kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
manojbadam
/ tiller-service-account-fix.md
Last active
June 3, 2019 01:45
Tiller Service Account permissions
IAM Roles are very useful feature in AWS, it provides an easier and secure way to communicate between two resources in AWS. If there is no IAM role in AWS, then we would be needing AWS IAM Access keys to communicate between the resources, this brings an additional overhead of maintaining/storing the keys securely. IAM roles can be added to few resources like EC2 instance, Lambda etc.. not all resources support adding IAM role. To get deeper view of how IAM roles are work in action, we are taking a simple use case to review.
Use Case: Trying to list contents in s3 bucket from an AWS EC2 instance using EC2 instance IAM Role
Assuming that we have a S3 bucket and few contents in it, we will try to access the S3 contents from an AWS Ec2 instance using the Instance IAM role. EC2 instance role is an IAM role with little more assume permissions.
Lets start by ssh'ing into one of the Ec2 instance.
manojbadam
/ serviceMonitor.md
Created
March 11, 2019 18:52
Cross Namespace ServiceMonitor in Prometheus Operator
Background:
The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances. ServiceMonitor is a CRD from promethues-operator which declaratively specifies how groups of services should be monitored. The Operator automatically generates Prometheus scrape configuration based on the definition.
By default, Prometheus operator is setup with RBAC which can monitor only pods/Endpoints in monitoring, default and kube-system namespace 1. If we need to monitor pods/services in another namespace we need to create a new role + rolebinding or ClusterRole + ClusterRoleBinding.
If you want to allow only few namespace to monitor. Its recommended to use Role + RoleBinding Kubernetes Role is a namespaced object, you need to create o
manojbadam
/ README-Template.md
Created
January 28, 2019 18:21
— forked from PurpleBooth/README-Template.md
A template to make good README.md
manojbadam
/ pre-commit.sh
Created
January 17, 2019 02:23
Git pre-commit hook to validate if previous author and current author is same
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Fetch the PID of git commit command just ran | |
| PID=$(ps aux | grep "git commit" | tail -1 | awk '{print $2}') | |
| # If unable to fetch the PID, give it another try | |
| if [[ -z "$PID" ]]; then | |
| echo "unable to get process id, please try again.." | |
| exit 1 | |
| fi | |
| # Fetch the command used | |
| COMMAND=$(ps -p "$PID" -o args) |
manojbadam
/ config.go
Last active
April 5, 2018 07:04
Configuration Management through environment variables (envConfig)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package config | |
| import ( | |
| "log" | |
| "time" | |
| "github.com/imdario/mergo" | |
| "github.com/kelseyhightower/envconfig" | |
| ) |