Skip to content

Instantly share code, notes, and snippets.

View tommeramber's full-sized avatar

Tommer Amber tommeramber

6 followers · 4 following
View GitHub Profile
@tommeramber
tommeramber / kyverno-clusterpolicy-block-cluster-admin-openshift-etcd-ns-specific-subject.yaml
Created May 8, 2023 09:23
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: block-cluster-admin-openshift-etcd-ns
annotations:
policies.kyverno.io/title: Block Cluster Admin on Openshift-etcd Namespace
policies.kyverno.io/category: Sample
policies.kyverno.io/subject: RBAC
spec:
validationFailureAction: enforce
@tommeramber
tommeramber / ConfigMap-silence-alerts-script.yaml
Created October 16, 2023 09:21
K8s-CronJob-Silence-Alerts-Without-Duplicates
apiVersion: v1
kind: ConfigMap
metadata:
name: silence-alerts-script
namespace: openshift-monitoring
data:
runScript.sh: |
#!/bin/bash
oc -n openshift-monitoring exec alertmanager-main-0 -- amtool silence --alertmanager.url="http://localhost:9093" -o json | jq -r '.[].comment' >> /tmp/existing-silences.txt
@tommeramber
tommeramber / rulebook.yaml
Last active June 11, 2025 07:51
- name: alertmanager events listener
hosts: all
sources:
- name: eda alertmanager webhook
ansible.eda.alertmanager:
host: 0.0.0.0
port: 9091
rules:
@tommeramber
tommeramber / EDA-POC-PrometheusRules.yaml
Last active June 11, 2025 07:49
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: pvc-over-used
namespace: openshift-monitoring
spec:
groups:
- name: cron-job-monitoring
rules:
@tommeramber
tommeramber / EDA-Real-PrometheusRules.yaml
Last active June 11, 2025 07:48
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: pvc-over-used
namespace: openshift-monitoring
spec:
groups:
- name: cron-job-monitoring
rules:
@tommeramber
tommeramber / EDA-CronJobs.yaml
Created June 11, 2025 08:16
# detect-nfs-stale
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: detect-nfs-stale
namespace: openshift-monitoring
spec:
concurrencyPolicy: Allow
failedJobsHistoryLimit: 1
@tommeramber
tommeramber / drain_and_reboot_node.yaml
Last active June 11, 2025 09:24
---
- name: playbook reacting to alerts nfs-stale OR node-health-check
hosts: localhost
gather_facts: false
vars_prompt:
- name: payload
prompt: ""
private: false
pre_tasks:
@tommeramber
tommeramber / reboot_node_pod.yaml.j2
Last active June 11, 2025 09:41
apiVersion: v1
kind: Pod
metadata:
name: rebooter-{{ problematic_node }}
namespace: openshift-monitoring
spec:
nodeName: {{ problematic_node }}
hostPID: true
restartPolicy: Never
serviceAccountName: {{ privileged_sa }}
@tommeramber
tommeramber / another-example-playbook.yaml
Created June 11, 2025 09:46
---
- name: ocp test
hosts: localhost #A must because the invenroty is empty
gather_facts: false
pre_tasks:
#OCP login based on input
- name: set oc login command based on input from user
set_fact:
oc_login: >-
{% if env == "nocp" %}