forked from k-space/kube
argocd
asterisk
bind
camtiler
cert-manager
cnpg-system
drone
drone-execution
elastic-system
etherpad
freescout
gitea
grafana
hackerspace
harbor
kube-system
kubernetes-dashboard
local-path-storage
logging
logmower
longhorn-system
member-site
metallb-system
minio-clusters
mongodb-operator
monitoring
mysql-clusters
mysql-operator
nextcloud
nyancat
oidc-gateway
openebs
playground
postgres-clusters
postgres-operator
prometheus-operator
redis-clusters
reloader
ripe87
rosdump
shared
README.md
backup-service.yml
mariadb.yml
memcached.yml
minio-support.yml
minio.yml
mongo.yml
mongoexpress.yml
networkpolicy-base.yml
tigera-operator
traefik
wiki
wildduck
woodpecker
.drone.yml
.gitignore
CONTRIBUTORS.md
LICENSE.md
README.md
ansible-bind-primary.yml
ansible-doors.yml
ansible-kubernetes.yml
ansible.cfg
cluster-role-bindings.yml
inventory.yml
ssh_config
storage-class.yaml
KeyDB
KeyDB can be instantiated by symlinking the generated keydb.yml, in future this could be handled by an operator.
helm template keydb enapter/keydb --set persistentVolume.enabled=false > keydb.yml
To regenerate base network policies
It's quite odd there is no better way to generate these.
cat << EOF > networkpolicy-base.yml
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: kubedns spec: podSelector: {} policyTypes:
- Egress egress:
- to:
- namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system ports:
- protocol: UDP port: 53
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: kubeprobe spec: podSelector: {} policyTypes:
- Ingress ingress: EOF for j in $(kubectl get nodes -o json | jq '.items[] | .spec.podCIDR' -r | cut -d "/" -f 1 | sed -e 's/.0$/.1/32/' | xargs); do cat << EOF >> networkpolicy-base.yml
- from:
- ipBlock: cidr: $j EOF done
cat << EOF >> networkpolicy-base.yml
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: kubeapi spec: podSelector: {} policyTypes:
- Egress egress:
- ports:
- port: 6443 to: EOF for j in $(kubectl get ep -n default kubernetes -o json | jq '.subsets[].addresses[].ip' -r | xargs); do cat << EOF >> networkpolicy-base.yml
- ipBlock: cidr: $j/32 EOF done