Skip to content

Instantly share code, notes, and snippets.

@eumel8
eumel8 / sort-yaml.go
Created June 11, 2024 15:52
sort-yaml
// a program to sort keys in a given directory with yaml files
package main
import (
"fmt"
"io/ioutil"
"log"
"os"
"sort"
"strings"
@eumel8
eumel8 / composition-s3-backup.yaml
Created March 14, 2024 21:52
composition-s3-backup.yaml
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
annotations:
name: vcluster.caas.telekom.de
spec:
compositeTypeRef:
apiVersion: caas.telekom.de/v1alpha1
kind: Vcluster
mode: Resources
@eumel8
eumel8 / vcluster-backup.yaml
Created March 14, 2024 10:00
vcluster-backup.yaml
# adjust s3 access_key,host_base, secret_key, and s3 bucketname
apiVersion: v1
kind: Secret
metadata:
name: s3cfg
type: Opaque
stringData:
.s3cfg: |-
[default]
access_key = xxxxx
@eumel8
eumel8 / create-vcluster-for-istio.md
Last active January 2, 2024 18:01
vcluster-demo

prerequisites

have a Rancher project with 2 namespaces where the Pods and Services seen each other

create vcluster

service exposes via IngressRoutesTCP

helm -n vc1 upgrade vc1 --set isolation.networkPolicy.enabled=false --version 0.15.7 oci://mtr.devops.telekom.de/caas/charts/vcluster
@eumel8
eumel8 / mystruct2.go
Created October 8, 2023 16:34
Sort Go Types with comments alphabetically
package mystruct
// LoggingSpec defines the desired state of Logging
type MyStruct struct {
// Reference to the logging system. Each of the `loggingRef`s can manage a fluentbit daemonset and a fluentd statefulset.
LoggingRef string `json:"loggingRef,omitempty"`
// Disable configuration check before applying new fluentd configuration.
FlowConfigCheckDisabled bool `json:"flowConfigCheckDisabled,omitempty"`
// Whether to skip invalid Flow and ClusterFlow resources
@eumel8
eumel8 / getpod.yaml
Created October 4, 2023 15:23
getpod
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
name: getpods
name: getpods
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@eumel8
eumel8 / curl.yaml
Last active August 17, 2023 13:02
curl-k8s-api
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: curl-client
name: curl-client
spec:
serviceName: curl-client
replicas: 1
@eumel8
eumel8 / migrate-keycloak-user.sh
Last active May 23, 2023 13:20
migrate Rancher Keycloak saml to oidc user
#!/bin/sh
# keycloak saml user object:
# principalIds:
# - keycloak_user://[email protected]
# - local://u-pxxxxxxx
#
# keycloak oidc user object:
# principalIds:
# - keycloakoidc_user://[email protected]
@eumel8
eumel8 / 01-recommended.yaml
Created April 24, 2023 16:11
kubernetes-dashboard install
@eumel8
eumel8 / gist:60a2d96aad4d6938625f0d535578fd3f
Last active April 21, 2023 07:55
prometheus-auth fix token
# This behaviour comes in Kubernetes 1.21 with a change of Serviceaccount token format. Bound tokens become default, legacy
# token still alive. In prometheus-auth, a middleware
# for bearer token auth in front of prometheus, a SubjectAccessReview will looking for a token, provided by the federated
# prometheus instance via http endpoint. This token is searched in a list of secrets cluster-wide and if there is a match,
# comparing process started for ServiceAccount and Namespace. After success, a hijack federate will provide access to the
# related cluster metrics. Normaly, the token in the federate call and the content of the related secret of the
# ServiceAccount is equal. In newer Kubernetes version this format is rewritten and internally the new format of bound token
# is stored.
ä With this difference, the SubjectAccessReview is denied and no metrics are accessable. Unfortunatelly the related
# ServiceMonitor for federate is UP, no errors are visiable.