Skip to content

Instantly share code, notes, and snippets.

View dejanu's full-sized avatar
💭
🎯 all things are subject to interpretation...even API keys

dejanualex dejanu

💭
🎯 all things are subject to interpretation...even API keys
10 followers · 10 following
View GitHub Profile
@dejanu
dejanu / sabin.md
Last active June 11, 2025 13:38
maybe some guidelines

Kubernetes security tool

Purpose

Establish what are the Attack Surfaces in K8S and which ones would you like to address.

Can be created as:

  • Kubernetes Operator (basically an app deployed in the cluster)
  • kubectl plugin (extend kubectl CLI with new features): every API call to k8s goes through a 3-step process (authentication,authorization,admission controllers)
@dejanu
dejanu / buildkit.md
Last active June 2, 2025 19:48
builder

Buildkit

BuildKit is the image building engine inside Docker. It's not part of other container runtimes - like containerd - but you can run a BuildKit server in a container. docker build uses Buildx and BuildKit by default since Docker Engine 23.0.

You can install BuildKit by either running it natively via systemd or in a container.

BuildKit can also be built in a version that tightly integrates with containerd, using an existing containerd daemon for the storage and sharing it with other containerd clients.

Docker

@dejanu
dejanu / roadmap.md
Last active March 13, 2025 20:03
RoadMap

Intro

  • Ops Jargon
  • Important distinction: Containers are NOT Docker. Docker includes multiple products (i.e. Docker Desktop) and Open Source containerization technologies (i.e. container engine), see Docker's github repo
  • Docker Desktop is recommended because it includes the Docker daemon (dockerd), the Docker client (docker), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper.
  • Install Docker engine (aka Docker CE) for various Linux Distros here vs. install Docker Desktop for linux here. The Docker Engine is licensed under the Apache License, Version 2.0.
  • How Kubernetes works under the [hood with Docker Desktop](https://www.docker.com/blog/how-kubernetes-works
@dejanu
dejanu / ops_jargon.md
Last active April 23, 2025 18:26
Ops Jargon

🚀 DevOps

  • Pipeline

An automated process that defines a series of stages or steps to build, test and deploy SW solutions.

  • Continuous Integration (CI)

The the process of merging code changes, testing them, and building resulting artifacts, as early in the application lifecycle as possible. The intention is to detect any potential issues in the development phase, since this minimizes the effort and cost involved in fixing them. Automated tests validate that code changes haven't introduced errors or regression issues.

@dejanu
dejanu / k8s_upgrade.md
Last active October 1, 2024 20:48
Upgrading Kubernetes

The upgrade process (docs) follows the general procedure of:

- Upgrading the Kubernetes control plane with kubeadm (Kubernetes components and add-ons excluding the CNI)
- If applicable upgrading the CNI network plugin
- Upgrading the Kubernetes packages (kubelet, kubeadm, kubectl) on the control plane and worker nodes
- Upgrading the kubelet config on worker nodes with kubeadm

# check cluster nodes and version
kubectl  get no  -owide
@dejanu
dejanu / docker_flags.md
Last active March 11, 2025 13:46
Docker: Display system-wide information and Go templates to manipulate the output format

  • Search official images for desired : docker search --format "table {{.Name}}\t{{.StarCount}}\t{{.IsOfficial}}" <IMAGE>

  • Output image name and tag: docker images --format '{{.Repository}} and {{.Tag}}'

  • Output image name, tag and elapsed time + timestamp since the image has been created: docker images --format "{{.Repository}}:{{.Tag}} {{.CreatedSince}} --> {{.CreatedAt}}"

  • Inspect Cmd for desired : docker inspect -f '{{.Config.Cmd}}' <IMAGE>

  • Inspect Entrypoint for desired : docker inspect -f '{{.Config.Entrypoint}} <IMAGE>'

  • Inspect attached containers to bridge network: docker inspect network bridge --format "{{json .Containers }}"

  • Inspect storage: docker info -f 'Storage drive: {{.Driver}} and storage path {{.DockerRootDir}}'

  • Inspect container runtimes: docker system info --format "{{.Runtimes}} {{.DefaultRuntime}}"

@dejanu
dejanu / docker_image_scanner.sh
Created September 19, 2024 09:03
#!/usr/bin/env bash
###########################################
# ##
# @dejanualex: Trivy based image scanner ##
# ##
###########################################
@dejanu
dejanu / docker-compose.yml
Created July 19, 2023 09:27
mysql radu
version: '3.1'
services:
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_ROOT_PASSWORD: example
@dejanu
dejanu / pssh.sh
Created June 7, 2023 09:32
Simple shell script that achieves concurrent SSH connections using background processes
#!/bin/bash
## #####################################################################
## run concurrently command passed as argv on multiple remote servers ##
## UPDATE: servers array and user variable ##
########################################################################
# define an array of remote servers
servers=("server1.fqdn" "server2.fqdn" "server3.fqdn")
# Function to execute command on a remote server
execute_command() {
server=$1
@dejanu
dejanu / capacity_mgmt.sh
Created December 8, 2022 16:02
wrapper for inspecting Requests/Limits for Pods
#!/usr/bin/env bash
#############################################################
# Purpose: wrapper for inspecting Requests/Limits for Pods ##
# @dejanualex ##
#############################################################
# read namespace and po
echo -e "Available namespaces are:\n $(kubectl get ns -o=custom-columns=NAMESPACES:.metadata.name) \n"
echo -e "\n Please write the name of the namespace for which you want to know the resource status:\n"