Certificates are valid for one year by default (i.e. generated by kubeadm)
The certificates validity periods can be checked with openssl
.
For example, connected on one of the masters :
openssl -in /etc/kubernetes/pki/apiserver.crt -noout -text
#!/bin/bash | |
# As the "bufferbloat" folks have recently re-discovered and/or more widely | |
# publicized, congestion avoidance algorithms (such as those found in TCP) do | |
# a great job of allowing network endpoints to negotiate transfer rates that | |
# maximize a link's bandwidth usage without unduly penalizing any particular | |
# stream. This allows bulk transfer streams to use the maximum available | |
# bandwidth without affecting the latency of non-bulk (e.g. interactive) | |
# streams. |
// ==UserScript== | |
// @name Google Search Better Privacy | |
// @description Delete unnecessary params and add useful params on Google Search. | |
// @version 0.0.4 | |
// @include http://*.google.*/search* | |
// @include http://*.google.*/imgres* | |
// @include https://*.google.*/search* | |
// @include https://*.google.*/imgres* | |
// @exclude http://play.google.com/* | |
// @exclude http://mail.google.com/* |
- name: Copying the templated jinja2 files | |
template: | |
src: {{item}} | |
dest: {{RUN_TIME}}/{{ item | regex_replace(role_path+'/templates','') | regex_replace('\.j2', '') }} | |
with_items: | |
- "{{ lookup('pipe','find {{role_path}}/templates -type f').split('\n') }}" | |
- name: create x template | |
template: | |
src: {{ item }} |
#!/boot/bzImage | |
# Linux kernel userspace initialization code, translated to bash | |
# (Minus floppy disk handling, because seriously, it's 2017.) | |
# Not 100% accurate, but gives you a good idea of how kernel init works | |
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st> | |
# Based on Linux 4.10-rc2. | |
# Note: pretend chroot is a builtin and affects the current process | |
# Note: kernel actually uses major/minor device numbers instead of device name |
user_pref("beacon.enabled", false); | |
user_pref("browser.disableResetPrompt", true); | |
user_pref("browser.fixup.alternate.enabled", false); | |
user_pref("browser.newtab.preload", false); | |
user_pref("browser.newtabpage.enhanced", false); | |
user_pref("browser.newtabpage.introShown", true); | |
user_pref("browser.safebrowsing.appRepURL", ""); | |
user_pref("browser.safebrowsing.enabled", false); | |
user_pref("browser.safebrowsing.malware.enabled", false); | |
user_pref("browser.search.suggest.enabled", false); |
webgl.disabled;false | |
layers.acceleration.force-enabled;true | |
extensions.pocket.enabled;false | |
geo.enabled;false | |
media.peerconnection.enabled;false | |
media.peerconnection.identity.enabled;false | |
media.peerconnection.use_document_iceservers;false | |
media.peerconnection.video.enabled;false | |
network.cookie.lifetime.days;8 | |
network.cookie.lifetimePolicy;3 |
# This is an example of the Stack Exchange Tier 1 HAProxy config | |
# The only things that have been changed from what we are running are: | |
# 1. User names have been removed | |
# 2. All Passwords have been remove | |
# 3. IPs have been changed to use the example/documentation ranges | |
# 4. Rate limit numbers have been changed to randome numbers, don't read into them | |
userlist stats-auth | |
group admin users $admin_user | |
user $admin_user insecure-password $some_password |
#!/usr/bin/node | |
// non-strict mode = `this` context is 'global' | |
// strict-mode = `this` context is undefined | |
function parentFunction() { | |
this.foo = 'bar'; | |
console.log('parentFunction scope : ' + this.foo); |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <stdint.h> | |
#ifdef _MSC_VER | |
#include <intrin.h> /* for rdtscp and clflush */ | |
#pragma optimize("gt",on) | |
#else | |
#include <x86intrin.h> /* for rdtscp and clflush */ | |
#endif |