Skip to content

Instantly share code, notes, and snippets.

View Chris-Carmichael's full-sized avatar

Chris Carmichael Chris-Carmichael

1 follower · 16 following
View GitHub Profile
@Chris-Carmichael
Chris-Carmichael / eks_best_practice.md
Created February 7, 2023 14:17 — forked from ejlp12/eks_best_practice.md
EKS Best Practice

Please check https://aws.github.io/aws-eks-best-practices/ for more comprehensive EKS best practice!

Architecture

  • Think about multi-tenancy, isolation for different environment or different workload
    • Isolation at account level using AWS organization
    • Isolation at the network layer ie. different VPC & different cluster
    • Use different Nodes Group (Node pool) for different purpose/category e.g. create dedicated node groups for Operational tools such as CI/CD tool, Monitoring tool, Centralize logging system.
    • Separate namespace for different workload

Reliability | Principles

@Chris-Carmichael
Chris-Carmichael / eksctl-cilium.sh
Created January 14, 2023 13:35 — forked from ruzickap/eksctl-cilium.sh
Install Amazon EKS cluster with Cilium CNI using eksctl
#!/usr/bin/env bash
export CLUSTER_NAME="ruzickap-cilium"
export AWS_DEFAULT_REGION="eu-central-1"
export KUBECONFIG="/tmp/kubeconfig-${CLUSTER_NAME}.conf"
export TAGS="[email protected] Environment=dev Group=Cloud_Native Squad=Cloud_Container_Platform"
set -euxo pipefail
@Chris-Carmichael
Chris-Carmichael / githubpull.md
Created October 8, 2022 13:59 — forked from Jabarabo/githubpull.md
Gist of a stolen gist
@Chris-Carmichael
Chris-Carmichael / Jenkinsfile
Created October 8, 2022 13:58 — forked from jonico/Jenkinsfile
Example for a full blown Jenkins pipeline script with CodeQL analysis steps, multiple stages, Kubernetes templates, shared volumes, input steps, injected credentials, heroku deploy, sonarqube and artifactory integration, Docker containers, multiple Git commit statuses, PR merge vs branch build detection, REST API calls to GitHub deployment API, …
#!groovy
import groovy.json.JsonOutput
import groovy.json.JsonSlurper
def label = "mypod-${UUID.randomUUID().toString()}"
podTemplate(label: label, yaml: """
spec:
containers:
- name: mvn
image: maven:3.3.9-jdk-8
@Chris-Carmichael
Chris-Carmichael / gcloud-cheat-sheet.md
Created October 8, 2022 13:57 — forked from pydevops/gcloud-cheat-sheet.md
gcp gcloud cheat sheet
@Chris-Carmichael
Chris-Carmichael / cka.md
Created October 8, 2022 13:57 — forked from tuannvm/argo.md
#Helm #Kubernetes #cheatsheet, happy helming!
@Chris-Carmichael
Chris-Carmichael / openshift-cheatsheet.md
Created October 8, 2022 13:57 — forked from rafaeltuelho/openshift-cheatsheet.md
My Openshift Cheatsheet

My Openshift Cheatsheet

Openshift Secrets

"There are different secret types which can be used to enforce usernames and keys in the secret object: service-account-token, basic-auth, ssh-auth, tls and opaque. The default type is opaque. The opaque type does not perform any validation, and allows unstructured key:value pairs that can contain arbitrary values.

Data is stored inside a secret resource using base64 encoding. When data from a secret is injected into a container, the data is decoded and either mounted as a file, or injected as environment variables inside the container."

  • To create ssh secret: