Feature | Ingress | Gateway API |
---|---|---|
Traffic Routing | Basic HTTP routing and advanced routing features are not natively supported. | Header-based matching, traffic weighting, typed routes, and different backend types. |
Extensibility | Achieved with custom annotations through a vendor-sp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
// For format details, see https://aka.ms/devcontainer.json. For config options, see the | |
// README at: https://github.com/devcontainers/templates/tree/main/src/python | |
{ | |
"name": "Python 3", | |
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | |
"image": "mcr.microsoft.com/devcontainers/python:0-3.11", | |
// Features to add to the dev container. More info: https://containers.dev/features. | |
// "features": {}, |
CODE # | NAME | WHAT IT MEANS |
---|---|---|
0 | Purposely stopped | Used by developers to indicate that the container was automatically stopped |
1 | Application error | Container was stopped due to application error or incorrect reference in the image spec |
125 | Container failed to run error | The docker run command did not execute successfully |
126 | Command invoke error | A command specified in the image specification could not be invoked |
127 | File or directory not found | File or directory specified in the image specification was not found |
128 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
meshConfig: | |
extensionProviders: | |
- name: oauth2-proxy | |
envoyExtAuthzHttp: | |
service: oauth2-proxy.oauth2-proxy.svc.cluster.local | |
port: 4180 | |
headersToDownstreamOnDeny: | |
- content-type | |
- set-cookie | |
headersToUpstreamOnAllow: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config: | |
clientID: xx | |
clientSecret: xx | |
cookieSecret: xx | |
configFile: false | |
extraArgs: | |
provider: oidc | |
cookie-secure: true | |
cookie-samesite: lax |
Tool | Description |
---|---|
kube-bench | kube-bench is a general-purpose auditing tool for Kubernetes cluster, checking for compliance against the CIS benchmarks |
kubiscan | kubiscan focuses on identifying dangerous in-cluster RBAC permissions |
peirates | peirates is a generic Kubernetes penetration testing tool. Although it has a get-aws-token command that retrieve node credentials from the IMDS, it is not specific to managed K8s environments. |
botb | botb is a generic Kubernetes penetration testing tool. It also has a command to retrieve node credentials from the IMDS, but it is not specific to managed K8s environments. |
rbac-police | rbac-police focuses on identifying in-cluster RBAC relationships. |
kdigger | kdigge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "okta" { | |
source = "onetwopunch/okta/vault" | |
version = "v0.2.0" | |
okta_discovery_url = "https://$OKTA_DOMAIN" | |
okta_client_id = "$OKTA_CLIENT_ID" | |
okta_client_secret = "$OKTA_CLIENT_SECRET" | |
vault_addr = "https://<Vault Domain>:8200" | |
okta_bound_audiences = [ |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Delete all exited error containers in Docker | |
docker ps -a --filter "status=exited" | grep "Error" | awk '{print $1}' | xargs --no-run-if-empty docker rm -f | |
# Delete all terminated pods in Kubernetes that have a status of Error | |
kubectl delete pods --force --grace-period=0 $(kubectl get pods --all-namespaces -a -o json | jq '.items[] | select(.status.phase == "Failed") | .metadata.name') |
NewerOlder