openpgp4fpr:E1D41017481B1ED9E3B77AF59C9CAE7EC2133DB7
Andy Suderman sudermanjr
sudermanjr
/ bootstrap.sh
Last active
May 4, 2025 04:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # Install Homeschick | |
| git clone https://github.com/andsens/homeshick.git $HOME/.homesick/repos/homeshick | |
| source $HOME/.homesick/repos/homeshick/homeshick.sh | |
| # Clone dotfiles | |
| homeshick --batch clone sudermanjr/dotfiles |
sudermanjr
/ openpgp.md
Created
June 18, 2023 04:05
sudermanjr
/ KIAM_Notes.md
Last active
February 6, 2019 20:32
Masters already have assume-role (presumably), so we just need to create the roles. Module found here works quite well: uswitch/kiam#25 (comment)
For some reason kiam-server expects the certs to be valid for IP 127.0.0.1 as well as for the name of the service. I generated the certs using the instructions in the kiam repo, and it worked. Cert-manager doesn’t do IPs as well as DNS names yet, but it’s on the way in v0.7: https://github.com/jetstack/cert-manager/pull/1128/files
sudermanjr
/ ci-cd-example.diagram
Last active
July 31, 2020 11:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Git Actions: CI System Actions: | |
| +-------------------------+ +-----------------+ | |
| +--► Create a Feature Branch | +---► Build Container | | |
| | +------------+------------+ | +--------+--------+ | |
| | | | | | |
| | | | | | |
| | +--------▼--------+ | +-------▼--------+ | |
| | +---► Push the Branch +-------+ | Push Container | | |
| | | +--------+--------+ +-------+--------+ |
sudermanjr
/ sudermanjr-bio.md
Created
January 24, 2019 22:21
Andrew Suderman has had a lifelong obsession with technology that currently fuels his passion for Kubernetes. He enjoys designing and building new systems that make life easier for developers. Currently he pursues that passion at ReactiveOps, where he maintains dozens of clusters and works on internal tooling.
In his spare time he enjoys off-roading, camping, quadcopters, motorcycles, and far too many other hobbies to afford.
sudermanjr
/ utility-deploy.yaml
Created
January 18, 2019 17:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: utilities | |
| labels: | |
| app: utilities | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: |
sudermanjr
/ auditLog.yaml
Created
January 18, 2019 16:49
Kops cluster spec snippet enabling audit logging.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spec: | |
| fileAssets: | |
| - name: auditPolicyFile | |
| path: /srv/kubernetes/audit.yaml | |
| roles: | |
| - Master | |
| content: | | |
| apiVersion: audit.k8s.io/v1beta1 | |
| kind: Policy | |
| rules: |
sudermanjr
/ Kube203-ResourceBlock.yaml
Created
November 21, 2018 06:39
Kube203 Example Resource Block
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 64Mi | |
| requests: | |
| cpu: 100m | |
| memory: 64Mi |
sudermanjr
/ course-snippet.yaml
Created
November 19, 2018 16:55
Using a default wildcard certificate from Let's Encrypt with ingress-nginx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nginx-ingress: | |
| values-strings: | |
| controller: | |
| extraArgs: | |
| default-ssl-certificate: "infra/wildcard" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: rbacmanager.reactiveops.io/v1beta1 | |
| kind: RBACDefinition | |
| metadata: | |
| name: rbac-manager-definition | |
| namespace: kube-system | |
| rbacBindings: | |
| - name: admins | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ci |
NewerOlder