Skip to content

Instantly share code, notes, and snippets.

View ralvares's full-sized avatar
🏠
Working from home

Rodrigo Alvares ralvares

🏠
Working from home
33 followers · 48 following
  • My Own Repo :)
  • Dubai - AE
View GitHub Profile
@ralvares
ralvares / central.yaml
Last active December 5, 2024 06:56
central-4.6.yaml
apiVersion: platform.stackrox.io/v1alpha1
kind: Central
metadata:
name: stackrox-central-services
namespace: stackrox
spec:
customize:
envVars:
- name: ROX_EXTERNAL_IPS
value: 'true'
@ralvares
ralvares / test
Created April 26, 2023 06:42
DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-`
oc create secret generic multiclusterhub-operator-pull-secret \
-n open-cluster-management-observability \
--from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \
--type=kubernetes.io/dockerconfigjson
ACCESS_KEY=""
SECRET_KEY=""
@ralvares
ralvares / generate_netpol.sh
Last active March 9, 2023 13:42
Generate Network Policies using roxctl (npguard) from running deployments.
if [ $# -eq 0 ]
then
echo "try: $0 payments-v2 frontend backend"
exit 1
fi
> netpols.yaml
for namespace in $@
do
@ralvares
ralvares / secured-cluster.yaml
Created February 17, 2023 09:17
rhacs yaml definition adding proxy configuration
apiVersion: platform.stackrox.io/v1alpha1
kind: SecuredCluster
metadata:
name: stackrox-secured-cluster-services
namespace: stackrox
spec:
admissionControl:
bypass: BreakGlassAnnotation
contactImageScanners: DoNotScanInline
listenOnCreates: true
@ralvares
ralvares / rhacs-image-puller-serviceaccount.yaml
Created February 17, 2023 09:06
Integrating RHACS scanner with the internal ocp registry
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: stackrox
name: stackrox-image-puller
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: stackrox-image-puller-clusterrolebinding
@ralvares
ralvares / disable_default_policies.sh
Created February 6, 2023 13:17
Disable all the default policies from RHACS
#!/bin/bash
if [[ -z "${ROX_ENDPOINT}" ]]; then
echo >&2 "ROX_ENDPOINT must be set"
exit 1
fi
if [[ -z "${ROX_API_TOKEN}" ]]; then
echo >&2 "ROX_API_TOKEN must be set"
exit 1
@ralvares
ralvares / Deploy ACS on non-ocp.txt
Last active April 5, 2023 09:50
adding kubernetes ask/esk instance to acs
4 simple steps
- Create namespace
- Create secret ( it is required )
- Generate cluster-init-bundle.
- Install secured-cluster using helm.
# Create namespace and Pull-Secret from cloud.redhat.com
kubectl create namespace stackrox
@ralvares
ralvares / nfs-provisioner.yaml
Created November 7, 2022 13:54
nfs-provisioner
apiVersion: template.openshift.io/v1
kind: Template
labels:
template: nfs-client-provisioner
message: 'NFS storage class ${STORAGE_CLASS} created.'
metadata:
annotations:
description: nfs-client-provisioner
openshift.io/display-name: nfs-client-provisioner
openshift.io/provider-display-name: Tiger Team
@ralvares
ralvares / dnsmasq.txt
Last active October 7, 2022 13:20
### libvirt lab network ###
cat > /root/lab.xml << EOF
<network connections='8'>
<name>lab</name>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
@ralvares
ralvares / gist:9165194993a11842eff1532a418fc70f
Created October 4, 2022 09:37
sno-staticip version 4.11.5
# Updated for OCP 4.11.5
# https://gist.github.com/ralvares/976dce493b43c498cf781f8b8dff28d3
## Download Artifacts
# housekeep old vm if necessary
virsh destroy master-sno
virsh undefine master-sno
## openshift-client