Rodrigo Alvares ralvares

🏠

Working from home

Currently developing and implementing complex solutions using in-depth Kubernetes security knowledge.

ralvares / oscap-podman

Created July 14, 2021 06:11

	yum install openscap-utils

	wget -O - https://www.redhat.com/security/data/oval/v2/RHEL8/rhel-8.oval.xml.bz2 \| bzip2 --decompress > rhel-8.oval.xml

	oscap-podman registry.access.redhat.com/ubi8 oval eval --report vulnerability.html rhel-8.oval.xml

ralvares / LDAPSyncConfig

Created June 21, 2021 10:14

LdapSyncConfig

ralvares / gist:bb892013a7f45a2e312b2e425b4f4061

Created June 15, 2021 12:46

MachineConfigPool per Node

	Worker-3
	==================================================

	apiVersion: machineconfiguration.openshift.io/v1
	kind: MachineConfigPool
	metadata:
	name: worker-3
	spec:
	machineConfigSelector:
	matchExpressions:

ralvares / Sample Operator Configuration

Last active April 20, 2021 10:56

Sample Operator

	## ADD Certificate

	registry=registry.example.local:5000

	oc create configmap registry-bastion -n openshift-config --from-file=registry.example.local..5000=/registry/certs/domain.crt
	oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-bastion"}}}' --type=merge

	https://access.redhat.com/solutions/5067531

	This repository contains a curated set of image streams and templates for OpenShift.

ralvares / quay all in one

Last active June 14, 2022 08:00

Quay - All in One - Using podman pod

	podman login registry.redhat.io

	export domain=quay.ralvares.local
	export QUAY=/data/quay

	mkdir -p $QUAY/postgres-quay
	mkdir $QUAY/clair
	mkdir -p $QUAY/config/extra_ca_certs

	mkdir $QUAY/storage

ralvares / ipxe with bond0

Created March 17, 2021 07:53

ipxe custom file with bond0

	#!ipxe


	set cluster_name ocp4
	set domain_name example.com

	set fileserver 192.168.122.1:80
	set kernel rhcos-live-kernel-x86_64
	set initrd rhcos-live-initramfs.x86_64.img
	set rootfs rhcos-live-rootfs.x86_64.img

ralvares / community-catalog

Created March 16, 2021 07:58

Creating Community Custom Catalog for a Disconnected Cluster

	# Community operators CatalogSource

	## Download and Install opm tool

	wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.7/opm-linux.tar.gz
	tar xzvf opm-linux.tar.gz
	mv opm /usr/local/bin

	## Login to redhat registry
	podman login registry.redhat.io

ralvares / gist:4e4432a49bc0f3ebcc825b18a09ddf23

Created March 12, 2021 10:34

OCP IPI - BM - Notes

	wget https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2

	qemu-img create -f qcow2 -b /var/lib/libvirt/images/CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 /var/lib/libvirt/images/provisioner.qcow2 120G

	virt-resize --expand /dev/vda1 /var/lib/libvirt/images/CentOS-8-GenericCloud-8.2.2004-20200611.2.x86_64.qcow2 /var/lib/libvirt/images/provisioner.qcow2

	virt-customize -a /var/lib/libvirt/images/provisioner.qcow2 --root-password password:Redhat01 --uninstall cloud-init \
	--hostname provisioner.ocp.ralvares.com \
	--run-command 'yum update -y'

ralvares / dnsmasq.txt

Created February 25, 2021 10:45

DNSMASQ example

ralvares / ExternalIP

Last active February 23, 2021 10:49

	oc edit Network.config.openshift.io cluster

	---
	# Please edit the object below. Lines beginning with a '#' will be ignored,
	# and an empty file will abort the edit. If an error occurs while saving this file will be
	# reopened with the relevant failures.
	#
	apiVersion: config.openshift.io/v1
	kind: Network
	metadata: