profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/nfritze/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

jgarcows/extension_workshop 0

(proof of concept)Hello-world extension

jgarcows/notifications 0

Simple extension for IBM DevOps Services to provide basic notification support

nfritze/container_deployer 0

Extension to IBM DevOps Services for IBM Container Service

nfritze/deployscripts 0

Deployment scripts for IBM Container Service. Used as example scripts in the Pipeline to aid in continuous deployment of an application

nfritze/docker_builder 0

Set of scripts to extend the IBM Pipeline Service with Docker Build capabiliites

nfritze/hello-world-test 0

Hello world bash script test repo

nfritze/kube-sample-daemonset 0

Sample to show how to create a daemonset to automatically apply a change to worker nodes

push eventIBM-Cloud/kube-samples

Laszlo Janosi

commit sha 8e62170e48a8561fa5414d9d9354d8d55a38d713

Add Akamai GTM Firewall Rules

view details

Laszlo Janosi

commit sha 4efe77a6f9d99e88a4f2ccd9209fad40a2e8c14c

add Akamai documentation link

view details

Laszlo Janosi

commit sha 3fccf7b26e66a6856423818419378e35735a52d9

Update akamai/gtm-liveness-test/README.md Co-authored-by: Rachael Graham <rachael.graham@ibm.com>

view details

Rachael Graham

commit sha d5a27264695234e76be8fb3ff5723fab04368c83

Merge pull request #133 from janosi/akamai-config Add Akamai GTM Firewall Rules

view details

push time in 3 days

PR merged IBM-Cloud/kube-samples

Add Akamai GTM Firewall Rules

Add akamai/gtm-firewall-rules/README.md to the repo. The new file contains the actual list of CIDRs from which Akamai GTM can execute liveness tests.

+93 -0

0 comment

1 changed file

janosi

pr closed time in 3 days

Pull request review commentIBM-Cloud/kube-samples

Add Akamai GTM Firewall Rules

+# Akamai GTM Firewall Rules++You may have a firewall located in front of the servers on which you want GTM to perform liveness tests. To permit liveness tests, your firewalls must have entries added to their Access Control Lists (ACLs).++This document lists the IP addresses of all systems that might need to access your servers. If you have an ACL, make sure that you enter all of the systems listed here into your ACL.
To secure your IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud cluster, you might use [Calico pre-DNAT network policies](https://cloud.ibm.com/docs/containers?topic=containers-network_policies), [VPC security groups](https://cloud.ibm.com/docs/containers?topic=containers-vpc-network-policy#security_groups), [VPC access control lists (ACLs)](https://cloud.ibm.com/docs/containers?topic=containers-vpc-network-policy#acls), or another custom firewall solution to block incoming traffic to Ingress or router services.

To ensure that the Kubernetes or OpenShift control plane can check the health of your ALBs or routers, you must allow inbound access from the following Akamai addresses and ports.
janosi

comment created time in 4 days

delete branch IBM-Cloud/kube-samples

delete branch : rlg-tugboat118

delete time in 5 days

push eventIBM-Cloud/kube-samples

Rachael-Graham

commit sha 6c164ceabaedb56f6bd8276d5c2a52184739a179

public

view details

Rachael-Graham

commit sha ac471fc718458e341250daffbb319dc42e51983e

private

view details

Rachael-Graham

commit sha 77970a6b02db4ef64f04f2c91daea6ef22fce639

Review

view details

Rachael-Graham

commit sha 097c0ab21c9f8efae16c350346db777cb1da31db

Missed 1 ip

view details

Rachael Graham

commit sha cddc3fb6ab84cb9cbaa6fba2569a125900f930e9

Merge pull request #132 from IBM-Cloud/rlg-tugboat118 Tugboat118 in dal10, 11, 13

view details

push time in 5 days

PR merged IBM-Cloud/kube-samples

Tugboat118 in dal10, 11, 13

internal: https://github.ibm.com/alchemy-containers/documentation/issues/6706

+24 -0

0 comment

4 changed files

Rachael-Graham

pr closed time in 5 days

Pull request review commentIBM-Cloud/kube-samples

Tugboat118 in dal10, 11, 13

 spec:       - 166.9.17.37/32       - 166.9.17.39/32       - 166.9.48.171/32+      - 166.9.48.175/32       - 166.9.48.124/32       - 166.9.48.50/32       - 166.9.48.76/32       - 166.9.51.16/32       - 166.9.51.54/32       - 166.9.51.74/32       - 166.9.51.106/32+      - 166.9.51.104/32       - 166.9.58.11/32       - 166.9.58.16/32       - 166.9.58.65/32       - 166.9.58.104/32+      - 166.9.58.170/32+      - 166.9.59.7/32

🤦

Rachael-Graham

comment created time in 5 days

push eventIBM-Cloud/kube-samples

Rachael-Graham

commit sha 097c0ab21c9f8efae16c350346db777cb1da31db

Missed 1 ip

view details

push time in 5 days

Pull request review commentIBM-Cloud/kube-samples

Tugboat118 in dal10, 11, 13

 spec:       - 166.9.17.37/32       - 166.9.17.39/32       - 166.9.48.171/32+      - 166.9.48.175/32       - 166.9.48.124/32       - 166.9.48.50/32       - 166.9.48.76/32       - 166.9.51.16/32       - 166.9.51.54/32       - 166.9.51.74/32       - 166.9.51.106/32+      - 166.9.51.104/32       - 166.9.58.11/32       - 166.9.58.16/32       - 166.9.58.65/32       - 166.9.58.104/32+      - 166.9.58.170/32+      - 166.9.59.7/32

I think this one, 166.9.59.7 still needs to be removed (it was removed from the other 3 places)

Rachael-Graham

comment created time in 5 days

PR opened IBM-Cloud/kube-samples

Add Akamai GTM Firewall Rules

Add akamai/gtm-firewall-rules/README.md to the repo. The new file contains the actual list of CIDRs from which Akamai GTM can execute liveness tests.

+91 -0

0 comment

1 changed file

pr created time in 5 days

push eventIBM-Cloud/kube-samples

Rachael-Graham

commit sha 77970a6b02db4ef64f04f2c91daea6ef22fce639

Review

view details

push time in 5 days

Pull request review commentIBM-Cloud/kube-samples

Tugboat118 in dal10, 11, 13

 spec:       - 166.9.51.54/32       - 166.9.51.74/32       - 166.9.51.106/32+      - 166.9.51.107/32

These private IPs throughout the PR aren't correct, they should be the ones that resolve the three individual hostnames that the workers use: c118-1-1.private.us-south.containers.cloud.ibm.com: 166.9.48.175 c118-2-1.private.us-south.containers.cloud.ibm.com: 166.9.51.104 c118-3-1.private.us-south.containers.cloud.ibm.com: 166.9.58.170

Rachael-Graham

comment created time in 7 days

PR opened IBM-Cloud/kube-samples

Tugboat118 in dal10, 11, 13

internal: https://github.ibm.com/alchemy-containers/documentation/issues/6706

+24 -0

0 comment

4 changed files

pr created time in 8 days

push eventIBM-Cloud/kube-samples

Rachael-Graham

commit sha ac471fc718458e341250daffbb319dc42e51983e

private

view details

push time in 8 days

create barnchIBM-Cloud/kube-samples

branch : rlg-tugboat118

created branch time in 8 days

delete branch IBM-Cloud/kube-samples

delete branch : pod-cidr-public

delete time in 10 days

push eventIBM-Cloud/kube-samples

Brad Behle

commit sha 69a87dcc3a0712c7c52509637bd9e22a7a3d37b2

Need to add a rule to public policies for pod cidr (#131) * Need to add a rule to public policies for pod cidr Due to a Calico bug fixed here: https://github.com/projectcalico/felix/pull/2582 we need to add the pod cidr to an allow egress rule, so that hosts can connect to k8s cluster IP services. * Changes due to review comments

view details

push time in 10 days

PR merged IBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

Due to a Calico bug fixed here: https://github.com/projectcalico/felix/pull/2582 we need to add the pod cidr to an allow egress rule, so that hosts can connect to k8s cluster IP services.

