Skip to content

Instantly share code, notes, and snippets.

View gmaliar's full-sized avatar
💭
Recombobulating

Guy Maliar gmaliar

💭
Recombobulating
23 followers · 33 following
View GitHub Profile
@gmaliar
gmaliar / setup.sh
Created March 16, 2018 11:04
Auto-renewing secrets using Valut and Kubernetes | setup.sh
# install consul
helm install --name consul stable/consul --set Replicas=1
# install helm
helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
helm install incubator/vault --set vault.dev=true --set vault.config.storage.consul.address="consul-consul:8500",vault.config.storage.consul.path="vault"
# install postgres
helm install stable/postgresql --set postgresUser=root,postgresPassword=root,postgresDatabase=rails_development
@gmaliar
gmaliar / app-deployment.yml
Created March 16, 2018 11:54
Auto-renewing secrets using Valut and Kubernetes | app-deployment.yml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: vault-dynamic-secrets-rails
labels:
app: vault-dynamic-secrets-rails
spec:
replicas: 3
template:
metadata:
@gmaliar
gmaliar / index.js
Last active July 12, 2018 09:51
Node.js Kubernetes API Gateway
const k8sClient = require('kubernetes-client').Client;
const k8sConfig = require('kubernetes-client').config;
const JSONStream = require('JSONStream');
const proxy = require('express-http-proxy');
const express = require('express');
const client = new k8sClient({ config: k8sConfig.getInCluster() });
const app = express();
let router;
@gmaliar
gmaliar / gke.tf
Created January 19, 2019 13:24
provider "google" {
credentials = "${file("account.json")}"
project = "vault-sidecar"
region = "europe-west2"
}
resource "google_container_cluster" "primary" {
name = "vault-sidecar-cluster"
zone = "europe-west2-a"
remove_default_node_pool = true
@gmaliar
gmaliar / gke.tf
Last active February 2, 2019 12:43
resource "google_container_cluster" "primary" {
name = "vault-sidecar-cluster"
zone = "europe-west2-a"
remove_default_node_pool = true
}
resource "google_container_node_pool" "primary_pool" {
name = "primary-pool"
cluster = "${google_container_cluster.primary.name}"
zone = "europe-west2-a"
@gmaliar
gmaliar / crb.tf
Last active February 2, 2019 12:41
resource "kubernetes_cluster_role_binding" "operator-cluster-admin-binding" {
metadata {
name = "operator-cluster-admin-binding"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
@gmaliar
gmaliar / cloudsql.tf
Last active February 2, 2019 12:51
resource "google_sql_database_instance" "postgres" {
name = "db-instance"
database_version = "POSTGRES_9_6"
region = "europe-west2"
settings {
tier = "db-f1-micro"
}
provisioner "local-exec" {
@gmaliar
gmaliar / cloudproxy.yml
Created February 2, 2019 12:50
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: cloudsqlproxy
spec:
replicas: 1
template:
metadata:
labels:
app: cloudsqlproxy
@gmaliar
gmaliar / providers.tf
Created February 2, 2019 12:53
provider "google" {
credentials = "${file("creds/account.json")}"
project = "vault-sidecar"
region = "europe-west2"
}
provider "kubernetes" {
}
@gmaliar
gmaliar / etcd.yml
Created February 2, 2019 12:57
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: etcdclusters.etcd.database.coreos.com
spec:
group: etcd.database.coreos.com
names:
kind: EtcdCluster
listKind: EtcdClusterList
plural: etcdclusters