Skip to content

Instantly share code, notes, and snippets.

View erdii's full-sized avatar
🪤

Josh Gwosdz erdii

🪤
82 followers · 228 following
View GitHub Profile
@erdii
erdii / mirror.sh
Last active April 11, 2025 16:59
Install package-operator from mirrored image artifacts.
#!/bin/bash
set -euxo pipefail
skopeo copy --all \
docker://quay.io/package-operator/package-operator-package:v1.18.2 \
docker://quay.io/erdii-test/pko-mirror/package-operator-package:v1.18.2
skopeo copy --all \
docker://quay.io/package-operator/package-operator-manager:v1.18.2 \
docker://quay.io/erdii-test/pko-mirror/package-operator-manager:v1.18.2
@erdii
erdii / talk-to-http-service.go
Created March 25, 2025 11:55
talk to an in-cluster http service by proxying via the apiserver
package main
import (
"fmt"
"io"
"net/http"
"net/url"
"strings"
"k8s.io/client-go/rest"
@erdii
erdii / apply-dynamic-object.go
Last active February 4, 2025 15:55
Example: using dynamic client to parse and apply generic object types
package main
import (
"context"
"fmt"
"os"
"k8s.io/apimachinery/pkg/api/meta"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@erdii
erdii / imageprefix.go
Created February 3, 2025 13:03
prefix replacement logic draft
package imageprefix
import (
"strings"
)
type Override struct {
From, To string
}
@erdii
erdii / README.md
Created July 23, 2024 13:32
Example to quickly test who gets impersonated when an empty string is supplied as the user id and an empty list is supplied as groups in of a controller-runtime client.

impersonate-nobody

Example to quickly test who gets impersonated when an empty string is supplied as the user id and an empty list is supplied as groups in restConfig.Impersonate of a controller-runtime client.

# create kind cluster
export KIND_EXPERIMENTAL_PROVIDER=podman
kind create cluster

# run code
@erdii
erdii / external.yaml
Created February 26, 2024 12:45
PKO reproducer example for external object which get's torn down accidentally on objectset-deletion
apiVersion: package-operator.run/v1alpha1
kind: Package
metadata:
name: my-nginx
spec:
image: quay.io/erdii-test/nginx-package:e9e4e0e
---
apiVersion: package-operator.run/v1alpha1
kind: ObjectSet
metadata:
@erdii
erdii / gist:ed087efd9495b53ffdb17d6e2c2d72f4
Created October 12, 2023 13:59
hugo pko dev docs toc example
{{ $startLevel := .Site.Params.tocStartLevel | default 2 }}
{{ $endLevel := .Site.Params.tocEndLevel | default 3 }}
{{ $tagRe := printf "h[%d-%d]" $startLevel $endLevel }}
{{ $tocRe := printf "<%s.*?>(.|\n])+?</%s>" $tagRe $tagRe }}
{{ $headers := findRE $tocRe .Content }}
<nav id="TableOfContents">
<ul>
<li class="nav-h0"><a href="#page-top">{{.Title}}</a></li>
{{ range $headers }}
{{ $tagname := substr . 1 2 }}
@erdii
erdii / controllerof_lookup.go
Created October 9, 2023 09:04
controllerof_lookup.go
package controllers
import (
"k8s.io/apimachinery/pkg/runtime/schema"
corev1alpha1 "package-operator.run/apis/core/v1alpha1"
)
type ControllerOfLookupKey struct {
schema.GroupKind
@erdii
erdii / README.md
Last active September 20, 2023 08:12
Control Flows in Kubernetes: Orphaning deletion of an object with a finalizer.

TL;DR the orphan finalizer only ensures that children become orphans. Depending on the orphan finalizer being present during deletion/teardown is racy when there are other finalizers on the same object.

Orphaning deletion adds the orphan finalizer during deletion to ensure that all ownerReferences pointing to this object will be removed BEFORE the object gets deleted.
After all children had their ownerReferences removed, the orphan finalizer gets removed to unblock deletion of the parent object. This means that if the parent has another finalizer and someone watches the parent they:

  • Will probably see the orphan finalizer being added on deletion and then removed again afterwards.
  • Are not guaranteed to see the orphan finalizer on the deleted object at all.

An illustrated example:

  1. create parent configmap: kubectl apply -f parent.yaml
@erdii
erdii / http-proxy-on-openshift.yaml
Created September 8, 2023 08:59
Quick and dirty exposed http proxy in openshift
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: proxy
namespace: default
spec:
to:
kind: Service
name: proxy
---