Marc Boorshtein mlbiam

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mlbiam
                / keybase.md
            
            
              Created
              April 13, 2017 14:00
            
          
    Keybase proof

I hereby claim:

I am mlbiam on github.
I am mlbiam (https://keybase.io/mlbiam) on keybase.
I have a public key ASDXoMp87KwJItI-xBDR-U4pYBhvjWYF6Qz9teWx_3A3GQo

To claim this, I am signing this object:

  
## gist:858a32d0ecc4bc2c520f695d41989440
#!/bin/python

import boto3
import sys


out_to = open(sys.argv[2],"w")

client = boto3.client('ssm')
response = client.get_parameters_by_path(Path=sys.argv[1],Recursive=True,WithDecryption=True)

## steps.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mlbiam
                / steps.md
            
            
              Last active
              July 29, 2019 03:15
            
              
                orchestra-to-aks.md
              
          
    Deploy AKS

Deploy AKS
I enabled HTTP Host Access for simpler deployment
Deploy Nginx Ingress

https://kubernetes.github.io/ingress-nginx/deploy/#azure

  
## bsidesdctraining.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              5 stars
            
          
                mlbiam
                / bsidesdctraining.md
            
            
              Last active
              October 19, 2020 12:47
            
              
                BSidesDC Training
              
          
    Pick a cluster - https://docs.google.com/spreadsheets/d/1iLt6dAw3JlfP9EK5sp8z1CtNYnEvEEfvGOBtELpI6mA/edit?usp=sharing
Lab 1

Login and initialize


https://ou.apps.IP.nip.io/
Login with the username / password - k8s-lab/$tart123


## HeaderAuthenticate.php
<?php

if (!defined('sugarEntry') || !sugarEntry) {
    die('Not A Valid Entry Point');
}

require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticate.php');

class HeaderAuthenticate extends SugarAuthenticate
{

## orchestra-login-central-cluster.yaml
apiVersion: openunison.tremolo.io/v1
kind: Org
metadata:
  name: cluster2
  namespace: openunison
spec:
  description: "My second cluster"
  uuid: 04901973-5f4c-46d9-9e22-55e88e168776
  parent: B158BD40-0C1B-11E3-8FFD-0800200C9A66
  showInPortal: true

## python-k8s-client.py
import requests
import logging
from urllib.parse import urlparse
from urllib.parse import parse_qs
import json
from os import system
from kubernetes import client, config

#logging.basicConfig(level=logging.DEBUG)

## gen_kube_config.py
import jwt
import yaml
from uuid import uuid4
import datetime
import sys
import json
import tempfile
from os import system

# Generate a kubernetes configuration from a private key

## create-user-namespace.yaml
---
apiVersion: openunison.tremolo.io/v1
kind: Workflow
metadata:
  name: create-user-namespace
  namespace: openunison
  labels:
    app.kubernetes.io/name: openunison
    app.kubernetes.io/instance: openunison-orchestra
    app.kubernetes.io/component: openunison-workflows

## ldap_check_alive.sh
#!/bin/bash

USER_DN="cn=ou_svc_account,ou=Users,DC=sub,DC=domain,DC=com"
USER_PASSWORD="start123"
PORT="10983"

if ! $(ldapsearch -x -D $USER_DN -w $USER_PASSWORD -b $USER_DN -s base -H ldap://127.0.0.1:$PORT/ -l 10 > /dev/null  ) ; then
  echo "failed"
  # hard kill
  kill -9 $(ps -A | grep java | awk '{print $1}')
	#!/bin/python

	import boto3
	import sys


	out_to = open(sys.argv[2],"w")

	client = boto3.client('ssm')
	response = client.get_parameters_by_path(Path=sys.argv[1],Recursive=True,WithDecryption=True)
	<?php

	if (!defined('sugarEntry') \|\| !sugarEntry) {
	die('Not A Valid Entry Point');
	}

	require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticate.php');

	class HeaderAuthenticate extends SugarAuthenticate
	{
	apiVersion: openunison.tremolo.io/v1
	kind: Org
	metadata:
	name: cluster2
	namespace: openunison
	spec:
	description: "My second cluster"
	uuid: 04901973-5f4c-46d9-9e22-55e88e168776
	parent: B158BD40-0C1B-11E3-8FFD-0800200C9A66
	showInPortal: true
	import requests
	import logging
	from urllib.parse import urlparse
	from urllib.parse import parse_qs
	import json
	from os import system
	from kubernetes import client, config

	#logging.basicConfig(level=logging.DEBUG)
	import jwt
	import yaml
	from uuid import uuid4
	import datetime
	import sys
	import json
	import tempfile
	from os import system

	# Generate a kubernetes configuration from a private key
	---
	apiVersion: openunison.tremolo.io/v1
	kind: Workflow
	metadata:
	name: create-user-namespace
	namespace: openunison
	labels:
	app.kubernetes.io/name: openunison
	app.kubernetes.io/instance: openunison-orchestra
	app.kubernetes.io/component: openunison-workflows
	#!/bin/bash

	USER_DN="cn=ou_svc_account,ou=Users,DC=sub,DC=domain,DC=com"
	USER_PASSWORD="start123"
	PORT="10983"

	if ! $(ldapsearch -x -D $USER_DN -w $USER_PASSWORD -b $USER_DN -s base -H ldap://127.0.0.1:$PORT/ -l 10 > /dev/null ) ; then
	echo "failed"
	# hard kill
	kill -9 $(ps -A \| grep java \| awk '{print $1}')