A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
# Source: k8s-monitoring/templates/platform_specific/openshift/security-context-constraint.yaml | |
apiVersion: security.openshift.io/v1 | |
kind: SecurityContextConstraints | |
metadata: | |
name: grafana-k8s-monitoring-alloy | |
allowHostDirVolumePlugin: false | |
allowHostIPC: false | |
allowHostNetwork: false | |
allowHostPID: false | |
allowHostPorts: false |
{ | |
Version = "2012-10-17" | |
Statement = [ | |
{ | |
Effect = "Allow" | |
Action = [ | |
"tag:GetResources", | |
"cloudwatch:GetMetricData", | |
"cloudwatch:ListMetrics", | |
"apigateway:GET", |
{ | |
"annotations": { | |
"list": [ | |
{ | |
"builtIn": 1, | |
"datasource": { | |
"type": "grafana", | |
"uid": "-- Grafana --" | |
}, | |
"enable": true, |
agent: | |
mounts: | |
varlog: true | |
configMap: | |
content: | | |
logging { | |
level = "info" | |
format = "logfmt" | |
} |
all | |
analytics | |
cache-generation-loader | |
compactor | |
distributor | |
ingester | |
ingester-querier | |
querier | |
query-frontend | |
query-scheduler |
{ | |
"transactions": [ | |
{ | |
"transaction_id": "a6fbc63d-27ae-4d8a-bd01-2e879c82c122", | |
"timestamp": "2023-07-26 10:15:30", | |
"sender": "0x3fC2b08dD64eFe84F4E98583F66fAa3105581D8a", | |
"receiver": "0x1B74d2F8947A9c3b32a8C35F44E28e1395d18b98", | |
"amount": 0.025, | |
"currency": "ETH", | |
"hash": "f3f57bf8b6a5f6c1a2dd55a276d679ccdf957ed234521e60784d1a18f3ea6c43" |
#!/bin/sh | |
# cat <<EOF | ./subst.sh zzzlucy | |
# name=Lucy | |
# weather="Good, how about you?!" | |
# family=Smith | |
# EOF | |
set -a |
package xyz.tomd.demos.fuse.springboot.amqxa; | |
import oracle.jdbc.xa.client.OracleXADataSource; | |
import oracle.jms.AQjmsFactory; | |
import org.apache.camel.component.jms.JmsComponent; | |
import org.messaginghub.pooled.jms.JmsPoolXAConnectionFactory; | |
import org.springframework.boot.SpringApplication; | |
import org.springframework.boot.autoconfigure.SpringBootApplication; | |
import org.springframework.boot.jta.XAConnectionFactoryWrapper; | |
import org.springframework.context.annotation.Bean; |
Using openssl
to test an SSL connection to google.com, using a CA file that's been pulled out from a Java keystore. For those days when you want to verify that you've got the right certificate in the store:
openssl
to test an SSL connection to Google with that cert