Skip to content

Instantly share code, notes, and snippets.

k4kratik / sample-external-secret.yaml
Last active October 19, 2023 11:14
ExternalSecret maniefest
kind: ExternalSecret
name: sample-external-secrets
namespace: vault-operator
refreshInterval: 15s
name: vault-secret-store # name of the secret store
kind: ClusterSecretStore
k4kratik / secret-store.yaml
Last active October 19, 2023 10:10
kind: ClusterSecretStore
name: vault-secret-store
server: "https://vault.vault-operator:8200"
# adding this to verify CA, as we are using self-signed certificates.
k4kratik / rbac.yaml
Created October 2, 2023 12:47
required RBAC permissions for vault to be deployed in K8s
kind: ServiceAccount
apiVersion: v1
name: vault
namespace: vault-operator
kind: Role
k4kratik / vault-deploy.yml
Last active October 19, 2023 10:08
Vault Deployment for Vault Operator with External Secrets for Kubernetes
apiVersion: ""
kind: "Vault"
name: "vault"
labels: vault
namespace: vault-operator
size: 3
image: vault:1.13.3
k4kratik /
Last active April 19, 2022 05:04
create users for k8s cluster as per the requirements and assign them the minimum permissions required to function properly

How to set up users in Kubernetes?

When we set up Kubernetes the default config file (aka kubeconfig file) has admin privileges. This is fine when you are the only one who is going to access the cluster*(still not a good practice tho!)* but what if there are multiple teams/devs involved and they also need to access the cluster for some use case, obviously, they don't need the full access, So now what? Will you give them your kubeconfig file(or the access) which has full permissions? Absolutely not!

Have you heard about the Principle of least privilege? It dictates - A subject should be given only those privileges needed for it to complete its task. If a subject does not need an access right, the subject should not have that right.

So we should create users as per the requirements and assign them the minimum permissions to function properly, right? but how do we do it?

Just to be clear, Kubernetes does not have the support for users natively. And from the [documentation](https://kubernetes.

AWSTemplateFormatVersion: "2010-09-09"
Description: Schedule automatic deletion of CloudFormation stacks
# Advance way to customize our Parameters inputs, looks very good to the users :)
License: Apache-2.0
- Label:
from datetime import datetime, timedelta
def deletion_time(ttl):
print("[DEBUG] The Current Time is: ",
delete_at_time = + timedelta(minutes=int(ttl))
print("[DEBUG] This Will be deleted at: ",delete_at_time)
hh = delete_at_time.hour
mm = delete_at_time.minute
yyyy = delete_at_time.year
month = delete_at_time.month
k4kratik /
Last active May 22, 2021 09:27
Script to find if your Docker image with the specific tag exists or not. Check the blog at
function DockerImageCheckFunction() {
# you can comment all the DEBUG echo statements, there are here just for info.
DHUB_TOKEN=$(curl -sSLd "username=${DOCKER_HUB_USERNAME}&password=${DOCKER_HUB_PASSWORD}" | jq -r ".token")
echo "[DEBUG] [$(date)] Token is: $DHUB_TOKEN"
echo "[DEBUG] [$(date)] Hitting the endpoint:${DOCKER_REPO}/tags/${DOCKER_TAG}/"
REPO_RESPONSE=$(curl -sH "Authorization: JWT $DHUB_TOKEN" "${DOCKER_REPO}/tags/${DOCKER_TAG}/")
k4kratik /
Last active October 12, 2020 03:59
Instructions on How to use k4kratik/zoho Docker Image to Automate your login on Zoho People.

To make this work as expected, provide these three Environments correctly and then you are good to go!

  1. ENV1 - your email - Plain text
  2. ENV2 - your password - Base64 encoded
  3. ZOHO_NOTIFY_WEBHOOK - Webhook, where you want to send notifications - Plain Text

I have tried with Webhook URL of one of my room on Google Chat.

So for setting up you env, do this -