Generate certificates by calling the script generate-tiller-certs.sh. This will provide a CA, server certs for tiller and client certs for helm / weave flux.
Next deploy Helm with TLS and RBAC enabled;
kubectl apply -f helm-rbac.yaml
Thomas Kooi thojkooi
thojkooi
/ gist:3a962d9a770fc93298f7a18f794b4465
Created
October 16, 2025 09:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://docs.google.com/presentation/d/1daRyJU91ByjRCZiYYAT4-GSSQjlIuV26pREBs7XiIv0/edit?usp=sharing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get editor completions based on the config schema | |
| "$schema" = 'https://starship.rs/config-schema.json' | |
| # Inserts a blank line between shell prompts | |
| add_newline = true | |
| format = '$kubernetes$custom$all' | |
| # Replace the '❯' symbol in the prompt with '➜' | |
| # [character] # The name of the module we are configuring is 'character' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| package_update: false | |
| package_upgrade: false | |
| chpasswd: | |
| expire: false | |
| users: | |
| - {name: demo, password: letmein, type: text} | |
| ssh_pwauth: true | |
| users: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: echoserver | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: echoserver | |
| namespace: echoserver |
thojkooi
/ generate-etcd-certs.sh
Created
June 23, 2018 15:48
Generate etcd certificates for kubeadm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # First generate the config file | |
| cat >ca-config.json <<EOF | |
| { | |
| "signing": { | |
| "default": { | |
| "expiry": "43800h" | |
| }, | |
| "profiles": { |
I hereby claim:
- I am thojkooi on github.
- I am thojkooi (https://keybase.io/thojkooi) on keybase.
- I have a public key ASBo--Wc5dJLpb5SmLl7bBvIQs6-zWiu0aMq9AN7GqnPiAo
To claim this, I am signing this object: