warroyo’s gists

warroyo / perms.json

Last active September 28, 2021 15:14

tsm permissions

	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid" : "AllowTanzuServiceMeshPermissions",
	"Effect": "Allow",
	"Action": [
	"route53:ListHostedZones",
	"route53:ListHostedZonesByName",
	"route53:ListResourceRecordSets",

warroyo / antrea_vxlan.yml

Last active September 27, 2021 23:36

switch antrea tunnel type

	#@ load("@ytt:overlay", "overlay")
	#@ load("@ytt:data", "data")
	#@ load("@ytt:yaml", "yaml")


	#@overlay/match by=overlay.subset({"kind":"Secret","metadata":{"annotations":{"tkg.tanzu.vmware.com/addon-type": "cni/antrea"}}})
	---
	apiVersion: v1
	kind: Secret
	#@ if data.values.ANTREA_VXLAN:

warroyo / cluster_config.yml

Created September 20, 2021 22:39

additional tags

	#comma seperated pairs using = between key and value
	TAGS: "test=test,test2=test5"

warroyo / cluster_config.yml

Created September 14, 2021 16:49

custom LB subnets(workaround)

	#! add these values to your cluster config

	#!custom subnets to use for LB placement
	LB_SUBNETS: "subnet-xxxxxx,subnet-xxxxx"
	#! set api LB to internal
	LB_INTERNAL: true

warroyo / cluster-template-definition-ha1az.yaml

Created September 8, 2021 23:06

1 az ha tkg cluster

	# place this file in ~/.tanzu/tkg/providers/infrastructure-aws/v0.6.4/cluster-template-definition-ha1az.yaml
	apiVersion: run.tanzu.vmware.com/v1alpha1
	kind: TemplateDefinition
	spec:
	paths:
	- path: providers/infrastructure-aws/v0.6.4/ytt
	- path: providers/infrastructure-aws/ytt
	- path: providers/ytt
	- path: bom
	filemark: text-plain

warroyo / cluster-config.yml

Last active September 8, 2021 20:58

custom lb setup

	#! add these values to your cluster config

	#!custom subnets to use for LB placement
	LB_SUBNETS: "subnet-xxxxxx,subnet-xxxxx"
	#! set api LB to internal
	LB_INTERNAL: true

warroyo / contour-data-values.yaml

Last active September 2, 2021 17:33

static IP for contour TKg extension

	#@data/values
	#@overlay/match-child-defaults missing_ok=True
	---
	infrastructure_provider: "vsphere"
	contour:
	image:
	repository: projects.registry.vmware.com/tkg
	envoy:
	image:
	repository: projects.registry.vmware.com/tkg

warroyo / values.yml

Created August 18, 2021 20:29

harbor metrics values for helm

warroyo / cluster.yaml

Created July 29, 2021 23:15

ytt example

	type:
	kind: Cluster
	package: vmware.tanzu.manage.v1alpha1.cluster
	version: v1alpha1
	fullName:
	managementClusterName: "seti-labs"
	name: cluster-cli
	provisionerName: "lab"
	meta:
	labels: null

warroyo / get-sa-token.sh

Created February 4, 2021 22:25

getting a token from k8s service account

	export APISERVER=$(kubectl config view --minify \| grep server \| cut -f 2- -d ":" \| tr -d " ")
	APISERVERNOHTTPS=$(echo $APISERVER \| cut -c 9-)
	FPRINT=$(openssl s_client -connect $APISERVERNOHTTPS < /dev/null 2>/dev/null \| openssl x509 -fingerprint -sha256 -noout -in /dev/stdin)
	export FINGERPRINT=$(echo $FPRINT \| cut -c 20-)
	TOKENNAME=$(kubectl -n kube-system get serviceaccount/dev-admin -o jsonpath='{.secrets[0].name}')
	export TOKEN=$(kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}'\| base64 --decode)

	export APISERVER=$(kubectl config view --minify \| grep server \| cut -f 2- -d ":" \| tr -d " ")
	APISERVERNOHTTPS=$(echo $APISERVER \| cut -c 9-)
	FPRINT=$(openssl s_client -connect $APISERVERNOHTTPS < /dev/null 2>/dev/null \| openssl x509 -fingerprint -sha256 -noout -in /dev/stdin)
	export FINGERPRINT=$(echo $FPRINT \| cut -c 20-)
	TOKENNAME=$(kubectl -n kube-system get serviceaccount/dev-admin -o jsonpath='{.secrets[0].name}')
	export TOKEN=$(kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}'\| base64 --decode)

Will Arroyo warroyo