Skip to content

Instantly share code, notes, and snippets.

@nrjpoddar
nrjpoddar / test-authz.yaml
Last active Apr 2, 2021
Test AuthZ policies applied with bookinfo-gateway.yaml applied
View test-authz.yaml
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-1
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
View check-authz-migration-required.sh
#!/bin/bash
set -eEuo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
INGRESS_LABEL="istio=ingressgateway"
INGRESS_NAMESPACE="istio-system"
@nrjpoddar
nrjpoddar / check.sh
Last active Feb 11, 2020
Istio CVE-2020-8595
View check.sh
#!/bin/bash
set -eEo pipefail
trap clean_up EXIT SIGINT
dockerID=""
tmpDir=""
clean_up() {
@nrjpoddar
nrjpoddar / policy.yaml
Created Feb 11, 2020
Istio CVE-2020-8595
View policy.yaml
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: "jwt-example"
namespace: istio-system
spec:
targets:
- name: istio-ingressgateway
origins:
- jwt:
View build-proxy-image-local.sh
#!/bin/bash
set -eExo pipefail
SCRIPTNAME=$(basename $0)
function print_and_exit {
cat << EOF
$SCRIPTNAME <path-to-local-proxy-binary>
EOF
@nrjpoddar
nrjpoddar / buffered-error.go
Created Jul 3, 2019
Safe error handling from multiple Go routines via buffered channels
View buffered-error.go
func (m *Factory) StartInformer() error {
// Stop channel for our informers
stopCh := make(chan struct{})
// error channel for the go funcs
errCh := make(chan string, 2)
defer close(errCh)
// Synchronizing at the end
var wg sync.WaitGroup
View Helm downgrade
If you have ever have to downgrade Helm here are the steps (e.g. to version 2.8.2:
1) Download the binary for OSX from here: https://storage.googleapis.com/kubernetes-helm/helm-v2.8.2-darwin-amd64.tar.gz
2) mkdir -p /tmp/helm; tar -C /tmp/helm ~/Downloads/helm-v2.8.2-darwin-amd64.tar.gz
3) mv /tmp/helm/darwin-amd64/helm /usr/local/bin
4) rm -rf /tmp/helm ~/Downloads/helm-v2.8.2-darwin-amd64.tar.gz
5) helm init --client-only
6) Next, install helm diff, note that "helm plugin install https://github.com/databus23/helm-diff --version v2.8.2+2" doesn't work.
7) Instead download and move the helm-diff plugin in the $HELM_HOME dir.
Note `brew install kubernetes-helm` doesn't work for old releases.
View Adding "sudo" users
sudo EDITOR=vim visudo
# Change the following in /etc/sudoers:
# %sudo ALL=(ALL:ALL) ALL -> %sudo ALL=(ALL:ALL) NOPASSWD:ALL
sudo mkdir -p /home/mynewuser/.ssh
sudo adduser --home /home/mynewuser --disabled-password --shell /bin/bash mynewuser
sudo usermod -aG sudo mynewuser
sudo chown -R mynewuser:mynewuser /home/mynewuser/
sudo chmod 700 /home/mynewuser/.ssh
@nrjpoddar
nrjpoddar / monkey-patching.js
Created Mar 17, 2017
Sample code for monkey patching
View monkey-patching.js
const transformer = require('transformer');
class MockClient {
constructor() { this._msg = null; }
put(msg) { this._msg = msg; }
getMsg() { return this._msg; }
}
describe('test-transformer', function(done) {
it('putsData', function(data) {