+72 -0

0 comment

10 changed files

bradbehle

pr closed time in 10 days

push eventIBM-Cloud/kube-samples

Brad Behle

commit sha 2aacbb1e771f287a383b641242b801584038ddc8

Need to add a rule to public policies for pod cidr Due to a Calico bug fixed here: https://github.com/projectcalico/felix/pull/2582 we need to add the pod cidr to an allow egress rule, so that hosts can connect to k8s cluster IP services.

view details

Brad Behle

commit sha 13cc7dc5121c82d339dfce139bd7d69c911441e6

Changes due to review comments

view details

push time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 The Calico policies are organized by region. Choose the directory for the region  > NOTE: The policies in the ca-tor directory are meant for use with the Toronto multizone location. For the Toronto single zone location, use the policies in the us-east directory instead. +## Deployment Notes++If your cluster uses a custom pod subnet (something other than 172.30.0.0/16), including if the cluster is a VPC+cluster (which doesn't use the standard pod subnet by default), then before applying the policies, change the+instances of 172.30.0.0/16 in these policies to the pod subnet for this cluster

I made these changes

bradbehle

comment created time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 The Calico policies are organized by region. Choose the directory for the region  > NOTE: The policies in the ca-tor directory are meant for use with the Toronto multizone location. For the Toronto single zone location, use the policies in the us-east directory instead. +## Deployment Notes++If your cluster uses a custom pod subnet (something other than 172.30.0.0/16), including if the cluster is a VPC+cluster (which doesn't use the standard pod subnet by default), then before applying the policies, change the+instances of 172.30.0.0/16 in these policies to the pod subnet for this cluster

I made these changes

bradbehle

comment created time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 spec:       nets:       - 172.20.0.0/24     protocol: TCP+  - action: Allow+    destination:+      nets:+      # Allows communication from host to a cluster IP service.  This is need in these public+      # policies for now due to https://github.com/projectcalico/felix/pull/2582+      # If you specified a custom pod subnet when you created the cluster, use that CIDR instead.

I added this to ca-tor, and made the suggested modifications, except I did keep the reference to "these public policies" since this rule is already in the private policies and makes sense there. It is needed in these public policies (where it doesn't really make sense) due to the bug I reference

bradbehle

comment created time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 spec:       nets:       - 172.20.0.0/24     protocol: TCP+  - action: Allow+    destination:+      nets:+      # Allows communication from host to a cluster IP service.  This is need in these public+      # policies for now due to https://github.com/projectcalico/felix/pull/2582+      # If you specified a custom pod subnet when you created the cluster, use that CIDR instead.

and same ^ throughout

bradbehle

comment created time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 The Calico policies are organized by region. Choose the directory for the region  > NOTE: The policies in the ca-tor directory are meant for use with the Toronto multizone location. For the Toronto single zone location, use the policies in the us-east directory instead. +## Deployment Notes++If your cluster uses a custom pod subnet (something other than 172.30.0.0/16), including if the cluster is a VPC+cluster (which doesn't use the standard pod subnet by default), then before applying the policies, change the+instances of 172.30.0.0/16 in these policies to the pod subnet for this cluster
These policies specify worker node egress to `172.30.0.0/16` as the default pod subnet. If you specified a custom pod 
subnet when you created a classic cluster, or if you use a VPC cluster (which doesn't use the standard pod subnet by 
default), you must edit the `allow-ibm-ports-public.yaml` policy to change `172.30.0.0/16` to the pod subnet CIDR for 
this cluster instead. To find your cluster's pod subnet, run `ibmcloud ks cluster get -c <cluster_name_or_ID>`.
bradbehle

comment created time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 spec:       nets:       - 172.20.0.0/24     protocol: TCP+  - action: Allow+    destination:+      nets:+      # Allows communication from host to a cluster IP service.  This is need in these public+      # policies for now due to https://github.com/projectcalico/felix/pull/2582+      # If you specified a custom pod subnet when you created the cluster, use that CIDR instead.
      # Allows communication from a worker node to a ClusterIP service, which is required
      # due to https://github.com/projectcalico/felix/pull/2582. If you specified a custom pod subnet
      # when you created a classic cluster, or if you use a VPC cluster, use that CIDR instead.
bradbehle

