Skip to content

Instantly share code, notes, and snippets.

View rverchere's full-sized avatar

Rémi Verchère rverchere

40 followers · 95 following
View GitHub Profile
@rverchere
rverchere / k8s_vuln.sh
Last active January 5, 2022 05:08
Kubernetes pod CVE vulnerability check
#!/usr/bin/env bash
RED='\033[0;31m'
NC='\033[0m'
OLDIFS="$IFS"
IFS=$'\n'
VULN=$1
# $1 arg is the CVE number to check
if [ -z $1 ]; then
@rverchere
rverchere / k_get_img_uniq.sh
Last active December 15, 2021 09:10
$ kubectl get pods -o jsonpath='{range .items[*]}{.spec.containers[*].image}{" "}' | tr " " "\n" | sort -u
consul:1.3.0
elasticsearch:5.6.13
grafana/grafana:5.1.0
jboss/keycloak:4.5.0.Final
jhipster/consul-config-loader:v0.3.0
jhipster/jhipster-console:v4.0.0
jhipster/jhipster-elasticsearch:v4.0.0
jhipster/jhipster-logstash:v4.0.0
@rverchere
rverchere / trivy_example.bash
Created December 12, 2021 20:23
Trivy Example
$ trivy image --severity CRITICAL elasticsearch:5.6.13
2021-12-12T21:20:06.322+0100 INFO Detected OS: debian
2021-12-12T21:20:06.322+0100 INFO Detecting Debian vulnerabilities...
2021-12-12T21:20:06.350+0100 INFO Number of language-specific files: 1
2021-12-12T21:20:06.350+0100 INFO Detecting jar vulnerabilities...
Java (jar)
==========
Total: 6 (CRITICAL: 6)
@rverchere
rverchere / repository_structure.sh
Last active April 5, 2022 07:05
❯ tree -aL 1
.
├── charts
├── gci-templates
├── .gitlab-ci.yml
└── scripts
@rverchere
rverchere / my-chart-pipeline.yml
Last active April 4, 2022 20:37
include: '/gci-templates/.gitlab-ci.yml'
stages:
- test
- install
- release
'my-chart:lint':
stage: test
extends: .lint
@rverchere
rverchere / my-template-pipeline.yml
Last active April 4, 2022 20:38
---
image: dtzar/helm-kubectl:3.5.3 #last version using k8s 1.20
.lint:
script:
- helm lint .
.release:
script:
- apk add git
@rverchere
rverchere / generate-pipeline.sh
Last active April 4, 2022 20:36
#!/usr/bin/env bash
cat <<EOF
include: '/gci-templates/.gitlab-ci.yml'
stages:
- test
- install
- release
@rverchere
rverchere / chart-jobs.yml
Created April 4, 2022 20:49
chart-jobs:
stage: generate
needs:
- chart-generator
trigger:
include:
- artifact: generated-pipeline.yml
job: chart-generator
strategy: depend
rules:
@rverchere
rverchere / vpa-custom-values.yaml
Created May 16, 2022 20:07
VPA Custom Values
admissionController:
enabled: false
recommender:
enabled: true
extraArgs:
prometheus-address: |
http://prometheus-operated.observability.svc.cluster.local:9090
storage: prometheus
updater:
enabled: false
@rverchere
rverchere / goldilocks-custom-values.yaml
Created May 16, 2022 21:14
Goldilocks Custom Values
dashboard:
replicaCount: 0