ipedrazas

Description
A Day in the Life…
You get back from the school run and make yourself some coffee. Turn on your monitor and join the hangout for your daily standup. You spend the morning working on securing the Docker infrastructure. You go and meet some friends at your favourite bistro for lunch. When you get back, those penetration test reports are available, you review, suggesting countermeasures that can be taken to reduce the risk of the system being hacked. The day goes by in a blink and before you know it it's time for the evening school run.

What you'll be doing
At nearForm, we work with international clients who are industry leaders in their respective fields. Our role is to help them build solutions and platforms; help them to launch new product ventures and fundamentally change how they operate.

As a DevSecOps engineer, you will be leading the security efforts on building secure CI/CD pipelines on orchestration platforms such as DCOS or Kubernetes.

You will also be developing tools to enforce and mo

ipedrazas

gcloud beta container --project "kubernetes-prototype-197913" clusters create "istio" --zone "europe-west2-a" --username "admin" --cluster-version "1.9.4-gke.1" --machine-type "n1-standard-1" --image-type "COS" --disk-size "100" --scopes "https://www.googleapis.com/auth/compute","https://www.googleapis.com/auth/devstorage.read_write","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/pubsub","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append" --preemptible --num-nodes "4" --network "default" --subnetwork "default"

ipedrazas

# First we start the manual process, this will give us the details of the TXT entry we
# have to use

docker run --rm  -it \
-v "${HOME}/.acme":/acme.sh \
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID  \
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY  \
-e HOME=/root                   \
neilpang/acme.sh --issue  --dns -d "*.istio.sandbox.nutmeg.co.uk"  --yes-I-know-dns-manual-mode-enough-go-ahead-please 

ipedrazas

curl -s http://localhost:9100/metrics | curl --data-binary @- http://pushgateway.example.org:9091/metrics/job/some_job/instance/some_instance

ipedrazas

        - name: oauth2-proxy
        image: a5huynh/oauth2_proxy
        args:
          - "-upstream=http://localhost:5601/"
          - "-provider=github"
          - "-cookie-secure=true"
          - "-cookie-expire=168h0m"
          - "-cookie-refresh=60m"
          - "-cookie-secret=SECRET COOKIE"
          - "-cookie-domain=kibana.fromatob.com"

ipedrazas

# create sa for tiller and add the right role to that sa
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-admin \
    --clusterrole=cluster-admin \
    --serviceaccount=kube-system:tiller
# initialise helm-tiller using that sa
helm init --service-account tiller

ipedrazas

kubectl config set-cluster volume --server=https://api.volume.mydmain.com --insecure-skip-tls-verify=true
kubectl config set-context volume --cluster=volume --user=myuser
kubectl config set-credentials myuser --token=$KUBERNETES_TOKEN
kubectl config use-context volume


kubectl create namespace ks-dev

 CURRENT_CONTEXT=$(kubectl config current-context)
 CURRENT_CLUSTER=$(kubectl config get-contexts $CURRENT_CONTEXT | tail -1 | awk '{print $3}')

ipedrazas

Security & Authentication in Kubenretes

Generating a new certificate

# Generate private key
openssl genrsa -out myuser.pem 2048

ipedrazas

// Replace “layer 19” with your desired layer number. 

{REPLACE "\n; layer 19, Z = " "; layer 19\nG28 Y0 X0\nM300\nM25\nG92 E0\nG28 Y0 X0\n; layer 19 "}

// G28: Move to origin
// M300: Play beep sound
// M25: Pause SD print
// G92: set position
// G92 E0 sets the extrusion length to zero and stops the reversal of the extruder

ipedrazas

#!/usr/bin/env sh

set -o errexit
set -o nounset
set -o pipefail

test -z "${DEBUG:-}" || {
    set -x
}