hiyosi

#!/bin/bash

set -euo pipefail

# Configuration
NAMESPACE="${NAMESPACE:-default}"
PCR_NAME="${PCR_NAME:-}"
CA_KEY="${CA_KEY:-ca.key}"
CA_CRT="${CA_CRT:-ca.crt}"
POD_NAME="${POD_NAME:-pod-cert-test}"

hiyosi

#!/usr/bin/env python3
"""
Pod Identity Extension Extractor and Decoder
Extracts and decodes the Pod Identity extension from a certificate
"""

import subprocess
import binascii
import sys
import re

hiyosi

prepare repository

[p1]$ go run main.go -init --work-dir repo

flowchart TD
    Root --> Snapshot
 Root --> Timestamp

hiyosi

server.go

package main

import (
   "fmt"
   "log"
   "net"
   "time"

hiyosi

package main

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"flag"
	"fmt"
	"log"
	"os"

hiyosi

prerequirements

• https://helm.sh/docs/intro/install/
• https://stedolan.github.io/jq/

install vault and spire on kubernetes

$ helm repo add hashicorp https://helm.releases.hashicorp.com
$ helm install vault hashicorp/vault

hiyosi

(require 'org)

(setq-default indent-tabs-mode nil)
(setq org-display-inline-images t)
(setq org-redisplay-inline-images t)
(setq org-startup-with-inline-images "inlineimages")

(setq default-frame-alist
      (append (list '(width . 72) '(height . 40))))

hiyosi

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-policy
  namespace: default
spec:
  # ポリシを適用するPodをselectorで指定
  podSelector:
  # IngressとEgressを両方またはいずれか指定
  policyTypes:

hiyosi

#!/bin/bash

a=(
'sudo echo ${foo}'
'sudo ls -l'
'ls -l | sudo echo ${foo}'
)

foo="hello"

hiyosi

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx
spec:
  replicas: 3
  selector:
    app: nginx
  template:
    metadata: