I hereby claim:
- I am skuenzli on github.
- I am skuenzli (https://keybase.io/skuenzli) on keybase.
- I have a public key whose fingerprint is E1F8 1376 942A 8F6E DB51 6C6B 3A25 5F59 747F 3C64
To claim this, I am signing this object:
Stephen Kuenzli skuenzli
skuenzli
/ docker-birthday-prep.sh
Created
March 22, 2016 04:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| docker-machine create --driver virtualbox docker-birthday | |
| eval $(docker-machine env docker-birthday) | |
| for image in hello-world alpine seqvence/static-site mhart/alpine-node python:2.7-alpine manomarks/worker redis:alpine postgres:9.4; do docker pull ${image}; done; | |
| docker images |
skuenzli
/ keybase.md
Created
September 23, 2016 04:38
skuenzli
/ plank-picker.sh
Last active
April 23, 2017 00:10
A script to help pick the planks for the Giles baby room
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| num_planks=${1:-1} #set default number of planks to pick to 1, specify whatever number you like as argument | |
| declare -a colors=('white' 'natural' 'blue' 'red' 'gray' 'brown') | |
| function pick_color(){ | |
| local color_idx=$(expr $RANDOM % ${#colors[@]}) | |
| echo "${colors[$color_idx]}" | |
| } |
skuenzli
/ peek-inside-one-modern-infra-dev-env.md
Last active
August 10, 2017 15:18
Talk: Peek inside (one) modern infra development environment
Developing infrastructure code is challenging: quickly-changing tools, ever-higher quality expectations, and fluid teams.
What would life be like if your team had a containerized infra development environment supporting the development process by standardizing the tooling to build, test, and deploy infra code through the stages of the development lifecycle?
We will demonstrate and explore a simple open source project providing a portable infra development environment using Terraform, kitchen-terraform, and rspec. Patterns will be universal.
This talk will dive deeper into the 'Packaged Environment' pattern described at: https://www.qualimente.com/2017/01/17/simple-ways-to-start-using-docker/#Pattern_Packaged_Environment
This is a simple demonstration of generating core files for crashing processes that happen to be containerized to a known location on CentOS 7.
Configure Linux kernel with a core pattern that puts files at a well-known location.
The location will be interpreted from the crashing process' perspective of file paths [1]
skuenzli
/ main.infra-exercises-through-compute.tf
Created
December 17, 2018 21:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "name" { | |
| type = "string" | |
| } | |
| variable "vpc_id" { | |
| type = "string" | |
| default = "vpc-58a29221" | |
| } | |
| variable "region" { |
skuenzli
/ create-and-use-echo-service.sh
Last active
February 5, 2019 23:06
Simple Echo Service on Docker Swram
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an 'echo' service on a Swarm that replies back whatever you send it | |
| docker service create --name echo --publish '8000:8' busybox:1.29 nc -v -lk -p 8 -e /bin/cat | |
| # talk to the service, assuming you're on a Swarm node; change localhost to a Swarm node hostname if remote | |
| echo "hello netcat my old friend..." | nc localhost -w 3 8000 | |
| echo "i've come to test connection behavior again." | nc localhost -w 3 8000 |
skuenzli
/ create-least-priv-bucket-policy.tf
Last active
May 22, 2020 16:34
Potential Terraform module interface for declaring a least privilege S3 bucket policy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Engineers write this | |
| locals { | |
| administrator_arns = [ | |
| "arn:aws:iam::12345678910:user/ci" | |
| , "arn:aws:iam::12345678910:user/person1" | |
| ] | |
| read_data_arns = [ | |
| "arn:aws:iam::12345678910:user/person1", | |
| "arn:aws:iam::12345678910:role/appA", |
skuenzli
/ default-cmk.key-policy.json
Last active
September 30, 2020 17:15
KMS Resource Policy Examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Id": "DefaultKeyPolicy", | |
| "Statement": [ | |
| { | |
| "Sid": "Enable IAM User Permissions", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "arn:aws:iam::12345678910:root" | |
| }, |
skuenzli
/ example-DenyUnencryptedStorage-statement.json
Last active
September 21, 2023 04:28
Secure S3 Bucket Resource Policy Examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Sid": "DenyUnencryptedStorage", | |
| "Effect": "Deny", | |
| "Action": "s3:PutObject", | |
| "Resource": "arn:aws:s3:::sensitive-app-data/*", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Condition": { | |
| "Null": { |