-
system:mastersgroup is not used for user or component authentication after bootstrapping - The kube-controller-manager is running with
--use-service-account-credentialsenabled - The root certificate is protected (either an offline CA, or a managed online CA with effective access controls)
- Intermediate and leaf certificates have an expiry date no more than 3 years in the future
- A process exists for periodic access review, and reviews occur no more than 24 months apart
- Develop a role-based access model for each cluster
Matheus Rafael voidp34r
voidp34r
/ DevSecOps Kubernetes Security Checklist.md
Created
September 30, 2024 14:28
— forked from EliFuzz/DevSecOps Kubernetes Security Checklist.md
DevSecOps Kubernetes Security Checklist
voidp34r
/ dotenv-to-ssm.sh
Created
July 27, 2023 16:18
— forked from andrewodri/dotenv-to-ssm.sh
Get and set SSM parameters from Bash and/or .env
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # set_parameter() { aws ssm put-parameter --overwrite --name "${1}" --value "${2}" --type String --query "''" --output text; } | |
| # set_secure_parameter() { aws ssm put-parameter --overwrite --name "${1}" --value "${2}" --type SecureString --query "''" --output text; } | |
| set_parameter() { aws ssm put-parameter --overwrite --query "''" --output text --cli-input-json '{"Name":"'${1}'","Value":"'$(echo -ne "${2}" | perl -pe 's/(\\(\\\\)*)/$1$1/g; s/(?!\\)(["\x00-\x1f])/sprintf("\\u%04x",ord($1))/eg;')'","Type": "String"}'; } | |
| set_secure_parameter() { aws ssm put-parameter --overwrite --query "''" --output text --cli-input-json '{"Name":"'${1}'","Value":"'$(echo -ne "${2}" | perl -pe 's/(\\(\\\\)*)/$1$1/g; s/(?!\\)(["\x00-\x1f])/sprintf("\\u%04x",ord($1))/eg;')'","Type": "SecureString"}'; } | |
| if [[ "${1}" = "-h" || "${1}" = "--help" || ( -z "${1}" && -z "${2}" ) ]] | |
| then | |
| echo -e 'Example usage:\n ./dotenv-to-ssm.sh [INPUT_FILE] [SSM_PARAMETER_PREFIX]' |
voidp34r
/ ssm.sh
Created
July 27, 2023 16:10
— forked from ifiok/ssm.sh
Shell script for getting variables from AWS Parameter Store and creating a .env file for environment variables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add environment variables to AWS Parameter Store on the same path prefix for the same project | |
| # To get the environment variables for a project, get the variables by path | |
| # Convert it to a .env file format | |
| # env1=abc | |
| # env2=def | |
| # separated by the newline character | |
| # and write to a .env file | |
| myService=/myservice_name/stage_name | |
| # Get variables from SSM and chop off the service name from the variable names (/myservice_name/stage_name/PORT to PORT) and write to a JSON file |
voidp34r
/ git-flow.md
Created
July 14, 2023 19:15
— forked from HeratPatel/git-flow.md
Git Flow: Git branches workflow for larger and continues releasing projects. #git #gitflow
Gitflow is a Git workflow design that was first published and made popular by Vincent Driessen at nvie. The Gitflow defines a strict branching model designed around the project release. This provides a robust framework for managing larger projects.
Gitflow is ideally suited for projects that have a scheduled release cycle. This workflow doesn’t add any new concepts or commands beyond what’s required for the Feature Branch Workflow. Instead, it assigns very specific roles to different branches and defines how and when they should interact. In addition to feature branches, it uses individual branches for preparing, maintaining, and recording releases. Of course, you also get to leverage all the benefits of the Feature Branch Workflow: pu
voidp34r
/ git_branch_delete_all_but.sh
Created
February 4, 2022 13:46
— forked from radlinskii/git_branch_delete_all_but.sh
Delete all the git branches but "master", "main", current branch, and every branch name you provide as argument.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| function git_branch_delete_all_but() { | |
| branch_names_to_keep=("$@") | |
| branch_names_to_keep+=("master") # do no delete master | |
| branch_names_to_keep+=("main") # do no delete main | |
| branch_names_to_keep+=$(git symbolic-ref --short -q HEAD) # do not delete current branch | |
| branch_names_to_delete=() |
voidp34r
/ $PROFILE
Created
December 12, 2021 13:54
— forked from matthiasbaldi/$PROFILE
Powershell Setup for GitPosh with Windows Terminal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # theming configuration | |
| Import-Module posh-git | |
| Import-Module oh-my-posh | |
| Set-Theme Paradox | |
| # thanks to https://dev.to/ofhouse/add-a-bash-like-autocomplete-to-your-powershell-4257 | |
| # improved tabbing for autocompletion | |
| # Shows navigable menu of all options when hitting Tab | |
| Set-PSReadlineKeyHandler -Key Tab -Function MenuComplete |
voidp34r
/ kubectl.md
Created
April 19, 2021 19:06
— forked from so0k/kubectl.md
Playing with kubectl output
voidp34r
/ Setting-up-Windows-WSL.md
Created
April 21, 2020 14:37
— forked from roustem/Setting-up-Windows-WSL1.md
Setting-up-Windows-WSL
This document describes how to set up Windows 10 for cross-platform development (Go, NodeJS, etc) with Windows Subsystem for Linux (WSL).
Most of the information here is collected from
voidp34r
/ wsl_kali_RDP.md
Created
April 20, 2020 20:42
— forked from Lukas238/wsl_kali_RDP.md
Windows 10 WSL Kali remote desktop protocol
- Install Kali linus from the Win10 store.
- Start Kali linux:
$ kali - Install [wget]:
apt-get install wget - Donwload the Kali installation script for [xfce4]:
$ wget https://kali.shxfce4.sh - Run the script:
$ sudo sh xfce4.sh
This will take some time.
- Start the remote desktop server:
$ sudo /etc/init.d/xrdp start
By default it will start on port 3390.
voidp34r
/ install-firacode.sh
Created
April 17, 2020 20:41
— forked from nikhita/install-firacode.sh
How to install FiraCode font on Linux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir -p ~/.local/share/fonts | |
| for type in Bold Light Medium Regular Retina; do wget -O ~/.local/share/fonts/FiraCode-$type.ttf "https://github.com/tonsky/FiraCode/blob/master/distr/ttf/FiraCode-$type.ttf?raw=true"; done | |
| fc-cache -f |
NewerOlder