1
0
forked from k-space/kube
Files
argocd
asterisk
bind
camtiler
cert-manager
cnpg-system
drone
drone-execution
elastic-system
etherpad
freescout
gitea
grafana
hackerspace
harbor
kube-system
kubernetes-dashboard
local-path-storage
logging
logmower
longhorn-system
member-site
metallb-system
minio-clusters
mongodb-operator
monitoring
mysql-clusters
mysql-operator
nextcloud
nyancat
oidc-gateway
openebs
playground
postgres-clusters
postgres-operator
prometheus-operator
redis-clusters
reloader
ripe87
rosdump
shared
README.md
backup-service.yml
mariadb.yml
memcached.yml
minio-support.yml
minio.yml
mongo.yml
mongoexpress.yml
networkpolicy-base.yml
tigera-operator
traefik
wiki
wildduck
woodpecker
.drone.yml
.gitignore
CONTRIBUTORS.md
LICENSE.md
README.md
ansible-bind-primary.yml
ansible-doors.yml
ansible-kubernetes.yml
ansible.cfg
cluster-role-bindings.yml
inventory.yml
ssh_config
storage-class.yaml
kube/shared
2023-02-26 11:09:11 +02:00
..
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00
2022-08-25 11:22:50 +03:00

KeyDB

KeyDB can be instantiated by symlinking the generated keydb.yml, in future this could be handled by an operator.

helm template keydb enapter/keydb --set persistentVolume.enabled=false > keydb.yml

To regenerate base network policies

It's quite odd there is no better way to generate these.

cat << EOF > networkpolicy-base.yml

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: kubedns spec: podSelector: {} policyTypes:

  • Egress egress:
  • to:
    • namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system ports:
    • protocol: UDP port: 53

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: kubeprobe spec: podSelector: {} policyTypes:

  • Ingress ingress: EOF for j in $(kubectl get nodes -o json | jq '.items[] | .spec.podCIDR' -r | cut -d "/" -f 1 | sed -e 's/.0$/.1/32/' | xargs); do cat << EOF >> networkpolicy-base.yml
  • from:
    • ipBlock: cidr: $j EOF done

cat << EOF >> networkpolicy-base.yml

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: kubeapi spec: podSelector: {} policyTypes:

  • Egress egress:
  • ports:
    • port: 6443 to: EOF for j in $(kubectl get ep -n default kubernetes -o json | jq '.subsets[].addresses[].ip' -r | xargs); do cat << EOF >> networkpolicy-base.yml
    • ipBlock: cidr: $j/32 EOF done