Rodrigo Alvares ralvares

🏠

Working from home

Currently developing and implementing complex solutions using in-depth Kubernetes security knowledge.

ralvares / nfs-provisioner.yaml

Created November 7, 2022 13:54

nfs-provisioner

	apiVersion: template.openshift.io/v1
	kind: Template
	labels:
	template: nfs-client-provisioner
	message: 'NFS storage class ${STORAGE_CLASS} created.'
	metadata:
	annotations:
	description: nfs-client-provisioner
	openshift.io/display-name: nfs-client-provisioner
	openshift.io/provider-display-name: Tiger Team

ralvares / dnsmasq.txt

Last active October 7, 2022 13:20

ralvares / gist:9165194993a11842eff1532a418fc70f

Created October 4, 2022 09:37

sno-staticip version 4.11.5

	# Updated for OCP 4.11.5
	# https://gist.github.com/ralvares/976dce493b43c498cf781f8b8dff28d3

	## Download Artifacts

	# housekeep old vm if necessary
	virsh destroy master-sno
	virsh undefine master-sno

	## openshift-client

ralvares / gist:ccdd35ddde0fce18084524f48001c0d4

Created September 23, 2022 07:55

venafi - certmangager

	kubectl create secret generic cloud-secret \
	--namespace='sock-shop' \
	--from-literal=apikey='xxxxx-xxxxx-xxxxx-xxxxx-xxxxx'
	----
	apiVersion: cert-manager.io/v1
	kind: Issuer
	metadata:
	name: cloud-venafi-issuer
	namespace: sock-shop
	spec:

ralvares / gist:9eda4c59880c23667eabda01d0f56cf5

Created July 21, 2022 13:04

tekton patch sa

	kubectl create secret docker-registry regcred --docker-password=TOKEN --docker-username=USERNAME --docker-server=quay.io -n workshop
	kubectl patch serviceaccount pipeline -p '{"secrets": [{"name": "regcred"}]}'

ralvares / policy-anyuid-enforce.yaml

Last active June 23, 2022 05:35

policy-anyuid-enforce

	apiVersion: policy.open-cluster-management.io/v1
	kind: Policy
	metadata:
	name: policy-anyuid-enforce
	namespace: default
	annotations:
	policy.open-cluster-management.io/categories: AC Access Control
	policy.open-cluster-management.io/controls: AC-3 Access Enforcement
	policy.open-cluster-management.io/standards: NIST SP 800-53
	spec:

ralvares / policy-anyuid-status.yaml

Last active June 23, 2022 05:26

policy-anyuid-root-user

	apiVersion: policy.open-cluster-management.io/v1
	kind: Policy
	metadata:
	name: policy-anyuid-status
	namespace: default
	annotations:
	policy.open-cluster-management.io/categories: AC Access Control
	policy.open-cluster-management.io/controls: AC-3 Access Enforcement
	policy.open-cluster-management.io/standards: NIST SP 800-53
	spec:

ralvares / SNO - ACM autojoin

Created June 9, 2022 06:07

	#LOGIN TO HUB CLUSTER

	oc login

	#Create a cluster to Import

	export CLUSTER_NAME=sno-autoimport

	oc new-project ${CLUSTER_NAME}
	oc label namespace ${CLUSTER_NAME} cluster.open-cluster-management.io/managedCluster=${CLUSTER_NAME}

ralvares / gist:fb3d521ff0bf05ae415170b73134fb76

Last active April 26, 2022 12:06

upload manifest to ansible tower using bash

	USER=$(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.adminUser}')
	PASS=$(oc get -n ansible-automation-platform secret $(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.adminPasswordSecret}') -o go-template='{{index .data "password" \| base64decode}}')

	FILENAME=$(cat manifest_ansible-tower.zip \| base64)
	ROUTE=$(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.URL}')

	header="Content-Type: application/json"
	request_body=$(cat <<EOF
	{
	"eula_accepted": true,

ralvares / sno-staticip.txt

Last active September 15, 2023 02:31

Installing single node with staticIP and nip.io

	## Download Artifacts

	## openshift-client

	curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.9/openshift-client-linux.tar.gz \| tar zxvf - oc && mv oc /usr/local/bin

	## butane

	wget https://mirror.openshift.com/pub/openshift-v4/clients/butane/latest/butane -O /usr/local/bin/butane && chmod +x /usr/local/bin/butane