Manu Garg manugarg
manugarg
/ gist:1726dfbbc312c0a074d592140dae9aee
Last active
December 10, 2019 19:40
OAuth support in Cloudprober HTTP probes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OAuth is a widely used HTTP authentication mechanism these days. It will be nice to add some OAuth support to Cloudprober. | |
| This feature has also been requested by the users: | |
| https://github.com/google/cloudprober/issues/27 | |
| Main complexity in adding OAuth support is in managing the token itself: How do we get it -- from config or retrieve from | |
| somewhere at the runtime, how often to refresh it, etc. | |
| Since OAuth tokens usually expire, it's not very useful to specify tokens in the config or even environment variable | |
| (environment variables are passed at the process at the start time). In the config, we should specify the token source | |
| and how often to access that token source. For example, a config could look like this: |
manugarg
/ gist:81d68bc17b455664bfacff541f29cea3
Last active
January 6, 2020 18:45
TLS certificate to authenticate to K8s API Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate private key for RDS | |
| openssl genrsa -out rds.key 4096 | |
| # Create certificate signing request config (config for CSR: [1]) | |
| cat > /tmp/csr.cnf <<END | |
| [ req ] | |
| default_bits = 2048 | |
| prompt = no | |
| default_md = sha256 | |
| distinguished_name = dn |