Tommy Murphy tam7t

## com.obsproject.Studio.Plugin.backgroundremoval.metainfo.xml
<?xml version="1.0" encoding="UTF-8"?>
<component type="addon">
  <id>com.obsproject.Studio.Plugin.backgroundremoval</id>
  <extends>com.obsproject.Studio</extends>
  <name>obs-backgroundremoval Plugin</name>
  <summary> An OBS plugin for removing background in portrait images (video), making it easy to replace the background when screen recording.</summary>
  <url type="homepage">https://github.com/royshil/obs-backgroundremoval</url>
  <metadata_license>CC0-1.0</metadata_license>
  <project_license>MIT</project_license>
</component>

## go.mod
module github.com/tam7t/grpc-demo

go 1.17

require (
	google.golang.org/grpc v1.40.0
	google.golang.org/grpc/examples v0.0.0-20220215234149-ec717cad7395
)

require (

## cloudbuild.yaml
# Usage: gcloud builds submit --no-source
#
# Remember to first grant the cloud build service account permissions to access
# secret 'foo'
#
# gcloud beta secrets add-iam-policy-binding foo \
#   --member=serviceAccount:<project-number>@cloudbuild.gserviceaccount.com \
#   --role=roles/secretmanager.secretAccessor
steps:
# fetch the secret and write to a volume

## test gist
foobar

## build.sh
apt-get update && apt-get install -y --no-install-recommends \
  wget

wget -O - http://apt.llvm.org/llvm-snapshot.gpg.key|apt-key add -

echo "deb http://apt.llvm.org/jessie/ llvm-toolchain-jessie-4.0 main
deb-src http://apt.llvm.org/jessie/ llvm-toolchain-jessie-4.0 main" >> /etc/apt/sources.list

apt-get update && apt-get install -y --no-install-recommends \
  clang-4.0 \

## vault-statsd-mapping.conf
vault.barrier.*
name="vault_barrier"
method="$1"

vault.consul.*
name="vault_consul"
method="$1"

vault.route.*.*
name="vault_route"

## certdump.go
package main

import (
	"io/ioutil"
	"log"
	"os"
	"os/user"
	"strconv"
)

## securing-kubernetes.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                tam7t
                / securing-kubernetes.md
            
            
              Last active
              August 30, 2024 02:29
            
              
                Resources for Securing Kubernetes
              
          
    Resources for Securing Kubernetes

A work in progress collection of resources for securing a kubernetes cluster.
Architecture

A good understanding of the k8s architecture and automating operations of your
cluster is probably the best place to start:

https://github.com/kubernetes/kubernetes/blob/release-1.3/docs/design/security.md
https://github.com/kelseyhightower/kubernetes-the-hard-way

It should also be noted that the kubelet api has no authentications and allows for remote code execution (this is how kubectl exec works).

  
## docker-compose.yml
gogs:
  image: gogs/gogs:latest
  ports:
   - "3000:3000"
   - "10022:22"
  volumes:
   - ./data:/data
drone:
  image: drone/drone:0.4
  # build: .

## cert.pem
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIUHDx4FbvRISzuQcMBM78XW3fmzlUwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE1MTIxNDE3NDY1OFoXDTE1MTIx
NzE3NDY1OFowFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEArj3DK+XkPH4KKsB8qFzoLcNQf9wf+Pcp92sfY2/2T3Mw
+nkO5jjPGRQbshkU2WUe59uvaviUC8AdlazwJk4vi5H1n5ZMLfBjXZffhd0nJcsR
mHQJix/8jtBYlpzHv/4tVa9k3v+QA3yjfj6o9kpt5FA1wYmoiMd40aCwX1qWRVRD
HpUCh2+gIldj8y/GNEpxwTjPA1GAtxkkD+OS/mEV6Rse4et9D6uQoa69OvDtOyR1
sNofuORiQ47MPNF56wNSGdrBFxFWErkZqYdYdAaqjOei9kdDmQ74C9rY6hkEvYO+
Vkp3pYWj3Y5BQIUZa5DGBzmPlXWqKWfj7L+PlZww5QIDAQABo4GIMIGFMA4GA1Ud
	<?xml version="1.0" encoding="UTF-8"?>
	<component type="addon">
	<id>com.obsproject.Studio.Plugin.backgroundremoval</id>
	<extends>com.obsproject.Studio</extends>
	<name>obs-backgroundremoval Plugin</name>
	<summary> An OBS plugin for removing background in portrait images (video), making it easy to replace the background when screen recording.</summary>
	<url type="homepage">https://github.com/royshil/obs-backgroundremoval</url>
	<metadata_license>CC0-1.0</metadata_license>
	<project_license>MIT</project_license>
	</component>
	module github.com/tam7t/grpc-demo

	go 1.17

	require (
	google.golang.org/grpc v1.40.0
	google.golang.org/grpc/examples v0.0.0-20220215234149-ec717cad7395
	)

	require (
	# Usage: gcloud builds submit --no-source
	#
	# Remember to first grant the cloud build service account permissions to access
	# secret 'foo'
	#
	# gcloud beta secrets add-iam-policy-binding foo \
	# --member=serviceAccount:<project-number>@cloudbuild.gserviceaccount.com \
	# --role=roles/secretmanager.secretAccessor
	steps:
	# fetch the secret and write to a volume
	apt-get update && apt-get install -y --no-install-recommends \
	wget

	wget -O - http://apt.llvm.org/llvm-snapshot.gpg.key\|apt-key add -

	echo "deb http://apt.llvm.org/jessie/ llvm-toolchain-jessie-4.0 main
	deb-src http://apt.llvm.org/jessie/ llvm-toolchain-jessie-4.0 main" >> /etc/apt/sources.list

	apt-get update && apt-get install -y --no-install-recommends \
	clang-4.0 \
	vault.barrier.*
	name="vault_barrier"
	method="$1"

	vault.consul.*
	name="vault_consul"
	method="$1"

	vault.route..
	name="vault_route"
	gogs:
	image: gogs/gogs:latest
	ports:
	- "3000:3000"
	- "10022:22"
	volumes:
	- ./data:/data
	drone:
	image: drone/drone:0.4
	# build: .
	-----BEGIN CERTIFICATE-----
	MIIDPzCCAiegAwIBAgIUHDx4FbvRISzuQcMBM78XW3fmzlUwDQYJKoZIhvcNAQEL
	BQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE1MTIxNDE3NDY1OFoXDTE1MTIx
	NzE3NDY1OFowFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
	AAOCAQ8AMIIBCgKCAQEArj3DK+XkPH4KKsB8qFzoLcNQf9wf+Pcp92sfY2/2T3Mw
	+nkO5jjPGRQbshkU2WUe59uvaviUC8AdlazwJk4vi5H1n5ZMLfBjXZffhd0nJcsR
	mHQJix/8jtBYlpzHv/4tVa9k3v+QA3yjfj6o9kpt5FA1wYmoiMd40aCwX1qWRVRD
	HpUCh2+gIldj8y/GNEpxwTjPA1GAtxkkD+OS/mEV6Rse4et9D6uQoa69OvDtOyR1
	sNofuORiQ47MPNF56wNSGdrBFxFWErkZqYdYdAaqjOei9kdDmQ74C9rY6hkEvYO+
	Vkp3pYWj3Y5BQIUZa5DGBzmPlXWqKWfj7L+PlZww5QIDAQABo4GIMIGFMA4GA1Ud