Roy Hiroyuki Osaki onelittlenightmusic

Lab Manager at Hitachi America, Software engineer, CKA, CKAD, CKS, The views and opinions expressed herein are on my own. He/him (大崎裕之 in Japanese)

onelittlenightmusic / worker.kubectl.check.sh

Created February 5, 2020 04:02

	kubectl --kubeconfig=./capi-quickstart.kubeconfig get nodes  ✔  1656  01:13:19

	NAME STATUS ROLES AGE VERSION
	capi-quickstart-capi-quickstart-controlplane-0 Ready master 20m v1.15.3
	capi-quickstart-capi-quickstart-worker-85cbf8fd8c-mhrlz Ready <none> 6m30s v1.15.3

onelittlenightmusic / edit.sh

Created February 5, 2020 04:05

$ kubectl edit machinedeployment capi-quickstart-worker

onelittlenightmusic / machinedeployment.diff

Created February 5, 2020 04:06

	- replica: 1
	+ replica: 2

onelittlenightmusic / edit.kubectl.check.sh

Created February 5, 2020 04:08

	$ kubectl get machines
	NAME PROVIDERID PHASE
	capi-quickstart-controlplane-0 docker:////capi-quickstart-capi-quickstart-controlplane-0 running
	capi-quickstart-worker-85cbf8fd8c-mhrlz docker:////capi-quickstart-capi-quickstart-worker-85cbf8fd8c-mhrlz running
	capi-quickstart-worker-85cbf8fd8c-wjk9h provisioning

onelittlenightmusic / machinedeployment.docker.check.sh

Created February 5, 2020 04:08

	$ docker ps
	CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
	e55a1192feeb kindest/node:v1.15.3 "/usr/local/bin/entr…" About a minute ago Up About a minute capi-quickstart-capi-quickstart-worker-85cbf8fd8c-wjk9h
	e6162d760dd7 kindest/node:v1.15.3 "/usr/local/bin/entr…" 3 days ago Up 3 days capi-quickstart-capi-quickstart-worker-85cbf8fd8c-mhrlz
	f449784405e6 kindest/node:v1.15.3 "/usr/local/bin/entr…" 3 days ago Up 3 days 35547/tcp, 127.0.0.1:35547->6443/tcp capi-quickstart-capi-quickstart-controlplane-0
	38d5a9338e3d nginx:1.15.12-alpine "nginx -g 'daemon of…" 3 days ago Up 3 days 80/tcp, 40319/tcp, 0.0.0.0:40319->6443/tcp capi-quickstart-lb
	68d711500e26 kindest/node:v1.17.0 "/usr/local/bin

onelittlenightmusic / kubectl.final.sh

Created February 5, 2020 04:10

	$ kubectl --kubeconfig=./capi-quickstart.kubeconfig get nodes

	NAME STATUS ROLES AGE VERSION
	capi-quickstart-capi-quickstart-controlplane-0 Ready master 3d22h v1.15.3
	capi-quickstart-capi-quickstart-worker-85cbf8fd8c-mhrlz Ready <none> 3d22h v1.15.3
	capi-quickstart-capi-quickstart-worker-85cbf8fd8c-wjk9h Ready <none> 3m8s v1.15.3

onelittlenightmusic / main.rego

Created February 19, 2020 08:19

	package system
	import data.kubernetes.admission
	main = {
	"apiVersion": "admission.k8s.io/v1beta1",
	"kind": "AdmissionReview",
	"response": response,
	}
	default response = {"allowed": true}
	response = {
	"allowed": false,

onelittlenightmusic / ingress-whitelist.rego

Created February 19, 2020 08:21

	package kubernetes.admission
	import data.kubernetes.namespaces

	operations = {"CREATE", "UPDATE"}

	deny[msg] {
	input.request.kind.kind == "Ingress"
	operations[input.request.operation]
	host := input.request.object.spec.rules[_].host
	not fqdn_matches_any(host, valid_ingress_hosts)

onelittlenightmusic / namespace.yaml

Created February 19, 2020 08:40

	apiVersion: v1
	kind: Namespace
	metadata:
	annotations:
	ingress-whitelist: ".ok.com,.secondok.com"
	name: opa-example

onelittlenightmusic / ingress-ok.yaml

Created February 19, 2020 08:42

	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: ingress-ok
	namespace: opa-example
	spec:
	rules:
	- host: test.ok.com
	http:
	paths: