Skip to content

Instantly share code, notes, and snippets.

Avatar
🐝
eBPF is the future

Liz Rice lizrice

🐝
eBPF is the future
View GitHub Profile
@lizrice
lizrice / who-can.yaml
Created Jul 13, 2020
Role & RoleBinding as an example for who-can
View who-can.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-runner
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["create", "delete", "get", "watch", "list"]
---
@lizrice
lizrice / stars.html
Created Jun 15, 2020
Stargazer count
View stars.html
<!DOCTYPE html>
<html lang="en">
<head>
<script src="https://unpkg.com/axios/dist/axios.min.js"></script>
</head>
<body>
<p>Project <span id="repo">aquasecurity/trivy</span> <span id="starcount"></span></p>
</body>
<script>
function getStarcount(repo, resultElement) {
@lizrice
lizrice / metadata
Last active Nov 4, 2019
Trivy project CLA
View metadata
{
"name": {
"title": "Full Name",
"type": "string",
"githubKey": "name"
},
"email": {
"title": "E-Mail",
"type": "string",
"githubKey": "email",
@lizrice
lizrice / variable.go
Created Aug 17, 2019
Variables in functions in Go
View variable.go
func main() {
x := 1
f := func() {
fmt.Printf("x is %d\n", x)
}
x = 2
f()
}
@lizrice
lizrice / cla.md
Last active Aug 22, 2019
Contributor License Agreement
View cla.md

I hereby irrevocably assign all of my right, title and interest in and to my past, present and future contributions to the Name of project Open Source project (“Contributions”) to Recipient, and irrevocably waive and release all rights and claims in respect thereof (including all moral rights or similar rights), without the right to receive any compensation or royalties.

I hereby represent and warrant that I am the sole author of the Contributions, which are my original creations, that I have the legal right to make the assignment set forth above, and that no Contributions are subject to any claim of ownership or otherwise by my employer or any other organization with which I may be affiliated in any way.

@lizrice
lizrice / hello_map.py
Last active Aug 20, 2021
eBPF hello world
View hello_map.py
#!/usr/bin/python
from bcc import BPF
from time import sleep
# This outputs a count of how many times the clone and execve syscalls have been made
# showing the use of an eBPF map (called syscall).
program = """
BPF_HASH(syscall);
@lizrice
lizrice / Vagrantfile
Created Mar 7, 2019
Openshift single-node cluster Vagrantfile
View Vagrantfile
$ cat Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
$script = <<-SCRIPT
cat > /etc/docker/daemon.json << EOF
{
"insecure-registries": [
"172.30.0.0/16"
@lizrice
lizrice / Vagrantfile
Last active Jul 13, 2020
Preventative Kubernetes Security demo
View Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
# After loading this
# Install a pod network
# $ kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
# Allow pods to run on the master node
# $ kubectl taint nodes --all node-role.kubernetes.io/master-
@lizrice
lizrice / kubelet-api.md
Last active Sep 21, 2021
Checking Kubelet API access
View kubelet-api.md

Accessing Kubelet API

curl -sk https://localhost:10250/pods/
  • If --anonymous-auth is turned off, you will see a 401 Unauthorized response.
  • If --anonymous-auth is true and --authorization-mode is Webhook you'll see 403 Forbidden response with message Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)
  • If --anonymous-auth is true and --authorization-mode is AlwaysAllow you'll see a list of pods.
@lizrice
lizrice / Vagrantfile
Last active Jul 13, 2021
Vagrant file for setting up a single-node Kubernetes cluster that I can access from my desktop. Read more: https://medium.com/@lizrice/kubernetes-in-vagrant-with-kubeadm-21979ded6c63
View Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
# This script to install Kubernetes will get executed after we have provisioned the box
$script = <<-SCRIPT
# Install kubernetes
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list