- Create your kind cluster (suit yourself https://kind.sigs.k8s.io/docs/user/configuration/)
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
Batuhan Apaydın developer-guy
🐾
developer-guy
/ README.md
Created
October 21, 2020 09:59
— forked from aojea/README.md
upgrade kind kubernetes cluster
developer-guy
/ KIND_Networking.md
Created
October 21, 2020 10:00
— forked from aojea/KIND_Networking.md
Use KIND to emulate complex network scenarios
KIND runs Kubernetes cluster in Docker, and leverages Docker networking for all the network features: port mapping, IPv6, containers connectivity, etc.
KIND uses a docker user defined network.
It creates a bridge named kind
developer-guy
/ createConfig.go
Created
October 21, 2020 11:26
— forked from velotiotech/createConfig.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| admissionregistrationv1 "k8s.io/api/admissionregistration/v1" | |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |
| "k8s.io/client-go/kubernetes" | |
| "os" | |
| ctrl "sigs.k8s.io/controller-runtime" | |
| ) |
developer-guy
/ initContainer_main.go
Created
October 21, 2020 11:27
— forked from velotiotech/initContainer_main.go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| cryptorand "crypto/rand" | |
| "crypto/rsa" | |
| "crypto/x509" | |
| "crypto/x509/pkix" | |
| "encoding/pem" | |
| "fmt" |
developer-guy
/ golang-tls.md
Created
October 27, 2020 14:01
— forked from denji/golang-tls.md
Simple Golang HTTPS/TLS Examples
Moved to git repository: https://github.com/denji/golang-tls
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048
# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
developer-guy
/ envoy.config.yaml
Created
October 28, 2020 09:06
— forked from srenatus/envoy.config.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin: | |
| access_log_path: /dev/stdout | |
| address: | |
| socket_address: { address: 0.0.0.0, port_value: 9901 } | |
| static_resources: | |
| listeners: | |
| - name: listener1 | |
| address: | |
| socket_address: { address: 0.0.0.0, port_value: 51051 } |
developer-guy
/ README-badges.md
Created
October 31, 2020 18:50
— forked from tterb/README-badges.md
A collection of README badges
developer-guy
/ gitlab-container-scanning.md
Created
November 2, 2020 18:14
— forked from saidsef/gitlab-container-scanning.md
Container Security: GitLab Trivy Container Scanning
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI.
It is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily.
Most of my Docker images are Alpine based. Trivy uses better vulnerability data for Alpine compared to Clair.
This can be easily plugged in to you CI/CD pipeline - in the scenario we we allow the pipeline to fail, the objective here is to provide visibility.
developer-guy
/ restricted-psp.yaml
Created
November 4, 2020 07:53
— forked from shazadbrohi/restricted-psp.yaml
A restricted pod security policy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: policy/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: my-restricted-psp | |
| spec: | |
| privileged: false | |
| # Required to prevent escalations to root. | |
| allowPrivilegeEscalation: false | |
| # Allow core volume types. | |
| volumes: |
developer-guy
/ restricted-psp-rbac.yaml
Created
November 4, 2020 07:56
— forked from shazadbrohi/restricted-psp-rbac.yaml
A set of RBAC resources to enforce the restricted psp across all service accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: restricted-cluster-role | |
| rules: | |
| - apiGroups: | |
| - policy | |
| resourceNames: | |
| - restricted-psp | |
| resources: |