Skip to content

Instantly share code, notes, and snippets.

Description
A Day in the Life…
You get back from the school run and make yourself some coffee. Turn on your monitor and join the hangout for your daily standup. You spend the morning working on securing the Docker infrastructure. You go and meet some friends at your favourite bistro for lunch. When you get back, those penetration test reports are available, you review, suggesting countermeasures that can be taken to reduce the risk of the system being hacked. The day goes by in a blink and before you know it it's time for the evening school run.
What you'll be doing
At nearForm, we work with international clients who are industry leaders in their respective fields. Our role is to help them build solutions and platforms; help them to launch new product ventures and fundamentally change how they operate.
As a DevSecOps engineer, you will be leading the security efforts on building secure CI/CD pipelines on orchestration platforms such as DCOS or Kubernetes.
You will also be developing tools to enforce and mo
@ipedrazas
ipedrazas / gist:1e1391a260256dad1a6cd0f33497252e
Created March 26, 2018 14:47
create istio cluster with storage
gcloud beta container --project "kubernetes-prototype-197913" clusters create "istio" --zone "europe-west2-a" --username "admin" --cluster-version "1.9.4-gke.1" --machine-type "n1-standard-1" --image-type "COS" --disk-size "100" --scopes "https://www.googleapis.com/auth/compute","https://www.googleapis.com/auth/devstorage.read_write","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/pubsub","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append" --preemptible --num-nodes "4" --network "default" --subnetwork "default"
@ipedrazas
ipedrazas / gist:16bc3c7216a2c522f8c98c2602009485
Last active March 28, 2019 12:24
docker renew wildcard cert with letsencrypt
# First we start the manual process, this will give us the details of the TXT entry we
# have to use
docker run --rm -it \
-v "${HOME}/.acme":/acme.sh \
-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-e HOME=/root \
neilpang/acme.sh --issue --dns -d "*.istio.sandbox.nutmeg.co.uk" --yes-I-know-dns-manual-mode-enough-go-ahead-please
@ipedrazas
ipedrazas / push_node_exporter.sh
Created March 16, 2018 15:08 — forked from marcusdb/push_node_exporter.sh
push node_exporter metrics to push gateway
curl -s http://localhost:9100/metrics | curl --data-binary @- http://pushgateway.example.org:9091/metrics/job/some_job/instance/some_instance
- name: oauth2-proxy
image: a5huynh/oauth2_proxy
args:
- "-upstream=http://localhost:5601/"
- "-provider=github"
- "-cookie-secure=true"
- "-cookie-expire=168h0m"
- "-cookie-refresh=60m"
- "-cookie-secret=SECRET COOKIE"
- "-cookie-domain=kibana.fromatob.com"
@ipedrazas
ipedrazas / gist:f5414ecacc73b679f393b50c7cc056f4
Created February 28, 2018 09:29
Helm with rbac - god mode
# create sa for tiller and add the right role to that sa
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-admin \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:tiller
# initialise helm-tiller using that sa
helm init --service-account tiller
@ipedrazas
ipedrazas / gist:e156a459f0f8a36ded8c5e3b9cde790c
Last active February 28, 2018 09:56
kube set context the heptio way
kubectl config set-cluster volume --server=https://api.volume.mydmain.com --insecure-skip-tls-verify=true
kubectl config set-context volume --cluster=volume --user=myuser
kubectl config set-credentials myuser --token=$KUBERNETES_TOKEN
kubectl config use-context volume
kubectl create namespace ks-dev
CURRENT_CONTEXT=$(kubectl config current-context)
CURRENT_CLUSTER=$(kubectl config get-contexts $CURRENT_CONTEXT | tail -1 | awk '{print $3}')
@ipedrazas
ipedrazas / authentication-k8s.md
Created February 16, 2018 11:22
Authentication in k8s

Security & Authentication in Kubenretes

Generating a new certificate

# Generate private key
openssl genrsa -out myuser.pem 2048
// Replace “layer 19” with your desired layer number.
{REPLACE "\n; layer 19, Z = " "; layer 19\nG28 Y0 X0\nM300\nM25\nG92 E0\nG28 Y0 X0\n; layer 19 "}
// G28: Move to origin
// M300: Play beep sound
// M25: Pause SD print
// G92: set position
// G92 E0 sets the extrusion length to zero and stops the reversal of the extruder
@ipedrazas
ipedrazas / scaleway-k8s.sh
Created January 3, 2018 09:54
Deploying Kubernetes with the Scaleway CLI
#!/usr/bin/env sh
set -o errexit
set -o nounset
set -o pipefail
test -z "${DEBUG:-}" || {
set -x
}