This gist gives instructions to setup a Validating Admission Webhook or Mutating Admission Webhook in Kubernetes.
Heavy credits to
Acumenix acumenix
fntlnz
/ Gopkg.toml
Last active
October 14, 2020 18:32
Kubernetes controller example - Related post at: https://medium.com/@fntlnz/what-i-learnt-about-kubernetes-controllers-db7591531973
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [[constraint]] | |
| name = "k8s.io/api" | |
| version = "kubernetes-1.11.0" | |
| [[constraint]] | |
| name = "k8s.io/apimachinery" | |
| version = "kubernetes-1.11.0" | |
| [[constraint]] | |
| name = "k8s.io/client-go" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "options": { | |
| "domains": [], | |
| "inputIDs": [], | |
| "limit": [] | |
| }, | |
| "templates": [ | |
| { | |
| "issuetype-field": "", | |
| "name": "DEFAULT TEMPLATE", |
seansummers
/ inventory-global.template.yml
Last active
September 15, 2023 11:21
AWS Configuration Tracking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Global assets needed for Inventory Discovery | |
| Metadata: | |
| AWS::CloudFormation::Interface: |
pbarker
/ gke-audit-policy.yaml
Last active
February 27, 2021 00:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # currently synced from the GKE profile: | |
| # https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh#L735 | |
| apiVersion: audit.k8s.io/v1beta1 | |
| kind: Policy | |
| rules: | |
| # The following requests were manually identified as high-volume and low-risk, | |
| # so drop them. | |
| - level: None | |
| users: ["system:kube-proxy"] | |
| verbs: ["watch"] |
tirumaraiselvan
/ setupadmissionwebhook.md
Last active
April 9, 2025 18:25
Setup admission webhooks in Kubernetes
mateobur
/ FalcoNginxRuleset.yaml
Last active
March 15, 2020 05:50
Runtime security policy Nginx - Falco Docker security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - macro: nginx_consider_syscalls | |
| condition: (evt.num < 0) | |
| - macro: app_nginx | |
| condition: container and container.image contains "nginx" | |
| # Any outbound traffic raises a WARNING | |
| - rule: Unauthorized process opened an outbound connection (nginx) | |
| desc: A nginx process tried to open an outbound connection and is not whitelisted |
jhaddix
/ cloud_metadata.txt
Last active
May 8, 2025 09:39
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b.amazonaws.com | |
| access-analyzer.amazonaws.com | |
| account.amazonaws.com | |
| acm-pca.amazonaws.com | |
| acm.amazonaws.com | |
| airflow-env.amazonaws.com | |
| airflow.amazonaws.com | |
| alexa-appkit.amazon.com | |
| alexa-connectedhome.amazon.com | |
| amazonmq.amazonaws.com |
Note: Nexus group repositories (good example in this StackOverflow question) are out of this tutorial's scope. In any case, deployment to group repositories is currently still an open issue for Nexus 3 (and not intended ever to be implemented in Nexus 2). Thus, it is assumed that we'll push & pull to/from the same repository, and ignore the idea of groups hereon in.
-
Ask your sysadmin for a username & password allowing you to log into your organistation's Nexus Repository Manager.
-
Test the login credentials on the Nexus Repository manager at: http://localhost:8081/nexus/#view-repositories (
localhostin our case is replaced by a static IP, and can only be connected to over VPN). If your organisation requires a VPN to connect to it, connect to that VPN before proceeding with this tutori
pfeilbr
/ reinvent.md
Last active
October 9, 2024 16:10
— forked from henrysher/reinvent.md
link for reinvent slides