$ minikube start --profile audit$ minikube ssh --profile audit
$ curl -sLO https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/audit/audit-policy.yaml
$ sudo mkdir -p /var/lib/k8s_audit
Batuhan Apaydın developer-guy
🐾
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: audit.k8s.io/v1 | |
| kind: Policy | |
| rules: | |
| # do not log requests to the following | |
| - level: None | |
| nonResourceURLs: | |
| - "/healthz*" | |
| - "/logs" | |
| - "/metrics" | |
| - "/swagger*" |
developer-guy
/ fluent-bit-configmap.yaml
Created
December 31, 2020 17:40
— forked from jaimegag/fluent-bit-configmap.yaml
FluentBit ConfigMap with audit logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: fluent-bit-config | |
| namespace: tanzu-system-logging | |
| labels: | |
| k8s-app: fluent-bit | |
| data: | |
| # Configuration files: server, input, filters and output | |
| # ====================================================== |
developer-guy
/ steps.md
Last active
January 1, 2021 19:41
Kubernetes Audit log collect with PLG Stack
developer-guy
/ ssrootca.sh
Created
January 2, 2021 11:19
Self Signed Root CA Certificate using mkcert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Creating self-signed CA certificates for TLS and installing them in the local trust stores" | |
| CA_CERTS_FOLDER=$(pwd)/.certs | |
| # This requires mkcert to be installed/available | |
| echo ${CA_CERTS_FOLDER} | |
| rm -rf ${CA_CERTS_FOLDER} | |
| mkdir -p ${CA_CERTS_FOLDER} | |
| mkdir -p ${CA_CERTS_FOLDER}/${ENVIRONMENT_DEV} | |
| # The CAROOT env variable is used by mkcert to determine where to read/write files | |
| # Reference: https://github.com/FiloSottile/mkcert | |
| CAROOT=${CA_CERTS_FOLDER}/${ENVIRONMENT_DEV} mkcert -install |
developer-guy
/ README.md
Created
January 2, 2021 12:35
— forked from snormore/README.md
Deploying a web app to Kubernetes with SSL using Let's Encrypt via cert-manager and nginx-ingress.
developer-guy
/ letsencrypt_2020.md
Created
January 3, 2021 15:04
— forked from cecilemuller/letsencrypt_2020.md
How to setup Let's Encrypt for Nginx on Ubuntu 18.04 (including IPv6, HTTP/2 and A+ SSL rating)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "context" | |
| "encoding/json" | |
| "errors" | |
| "fmt" | |
| "io" | |
| "log" |
developer-guy
/ .zshrc
Created
January 13, 2021 09:19
— forked from matthewmccullough/.zshrc
A configuration to maintain history across sessions and share it across terminals in ZShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| # History Configuration | |
| ############################################################################## | |
| HISTSIZE=5000 #How many lines of history to keep in memory | |
| HISTFILE=~/.zsh_history #Where to save history to disk | |
| SAVEHIST=5000 #Number of history entries to save to disk | |
| #HISTDUP=erase #Erase duplicates in the history file | |
| setopt appendhistory #Append history to the history file (no overwriting) | |
| setopt sharehistory #Share history across terminals | |
| setopt incappendhistory #Immediately append to the history file, not just when a term is killed |
developer-guy
/ main.yml
Created
January 18, 2021 08:08
— forked from fulv/main.yml
Ansible - Creating users and copying ssh keypair files to the remote server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Put this in your `local-configure.yml` file, add as many users as you need: | |
| users: | |
| - name: fulvio | |
| sudoer: yes | |
| auth_key: ssh-rsa blahblahblahsomekey this is actually the public key in cleartext | |
| - name: plone_buildout | |
| group: plone_group | |
| sudoer: no | |
| auth_key: ssh-rsa blahblahblah ansible-generated on default |
developer-guy
/ Oh my zsh with autosuggestions & syntax-highlighting.md
Created
January 20, 2021 08:15
— forked from dogrocker/Oh my zsh with autosuggestions & syntax-highlighting.md