Skip to content

Instantly share code, notes, and snippets.

View micahlee's full-sized avatar

Micah Lee micahlee

11 followers · 0 following
View GitHub Profile
@micahlee
micahlee / keybase.md
Created April 25, 2018 00:50

Keybase proof

I hereby claim:

  • I am micahlee on github.
  • I am micahlee (https://keybase.io/micahlee) on keybase.
  • I have a public key whose fingerprint is 150E F782 F4CC 1EAC 4147 3C35 C837 BC3C 4E04 4853

To claim this, I am signing this object:

@micahlee
micahlee / authn_ldap_configuration.md
Last active November 28, 2018 18:55
LDAP Authenticator Configuration

LDAP Authenticator Configuration

The LDAP authenticator is a built-in Conjur service and will authenticate users to Conjur using their LDAP credentials. The LDAP authenticator uses configuration defined in policy to connect to an LDAP server and bind against a directory using an LDAP username and password.

Prequisites

LDAP authenticator configuration requires these pre-conditions:

@micahlee
micahlee / conjur_ui.md
Created November 28, 2018 19:04
Configuring Conjur UI to use the LDAP Authenticator

When Conjur is configured with the LDAP authenticator, there are two environment variables that must be set on the appliance (Master and Followers) for the Conjur UI to use the LDAP authenticator:

The first is the CONJUR_AUTHENTICATORS variable which configures which defined authenticators are enabled to use, which may include the built-in default, 'authn'.

CONJUR_AUTHENTICATORS="authn-ldap/ldap-server,authn"
@micahlee
micahlee / example-org.yml
Last active December 10, 2018 21:55
# example-org.yml
- !policy
id: example-org
body:
- !layer
annotations:
org-id: 83a5b409-f5e0-4db7-8036-e342cafe358c
@micahlee
micahlee / workflow.md
Last active January 15, 2019 16:12
CF Policy Updates

CF Policy Updates

Policy for CF structure

  1. Define and load policy branch for Cloud Foundry 
    # cf.yml
- !policy
   id: cf
   annotations:
     description: Base policy branch for all Cloud Foundry resources
@micahlee
micahlee / XA.md
Last active March 6, 2019 14:49
PCF Upgrade XA

Initial state

$ cf service-brokers
Getting service brokers as admin...

name             url
app-autoscaler   https://autoscale.sys.pcf.itd.conjur.net
nfsbroker        https://nfsbroker.sys.pcf.itd.conjur.net
@micahlee
micahlee / debugging_info.md
Created September 6, 2019 15:17
Conjur K8s Authenticator Debugging

  • Display role bindings for conjur-cluster service account token

    oc get clusterrolebindings -o json \
  | jq '.items | map(select(any(.subjects[]; .name | contains("conjur-cluster"))))'

  • Display conjur-authenticator role information

    oc describe clusterrole conjur-authenticator
@micahlee
micahlee / Dockerfile
Created September 6, 2019 19:09
Seedfetcher Dockerfile
# Main container
FROM alpine:3.9
RUN apk add --no-cache bash \
jq \
wget
ENV CONJUR_VERSION=5 \
CONTAINER_MODE=init
@micahlee
micahlee / recovery_procedure.md
Last active October 10, 2019 15:53
DAP Auto-Failover Cluster Recovery

Auto-failover Cluster Recovery Procedure

Overview

This document describes a procedure for recovering an auto-failover cluster that has more than 1 failed node.

When multiple nodes need to be re-added to a cluster, the etcd state needs to be carefully managed to manage member and quorum consistency throughout.

@micahlee
micahlee / etcd_heartbeat.md
Created October 18, 2019 21:04
ETCD Heartbeat Update Procedure

ETCD Heartbeat Update Procedure

Stop Cluster Service

  1. On each Standby:

    sv stop cluster

  2. On the Master: