pascalandy

Kube 101

Requirements

• Docker Engine 19.03+ (tested successfully with Docker4Mac or Docker Linux)
• k3d binary installed on your PATH (https://github.com/rancher/k3d)
• kubectl binary installed on your PATH (https://kubernetes.io/docs/tasks/tools/install-kubectl/)
• A bash prompt

Create Kubernetes Cluster

pascalandy

#!/usr/bin/env bash

brew update && brew upgrade && brew update && brew upgrade &&

(set -x; brew update;)

(set -x; brew cleanup;)
(set -x; brew cask cleanup;)

red=`tput setaf 1`

pascalandy

Linux

apt-get install libatlas-base-dev python-dev gfortran pkg-config libfreetype6-dev

pip install enigma-catalyst matplotlib

Mac

pascalandy

Default

Powerlevel9k

pascalandy

version: '3'
services:
  # FRONT
  chronograf:
    # Full tag list: https://hub.docker.com/r/library/chronograf/tags/
    image: chronograf
    deploy:
      replicas: 1
      placement:
        constraints:

pascalandy

# NOT FOR SHELL SCRIPT, but rather just for quick copy paste 
# this is a copy-paste version with defaults of the full shell script docker-xenial.sh which is below this one in gist.

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D && \
mkdir -p /etc/apt/sources.list.d && \
echo deb https://apt.dockerproject.org/repo ubuntu-xenial main > /etc/apt/sources.list.d/docker.list && \
service lxcfs stop && apt-get remove -y -q lxc-common lxcfs lxd lxd-client && \
apt-get update -q && apt-get upgrade -y -q && \
apt-get install -y -q docker-engine && \
mkdir -p /etc/systemd/system/docker.service.d && \

pascalandy

# NOT FOR SHELL SCRIPT, but rather just for quick copy paste 
# this is a copy-paste version with defaults of the full shell script docker-xenial.sh which is below this one in gist.

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D && \
mkdir -p /etc/apt/sources.list.d && \
echo deb https://apt.dockerproject.org/repo ubuntu-xenial main > /etc/apt/sources.list.d/docker.list && \
service lxcfs stop && apt-get remove -y -q lxc-common lxcfs lxd lxd-client && \
apt-get update -q && apt-get upgrade -y -q && \
apt-get install -y -q docker-engine && \
mkdir -p /etc/systemd/system/docker.service.d && \

pascalandy

# RSA
ssl_certificate		/path/fullchain.pem;
ssl_certificate_key	/path/privkey.pem;

# ECDSA
ssl_certificate		/path/0001_chain.pem;
ssl_certificate_key	/path/itchy.nl.ec.key;

ssl_dhparam		/path/dhparam4096.pem;

pascalandy

proxy_hide_header	Server;
proxy_hide_header	X-Powered-By;
proxy_hide_header	Etag;

proxy_set_header	Host $http_host;
proxy_set_header	X-Real-IP $remote_addr;
proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header	X-Forwarded-Proto $scheme;

pascalandy

more_set_headers "X-UA-Compatible: IE=Edge";
more_set_headers "X-XSS-Protection: 1; mode=block";

more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains; preload";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Content-Type-Options: nosniff";

more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' data: gist.github.com embedr.flickr.com widgets.flickr.com; style-src 'self' 'unsafe-inline' data: assets-cdn.github.com; img-src 'self' data: www.gravatar.com farm2.staticflickr.com; font-src 'self' data:; connect-src 'self' embedr.flickr.com geo.query.yahoo.com; media-src 'none'; object-src 'self'; child-src 'self' www.youtube.com gaming.youtube.com player.twitch.tv; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri https://www.itchy.nl; manifest-src 'self'; disown-opener; referrer no-referrer-when-downgrade;";

# Let's Encrypt Authority X3, RSA, ECDSA, CSR, backup CSR