Rodrigo Alvares ralvares

🏠

Working from home

Currently developing and implementing complex solutions using in-depth Kubernetes security knowledge.

ralvares / policy-anyuid-status.yaml

Last active June 23, 2022 05:26

policy-anyuid-root-user

	apiVersion: policy.open-cluster-management.io/v1
	kind: Policy
	metadata:
	name: policy-anyuid-status
	namespace: default
	annotations:
	policy.open-cluster-management.io/categories: AC Access Control
	policy.open-cluster-management.io/controls: AC-3 Access Enforcement
	policy.open-cluster-management.io/standards: NIST SP 800-53
	spec:

ralvares / SNO - ACM autojoin

Created June 9, 2022 06:07

	#LOGIN TO HUB CLUSTER

	oc login

	#Create a cluster to Import

	export CLUSTER_NAME=sno-autoimport

	oc new-project ${CLUSTER_NAME}
	oc label namespace ${CLUSTER_NAME} cluster.open-cluster-management.io/managedCluster=${CLUSTER_NAME}

ralvares / gist:fb3d521ff0bf05ae415170b73134fb76

Last active April 26, 2022 12:06

upload manifest to ansible tower using bash

	USER=$(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.adminUser}')
	PASS=$(oc get -n ansible-automation-platform secret $(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.adminPasswordSecret}') -o go-template='{{index .data "password" \| base64decode}}')

	FILENAME=$(cat manifest_ansible-tower.zip \| base64)
	ROUTE=$(oc get AutomationController -n ansible-automation-platform -o=jsonpath='{.items..status.URL}')

	header="Content-Type: application/json"
	request_body=$(cat <<EOF
	{
	"eula_accepted": true,

ralvares / sno-staticip.txt

Last active September 15, 2023 02:31

Installing single node with staticIP and nip.io

	## Download Artifacts

	## openshift-client

	curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.9/openshift-client-linux.tar.gz \| tar zxvf - oc && mv oc /usr/local/bin

	## butane

	wget https://mirror.openshift.com/pub/openshift-v4/clients/butane/latest/butane -O /usr/local/bin/butane && chmod +x /usr/local/bin/butane

ralvares / tier3-demo

Created November 16, 2021 13:43

	### Namespace per tier ###

	oc new-project kiosk-backend
	oc new-project kiosk-frontend
	oc new-project kiosk-database


	oc new-app https://github.com/jankleinert/concession-kiosk-backend --name backend -n kiosk-backend

ralvares / sno on kvm

Last active May 3, 2022 16:39

Install Single Node Cluster on KVM - for fun

	My environment is below:

	Centos8
	libvirtd (libvirt) 7.0.0
	libvirt network: default - Range 192.168.122.0/24
	Domain and Single Node IP: *.sno.local 192.168.122.10

	Extracting openshift-baremetal-install

	export VERSION=latest-4.8

ralvares / oscap-podman

Created July 14, 2021 06:11

	yum install openscap-utils

	wget -O - https://www.redhat.com/security/data/oval/v2/RHEL8/rhel-8.oval.xml.bz2 \| bzip2 --decompress > rhel-8.oval.xml

	oscap-podman registry.access.redhat.com/ubi8 oval eval --report vulnerability.html rhel-8.oval.xml

ralvares / LDAPSyncConfig

Created June 21, 2021 10:14

LdapSyncConfig

ralvares / gist:bb892013a7f45a2e312b2e425b4f4061

Created June 15, 2021 12:46

MachineConfigPool per Node

	Worker-3
	==================================================

	apiVersion: machineconfiguration.openshift.io/v1
	kind: MachineConfigPool
	metadata:
	name: worker-3
	spec:
	machineConfigSelector:
	matchExpressions:

ralvares / Sample Operator Configuration

Last active April 20, 2021 10:56

Sample Operator

	## ADD Certificate

	registry=registry.example.local:5000

	oc create configmap registry-bastion -n openshift-config --from-file=registry.example.local..5000=/registry/certs/domain.crt
	oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-bastion"}}}' --type=merge

	https://access.redhat.com/solutions/5067531

	This repository contains a curated set of image streams and templates for OpenShift.