Skip to content

Instantly share code, notes, and snippets.

View xtha's full-sized avatar
💭
k8s,openstack

zsh xtha

💭
k8s,openstack
22 followers · 47 following
  • China
  • 04:45 (UTC +08:00)
View GitHub Profile
@liusheng
liusheng / deploy-openshift-origin-fusioncloud.sh
Last active June 4, 2019 09:11
How to deployment openshift origin on fusioncloud
# step1:在跳板机(执行ansible工具的机器上)clone openshift的ansible部署工具,并应用fusioncloud 规避patch:
git clone http://github.com/huaweicloud/openshift-ansible
cd openshift-ansible
git config --global user.email '[email protected]'
git config --global user.name 'openlab'
git fetch origin refs/pull/12/head:pr12
git cherry-pick pr12
@mumoshu
mumoshu / helmify-kustomize
Last active December 13, 2024 13:20
Run `helmify-kustomize build $chart $env` in order to generate a local helm chart at `$chart/`, from kustomize overlay at `${chart}-kustomize/overlays/$env`
#!/usr/bin/env bash
cmd=$1
chart=$2
env=$3
dir=${chart}-kustomize
chart=${chart/.\//}
build() {
@jjo
jjo / kubectl-root-in-host-nopriv.sh
Last active June 27, 2025 23:24
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
#!/bin/sh
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged`
# admission controller.
# Pod command in turn runs a privileged container using node's /var/run/docker.sock.
node=${1}
case "${node}" in
"")
nodeSelector=''
podName=${USER+${USER}-}docker-any
@alexellis
alexellis / job.yaml
Last active January 26, 2024 07:10
Use a Kubernetes Job and Kaniko to build an OpenFaaS function from Git
# Alex Ellis 2018
# Example from: https://blog.alexellis.io/quick-look-at-google-kaniko/
# Pre-steps:
# kubectl create secret generic docker-config --from-file $HOME/.docker/config.json
# Other potential optimizations (suggested by @errordeveloper)
# - Store "templates" in a permanent volume
# - Download source via "tar" instead of git clone
@riveraja
riveraja / create_ssl_using_terraform.md
Last active January 26, 2024 08:27
Create SSL certificates using Terraform

This post will guide you in creating TLS keys for Vault with Terraform using terraform-google-vault private-tls-cert submodule [https://registry.terraform.io/modules/hashicorp/vault/google/0.0.4/submodules/private-tls-cert].

We will need to download Hashicorp Terraform tool from https://www.terraform.io/downloads.html and then unzip the compressed file:

# wget https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip
--2018-06-18 12:19:33--  https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip
Resolving releases.hashicorp.com (releases.hashicorp.com)... 151.101.1.183, 151.101.65.183, 151.101.129.183, ...
Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.1.183|:443... connected.
HTTP request sent, awaiting response... 200 OK
@jlis
jlis / .gitlab-ci.yml
Created May 15, 2018 13:16
AWS ECS and ECR deployment via Docker and Gitlab CI
image: docker:latest
variables:
REPOSITORY_URL: <AWS ACCOUNT ID>.dkr.ecr.eu-central-1.amazonaws.com/<ECS REPOSITORY NAME>
REGION: eu-central-1
TASK_DEFINTION_NAME: <TASK DEFINITION NAME>
CLUSTER_NAME: <CLUSTER NAME>
SERVICE_NAME: <SERVICE NAME>
services:
@jaredmales
jaredmales / rclone-cron.sh
Last active February 20, 2025 08:08
An rclone backup script for cron
#!/bin/bash
##############################################################################
# An rclone backup script by Jared Males ([email protected])
#
# Copyright (C) 2018 Jared Males <[email protected]>
#
# This script is licensed under the terms of the MIT license.
# https://opensource.org/licenses/MIT
#
@phuysmans
phuysmans / gist:4f67a7fa1b0c6809a86f014694ac6c3a
Created January 8, 2018 09:29
docker compose health check example
version: '2.1'
services:
php:
tty: true
build:
context: .
dockerfile: tests/Docker/Dockerfile-PHP
args:
version: cli
volumes:
@naumanbadar
naumanbadar / docker-compose-cassandra-cluster.yml
Created November 6, 2017 10:05
3 node cassandra cluster with docker-compose
version: "3.3"
# make sure that docker machine has enough memory to run the cluster.
# setting it up to 4GB seems to work.
services:
cassandra-seed:
image: cassandra:latest
# ports:
@anthonygclark
anthonygclark / create-qemu-img.sh
Created September 18, 2017 03:38
#!/bin/bash
#
# Creates a multi-partition QEMU disk image from our buildroot outputs and embeds grub2
#
# TODO: Better error handling
# TODO: Better args (grub.cfg path is assumed)
#
DEBUG=1
IMAGE_NAME="dhc.img"