Rodrigo Alvares ralvares

🏠

Working from home

Currently developing and implementing complex solutions using in-depth Kubernetes security knowledge.

ralvares / ipxe with bond0

Created March 17, 2021 07:53

ipxe custom file with bond0

	#!ipxe


	set cluster_name ocp4
	set domain_name example.com

	set fileserver 192.168.122.1:80
	set kernel rhcos-live-kernel-x86_64
	set initrd rhcos-live-initramfs.x86_64.img
	set rootfs rhcos-live-rootfs.x86_64.img

ralvares / quay all in one

Last active June 14, 2022 08:00

Quay - All in One - Using podman pod

	podman login registry.redhat.io

	export domain=quay.ralvares.local
	export QUAY=/data/quay

	mkdir -p $QUAY/postgres-quay
	mkdir $QUAY/clair
	mkdir -p $QUAY/config/extra_ca_certs

	mkdir $QUAY/storage

ralvares / Sample Operator Configuration

Last active April 20, 2021 10:56

Sample Operator

	## ADD Certificate

	registry=registry.example.local:5000

	oc create configmap registry-bastion -n openshift-config --from-file=registry.example.local..5000=/registry/certs/domain.crt
	oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-bastion"}}}' --type=merge

	https://access.redhat.com/solutions/5067531

	This repository contains a curated set of image streams and templates for OpenShift.

ralvares / gist:bb892013a7f45a2e312b2e425b4f4061

Created June 15, 2021 12:46

MachineConfigPool per Node

	Worker-3
	==================================================

	apiVersion: machineconfiguration.openshift.io/v1
	kind: MachineConfigPool
	metadata:
	name: worker-3
	spec:
	machineConfigSelector:
	matchExpressions:

ralvares / LDAPSyncConfig

Created June 21, 2021 10:14

LdapSyncConfig

ralvares / oscap-podman

Created July 14, 2021 06:11

	yum install openscap-utils

	wget -O - https://www.redhat.com/security/data/oval/v2/RHEL8/rhel-8.oval.xml.bz2 \| bzip2 --decompress > rhel-8.oval.xml

	oscap-podman registry.access.redhat.com/ubi8 oval eval --report vulnerability.html rhel-8.oval.xml

ralvares / sno on kvm

Last active May 3, 2022 16:39

Install Single Node Cluster on KVM - for fun

	My environment is below:

	Centos8
	libvirtd (libvirt) 7.0.0
	libvirt network: default - Range 192.168.122.0/24
	Domain and Single Node IP: *.sno.local 192.168.122.10

	Extracting openshift-baremetal-install

	export VERSION=latest-4.8

ralvares / tier3-demo

Created November 16, 2021 13:43

	### Namespace per tier ###

	oc new-project kiosk-backend
	oc new-project kiosk-frontend
	oc new-project kiosk-database


	oc new-app https://github.com/jankleinert/concession-kiosk-backend --name backend -n kiosk-backend

ralvares / sno-staticip.txt

Last active September 15, 2023 02:31

Installing single node with staticIP and nip.io

	## Download Artifacts

	## openshift-client

	curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.9/openshift-client-linux.tar.gz \| tar zxvf - oc && mv oc /usr/local/bin

	## butane

	wget https://mirror.openshift.com/pub/openshift-v4/clients/butane/latest/butane -O /usr/local/bin/butane && chmod +x /usr/local/bin/butane

ralvares / gist:fb3d521ff0bf05ae415170b73134fb76

Last active April 26, 2022 12:06

upload manifest to ansible tower using bash

	USER=$(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.adminUser}')
	PASS=$(oc get -n ansible-automation-platform secret $(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.adminPasswordSecret}') -o go-template='{{index .data "password" \| base64decode}}')

	FILENAME=$(cat manifest_ansible-tower.zip \| base64)
	ROUTE=$(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.URL}')

	header="Content-Type: application/json"
	request_body=$(cat <<EOF
	{
	"eula_accepted": true,