AmitKumarDas
commented
3 years ago Closed AmitKumarDas closed 1 year ago
AmitKumarDas
commented
3 years ago AmitKumarDas
commented
3 years ago // tags: samples, examples, compliance, testing, recipes
//
// https://github.com/ahmetb/kubernetes-network-policy-recipes// [tags]
// apply, 3-way merge, client side apply, like kubectl apply
//
// https://github.com/oam-dev/kubevela/tree/master/pkg/utils/apply
// https://github.com/oam-dev/kubevela/blob/master/pkg/utils/apply/patch.go// three-way diff merge in client side
// based on its current state, modified stated, & last-applied-state
// last applied is tracked through an specific annotation.
// If the resource doesn't exist before, Apply will create it.// makes heavy use of interface & functional programming
// generic enough to apply any Kubernetes resource
// has ApplyOption to filter based on controller UID
// i.e. should be controlled by option// makes use of below code
// "k8s.io/apimachinery/pkg/util/jsonmergepatch"
// "k8s.io/apimachinery/pkg/util/mergepatch"
// "k8s.io/apimachinery/pkg/util/strategicpatch"
// "sigs.k8s.io/controller-runtime/pkg/client"// nicely decides on one of the following actions:
// jsonmergepatch.CreateThreeWayJSONMergePatch
// or
// strategicpatch.CreateThreeWayMergePatch
// & finally
// client.RawPatch// [tags]
// - terraform parsing
// - cue parsing
// - add to scheme -- to add various CRDs to kubevela scheme
// -- includes external CRDs as well [fellow]
// - yaml to runtime.Object
//
// https://github.com/oam-dev/kubevela/blob/master/pkg/utils/common/common.go// tags: testing, checks, health, verify, design, functional, builder, e2e
//
// https://github.com/linkerd/linkerd2/tree/main/pkg/healthcheck// tags: user manager
// -- Create/Delete/Modify users
// -- Easily manage roles associated with users
// -- Issues kubeconfig files for users to use
// -- a controller that creates service accounts
//
// https://github.com/ibuildthecloud/klum// tags: awesome list, tools, everything you need to know, fellow
//
// https://caylent.com/50-useful-kubernetes-tools-for-2020
// https://caylent.com/50-useful-kubernetes-tools-for-2020-part-2// [tags]
// -- aws, dns, iam,
//
// [til]
// --arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME
// --domain-filter=external-dns-test.my-org.com # see only the hosted zones matching provided domain
// --policy=upsert-only # prevent deleting any records
// --aws-zone-type=public # only look at public hosted zones
// --ways to automate testing of DNS, e2e, healthcheck
//
// [til] routing policies
// --weighted records
// --latency based
// --failover
// --geolocation based
// --multivalue answer
//
// https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md
// https://github.com/uswitch/kiam
// https://github.com/jtblin/kube2iam
// https://github.com/kubernetes-sigs/external-dns/tree/master/docs/tutorials
// https://github.com/zalando-incubator/kubernetes-on-aws/blob/dev/test/e2e/external_dns.go// tags: aws service account id, iam, role,
//
// kubectl get cm -n kube-system aws-auth -oyaml
// kubectl get sa -n eks-ext external-dns -oyaml// tags: postmortem, testing, e2e, runbook
//
// https://github.com/zalando-incubator/kubernetes-on-aws/tree/dev/docs/postmortems
// https://github.com/zalando-incubator/kubernetes-on-aws/tree/dev/docs/user-guide
// https://github.com/zalando-incubator/kubernetes-on-aws/tree/dev/test/e2e// tags: config, env, yaml, toml, json, flags
//
// https://dev.to/ilyakaznacheev/a-clean-way-to-pass-configs-in-a-go-application-1g64# understanding secrets
# til: tls, service account token, dockerconfigjson, tls, opaque
$ wl kubectl get secret -n blah
NAME TYPE DATA AGE
default-token-xjrf4 kubernetes.io/service-account-token 3 75d
image-pull-secret kubernetes.io/dockerconfigjson 1 75d
kube-rbac-proxy-server-cert kubernetes.io/tls 3 75d
vault-token Opaque 2 75d
webhook-server-cert kubernetes.io/tls 3 75d// til: use of secrets in service account
type ServiceAccount struct {
// Secrets is the list of secrets allowed to be used by pods running
// using this ServiceAccount.
// More info: https://kubernetes.io/docs/concepts/configuration/secret
// +optional
// +patchMergeKey=name
// +patchStrategy=merge
Secrets []ObjectReference `json:"secrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=secrets"`
// ImagePullSecrets is a list of references to secrets in the same namespace
// to use for pulling any images in pods that reference this ServiceAccount.
// ImagePullSecrets are distinct from Secrets because Secrets
// can be mounted in the pod, but ImagePullSecrets are only accessed by
// the kubelet.
// More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
// +optional
ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" protobuf:"bytes,3,rep,name=imagePullSecrets"`
// AutomountServiceAccountToken indicates whether pods running as this service
// account should have an API token automatically mounted.
// Can be overridden at the pod level.
// +optional
AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty" protobuf:"varint,4,opt,name=automountServiceAccountToken"`
}// til: aws, network, max pods, max IP addresses
//
// https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/eni-and-ip-target.md
// https://github.com/awslabs/amazon-eks-ami/blob/master/files/eni-max-pods.txt