Skip to content

Instantly share code, notes, and snippets.

Avatar
🐶
woof

Tommy Murphy tam7t

🐶
woof
View GitHub Profile
@tam7t
tam7t / cloudbuild.yaml
Last active Jun 14, 2021
Access Google Secret Manager from Cloud Build step
View cloudbuild.yaml
# Usage: gcloud builds submit --no-source
#
# Remember to first grant the cloud build service account permissions to access
# secret 'foo'
#
# gcloud beta secrets add-iam-policy-binding foo \
# --member=serviceAccount:<project-number>@cloudbuild.gserviceaccount.com \
# --role=roles/secretmanager.secretAccessor
steps:
# fetch the secret and write to a volume
View build.sh
apt-get update && apt-get install -y --no-install-recommends \
wget
wget -O - http://apt.llvm.org/llvm-snapshot.gpg.key|apt-key add -
echo "deb http://apt.llvm.org/jessie/ llvm-toolchain-jessie-4.0 main
deb-src http://apt.llvm.org/jessie/ llvm-toolchain-jessie-4.0 main" >> /etc/apt/sources.list
apt-get update && apt-get install -y --no-install-recommends \
clang-4.0 \
@tam7t
tam7t / vault-statsd-mapping.conf
Last active Nov 5, 2020
Example vault statsd prometheus exporter mapping
View vault-statsd-mapping.conf
vault.barrier.*
name="vault_barrier"
method="$1"
vault.consul.*
name="vault_consul"
method="$1"
vault.route.*.*
name="vault_route"
@tam7t
tam7t / certdump.go
Created Sep 1, 2016
certdump consul-template plugin for writing vault-generated certificates to separate files
View certdump.go
package main
import (
"io/ioutil"
"log"
"os"
"os/user"
"strconv"
)
@tam7t
tam7t / securing-kubernetes.md
Last active Nov 24, 2016
Resources for Securing Kubernetes
View securing-kubernetes.md

Resources for Securing Kubernetes

A work in progress collection of resources for securing a kubernetes cluster.

Architecture

A good understanding of the k8s architecture and automating operations of your cluster is probably the best place to start:

It should also be noted that the kubelet api has no authentications and allows for remote code execution (this is how kubectl exec works).

@tam7t
tam7t / docker-compose.yml
Last active May 18, 2017
drone-gogs compose
View docker-compose.yml
gogs:
image: gogs/gogs:latest
ports:
- "3000:3000"
- "10022:22"
volumes:
- ./data:/data
drone:
image: drone/drone:0.4
# build: .
View cert.pem
-----BEGIN CERTIFICATE-----
MIIDPzCCAiegAwIBAgIUHDx4FbvRISzuQcMBM78XW3fmzlUwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE1MTIxNDE3NDY1OFoXDTE1MTIx
NzE3NDY1OFowFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEArj3DK+XkPH4KKsB8qFzoLcNQf9wf+Pcp92sfY2/2T3Mw
+nkO5jjPGRQbshkU2WUe59uvaviUC8AdlazwJk4vi5H1n5ZMLfBjXZffhd0nJcsR
mHQJix/8jtBYlpzHv/4tVa9k3v+QA3yjfj6o9kpt5FA1wYmoiMd40aCwX1qWRVRD
HpUCh2+gIldj8y/GNEpxwTjPA1GAtxkkD+OS/mEV6Rse4et9D6uQoa69OvDtOyR1
sNofuORiQ47MPNF56wNSGdrBFxFWErkZqYdYdAaqjOei9kdDmQ74C9rY6hkEvYO+
Vkp3pYWj3Y5BQIUZa5DGBzmPlXWqKWfj7L+PlZww5QIDAQABo4GIMIGFMA4GA1Ud
@tam7t
tam7t / plusminus.rb
Created Nov 7, 2015
Github statistics
View plusminus.rb
# plusminus.rb by @tam7t
#
# Prereqs:
# gem install octokit time_diff colorize
#
# Usage:
# API_TOKEN=<GITHUB API TOKEN> ruby plusminus.rb
#
# Optional Params:
# ENDPOINT=<ghe endpoint>
View parser-surprise.html
<html>
<head>
<title>title</title>
<script>
var someHtmlString = "</script><script>alert('hi!');</script><script>";
</script>
</head>
<body>
<h1>this is a test</h1>