Drew Drewster727

## azure-ad-k8s-idp.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              4 stars
            
          
                lukapetrovic-git
                / azure-ad-k8s-idp.md
            
            
              Last active
              July 14, 2024 01:39
            
          
    The following are steps to set up Azure AD as an Identity Provider for an on-prem Kubernetes cluster.
Starting point:


Azure Subscription
On-prem Kubernetes cluster (in my case RKE2 v1.27.12+rke2r1)

The scenario is pretty straightforward:

I want to connect from my Workstation (Windows/Linux/Mac) to an on-prem Kubernetes cluster and authenticate to is using Azure AD.

  
## data.tf
data "aws_caller_identity" "current" {} # data.aws_caller_identity.current.account_id
data "aws_region" "current" {} # data.aws_region.current.name

output "account_id" {
  description = "Selected AWS Account ID"
  value       = data.aws_caller_identity.current.account_id
}

output "region" {
  description = "Details about selected AWS region"

## docker-compose.yaml
version: "3"

networks:
  default:
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.57.0/24

services:

## Docker 23 + Traefik 2.9.10 and v1.7 + Let's Encrypt + Github Registry V2 ghcr.io + Updated on 12 April 2023
Docker 23 + Traefik v2.9.10 and v1.7 + Let's Encrypt + Github Registry V2 ghcr.io + Updated on 12 April 2023

Content:
- Ubuntu 22.04
- Docker Engine 23.0.3
- Docker Compose 2.17.2
- Traefik v1.7.18 with dnsChallenge
- Traefik v2.9.9 with httpChallenge
--
- Github Registry V2 ghcr.io

## WireGuard_Setup.txt
Install WireGuard via whatever package manager you use.  For me, I use apt.

$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard

MacOS
$ brew install wireguard-tools

Generate key your key pairs.  The key pairs are just that, key pairs.  They can be

## purge_prom_pushgateway.sh

trap 'echo "got sigterm" ; exit 0' SIGTERM

EXPIRATION_SECONDS=${EXPIRATION_SECONDS:-900}
PGW_URL=${PGW_URL:-http://pushgateway}

function convert_to_standardnotation(){
    # convert number from scientific notation to standar d( ie  '1.5383780136826127e+09' )
    printf '%.0f' $1
}

## lambda-image-resizer.js
const sharp = require('sharp');
const aws = require('aws-sdk');
const s3 = new aws.S3();

const Bucket = "BucketName";
const transforms = [
  { name: 'small', size: 85 },
  { name: 'medium', size: 160 },
  { name: 'large', size: 250 },
];

## gist:ba189a729d81babc99d7cef0fb6fbcd8
sudo su

yum --enablerepo=extras install epel-release
yum -y install patch dkms kernel-devel perl
yum update

#Required for kernel num 5:
yum --enablerepo=elrepo-kernel -y install kernel-ml-devel

reboot

## 1-Enable Docker Remote API with TLS client verification.md

      
              2 files
            
          
              35 forks
            
          
              8 comments
            
          
              124 stars
            
          
                kekru
                / 1-Enable Docker Remote API with TLS client verification.md
            
            
              Last active
              June 14, 2024 09:01
            
              
                Docker Remote API with client verification via daemon.json
              
          
    Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.

First of all you need a few certificates and keys:

CA certificate
Server certificate
Server key
Client certificate
Client key

Create certificate files


## docker-compose.yml
version: '3'
services:
  plex:
    image: plexinc/pms-docker:beta
    container_name: plex
    restart: always
    network_mode: host

    volumes:
      - $PWD/plex/config:/config
	data "aws_caller_identity" "current" {} # data.aws_caller_identity.current.account_id
	data "aws_region" "current" {} # data.aws_region.current.name

	output "account_id" {
	description = "Selected AWS Account ID"
	value = data.aws_caller_identity.current.account_id
	}

	output "region" {
	description = "Details about selected AWS region"
	version: "3"

	networks:
	default:
	driver: bridge
	ipam:
	config:
	- subnet: 172.16.57.0/24

	services:
	Docker 23 + Traefik v2.9.10 and v1.7 + Let's Encrypt + Github Registry V2 ghcr.io + Updated on 12 April 2023

	Content:
	- Ubuntu 22.04
	- Docker Engine 23.0.3
	- Docker Compose 2.17.2
	- Traefik v1.7.18 with dnsChallenge
	- Traefik v2.9.9 with httpChallenge
	--
	- Github Registry V2 ghcr.io
	Install WireGuard via whatever package manager you use. For me, I use apt.

	$ sudo add-apt-repository ppa:wireguard/wireguard
	$ sudo apt-get update
	$ sudo apt-get install wireguard

	MacOS
	$ brew install wireguard-tools

	Generate key your key pairs. The key pairs are just that, key pairs. They can be

	trap 'echo "got sigterm" ; exit 0' SIGTERM

	EXPIRATION_SECONDS=${EXPIRATION_SECONDS:-900}
	PGW_URL=${PGW_URL:-http://pushgateway}

	function convert_to_standardnotation(){
	# convert number from scientific notation to standar d( ie '1.5383780136826127e+09' )
	printf '%.0f' $1
	}
	const sharp = require('sharp');
	const aws = require('aws-sdk');
	const s3 = new aws.S3();

	const Bucket = "BucketName";
	const transforms = [
	{ name: 'small', size: 85 },
	{ name: 'medium', size: 160 },
	{ name: 'large', size: 250 },
	];
	sudo su

	yum --enablerepo=extras install epel-release
	yum -y install patch dkms kernel-devel perl
	yum update

	#Required for kernel num 5:
	yum --enablerepo=elrepo-kernel -y install kernel-ml-devel

	reboot
	version: '3'
	services:
	plex:
	image: plexinc/pms-docker:beta
	container_name: plex
	restart: always
	network_mode: host

	volumes:
	- $PWD/plex/config:/config