Skip to content

Instantly share code, notes, and snippets.

View ukitazume's full-sized avatar

Yu Kitazume ukitazume

25 followers · 36 following
  • Tokyo and Gunma, Japan
View GitHub Profile
@ukitazume
ukitazume / gist:f2eb801ab4d8ae9c3782d7175dbd82a6
Created March 3, 2021 06:12
set -g default-terminal "screen-256color"
set-option -g default-shell /bin/zsh
# act like vim
setw -g mode-keys vi
set -g base-index 1
set -g history-limit 10000
bind-key C-a last-pane
bind h select-pane -L
bind j select-pane -D
@ukitazume
ukitazume / gist:47b51b901b2b6449aeb1c0e777509f6b
Last active January 26, 2021 11:27
Privileged container thread model

Privleged container

A privileged container is a container that has all the capabilities of the host machine, which lifts all the limitations regular containers have. Practically, this means that privileged containers can do almost every action that can be performed directly on the host. Attackers who gain access to a privileged container, or have permissions to create a new privileged container (by using the compromised pod’s service account, for example), can get access to the host’s resources.

cf attack matrics kubernetes by MS

Steps:

@ukitazume
ukitazume / gist:1708fb6d29f4efe64626974c487bd6e6
Last active January 25, 2021 05:42

"Learn Kubernetes Security" の勉強会資料

Chapter 5 Configuring Kubernetes Security Boundaries

今日の範囲

  • Security domainとSecurity boundaryの理解
  • Security boundaryとTrust boundaryの区別とその重要性の理解
  • KubernetesのSecurity domain
  • KubernetesのSecurity boundary
@ukitazume
ukitazume / gist:17c7634c635bdcc9f6c84e8f555e6133
Created September 29, 2020 07:52
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany.app</groupId>
<artifactId>my-app</artifactId>
<version>1</version>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@ukitazume
ukitazume / gist:21f82d58654571dd5256
Last active August 29, 2015 14:24

WordPress

0. Prepare

  • Dockerhub or Quay.io account
  • Docker runtime at your local machine
  • your Deis

1. Pulling the docker official image of wordpress and run on a local machine

@ukitazume
ukitazume / gist:339d93aa2d30bb456ea2
Created January 15, 2015 23:40
deploy/before_symlink.rb  にsharedから持ってくる
run "ln -nfs #{config.shared_path}/app/wp/wp-content/ #{config.release_path}/wp-content"
@ukitazume
ukitazume / gist:ed3d885e3ad4bc278022
Last active August 29, 2015 14:02
10040 git clone git@github.com:engineyard/ey-cloud-recipes.git
10042 cd ey-cloud-recipes/
10044 cd cookbooks/
10047 vim main/recipes/default.rb
/// include_recipe "timezone"
10049 vim timezone/recipes/default.rb
/// UTC => Asia/Tokyo
@ukitazume
ukitazume / owner_change_watcher.js
Last active August 29, 2015 13:56
// $nohup node owner_change_watcher.js &
// set file target log
const filePath = 'log/production.log';
const fs = require('fs');
const process = require('child_process');
fs.watchFile(filePath, function(cur, pre){
for (var key in cur) {
if (cur[key] !== pre[key]) {
@ukitazume
ukitazume / gist:7869547
Created December 9, 2013 09:21
☺ git status ruby-2.0.0-p247
# On branch master
# Changes not staged for commit:
# (use "git add <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# modified: cookbooks/main/recipes/default.rb
# modified: cookbooks/timezone/recipes/default.rb
#
# Untracked files:
@ukitazume
ukitazume / README.md
Last active December 29, 2015 23:59 — forked from JoelBesada/README.md

This is an example command for Backtick. A Backtick command consists of some executable JavaScript and a bit of metadata in JSON.

Here are the required steps to create a command:

  1. Create a new Gist with a command.js and command.json file, or simply fork this one.

  2. Write your JavaScript in command.js. This will be injected into and executed on the page the user is currently on when they run it.

  3. Add some metadata to the command.json file:

  • name: The name of the command.