrowell
chadmcrowell / test-network-policy.yaml
Created April 24, 2025 15:11
Test Network Policy - Acing The CKA
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: default
spec:
podSelector:
matchLabels:
role: db
policyTypes:
@chadmcrowell
chadmcrowell / 10-kindnet.conflist.json
Created April 7, 2025 17:50
kindnet CNI configuration
{
"cniVersion": "0.3.1",
"name": "kindnet",
"plugins": [
{
"type": "ptp",
"ipMasq": false,
"ipam": {
"type": "host-local",
"dataDir": "/run/cni-ipam-state",
@chadmcrowell
chadmcrowell / hpa.yaml
Created March 8, 2025 14:33
HPA with Stabilization window
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 2
@chadmcrowell
chadmcrowell / bpf-features.txt
Created May 31, 2024 15:41
All BPF programs and maps that are currently loaded in the system
Scanning eBPF helper functions...
eBPF helpers supported for program type socket_filter:
- bpf_map_lookup_elem
- bpf_map_update_elem
- bpf_map_delete_elem
- bpf_ktime_get_ns
- bpf_get_prandom_u32
- bpf_get_smp_processor_id
- bpf_tail_call
- bpf_perf_event_output
@chadmcrowell
chadmcrowell / cilium-network-policy-enforce-L7.yaml
Created May 31, 2024 15:04
Define cilium network policy to enforce L7 policies
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: my-app-policy
namespace: default
spec:
endpointSelector:
matchLabels:
app: my-app
ingress:
@chadmcrowell
chadmcrowell / envoy-configMap.yaml
Created May 31, 2024 15:03
Envoy configMap to enable L7 routing
apiVersion: v1
kind: ConfigMap
metadata:
name: envoy-config
namespace: default
data:
envoy.yaml: |
static_resources:
listeners:
- name: listener_0
@chadmcrowell
chadmcrowell / install-cilium-service-mesh-with-helm.sh
Created May 31, 2024 15:01
Install Cilium with Service Mesh, Envoy, L7 Proxy, and ingress/egress gateways
helm install cilium cilium/cilium --version 1.15.5 --namespace kube-system \
--set global.enabled=true \
--set global.kubernetesServiceHost=<your-k8s-api-server> \
--set global.kubernetesServicePort=<your-k8s-api-port> \
--set global.hubble.enabled=true \
--set global.hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}" \
--set global.hubble.ui.enabled=true \
--set global.hubble.relay.enabled=true \
--set global.egressGateway.enabled=true \
--set global.ingressController.enabled=true \
@chadmcrowell
chadmcrowell / cks-book-system-hardening.sh
Last active January 26, 2024 18:00
CKS Exam Book - System Hardening - Chapter 4
######################################
######### DISABLING SERVICES #########
######################################
# view running services
systemctl | grep running
# view state of snapd service
systemctl status snapd
# stop the snapd service
@chadmcrowell
chadmcrowell / dallas-k8s-workshop-configmaps.sh
Created October 19, 2023 21:32
Dallas Kubernetes Workshop - ConfigMaps
# use the following lab environment:
# https://studyk8s.club/cka-configmaps
# create the configmap
cat << EOF > redis-configMap.yaml
apiVersion: v1
data:
redis-config: |
maxmemory: 2mb
maxmemory-policy: allkeys-lru
@chadmcrowell
chadmcrowell / dallas-k8s-workshop-logging.sh
Created October 19, 2023 21:07
Dallas Kubernetes Workshop - Logging
# perform the commands from this lab environment:
# https://studyk8s.club/cka-logging
# create a pod that will output logs to stdout
cat << EOF > pod-logging.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-logging
spec: