Martijn Heemels Yggdrasil

## coreos-efs-cloud-config
#cloud-config

write-files:
 - path: /etc/conf.d/nfs
   permissions: '0644'
   content: |
     OPTS_RPC_MOUNTD=""
users:
   - name: XYZ
     groups:

## run_letsencrypt
#!/bin/bash

#Vars
web_service='nginx'
config_path='/usr/local/letssl/'
le_path='/opt/letsencrypt'
exp_limit=20;

#Func
function check_ssl {

## EC2-Tag-Assets-Lambda.py
from __future__ import print_function

import json
import boto3
import logging

#setup simple logging for INFO
logger = logging.getLogger()
logger.setLevel(logging.ERROR)

## varnish-apt
/*
 * This file was autogenerated by puppet. Do not edit manually!
 *
 * snowflake Varnish Configuration for APT Cache
 */


/*
 * Backend Servers (APT Repositories)
 */

## cloudfront-logstash.conf
input {
  s3 {
    bucket => "<CLOUDFRONT_LOG_BUCKET>"
    prefix => "<CLOUDFRONT_LOG_KEY_PREFIX>"
    region => "<BUCKET_REGION_NAME>"
  }
}


filter {

## gist:0b7866b7e17059920a9ab1a80ea18eb4
$thres=0.02, .es(index='metricbeat*',metric='max:system.cpu.user.pct').lines(1).if(eq, 0, null).holt(0.9, 0.1, 0.9, 0.5h).color(#eee).lines(10).label('Prediction'), .es(index='metricbeat*',metric='max:system.cpu.user.pct').color(#666).lines(1).label(Actual), .es(index='metricbeat*',metric='max:system.cpu.user.pct').lines(1).if(eq, 0, null).holt(0.9, 0.1, 0.9, 0.5h).subtract(.es(index='metricbeat*',metric='max:system.cpu.user.pct')).abs().if(lt, $thres, null, .es(index='metricbeat*',metric='max:system.cpu.user.pct')).points(10,3,0).color(#c66).label('Anomaly').title('max:system.cpu.user.pct / @rmoff')

## gist:0ccde40b0df06191228e5bde7558e1e3
1. Create the KV config:

docker run  traefik \
        storeconfig \
        --consul \
        --consul.prefix="traefik" \
        --consul.watch \
        --consul.endpoint="CONSUL_IP:8500" \
        --consulcatalog=true \
        --consulcatalog.endpoint="CONSUL_IP:8500" \

## rbac-kops.md

      
              1 file
            
          
              2 forks
            
          
              2 comments
            
          
              10 stars
            
          
                chrislovecnm
                / rbac-kops.md
            
            
              Created
              March 3, 2017 21:53
            
              
                RBAC Notes
              
          
    kops cluster config
kubeAPIServer:
  authorizationMode: RBAC
  authorizationRbacSuperUser: admin
  oidcCAFile: /srv/kubernetes/ca.crt
  oidcClientID: example
  oidcGroupsClaim: groups
  oidcIssuerURL: https://dex.example.com
  oidcUsernameClaim: email

  
## wannacry-vaccine.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskdl.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskse.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wannacry.exe]
"Debugger"="taskkill /F /IM "

## restricted-psp.yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
  name: restricted
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
spec:
	#cloud-config

	write-files:
	- path: /etc/conf.d/nfs
	permissions: '0644'
	content: \|
	OPTS_RPC_MOUNTD=""
	users:
	- name: XYZ
	groups:
	#!/bin/bash

	#Vars
	web_service='nginx'
	config_path='/usr/local/letssl/'
	le_path='/opt/letsencrypt'
	exp_limit=20;

	#Func
	function check_ssl {
	from __future__ import print_function

	import json
	import boto3
	import logging

	#setup simple logging for INFO
	logger = logging.getLogger()
	logger.setLevel(logging.ERROR)
	/*
	* This file was autogenerated by puppet. Do not edit manually!
	*
	* snowflake Varnish Configuration for APT Cache
	*/


	/*
	* Backend Servers (APT Repositories)
	*/
	input {
	s3 {
	bucket => "<CLOUDFRONT_LOG_BUCKET>"
	prefix => "<CLOUDFRONT_LOG_KEY_PREFIX>"
	region => "<BUCKET_REGION_NAME>"
	}
	}


	filter {
	1. Create the KV config:

	docker run traefik \
	storeconfig \
	--consul \
	--consul.prefix="traefik" \
	--consul.watch \
	--consul.endpoint="CONSUL_IP:8500" \
	--consulcatalog=true \
	--consulcatalog.endpoint="CONSUL_IP:8500" \
	Windows Registry Editor Version 5.00

	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskdl.exe]
	"Debugger"="taskkill /F /IM "

	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskse.exe]
	"Debugger"="taskkill /F /IM "

	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wannacry.exe]
	"Debugger"="taskkill /F /IM "
	apiVersion: extensions/v1beta1
	kind: PodSecurityPolicy
	metadata:
	name: restricted
	annotations:
	seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
	apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
	seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
	apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
	spec: