bartoszmajsak
/ gist:f14269598dd2fada7e3940b2268fe26a
Created
January 9, 2026 17:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Reproducer: Attempt to chain 10 tokens (token proliferation attack) | |
| MAAS_URL="${MAAS_URL:-maas.$(oc get ingresses.config.openshift.io cluster -o jsonpath='{.spec.domain}')}" | |
| echo "=== Token Proliferation Test ===" | |
| echo "Attempting to create a chain of 10 tokens using each to issue the next" | |
| echo "" | |
| # Start with OpenShift identity token |
bartoszmajsak
/ gist:0dd82d386a79d871282fc11c0071d4ca
Created
January 9, 2026 15:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Reproducer: SA tokens should NOT be able to issue new tokens | |
| MAAS_URL="${MAAS_URL:-maas.$(oc get ingresses.config.openshift.io cluster -o jsonpath='{.spec.domain}')}" | |
| echo "=== Step 1: Get token using OpenShift identity (expected: success) ===" | |
| TOKEN=$(curl -sSk -X POST \ | |
| -H "Authorization: Bearer $(oc whoami -t)" \ | |
| -H "Content-Type: application/json" \ | |
| -d '{"expiration":"10m"}' \ |
bartoszmajsak
/ gist:11e8d3b62915aff9a8a32fd83c4257bb
Created
December 10, 2025 14:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2025-12-10T12:11:49.4445925Z Current runner version: '2.329.0' | |
| 2025-12-10T12:11:49.4552758Z ##[group]Runner Image Provisioner | |
| 2025-12-10T12:11:49.4556489Z Hosted Compute Agent | |
| 2025-12-10T12:11:49.4559478Z Version: 20251124.448 | |
| 2025-12-10T12:11:49.4563146Z Commit: fda5086b43ec66ade217e5fcd18146c879571177 | |
| 2025-12-10T12:11:49.4586950Z Build Date: 2025-11-24T21:16:26Z | |
| 2025-12-10T12:11:49.4590227Z ##[endgroup] | |
| 2025-12-10T12:11:49.4593197Z ##[group]Operating System | |
| 2025-12-10T12:11:49.4596722Z Ubuntu | |
| 2025-12-10T12:11:49.4599576Z 24.04.3 |
bartoszmajsak
/ gist:d510662186d24a676b9d271cfc9315cd
Last active
December 2, 2025 18:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "op": "add", | |
| "path": "/spec/replicas", | |
| "value": 1 | |
| }, | |
| { | |
| "op": "add", | |
| "path": "/spec/strategy", | |
| "value": { |
bartoszmajsak
/ kustomization.yaml
Created
November 27, 2025 13:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: kustomize.config.k8s.io/v1beta1 | |
| kind: Kustomization | |
| metadata: | |
| name: facebook-opt-125m-simulated | |
| namespace: llm | |
| namePrefix: facebook-opt-125m- |
bartoszmajsak
/ gist:ae3ca7a7fea2674da75fec3a355dc67b
Created
September 30, 2025 18:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: dscinitialization.opendatahub.io/v1 | |
| kind: DSCInitialization | |
| metadata: | |
| name: default | |
| spec: | |
| applicationsNamespace: opendatahub | |
| monitoring: | |
| managementState: Managed | |
| namespace: opendatahub | |
| apiVersion: datasciencecluster.opendatahub.io/v1 |
bartoszmajsak
/ httproute.yaml
Created
September 29, 2025 09:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| creationTimestamp: "2025-09-26T21:16:42Z" | |
| generation: 1 | |
| labels: | |
| app.kubernetes.io/component: llminferenceservice-router | |
| app.kubernetes.io/name: facebook-opt-125m-single-simulated | |
| app.kubernetes.io/part-of: llminferenceservice | |
| name: facebook-opt-125m-single-simulated-kserve-route |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openapi: 3.0.3 | |
| info: | |
| title: MaaS Billing API | |
| description: Model as a Service Billing and Management API | |
| version: "1.0" | |
| servers: | |
| - url: http://localhost:8080 | |
| paths: | |
| /health: | |
| get: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: serving.kserve.io/v1alpha1 | |
| kind: LLMInferenceService | |
| metadata: | |
| name: llm-inference-service-model-fb-opt-125m-router-managed-workload | |
| namespace: kserve-ci-e2e-test | |
| spec: | |
| baseRefs: | |
| - name: model-fb-opt-125m | |
| - name: router-managed | |
| - name: workload-single-cpu |
bartoszmajsak
/ gist:2bd0fd8dec9d520ae2c56b0263dedd92
Created
December 3, 2024 10:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ✔ Installation complete2024-12-03T10:33:15.959086Z info tf istioctl ([install -f /home/bartek/code/redhat/ossm/federation/test/testdata/istio/k8s/east.yaml --set hub=docker.io/istio --set tag=1.23.0 -y]): completed after 18.7247s | |
| 2024-12-03T10:33:20.963641Z info tf istioctl ([install -f /home/bartek/code/redhat/ossm/federation/test/testdata/istio/k8s/west.yaml --set hub=docker.io/istio --set tag=1.23.0 -y]): completed after 23.7293s | |
| 2024-12-03T10:33:20.963656Z info tf istioctl error: Error: check minimum supported Kubernetes version: error getting Kubernetes version: Get "https://127.0.0.1:42527/version?timeout=5s": net/http: request canceled (Client.Timeout exceeded while awaiting headers) | |
| 2024-12-03T10:33:20.963665Z error tf Test setup error: failed to deploy istio: stdout: ; err: check minimum supported Kubernetes version: error getting Kubernetes version: Get "https://127.0.0.1:42527/version?timeout=5s": net/http: request canceled (Client.Timeout exceeded while awaiting headers) | |
| 2024-12-03T10:33:20.963672 |
NewerOlder