comment created time in 10 days

Pull request review commentIBM-Cloud/kube-samples

Need to add a rule to public policies for pod cidr

 The Calico policies are organized by region. Choose the directory for the region  > NOTE: The policies in the ca-tor directory are meant for use with the Toronto multizone location. For the Toronto single zone location, use the policies in the us-east directory instead. +## Deployment Notes++If your cluster uses a custom pod subnet (something other than 172.30.0.0/16), including if the cluster is a VPC+cluster (which doesn't use the standard pod subnet by default), then before applying the policies, change the+instances of 172.30.0.0/16 in these policies to the pod subnet for this cluster

maybe:

These policies specify worker node egress to `172.30.0.0/16` as the default pod subnet. If you specified a custom pod 
subnet when you created a classic cluster, or if you use a VPC cluster (which doesn't use the standard pod subnet by 
default), you must edit the `allow-all-workers-private.yaml` policy to change `172.30.0.0/16` to the pod subnet CIDR for 
this cluster instead. To find your cluster's pod subnet, run `ibmcloud ks cluster get -c <cluster_name_or_ID>`.
bradbehle

comment created time in 10 days

push eventIBM-Cloud/kube-samples

Rachael-Graham

commit sha 7d7ac4db0222069a0683f9a1cb924f4aad96119c

Add ca-tor

view details

Rachael-Graham

commit sha 477d35ecd89166f26bb4a7bee7eaa91ec7f2e793

Revert "Add ca-tor" This reverts commit 7d7ac4db0222069a0683f9a1cb924f4aad96119c.

view details

Rachael-Graham

commit sha cf6b38442a143eb529a740b1bf8a6bd36f6fd308

Private policies

view details

Rachael-Graham

commit sha 34883b928654e227c2985dd1d28481970a81622d

Public + readmes

view details

Rachael-Graham

commit sha ac656dafa6746b9f7a64906c9c54290f0110aa43

rm ips from us-east public

view details

Rachael-Graham

commit sha 800fec25cebc2ae002a7a0b3da9d63e25a37fa8b

review

view details

Rachael Graham

commit sha 5f3c5b1813ad9011c1eabfa1719753b1d753daf2

Merge pull request #129 from IBM-Cloud/rlg-ca-tor Add ca-tor

view details

Rachael Graham

commit sha 59340e50cc29bbe82351dad6555e1748bd65ccfd

Merge branch 'master' into pod-cidr-public

view details

push time in 10 days

delete branch IBM-Cloud/kube-samples

delete branch : rlg-ca-tor

delete time in 10 days

push eventIBM-Cloud/kube-samples

Rachael-Graham

commit sha 7d7ac4db0222069a0683f9a1cb924f4aad96119c

Add ca-tor

view details

Rachael-Graham

commit sha 477d35ecd89166f26bb4a7bee7eaa91ec7f2e793

Revert "Add ca-tor" This reverts commit 7d7ac4db0222069a0683f9a1cb924f4aad96119c.

view details

Rachael-Graham

commit sha cf6b38442a143eb529a740b1bf8a6bd36f6fd308

Private policies

view details

Rachael-Graham

commit sha 34883b928654e227c2985dd1d28481970a81622d

Public + readmes

view details

Rachael-Graham

commit sha ac656dafa6746b9f7a64906c9c54290f0110aa43

rm ips from us-east public

view details

Rachael-Graham

commit sha 800fec25cebc2ae002a7a0b3da9d63e25a37fa8b

review

view details

Rachael Graham

commit sha 5f3c5b1813ad9011c1eabfa1719753b1d753daf2

Merge pull request #129 from IBM-Cloud/rlg-ca-tor Add ca-tor

view details

push time in 10 days

PR merged IBM-Cloud/kube-samples

Add ca-tor
+910 -56

1 comment

24 changed files

Rachael-Graham

pr closed time in 10 days