- GKE with Google-managed SSL certificates
- Use ManagedCertificate CRD to create a object.
- Associate the ManagedCertificate object to an Ingress by adding an annotation networking.gke.io/managed-certificates to the Ingress. This annotation is a comma-separated list of ManagedCertificate resources, cert1,cert2,cert3 for example.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import json | |
| import sys | |
| import requests | |
| import getpass | |
| ''' | |
| Given the bitbucket.org user id, |
pydevops
/ gke-ingress-manged-tls.md
Last active
August 10, 2023 09:20
Create a GCP managed TLS certificate for the GKE ingress
git clone https://github.com/pydevops/quickstart-js.giton your laptop.- Insert the corresponding
firebase web appconfig copied from firebase web console in storage/index.html - Set up for development and deploy
$ brew install node # install node if you haven't
$ npm install -g firebase-tools
$ cd storage
$ firebase login
pydevops
/ k8s-crd.md
Last active
September 1, 2023 00:41
— forked from smileisak/operators.md
k8s crd operator
Some useful resources regarding Kubernetes Operators, CRDs, etc.
- Kubernetes sample controller: https://github.com/kubernetes/sample-controller
- Joe Beda's TGIK sample repo and YouTube videos: https://github.com/jbeda/tgik-controller
- Thomas Stringer's blog post: https://medium.com/@trstringer/create-kubernetes-controllers-for-core-and-custom-resources-62fc35ad64a3
- Kube-controller-demo by Aaron Levy: https://github.com/aaronlevy/kube-controller-demo
- Analyzing value of Operator Framework for Kubernetes community: https://itnext.io/analyzing-value-of-operator-framework-for-kubernetes-community-5a65abc259ec
- Steps to generate CRD/Operator code: cloud-ark/kubeplus#14
- kubebuilder: https://github.com/kubernetes-sigs/kubebuilder
- CoreOS operator framework: https://coreos.com/blog/introducing-operator-framework
- A thread on Reddit: https://www.reddit.com/r/kubernetes/comments/8ien90/if_i_were_to_build_an_operator_what_should_i_use/
- https://www.linuxtrainingacademy.com/systemd-cheat-sheet/
- https://www.linux.com/training-tutorials/understanding-and-using-systemd/
- https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
- https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal
- https://www.youtube.com/watch?v=ZUX9Fx8Rwzg&index=9&list=PLCq0ZVVxGP0Y-xlum2pnhqwsrIf61J6Ka
- https://www.youtube.com/watch?v=AtEqbYTLHfs
main.py
import config
globals().update(config.constants())
print(PI)
config.py
def constants():
c={'PI':'3.14'}
pydevops
/ GitHub-Forking.md
Created
February 11, 2019 22:09
— forked from Chaser324/GitHub-Forking.md
GitHub Standard Fork & Pull Request Workflow
Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on.
In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project.
Just head over to the GitHub page and click the "Fork" button. It's just that simple. Once you've done that, you can use your favorite git client to clone your repo or j
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -o errexit | |
| set -o nounset | |
| set -o pipefail | |
| # For one project only | |
| # Please make sure to run `gcloud config set project <project_id> first` | |
| command -v gcloud >/dev/null 2>&1 || \ | |
| { echo >&2 "I require gcloud but it's not installed. Aborting.";exit 1; } |
pydevops
/ private-k8s.md
Last active
August 20, 2024 00:55
how to set up kubectl on laptop for private endpoint ONLY k8s cluster (AWS/GCP/On prem)
- Create a bastion vm in your data center or in cloud with connectivity set up (usually vpn) to the on prem data center.
- Install tinyproxy on the bastion vm and pick a random port as it would be too easy for spam bot with default 8888, set up as systemd service according to https://nxnjz.net/2019/10/how-to-setup-a-simple-proxy-server-with-tinyproxy-debian-10-buster/. Make sure it works by validating with
curl --proxy http://127.0.0.1:<tinyproxy-port> https://httpbin.org/ip. And I don't use any user authentication for proxy, so I locked down the firewall rules with my laptop IP/32. - Download the kubeconfig file for the k8s cluster to your laptop
- From your laptop, run
HTTPS_PROXY=<bastion-external-ip>:<tinyproxy-port> KUBECONFIG=my-kubeconfig kubectl get nodes
pydevops
/ gke-anthos-register.md
Last active
December 8, 2021 03:52
gke connect gateway register anthos
- https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster
- https://cloud.google.com/anthos/multicluster-management/gateway/using
- https://cloud.google.com/service-mesh/docs/gke-install-multi-cluster
- https://gist.github.com/mikesparr/7a34c308c98837a390c8899d1450f2f2#file-anthos-hub-k3s-demo-sh-L137
gcloud services enable connectgateway.googleapis.com
gcloud container hub memberships list
gcloud container hub memberships get-credentials <your-gke-connect-enabled-cluster-name>