- Setup Keycloak in non-HA mode (replica 1)
- Disable UserFederation
- You might have to increase the resource limits to avoid that pod beeing killed by memory or CPU limits
See Keycloak Documentation for more details.
pdxjohnny
/ .gitignore
Last active
February 23, 2024 18:12
Setting Up k3s for Serverless (knative) on a $5 DigitalOcean Droplet Using k3d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .terraform/ | |
| *.pem | |
| *.tf | |
| *.tfstate | |
| *.yaml | |
| *.backup | |
| istio-*/ | |
| cert-manager-*/ | |
| *.swp | |
| env |
axdotl
/ keycloak-export-import-k8s.md
Last active
October 30, 2023 08:43
Keycloak Export in Kubernetes
irvingpop
/ ssh_key.tf
Last active
April 8, 2024 07:18
Terraform external data source example - dynamic SSH key generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use: | |
| # "${data.external.ssh_key_generator.result.public_key}" (contents) | |
| # "${data.external.ssh_key_generator.result.private_key}" (contents) | |
| # "${data.external.ssh_key_generator.result.private_key_file}" (path) | |
| data "external" "ssh_key_generator" { | |
| program = ["bash", "${path.root}/../ssh_key_generator.sh"] | |
| query = { | |
| customer_name = "${var.customer_name}" | |
| customer_group = "${var.customer_group}" |
kekru
/ 1-Enable Docker Remote API with TLS client verification.md
Last active
January 11, 2024 18:21
Docker Remote API with client verification via daemon.json
This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.
WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.
I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.
The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone
karlkfi
/ changes.sh
Created
October 18, 2016 01:48
Generate markdown change log from merged PR titles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -o errexit | |
| set -o nounset | |
| set -o pipefail | |
| # org/repo (e.g. karlkfi/probe) | |
| REPO=$1 | |
| # range (e.g. 1.8.4..1.8.5) | |
| RANGE=$2 |
anonymuse
/ create_cluster.sh
Last active
December 30, 2016 23:34
Docker Kata 005 cluster creation script.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Purpose: Create a Swarm Mode cluster with a single master and a configurable | |
| # number of workers. | |
| # This script is a mirror of the following gist, which is used to | |
| # populate a Medium story. Unfortunately, there's no way to synchronize all | |
| # three | |
| # | |
| # Medium: https://medium.com/contino-io/docker-kata-005-ac8429082f6c | |
| # Gist: https://gist.github.com/anonymuse/502e7bf5c7b67bb95a4250cdccbc5125 |
jfriv
/ prod-rds-snap-restore-to-dev-temp.sh
Created
August 16, 2016 20:03
RDS manual snapshot and restore script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # set up some variables | |
| NOW_DATE=$(date '+%Y-%m-%d-%H-%M') | |
| RESTORE_FROM_INSTANCE_ID=<source name> | |
| TARGET_INSTANCE_ID=<target name> | |
| TARGET_INSTANCE_CLASS=db.m4.large | |
| VPC_ID=<vpc subnet id> | |
| NEW_MASTER_PASS=<root password> |
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -AmdS docker ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -r docker
# enter, then disconnect with Ctrl-a d
screen -S docker -p 0 -X stuff $(printf root\\r\\n)
screen -r docker
I'm learning about SOPS and setting it up as my preferred mechanism for storing secrets. Here are my notes.
It’s security mechanism is that we (i.e. client) use a PUBLIC key from the receiver (i.e. server) and encode it with a random key (I’m saying nonce but it could be reused)
This varies from RSA and SSH because the server uses a PUBLIC key to identify the client.
Web of trust operates by still using PGP (i.e. encoding with recipient’s public key) but additionally, we can encrypt/sign the data as our own by signing it with the client’s private key.
This means the recipient will initially decrypt via our (i.e. client’s) public key (verifying the source) and then decrypting via their (i.e. server’s) private key to get the data.
NewerOlder