| Feature | Ingress | Gateway API |
|---|---|---|
| Traffic Routing | Basic HTTP routing and advanced routing features are not natively supported. | Header-based matching, traffic weighting, typed routes, and different backend types. |
| Extensibility | Achieved with custom annotations through a vendor-sp |
saifeddine Rajhi seifrajhi
🐳
seifrajhi
/ devcontainer.json
Created
February 21, 2024 21:28
devcontainer config file that determines how your dev container gets built and started.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
| // For format details, see https://aka.ms/devcontainer.json. For config options, see the | |
| // README at: https://github.com/devcontainers/templates/tree/main/src/python | |
| { | |
| "name": "Python 3", | |
| // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | |
| "image": "mcr.microsoft.com/devcontainers/python:0-3.11", | |
| // Features to add to the dev container. More info: https://containers.dev/features. | |
| // "features": {}, |
seifrajhi
/ exit-codes.md
Created
February 10, 2024 09:29
The most common exit codes used by containers
| CODE # | NAME | WHAT IT MEANS |
|---|---|---|
| 0 | Purposely stopped | Used by developers to indicate that the container was automatically stopped |
| 1 | Application error | Container was stopped due to application error or incorrect reference in the image spec |
| 125 | Container failed to run error | The docker run command did not execute successfully |
| 126 | Command invoke error | A command specified in the image specification could not be invoked |
| 127 | File or directory not found | File or directory specified in the image specification was not found |
| 128 |
seifrajhi
/ extension-providers.yaml
Created
January 24, 2024 06:30
Istio extension provider specifics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| meshConfig: | |
| extensionProviders: | |
| - name: oauth2-proxy | |
| envoyExtAuthzHttp: | |
| service: oauth2-proxy.oauth2-proxy.svc.cluster.local | |
| port: 4180 | |
| headersToDownstreamOnDeny: | |
| - content-type | |
| - set-cookie | |
| headersToUpstreamOnAllow: |
seifrajhi
/ oauth2-proxy-values.yaml
Created
January 24, 2024 06:15
Helm values we will use for the deployment of oauth2-proxy.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config: | |
| clientID: xx | |
| clientSecret: xx | |
| cookieSecret: xx | |
| configFile: false | |
| extraArgs: | |
| provider: oidc | |
| cookie-secure: true | |
| cookie-samesite: lax |
| Tool | Description |
|---|---|
| kube-bench | kube-bench is a general-purpose auditing tool for Kubernetes cluster, checking for compliance against the CIS benchmarks |
| kubiscan | kubiscan focuses on identifying dangerous in-cluster RBAC permissions |
| peirates | peirates is a generic Kubernetes penetration testing tool. Although it has a get-aws-token command that retrieve node credentials from the IMDS, it is not specific to managed K8s environments. |
| botb | botb is a generic Kubernetes penetration testing tool. It also has a command to retrieve node credentials from the IMDS, but it is not specific to managed K8s environments. |
| rbac-police | rbac-police focuses on identifying in-cluster RBAC relationships. |
| kdigger | kdigge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module "okta" { | |
| source = "onetwopunch/okta/vault" | |
| version = "v0.2.0" | |
| okta_discovery_url = "https://$OKTA_DOMAIN" | |
| okta_client_id = "$OKTA_CLIENT_ID" | |
| okta_client_secret = "$OKTA_CLIENT_SECRET" | |
| vault_addr = "https://<Vault Domain>:8200" | |
| okta_bound_audiences = [ |
seifrajhi
/ layers.svg
Last active
May 29, 2023 11:42
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
seifrajhi
/ purge-pods-containers.sh
Created
February 8, 2023 12:40
A bash script that automates the process of purging and evicting exited error stopped containers and pods in Docker and Kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Delete all exited error containers in Docker | |
| docker ps -a --filter "status=exited" | grep "Error" | awk '{print $1}' | xargs --no-run-if-empty docker rm -f | |
| # Delete all terminated pods in Kubernetes that have a status of Error | |
| kubectl delete pods --force --grace-period=0 $(kubectl get pods --all-namespaces -a -o json | jq '.items[] | select(.status.phase == "Failed") | .metadata.name') |
NewerOlder