This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local kube = (import "lib/kube.libsonnet") { | |
PodSecurityPolicy(name):: kube._Object("policy/v1beta1", "PodSecurityPolicy", name) { | |
metadata+: { | |
assert !std.objectHas(self, "namespace"): "PSPs are not namespaced", | |
}, | |
}, | |
}; | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jjo@sapito:~/coro/clases-devops/c01/p01/api_jwt$ docker-compose up | |
Starting api_jwt_init_1 ... done | |
Starting api_jwt_main_1 ... done | |
Starting api_jwt_test_1 ... done | |
Attaching to api_jwt_init_1, api_jwt_main_1, api_jwt_test_1 | |
init_1 | fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/APKINDEX.tar.gz | |
test_1 | fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86_64/APKINDEX.tar.gz | |
init_1 | fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/community/x86_64/APKINDEX.tar.gz | |
main_1 | Server started at 3001 | |
init_1 | v3.8.4-63-g0ce51efa7e [http://dl-cdn.alpinelinux.org/alpine/v3.8/main] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var resourceConfigAddCmd = &cobra.Command{ | |
Use: "add", | |
Short: "adds specific resources to be watched", | |
Long: `adds specific resources to be watched`, | |
Run: func(cmd *cobra.Command, args []string) { | |
conf, err := config.New() | |
if err != nil { | |
logrus.Fatal(err) | |
} | |
flags := []struct { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Workaround CVE-2019-5736 via patched runc provided by | |
# https://github.com/rancher/runc-cve | |
# The script does: | |
# 1) find "docker-runc" executable and docker version | |
# 2) download corresponding patched runc | |
# 3) dpkg-divert (ie "permanently move") pkg installed runc and replace it by 2) | |
# | |
# Run with "-n" for dry-run. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Output from: | |
# kubectl get ds --namespace=kube-system kube-router -oyaml | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
creationTimestamp: "2018-12-04T20:17:44Z" | |
generation: 2 | |
labels: | |
k8s-app: kube-router | |
tier: node |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
creationTimestamp: "2018-12-04T20:17:44Z" | |
generation: 2 | |
labels: | |
k8s-app: kube-router | |
tier: node | |
name: kube-router |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
namespace: kube-system | |
name: node-custom-setup | |
labels: | |
k8s-app: node-custom-setup | |
annotations: | |
command: &cmd apt-get update -qy && apt-get install -qy tgt ceph-fs-common ceph-common xfsprogs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
test-some_distros-most_CNIs.env-01.out:INFO: [2018-10-15T19:22:05+00:00] debian[kube_network_plugin=calico {"kubeadm_enabled":true}] START: file_out=./out/test-some_distros-most_CNIs.env-01.out | |
test-some_distros-most_CNIs.env-01.out:PASS: [2018-10-15T19:26:03+00:00] debian[kube_network_plugin=calico {"kubeadm_enabled":true}]}: dind-nodes | |
test-some_distros-most_CNIs.env-01.out:PASS: [2018-10-15T19:46:38+00:00] debian[kube_network_plugin=calico {"kubeadm_enabled":true}]}: kubespray | |
test-some_distros-most_CNIs.env-01.out:kube-system calico-kube-controllers-84b474f7c5-mn99n 1/1 Running 0 2m1s | |
test-some_distros-most_CNIs.env-01.out:kube-system calico-node-248sq 1/1 Running 0 2m25s | |
test-some_distros-most_CNIs.env-01.out:kube-system calico-node-4t2mq 1/1 Running 0 2m25s | |
test-some_distros-most_CNIs.env-01.out:kube-system calico-node-74xdj 1/1 Running 0 2m24s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
creationTimestamp: null | |
labels: | |
run: jjo-alp | |
name: jjo-alp | |
spec: | |
initContainers: | |
- args: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root | |
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged` | |
# admission controller. | |
# Pod command in turn runs a privileged container using node's /var/run/docker.sock. | |
node=${1} | |
case "${node}" in | |
"") | |
nodeSelector='' | |
podName=${USER+${USER}-}docker-any |