joejulian

---
- name: a
  hosts: localhost
  become: yes
  tasks:
    - name: check passed data
      debug:
        msg: "Finding the interface assigned {{ keepalived.virtual_ip }}"

    - name: set interface fact

joejulian

DUMP-START-TIME: 2021-05-05 20:56:00.238304 +0000

[mallinfo]
mallinfo_arena=289714176
mallinfo_ordblks=192753
mallinfo_smblks=114301
mallinfo_hblks=3
mallinfo_hblkhd=1429504
mallinfo_usmblks=0
mallinfo_fsmblks=11270480

joejulian

1. stop the cron-job that was restarting traefik
2. deploy traefik container patched by Jarred, decrease the amount of replicas to 1, enable debug mode and debug logging (add --loglevel=debug and -d to the argv list)
3. on each apiserver, done 1 by 1:
   a. vi /etc/kubernetes/audit-policy/apiserver-audit-policy.yaml , add:
     <right at the begining of rules section>

  - level: RequestResponse
    users: ["system:serviceaccount:kubeaddons:traefik-kubeaddons"]

   b. restart apiserver

joejulian

==> Making package: dsview 1.12-2 (Wed 28 Apr 2021 05:18:20 PM PDT)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found DSView-1.12.tar.gz
  -> Found qt5.15.patch
  -> Found udev.rules
  -> Found dsview.desktop
==> Validating source files with sha384sums...
    DSView-1.12.tar.gz ... Passed

joejulian

CVE-2019-7609              kibana-1.0.0                        Critical        None          CVE-2019-7609         https://nvd.nist.gov/vuln/detail/CVE-2019-7609               npm         nvdv2:cves        /usr/share/kibana/node_modules/@kbn/pm/src/utils/__fixtures__/kibana/package.json                           
CVE-2019-7610              kibana-1.0.0                        Critical        None          CVE-2019-7610         https://nvd.nist.gov/vuln/detail/CVE-2019-7610               npm         nvdv2:cves        /usr/share/kibana/node_modules/@kbn/pm/src/utils/__fixtures__/kibana/package.json                           
CVE-2020-3681              -                                   Critical        None          CVE-2020-3681         https://nvd.nist.gov/vuln/detail/CVE-2020-3681               npm         nvdv2:cves        /usr/share/kibana/node_modules/@babel/runtime-corejs2/helpers/esm/package.json                              
CVE-2020-3681              -                                   Critical        

joejulian

#!/bin/bash
set -euo pipefail

EXPIRATION="${1:-8h}"
TEMPFILE=$(mktemp)

yq -Y '. | (
    select(.kind == "ClusterProvisioner") | 
        .spec.aws.tags.expiration = "'"${EXPIRATION}"'"),(
    select(.kind != "ClusterProvisioner") |

joejulian

#!/bin/bash
set -euo pipefail

EXPIRATION="${1:-8h}"
TEMPFILE=$(mktemp)

yq -Y '. | (
    select(.kind == "ClusterProvisioner") | 
        .spec.aws.tags.expiration = "'"${EXPIRATION}"'"),(
    select(.kind != "ClusterProvisioner") |

joejulian

#!/bin/bash
set -euo pipefail

EXPIRATION="${1:-8h}"
TEMPFILE=$(mktemp)

yq -Y '. | (
    select(.kind == "ClusterProvisioner") | 
        .spec.aws.tags.expiration = "'"${EXPIRATION}"'"),(
    select(.kind != "ClusterProvisioner") |

joejulian

#!/bin/bash
# vim: set sts=4 sw=4 et tw=0 :
#
# License: BSD

: ${XWININFO:=$(type -P xwininfo)}
[[ -z ${XWININFO} ]] && { echo "You need to install xwininfo"; exit 1; }
: ${XPROP:=$(type -P xprop)}
[[ -z ${XPROP} ]] && { echo "You need to install xprop"; exit 1; }

joejulian

defaultstorageclass-protection

• update client-go to 0.19.2 to support k8s 1.16-1.21

• use the distroless image and run as nonroot user to address image CVEs #880 (@mesosphere-mergebot)

• Fix CVE-2019-14697. #878 (@faiq)

• defaultstorageclass: use unique Service selectors to avoid selecting unwanted endpoints from other charts. #832 (@dkoshkin)